When it comes to information resources, nothing can compare to the sheer enormity of the world wide web. For all the talk of wiretaps and surveillance techniques, the internet can probably provide more data on someone or something than any other resource, so long as you know how to sift through it. And that’s the problem right there. The web is so damn big, that unless you’re given some form of training to know how to look for things, chances are you’ll end up missing quite a bit.

To that end, the National Security Agency felt the need to produce a guidebook aimed at helping its cyber detectives uncover critical intelligence from the world wide web. The guide, called Untangling the Web: A Guide to Internet Research, has actually been around for a while, but until now it’s been for the eyes of NSA employees only. Now though, following a Freedom of Information Act request by an organization How called MuckRock, the NSA has been forced to publish its book for the whole wide world to see. Not surprisingly, it’s packed full of insights for anyone that fancies themselves as an online spy.

One problem readers might have though, is that searching for information in the guidebook is quite a task in itself – the guide is exactly 643 pages long, so you’ll have quite a bit of bathroom reading material to keep you going there.

However, as Wired.com points out, there’s at least one section that everyone needs to know about right now, and that’s the part about Google Hacking:

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data, […but] involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.”

Sounds great, but what does it reveal? Well, probably not that much for most of us, but if you happen to be interested in discovering some sensitive business information it could come in handy. For the most part, the guide focuses on locating documents that placed online somewhere that probably should never have been.

For example, a quick search for “filetype:xls site:za confidential” ought to reveal more than a few sensitive documents involving South African companies, while a query for “filetype:xls site:ru login” could reveal all different kinds of passwords to login to Russian company computer systems. As the author makes clear, it’s not just English-speaking countries that use terms like “password”, “login”, and “userid” with their documents – its pretty much standard language used across the web. Finally, one last tip to show up misconfigured web servers that list directories of documents that were never intended to be posted online. A simple search for “intitle: “index of” site:kr password” would come up with a list of such directories in South Korea, for example (you can change the “kr” for the desired country).

There are dozens of more useful tips in the guide too, so if you do ever feel the need to do carry out some cyberspying on rival companies, be sure to give it a read
 
:)