????美國國家安全局（National Security Agency）最近解密了一份特工培訓手冊，培訓他們運用公開搜索引擎進行調(diào)查,。

????這份名為《揭秘網(wǎng)絡：互聯(lián)網(wǎng)調(diào)查入門》（Untangling the Web: An Introduction to Internet Research）的手冊一共643頁,，由羅賓?溫德和查理?斯佩特兩人合著，2007年由美國國家安全局數(shù)字內(nèi)容中心（he NSA's Center for Digital Content）出版,，內(nèi)容從網(wǎng)絡調(diào)查的基礎知識到如何查找意外流入公共領域的保密信息,，無所不包。今年4月，面向媒體從業(yè)人員和研究人員提供服務的MuckRock根據(jù)美國《自由信息法案》申請信息公開,，這份手冊也因此重見天日,。

????這本手冊的篇幅堪與喬治?RR?馬丁的巨著媲美，因此手冊內(nèi)容不可謂不詳實,。單是前言部分就援引了10世紀的波斯,、西班牙作家豪爾赫?路易斯?博爾赫斯、弗洛伊德和迷宮神牛等豐富的內(nèi)容,。正如《連線》雜志（Wired）所指出的那樣,，手冊中的“谷歌黑客”（Google Hacking）一章迅速發(fā)了公眾的效法。（也許是因為手冊編撰的年代,，里面一些章節(jié)還涉及了雅虎搜索,、Windows Live Search和Ask.com等渠道。）“我要介紹的方法沒有一樣是違法的,，也不存在獲取未經(jīng)授權數(shù)據(jù)的問題,，”兩位作者這樣寫道。事實上,，它“探討的是如何使用公開搜索引擎,，查找?guī)缀蹩隙ú淮蛩阆蚬姲l(fā)布的信息?！?/p>

????書里充斥著各種竅門和訣竅,，比如谷歌（Google）可以搜索的、未公開的文件類型,，再比如怎樣運行包含某一特定術語所有同義詞的搜索（即運行神奇的“~”符號）,。手冊全文可點擊這里，但其中尤以下面三項黑客技巧最受關注：

????1.搜索密碼：作者建議使用下面的搜索條件來搜索可能包含登陸信息的俄羅斯電子數(shù)據(jù)表格：“filetype:xls site:ru login”（文件類型：xls 網(wǎng)址：ru login）,。文件類型是為了告訴搜索引擎尋找微軟（Microsoft）的電子數(shù)據(jù)表格,，網(wǎng)址則限定俄羅斯域名，使用login是因為美國以外的地區(qū)也往往用英語表達“l(fā)ogin（登陸名）”和“password（密碼）”,。

????2.搜索機密電子表格:搜索條件類似“filetype:xls site:za confidential”（文件類型：xls 網(wǎng)址：za 機密）將搜尋出意外公布的機密電子表格,，例子中的國家是巴西。

????3.搜索設置錯誤的網(wǎng)絡服務器:這份手冊稱：“那些所含目錄原本不應顯示在互聯(lián)網(wǎng)上的”網(wǎng)絡服務器“往往能給谷歌搜索黑客提供豐富的信息”,。要找到這樣的網(wǎng)絡服務器,，這本書建議使用下面的條件：“—intitle: 'index of' site:kr password”(-標題中：“指向” 網(wǎng)址：kr 密碼)。（財富中文網(wǎng)）

????The National Security Agency has declassified its training manual for using common search engines as a research tool.

????Written by Robyn Winder and Charlie Speight and published in 2007 by the NSA's Center for Digital Content, Untangling the Web: An Introduction to Internet Research is a 643-page long introduction to everything from the very basics of web research to finding confidential information that has accidentally slipped into the public domain. The document became available as a result of an April Freedom of Information Act request by MuckRock, a service-provider for journalists and researchers.

????At George R. R. Martin length, the document is thorough to say the least. The introduction alone is filled with references to 10th-century Persia, Jorge Luis Borges, Sigmund Freud, and the Minotaur in the Labyrinth. As Wired pointed out, the chapter titled "Google Hacking" is getting the most immediate play. (Showing the document's age, perhaps, there are also sections on Yahoo Search, Windows Live Search, and Ask.com.) "Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data," the authors write. Instead, it "involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution."

????The book is replete with tips and tricks, ranging from undocumented filetypes Google (GOOG) can look for, to how-to's on running searches that include all the synonyms of a given term (a.k.a. use the magic ~). The entire document is available here, but here are the three hacks getting the most attention:

????1. Find Passwords: The authors suggest the following search term to look for Russian spreadsheets that may contain login credentials: "filetype:xls site:ru login." The filetype tells the search engine to look for Microsoft (MSFT) spreadsheets, the site indicates Russian domain names, and login -- because "login" and "password" are often written in English even in foreign countries.

????2. Find Confidential Spreadsheets: Again, a term like "filetype:xls site:za confidential" will pull confidential spreadsheets that have been accidentally posted in public, in this case in Brazil.

????3. Find Misconfigured Web Servers: Web servers "that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers," the document states. To find them, it suggest search: "—intitle: 'index of' site:kr password."