The NSA's Weird Internal Guide To Finding Information On The Internet
Everyone has trouble finding things on the internet: A restaurant's address, the date of President McKinley's assassination, minute details about a specific person, hidden confidential files mistakenly put on a public website. Luckily the National Security Agency, that monolithic embodiment of the contemporary surveillance state, has compiled an exhaustive guide on how to find information on the internet. It's a strange document.
The NSA is collecting millions of emails and phone calls from normal Americans, but sometimes they've got to use Google like you and me. The 642-page guidebook Untangling The Web (pdf) was written in 2007 by Robyn Winder and Charlie Speight, according to MuckRock, which obtained the document in a FOIA request. The guide is written in a surprisingly down-to-earth, equivocating style for a book published by an organization whose headquarters looks like something from the Minority Report set, full of literary references and light-hearted asides.
The all-seeing eye of the NSA brings to mind the Greek myth of the Gorgon, but Untangling The Web begins with the myth of Sisyphus, comparing the task of trying to understand the internet to Sisyphus' never-ending trek up the hill behind his boulder. "Sometimes I feel that all I can do is to push the rock to up to the top of that virtual hill, then stand back and watch as it rolls down again… My hope is that Untangling the Web will add to our knowledge of the Internet and the world while recognizing that the rock will always roll back down the hill at the end of the day." No doubt spying on all private communications in the U.S. is a similarly daunting task, but that hasn't kept the NSA from spending billions of dollars in trying.
One of the more intriguing parts of the manual is a section that gives researches tips on "Google hacking." Also known as "Google dorking," the technique relies on using creative Google searches to turn up information accidentally made public on the web. "In short," according to Untangling The Web, "it's using clever but legal techniques to find information that doesn't belong on the public internet." This includes "personal and/or financial information," "userids, computer or account logins, passwords," and "sensitive government information." For example, one can search for "stock words and phrase" that might signal sensitive data such as "Proprietary, confidential, not for distribution, etc." Coupled with searches for specific filetypes, especially excel spreadsheets and Word Documents, one might stumble upon some nugget of secret info.
Google hacking wasn't pioneered by the NSA or Untangling The Web—it's been the art of a subset of mischievous geeks for a while. It's also been used by criminal hackers, most notoriously to steal social security numbers by searching likely combinations. But Untangling The Web cautions: "Please use the information… judiciously because many of the Google hacking techniques… are really designed for cracking, i.e. breaking into websites and servers. That is not something I encourage or advocate."
As the guide was written in 2007, much of the other information is outdated or useless. In fact its best use to readers today is to illuminate just how much the internet has changed in five years, and in worrying ways. For example, Untangling the Web's lengthy section on finding people on the internet is almost comfortingly sparse. The author warns: "Searching for people remains one of the most popular and important internet reserach projects, it also continues to be one of the most frustrating." In 2007 it wasn't so hard to hide online from even the most dedicated searcher.
But the ease of finding people online has increased infinitely in the past five years: Now, Facebook, Twitter and the ever-increasing number of databases we voluntarily enter our information into has greatly increased the ability for normal people to find out pretty much anything about pretty much anyone.
Surprisingly, Untangling The Web actually sounds a prescient note of caution when it comes to the centralization of our personal information in databases, which has proved such a boon to organizations like the NSA:
I close with an example of the reach of the web. My 97-year-old aunt in South Carolina had a bit part in an obscure movie in 1989. Despite the fact that the movie has been largely forgotten, my aunt has an "actress filmography" in the Internet Movie Database. She, of course, was unaware of her internet presence and was both thrilled and more than a little shocked to find that even she was in 'cyberspace.'
The point, of course, is that no one is out of reach of this powerful, invasive technology. We change the world with our technology and we, in turn, are altered by that same technology. It remains to be seen where our technology leads us, whether into an 'endless frontier' or, more ominously, into a 'cemetery of dead ideas'"
To contact the author of this post, email adrian@gawker.com.