The National Security Agency has just declassified a disarmingly written document called “Untangling the Web: A Guide to Internet Research”, comprised of over 600 pages of common-sense advice on internet sleuthing. The guide was last updated in 2007, and it is simultaneously a look at the NSA’s internal communications and a reminder of how quickly the internet changes; this is just six years old and parts of it already read like “Duke Nukem Does The Internet”. Still, there is some useful information here, and some really fascinating insights into how real national security personnel conduct research online.

Though I know better, there was always a slightly superstitious belief that government experts — particularly those in the security industry — had access to some cryptic database full of Useful Information, probably with an impressively spartan, Unix interface controlled with loud, mechanical keyboards. Of course the truth turns out to be much more banal than that, and the three best tools for use by NSA agents in search security-critical information? Google, Yahoo and Live Search (now Bing).

Some have been snickering at how mundane this all seems (this formerly Top Secret NSA briefing package begins with an explanation of the term “world wide web”) but the pace does pick up fairly quickly. After a humorous little interlude about the inevitability of Internet Explorer’s continued dominance of the browser market, new recruits push past the introductory and background information to arrive at the US government’s online research playbook.

One such play that’s raised a few eyebrows is “Google hacking,” a fairly simple process of using Google to find “publicly available information that almost certainly was not intended for public distribution.” One major tip is the use of file type modifiers on search terms, particularly Excel (.xls) files and other file types often used for internal documents. It encourages researchers to include terms like “internal,” “budget,” and “not for distribution.”

Given the NSA’s concern with foreign communication, it’s not surprising to see a section on how to use Google’s support for languages like Arabic. It even lays out template search strings so agents can more easily search for unprotected databases and spreadsheets full of user/password information.

The guide takes care to refer to this process as “clever” rather than illegal. The guide explains that database protection is a difficult task, especially for outdated infrastructure, and draws a rather frantic distinction between hacking and cracking; the author is very concerned with the idea that agents only use his guide to find huge lists of passwords, while actually using that information to illegally access a protected database would be simply unthinkable. In a way, it’s almost nice to find that the insultingly transparent double-talk of the security industry is not limited to press releases. Wired author Kim Zetter points out that hacker “weev” was recently given several years in prison for activities very like what’s advocated in this guide.

The other major section of interest to amateur Internet experts is the chapter on the so-called “Invisible Web”. Also referred to as the Deep Web, this is a collection of websites beyond the reach of conventional search engines, either because they’ve been intentionally cordoned off or because they use some obscure organizational protocol. The Deep Web, with its many and focused little search engines, can be incredibly powerful in the right hands, granting access to everything from the Library of Congress to private business networks that even the companies themselves don’t know are available.

Untangling the Web was released thanks to the efforts of the First Amendment warriors at MuckRock, a group that handles Freedom of Information requests for charities, journalists, and anyone else who might need such help. It’s a long and involved piece, and has seen remarkably little information redacted in the declassification process; as the author himself points out, most of this information is readily available elsewhere. This is one very efficient summary, however, and there’s something intrinsically cool about reading a guide intended for NSA employees.

This guide won’t make you a spy, nor a hacker, but it might give you some insight into what really goes on in the NSA’s top secret fields of cubicles: pretty much what goes on in yours.

Now read: Single Chinese hacking unit responsible for stealing terabytes of data from hundreds of organizations