網際網路情報蒐集祕笈曝光,美國民眾可過特工癮
Written by Robyn Winder and Charlie Speight and published in 2007 by the NSA's Center for Digital Content, Untangling the Web: An Introduction to Internet Research is a 643-page long introduction to everything from the very basics of web research to finding confidential information that has accidentally slipped into the public domain. The document became available as a result of an April Freedom of Information Act request by MuckRock, a service-provider for journalists and researchers.
: An Introduction to Internet Research)的手冊一共643頁,由羅賓·溫德和查理·斯佩特兩人合著,2007年由美國國家安全域性數字內容中心(he NSA's Center for Digital Content)出版,內容從網路調查的基礎知識到如何查詢意外流入公共領域的保密資訊,無所不包。今年4月,面向媒體從業人員和研究人員提供服務的MuckRock根據美國《自由資訊法案》申請資訊公開,這份手冊也因此重見天日。
At George R. R. Martin length, the document is thorough to say the least. The introduction alone is filled with references to 10th-century Persia, Jorge Luis Borges, Sigmund Freud, and the Minotaur in the Labyrinth. As Wired pointed out, the chapter titled "Google Hacking" is getting the most immediate play. (Showing the document's age, perhaps, there are also sections on Yahoo Search, Windows Live Search, and .) "Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data, " the authors write. Instead, it "involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution."
這本手冊的篇幅堪與喬治·RR·馬丁的鉅著媲美,因此手冊內容不可謂不詳實。單是前言部分就援引了10世紀的波斯、西班牙作家豪爾赫·路易斯·博爾赫斯、弗洛伊德和迷宮神牛等豐富的內容。正如《連線》雜誌(Wired)所指出的那樣,手冊中的“谷歌黑客”(Google Hacking)一章迅速發了公眾的效法。(也許是因為手冊編撰的年代,裡面一些章節還涉及了雅虎搜尋、Windows Live Search和等渠道。)“我要介紹的方法沒有一樣是違法的,也不存在獲取未經授權資料的問題,”兩位作者這樣寫道。事實上,它“探討的是如何使用公開搜尋引擎,查詢幾乎肯定不打算向公眾釋出的資訊。”
The book is replete with tips and tricks, ranging from undocumented filetypes Google (GOOG) can look for, to how-to's on running searches that include all the synonyms of a given term (a.k.a. use the magic ~). The entire document is available here , but here are the three hacks getting the most attention:
書裡充斥著各種竅門和訣竅,比如谷歌(Google)可以搜尋的、未公開的檔案型別,再比如怎樣執行包含某一特定術語所有同義詞的搜尋(即執行神奇的“~”符號)。手冊全文可點選這裡,但其中尤以下面三項黑客技巧最受關注:
1. Find Passwords : The authors suggest the following search term to look for Russian spreadsheets that may contain login credentials: "filetype:xls site:ru login." The filetype tells the search engine to look for Microsoft (MSFT) spreadsheets, the site indicates Russian domain names, and login -- because "login" and "password" are often written in English even in foreign countries.
1.搜尋密碼 :作者建議使用下面的搜尋條件來搜尋可能包含登陸資訊的俄羅斯電子資料表格:“filetype:xls site:ru login”(檔案型別:xls 網址:ru login)。檔案型別是為了告訴搜尋引擎尋找微軟(Microsoft)的電子資料表格,網址則限定俄羅斯域名,使用login是因為美國以外的地區也往往用英語表達“login(登陸名)”和“password(密碼)”。
2. Find Confidential Spreadsheets : Again, a term like "filetype:xls site:za confidential" will pull confidential spreadsheets that have been accidentally posted in public, in this case in Brazil.
2.搜尋機密電子表格 :搜尋條件類似“filetype:xls site:za confidential”(檔案型別:xls 網址:za 機密)將搜尋出意外公佈的機密電子表格,例子中的國家是巴西。
3. Find Misconfigured Web Servers : Web servers "that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers, " the document states. To find them, it suggest search: "—intitle: 'index of' site:kr password.
3.搜尋設定錯誤的網路伺服器 :這份手冊稱:“那些所含目錄原本不應顯示在網際網路上的”網路伺服器“往往能給谷歌搜尋黑客提供豐富的資訊”。要找到這樣的網路伺服器,這本書建議使用下面的條件:“—intitle: 'index of' site:kr password”(-標題中:“指向” 網址:kr 密碼)。
