10 comments

[ 4.2 ms ] story [ 30.7 ms ] thread
As the previous discussion of the actual NSA document (kindly submitted in the HN thread linked here by brown9-2, and also linked in the article submitted here)

http://www.nsa.gov/public_info/_files/Untangling_the_Web.pdf notes, the NSA document is old, and thus dates from an earlier era of Web research. For all that, applying the Google tips mentioned in the document, specifically domain-restricted searches, would improve the quality of links submitted to Hacker News and thus improve the quality of discussion here.

The previous discussion of the actual document link seems to have missed the process by which the document was released. The document was an internal document of the National Security Agency, requested by a Freedom of Information Act request. Some parts of the document had to be redacted, and of course "official use only" had to be struck out in the copy released to the public. The editing process apparently involved mark-up of actual paper printouts of the original internal document, which were then scanned again to form the released document. This makes for ugly formatting, but the content is still interesting.

Old or not, I think this document's value is to help demystify some of how detective/research/surveillance work is done in highly secret institutions. They still rely in part on the hackery and technology that everyone else is capable of doing.
> it does come with other risks, the authors note: “It is critical that you handle all Microsoft file types on the internet with extreme care. Never open a Microsoft file type on the internet. Instead, use one of the techniques described here,” they write in a footnote. The word “here” is hyperlinked, but since the document is a PDF the link is inaccessible.

Anyone have any insight on this? I imagine it's opening the files in a VM or something along those lines, but I'd be interested to know if there are any other techniques for looking at potentially malicious files.

I recall reading through one of the public NSA or USAF whitepapers on securing Windows XP for usage within their organization and I'm pretty sure they recommended using a Virtual Machine that had been set up following a bunch of extremely secure protocols. Essentially the VM had network access only for the length of time necessary to transfer the file and the host's security was also dealt with. Then there was protocol which they referenced was supposed to be standard which was the wiping/reset of the VM image at certain intervals and upon specific events (contact your supervisor if...).

It contained a lot of "Contact your supervisor if..." and "Failure to follow this can result in..."

Could be any service like https://docs.google.com/viewer:

"Enter a document URL below to generate a link to view it PDF documents, PowerPoint presentations, Word documents and many more file types supported".

A lot of people I know have have been using the Google "index-of -(htm|php|<etc.>)" trick to find music (and now ebooks) for years now.
That technique for finding mp3s went downhill pretty quick once word got out. Lots of SEO spammers putting 'intitle:"index of" mp3' in their landing page titles.