互聯網情報蒐集祕笈曝光,美國民衆可過特工癮大綱

Written by Robyn Winder and Charlie Speight and published in 2007 by the NSA's Center for Digital Content, Untangling the Web: An Introduction to Internet Research is a 643-page long introduction to everything from the very basics of web research to finding confidential information that has accidentally slipped into the public domain. The document became available as a result of an April Freedom of Information Act request by MuckRock, a service-provider for journalists and researchers.

: An Introduction to Internet Research）的手冊一共643頁，由羅賓·溫德和查理·斯佩特兩人合著，2007年由美國國家安全局數字內容中心（he NSA's Center for Digital Content）出版，內容從網絡調查的基礎知識到如何查找意外流入公共領域的保密信息，無所不包。今年4月，面向媒體從業人員和研究人員提供服務的MuckRock根據美國《自由信息法案》申請信息公開，這份手冊也因此重見天日。

At George R. R. Martin length, the document is thorough to say the least. The introduction alone is filled with references to 10th-century Persia, Jorge Luis Borges, Sigmund Freud, and the Minotaur in the Labyrinth. As Wired pointed out, the chapter titled "Google Hacking" is getting the most immediate play. (Showing the document's age, perhaps, there are also sections on Yahoo Search, Windows Live Search, and .) "Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data, " the authors write. Instead, it "involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution."

這本手冊的篇幅堪與喬治·RR·馬丁的鉅著媲美，因此手冊內容不可謂不詳實。單是前言部分就援引了10世紀的波斯、西班牙作家豪爾赫·路易斯·博爾赫斯、弗洛伊德和迷宮神牛等豐富的內容。正如《連線》雜誌（Wired）所指出的那樣，手冊中的“谷歌黑客”（Google Hacking）一章迅速發了公衆的效法。（也許是因爲手冊編撰的年代，裏面一些章節還涉及了雅虎搜索、Windows Live Search和等渠道。）“我要介紹的方法沒有一樣是違法的，也不存在獲取未經授權數據的問題，”兩位作者這樣寫道。事實上，它“探討的是如何使用公開搜索引擎，查找幾乎肯定不打算向公衆發佈的信息。”

The book is replete with tips and tricks, ranging from undocumented filetypes Google (GOOG) can look for, to how-to's on running searches that include all the synonyms of a given term (a.k.a. use the magic ~). The entire document is available here , but here are the three hacks getting the most attention:

書裏充斥着各種竅門和訣竅，比如谷歌（Google）可以搜索的、未公開的文件類型，再比如怎樣運行包含某一特定術語所有同義詞的搜索（即運行神奇的“~”符號）。手冊全文可點擊這裏，但其中尤以下面三項黑客技巧最受關注：

1. Find Passwords : The authors suggest the following search term to look for Russian spreadsheets that may contain login credentials: "filetype:xls site:ru login." The filetype tells the search engine to look for Microsoft (MSFT) spreadsheets, the site indicates Russian domain names, and login -- because "login" and "password" are often written in English even in foreign countries.

1.搜索密碼 ：作者建議使用下面的搜索條件來搜索可能包含登陸信息的俄羅斯電子數據表格：“filetype:xls site:ru login”（文件類型：xls 網址：ru login）。文件類型是爲了告訴搜索引擎尋找微軟（Microsoft）的電子數據表格，網址則限定俄羅斯域名，使用login是因爲美國以外的地區也往往用英語表達“login（登陸名）”和“password（密碼）”。

2. Find Confidential Spreadsheets : Again, a term like "filetype:xls site:za confidential" will pull confidential spreadsheets that have been accidentally posted in public, in this case in Brazil.

2.搜索機密電子表格 :搜索條件類似“filetype:xls site:za confidential”（文件類型：xls 網址：za 機密）將搜尋出意外公佈的機密電子表格，例子中的國家是巴西。

3. Find Misconfigured Web Servers : Web servers "that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers, " the document states. To find them, it suggest search: "—intitle: 'index of' site:kr password.

3.搜索設置錯誤的網絡服務器 :這份手冊稱：“那些所含目錄原本不應顯示在互聯網上的”網絡服務器“往往能給谷歌搜索黑客提供豐富的信息”。要找到這樣的網絡服務器，這本書建議使用下面的條件：“—intitle: 'index of' site:kr password”(-標題中：“指向” 網址：kr 密碼)。