NSA published a book on Intelligence through Google for its cyber spies

Google is a mine of information that could be used for various purposes, for this reason National Security Agency realized a book to help its spies uncover intelligence hiding on the web.

Few days ago I published an interested article inspired by security expert Dancho Danchev and focused on the use of Google Dorks based tool for information gathering during a cyber attack.

Google is a mine of information that could be used for various purposes, hacking is one of them such as OSINT, a proper use of search engines could allow the collecting of surprising data and help the constructions of a study that is able to cross various sources to conduct complex researches.

It’s obvious that also governments, and in particular cyber spies have to update their arsenal to access to the ocean of information available on the internet, intelligence agents are at the forefront and must beware of potentiality of search engines such as Google.

To support its agents the National Security Agency realized a book to help its spies uncover intelligence hiding on the web. The Center for Digital Content of the National Security Agency published a book containing instructions on the use of search engines, on line tools and Internet Archive.

The book written by Robyn Winder and Charlie Speight is titled Untangling the Web: A Guide to Internet Research, it is available in a pdf format and contains 643 pages, it has been issued by the agency following a Freedom of Information Requests (FOIA) filed in April by MuckRock, a site that charges fees to process public records for activists and others.

The most interesting session explored by the book is related to the “Google Hacking”, NSA reserved an entire chapter to instruct its agents, thanks to proper queries as show in my previous article it is possible to search directly for document published on line, such as Excel spreadsheets or World Documents.

The Books proposed a huge collection of tips to search for specifically information bypassing languages limitations, the pdf explains how to search for file contains specific information and stored on website related to specific domains.

Google hacking is not a new concept, the book is dated 2007 but security expert Johnny Long has been talking about this use of the popular search engine for hacking purposes. He published the book Google Hacking that is considered a bible by hackers that use Google for their attacks, the book published by NSA has a totally different scope, it’s intelligence oriented and it’s not focused on breaking into websites and servers.

It is opportune to clarify that web search using these “tips” aren’t illegal despite the data retrieved was not intended for public distribution as stated by the authors of the book:

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,”

Improper configuration of web servers could expose sensitive documents of private companies and governments on-line, it’s a joke find them “dorking” with Google.

If the spies search for files containing passwords in Russia they could use something like

“filetype:xls site:ru login.”

It could work even if the document uses a different char set, words such as login and password are internationally used.

The level of analysis could be different depending on the type of search, cyber spies could be interested in the discovery of the entire content of an archive or gain the access to the password file, but email lists and sensitive documents represent privileged targets. Composing specifically crafted queries in Google it is possible to reveal sensitive information essential for the success of an attack, thanks to the use of the advanced operator, the Dorking, is possible to retrieve a huge quantity of information on a target such as:

User’s credentials.
Sensitive documents.
Admin login page.
Email lists.

Interesting also the warning provided in the book to the cyber spies, every document collected in this way could hide a pitfall, someone could have intentionally exposed them to compromise the information collector. The recent event has demonstrated that opening a Microsoft document or a pdf file it is possible to infect a PC, this means that the document published could have this intent for publishing of sensitive data.

Search engines, Google first, but also other platforms such as social networks are considered powerful technologies to acquire sensitive information, from a defensive point of view we must be aware every time we expose a resource or a service on the Internet, someone could benefit from our errors.

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.