2013 LEAKS          2014 LEAKS          2015 LEAKS          2016 LEAKS         2017 LEAKS  
IC off the Record 2015 - Complete list of 2015 NSA leaks
IC OFF THE RECORD:

Direct access to leaked information related to the surveillance activities of the U.S. Intelligence Community and their partners.

 

2015 INDEX:

 

OTHER YEARS:

2017   (View all)

2016   (View all)

2014   (View all)

2013   (View all)

 

EDWARD SNOWDEN:
View all  of his interviews, statements, testimony and appearances in 2013, 2014, 2015

 

RELATED CONTENT:

ANT Product Catalog
Black Budget
Boundless Informant
Petrobras Screenshots
PRISM slides
XKeyscore

About this website

 


Too much information? Visit the redacted IC ON THE RECORD website instead.

Your NSA dictionary:
NSA Nicknames and Codewords

NSA Files:  Decoded
What the revelations mean for you

Snowden Documents:
Snowden document search

Five Eyes Documents:
FVEYdocs:  Eyeing the Five


Open Letter to Intelligence Employees

 


PARTNERS:

Five Eyes (FVEY)
US:   NSA
UK:   GCHQ
CA:   CSE
AU:   ASD
NZ:   GCSB

Nine Eyes (+4)
DK:   FE
FR:   DGSE
NL:   AIVD
NO:   NIS

Fourteen Eyes (+5)
BE:   GISS
DE:   BND
IT:   AISE
SP:   CNI
SE:   FRA

NSA Helped GCHQ Find Security Holes in Juniper Firewalls

December 23, 2015

NSA Helped British Spies Find Security Holes In Juniper Firewalls - The Intercept

NSA GCHQ document - Assessment of Intelligence Opportunity – Juniper
Assessment of Intelligence Opportunity – Juniper (7 pages)



NSA Spied on Venezuela's Oil Company PDVSA

November 18, 2015

Overwhelmed NSA Surprised to Discover Its Own Surveillance “Goldmine” on Venezuela’s Oil Executives? - The Intercept

Snowden Leak Reveals Obama Govt Ordered NSA, CIA to Spy on Venezuela Oil Firm - teleSUR

NSA SIDToday spying on Venezuela oil company - PDVSA
SIDToday 3/23/2011: SIGDEV: Is it Time For a Target Reboot? (5 pages)

 

Analysis:  How NSA targeted the Venezuelan oil company PdVSA - Electrospaces.net


NSA Support for 2004 Summer Olympics in Athens

September 28, 2015

Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee? - The Intercept


NSA SIDToday about the Olympics in Athens
  • SIDToday 8/15/2003: SID Trains for Athens Olympics (2 pages)
  • SIDToday 12/15/2003: NSA Team Selected for Olympics Support (2 pages)
  • SIDToday 9/14/2004: Gold Medal Support for Olympic Games (3 pages)
  • SIDToday 10/6/2004: Another Successful Olympics Story (2 pages)

 

NSA Exploiting Foreign Lawful Intercept Roundtable
Exploiting Foreign Lawful Intercept Roundtable (12 slides)



NSA Intercepted German BND and BKA Communications

September 25, 2015

FAIRVIEW: Latest Snowden Doc Shows NSA Spied on German Intelligence - Der Spiegel

Original Der Spiegel article in German

FAIRVIEW report on Yemen kidnappings of German citizens
FAIRVIEW presentation excerpt containing a list of intercepted communications

GCHQ: Tracking Online Identities

September 25, 2015

From Radio to Porn, British Spies Track Web Users’ Online Identities -The Intercept

GCHQ Profiling: An Appendix - The Intercept

Target Detection Identifiers
Target Detection Identifiers (18 slides)

 

SOCIAL ANTHROPOID
SOCIAL ANTHROPOID (26 slides)

 

QFDs and BLACKHOLE Technology Behind GCHQ/INOC
QFDs and BLACKHOLE Technology Behind GCHQ/INOC (8 slides)

 

Events Product Centre
Events Product Centre: Operational Engineering November 2010 (37 slides)

 

Next Generation Events (NGE) - BLACK HOLE
Next Generation Events (NGE) - BLACK HOLE ConOp (13 pages)

 

Next Generation Events
Next Generation Events (10 slides)

 

JCE laws
Laws on Interception: Implications for JCE (5 slides and speaker notes)

 

GCHQ Analytic Cloud Challenges
GCHQ Analytic Cloud Challenges (23 slides)

 

GCHQ NGE Rock Ridge
Demystifying NGE Rock Ridge (9 slides)

 

ICTR Cloud Efforts
ICTR Cloud Efforts (29 slides)

 

GCHQ Broadcast/Internet Radio Exploitation and Analysis
Broadcast/Internet Radio Exploitation and Analysis (17 pages)

 

GCHQ Report on Architectural Risk 2012 Summary
Report on Architectural Risk 2012 Summary (6 pages)

 

BLACK HOLE Analytics
BLACK HOLE Analytics: ADD/SD Briefing September 2009 (15 slides)

 

Supporting Internet Operations: GCHQ Special Source Access
Supporting Internet Operations: Special Source Access (9 slides)

 

Events Analysis Events Analysis (1 slide)
GCHQ Policy Guidance: Content or Metadata
GCHQ Policy Guidance: Content or Metadata? (3 pages)

 

Legalities of GCHQ/NSA Databases
Legalities of GCHQ/NSA Databases (1 page)
Access: The Vision for 2013
Access: The Vision for 2013
(2 slides)
BLACKHOLE
BLACKHOLE (TINT External July 2009) (1 page)

 

Sensitive Targeting Authorisation
Sensitive Targeting Authorisation (4 pages)
PullThrough Steering Group Meeting Minutes
PullThrough Steering Group Meeting Minutes (3 pages)
Crypt Discovery: Joint Collaboration Activity
Crypt Discovery: Joint Collaboration Activity (3 pages)

 

GCHQ GCWiki newsletters
  • GCWiki: Op Highland Fling Event Log (3 pages)
  • GCWiki: HRA Auditing (5 pages)
  • GCWiki: Event (SIGINT) (5 pages)
  • GCWiki:Data Stored in BLACK HOLE (2 pages)
  • GCWiki: Cyber Defence Operations Legal Policy (16 pages)
  • GCWiki: Blazing Saddles Tools (4 pages)

 

BLACK HOLE; KARMA POLICE; MARBLED GECKO; MEMORY HOLE; MUTANT BROTH; SAMUEL PEPYS; SOCIAL ANTHROPOID; SOCIAL ANIMAL: INFINITE MONKEYS; TEMPORA; XKEYSCORE


NSA Surveillance of Iranian U.N. Delegation in New York (2007)

September 23, 2015

Secret Document: How the NSA Spied on Iranians in New York - NBC News

Document cited but not released:

  • SIDToday (Oct 2007): Tips for a Successful Quick Reaction Capability (3 pages)


NSA Gave Germany Access to XKEYSCORE in Exchange for Data

August 26, 2015

A Dubious Deal with the NSA - Die Zeit

XKEYSCORE - The Document - Die Zeit

Terms of Reference between the Bundesnachrichtendienst Sigint Department and the Bundesamt für Verfassungsschutz of the Federal Republic of Germany and the United States National Security Agency for the XKeyscore Computer Network Exploitation Software

Excerpt from Terms of Reference between BND, BfV and NSA for XKeyscore Software (full text)

 

XKEYSCORE

NSA's Partnership with AT&T

August 15, 2015

NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’ - Pro Publica

A Trail of Evidence Leading to AT&T’s Partnership with the NSA - Pro Publica

AT&T Helped N.S.A. Spy on an Array of Internet Traffic - New York Times


SSO Corporate Parter Access slides
Special Source Operations: Corporate Partner Access (19 slides)

 

SSO collection slides showing cyber threats
Cyber Threats and Special Source Operations (9 slides)

 

SSO Corporate Portfolio Overview
SSO Corporate Portfolio Overview (16 slides)

 

SSO Fairview Overview slides
SSO Fairview Overview (11 slides)

 

SSO Fairview Dataflow Diagrams slides
Fairview Dataflow Diagrams (6 slides)

 

SSO STORMBREW- Transit DNI Metadata Collection slides
SSO Weekly: STORMBREW- Transit DNI Metadata Collection (3 slides)

 

Excerpts from the Spy Dictionary
Excerpts from the Spy Dictionary: LITHIUM,
NODDY-2, SAGURA, SLIVER; SORA-2   (2 pages)
FAIRVIEW and STORMBREW Live on the Net
FAIRVIEW and STORMBREW Live on the Net
(2 pages)

 

NSA SSO newsletters Special Source Operations Newsletter Excerpts:

 

Analysis:  FAIRVIEW: Collecting foreign intelligence inside the US - Electrospaces.net

 

FAIRVIEW (AT&T); STORMBREW (Verizon); BLARNEY; LITHIUM; NODDY-2; SAGURA; SLIVER; SORA-2; CLIFFSIDE; BRECKENRIDGE


The SIGINT Philosopher

August 11, 2015

What Happens When a Failed Writer Becomes a Loyal Spy? - The Intercept

NSA SIDToday SIGINT Philosopher
  • Are You the SIGINT Philosopher? (3 pages)
  • SIGINT Philosopher Is Back — With a New Face! (4 pages)
  • Lessons for Civil Servants from the American Civil War (4 pages)
  • Unlike All My Terrible Teammates, I Am a Wonderful Teammate (4 pages)

 

NSA SIDToday SIGINT Philosopher

Chinese Cyber Espionage in the U.S.

August 10, 2015

China Read Emails of Top U.S. Officials - NBC News

NSA slide showing China hacking units
China: Cyber Exploitation and Attack Units (1 slide)

 

Document cited but not released:

  • 2014 NSA document: A top secret NSA briefing from 2014 revealed that China accessed the private emails of many top Obama administration officials. The email grab -- first codenamed "Dancing Panda" by U.S. officials, and then "Legion Amethyst" -- was detected in April 2010. The Chinese also harvested the email address books of targeted officials, reconstructing and then exploiting their social networks by sending malware to their friends and colleagues.

 

July 30, 2015

Secret NSA Map Shows China Cyber Attacks on U.S. Targets - NBC News

NSA slide showing China hacking in the US
US Victims of Chinese Cyber Espionage (1 slide)

 

DANCING PANDA; LEGION AMETHYST

ECHELON Global Surveillance Program

August 3, 2015

GCHQ and Me: My Life Unmasking British Eavesdroppers - The Intercept (Duncan Campbell)

NSA ECHELON - SID Today
SID Today: Back in Time - The ECHELON Story (2 pages)
GCHQ - Cyprus and Echelon
GCHQ: Cyprus collection facility
(2 pages)
GCHQ COMSAT Background information - Echelon
GCHQ: COMSAT Background
(1 page)

 

NSA ECHELON - Northwest Passage - Yakima Research Station YRS - Frosting
The Northwest Passage: YRS in the Beginning (3 pages)
NSA ECHELON - Northwest Passage
The Northwest Passage: YRS Gears Up To Celebrate 40 Years
(1 page)
ECHELON dictionary - text keyword scanning- CQV fields
CQV Fields - Nov 2010: Dictionary based text keyword scanning engines (1 page)

 

ECHELON; FROSTING; TRANSIENT; CARBOY; SOUNDER; SNICK; JACKNIFE

Syrian General Assassinated by Israeli Commandos

July 15, 2015

Israeli Special Forces Assassinated Senior Syrian Official - The Intercept

Manhunting Timeline 2008 - Intellipedia
Manhunting Timeline 2008 - Intellipedia (8 pages)

NSA's Political and Economic Targets in Brazil

July 4, 2015

Bugging Brazil - WikiLeaks

NSA’s Top Brazilian Political And Financial Targets Revealed By Wikileaks - The Intercept

NSA target list for Brazil
NSA database extract of significant Brazilian political and economic targets - View larger  (Source)

 

View More NSA Targets / Intercepts:

XKEYSCORE: NSA's Powerful Surveillance Tool

July 1, 2015

XKEYSCORE: NSA’S Google For The World’s Private Communications - The Intercept

A Look At The Inner Workings Of NSA’S XKEYSCORE - The Intercept


XKEYSCORE Slide Presentations:

NSA XKEYSCORE slides - Introduction
XKEYSCORE - Feb 25, 2008
(30 slides)
NSA XKEYSCORE slides - XKS, Cipher Detection, and You!
XKS, Cipher Detection, and You!
Aug 21, 2008 (17 slides)
NSA XKEYSCORE slides - HTTP activity
HTTP Activity in XKEYSCORE - March, 2009 (21 slides)

 

NSA XKEYSCORE slides - VOIP in XKS
VOIP in XKS - March, 2009
(13 slides)
NSA XKEYSCORE slides - Search Forms
XKEYSCORE Search Forms - March, 2009 (49 slides)
NSA XKEYSCORE slides - Finding and Querying Document Metadata
Finding and Querying Document Metadata - April, 2009
(24 slides)

 

NSA XKEYSCORE slides - Analyzing Mobile Cellular DNI
Analyzing Mobile Cellular DNI in XKS - May, 2009 (17 slides)
NSA XKEYSCORE slides - Full Log vs HTTP
Full Log vs HTTP - June 11, 2009
(33 slides)
NSA XKEYSCORE slides - HTTP Activity vs User Activity
HTTP Activity vs User Activity - June 19, 2009 (36 slides)

 

NSA XKEYSCORE slides - Email Address vs User Activity
Email Address vs User Activity - June 24, 2009 (20 slides)
NSA XKEYSCORE slides - Using XKS to Enable TAO
Using XKS to Enable TAO -
July 16, 2009 (47 slides)
NSA XKEYSCORE slides - Web Forum Exploitation Using XKS
Web Forum Exploitation Using XKS- July, 2009 (7 slides)

 

NSA XKEYSCORE slides - Free file uploaders
Free File Uploaders (FFU) -
Aug 13, 2009 (33 slides)
NSA XKEYSCORE slides - Intro to XKS AppIDs and Fingerprints
Intro to XKS AppIDs and Fingerprints - Aug 27, 2009
(60 slides)
NSA XKEYSCORE slides - Tracking Targets on Online Social Networks
Tracking Targets on Online Social Networks - Sept, 2009
(21 slides)

 

NSA XKEYSCORE slides - Phone Number Extractor
Phone Number Extractor -
Oct, 2009 (20 slides)
NSA XKEYSCORE slides - CNE Analysis in XKS
CNE Analysis in XKS -
Oct 15, 2009 (33 slides)
NSA XKEYSCORE slides - XKS as a SIGDEV Tool
XKS as a SIGDEV Tool - 2009
(44 slides)

 

NSA XKEYSCORE slides - Advanced HTTP Activity Analysis
Advanced HTTP Activity Analysis - 2009 (114 slides)
NSA XKEYSCORE slides - Tech Strings in Documents - Tech Extractor
Tech Extractor
- April, 2010 (23 slides)
- Dec 2009 (14 pages)
NSA XKEYSCORE slides - Intro to Context Sensitive Scanning With XKS Fingerprints
Intro to Context Sensitive Scanning With XKS Fingerprints - May, 2010 (61 slides)

 

NSA XKEYSCORE slides - User Agents
User Agents - July, 2010
(42 slides)
NSA XKEYSCORE slides - Writing XKS Fingerprints
Writing XKS Fingerprints -
Nov, 2010 (67 slides)
NSA XKEYSCORE slides - XKS for Counter CNE
XKS for Counter CNE -
March, 2011 (21 slides)

 

NSA XKEYSCORE slides - XKS Workflows 2011
XKEYSCORE Workflows
- Sep 19, 2011 (26 slides)
- Mar 5, 2009 (24 slides)
NSA XKEYSCORE slides - XKEYSCORE System Administration guide
XKS System Administration - Dec, 2012 (144 slides)
NSA XKEYSCORE slides - AppIDs and Fingerprints
XKS Appids and Fingerprints -
(42 slides);   and XKS Application IDs (21 pages)

 

XKEYSCORE User Guide and Documentation:

NSA XKEYSCORE user guide and XKEYSCORE fingerprints documentation
  • The Unofficial XKEYSCORE User Guide (27 pages)
  • Guide to Using Contexts in XKS Fingerprints (24 pages)
  • How to Configure Category Throttling in XKEYSCORE (2 pages)
  • Using XKS to find and search for logos embedded in documents (2 pages)

 

Read Me's and How To Guides:

NSA Read Me - system documentation
  • Atomic SIGINT Data Format (ASFD) Configuration Read Me (2 pages)
  • CADENCE Readme (4 pages)
  • Communications System How To Guide (8 pages)
  • DEEPDIVE Configuration Read Me (6 pages)
  • Royale With Cheese Updater How To Guide (13 pages)


NSA Read Me - system configuration manuals and documentation
  • Forwarding Selected MAILORDER Files Read Me (2 pages)
  • Statistics Configuration Read Me (4 pages)
  • TRAFFICTHIEF Configuration Read Me (5 pages)
  • Unified Targeting Tool (UTT) Configuration Read Me (5 pages)
  • VoIP Configuration and Forwarding Read Me (3 pages)

 

Additional Slides:  

NSA overview diagram of systems - DNI 101
DNI 101 (2 slides)

 

OSINT Fusion Project - Lockheed Martin
OSINT Fusion Project (24 slides)

 

XKEYSCORE Targets Visiting Specific Websites
XKS Targets Visiting Specific Websites (3 slides)
NSA BLARNEY slide showing UN Secretary General XKEYSCORE
BLARNEY: XKS Fingerprints UN Secretary General (1 slide)

 

XKEYSCORE; TRAFFICTHIEF; MAILORDER; CADENCE; DEEPDIVE; NUCLEON; PINWALE; TUNINGFORK; MARINA; DISHFIRE; ANCHORY


NSA Intercepts: Germany

July 1, 2015

Press Releases Related to NSA German Intercepts - WikiLeaks

Nouvelles révélations WikiLeaks : les preuves que la NSA ciblait l'Allemagnee - Libération

Des documents confirment l'espionnage de l'Allemagne par les Etats-Unis - Mediapart


NSA target list for Germany
NSA database extract of significant German political and economic targets - View full extract  (Source)
Additional German political and economic targets released on 7/8/2015: View second extract   (Source)
Additional German political targets released on 7/20/2015: View third extract   (Source)

 

NSA Global SIGINT Highlights:

Wikileaks NSA document - Merkel Bugged While Pondering Greece Crisis
Eurozone Crisis: Merkel Uncertain on Solution to Greek Problems, Would Press U.S. and UK - View larger   (PDF)
Wikileaks NSA document - US Bugs Germany Plotting BRICS Bailout for Greece
EU Summit: Germans Prepared to Oppose Special Solutions for Greek Financial Crisis
View larger   (PDF)
Wikileaks NSA document - US Bugs Franco-German Plan for New EU Financial Crisis Treaty as Sweden Vents at UK
Germans, French Pursue New EU Treaty; Sweden May Be on Board Owing to Anger at UK
View larger   (PDF)

 

Additional Global SIGINT Highlights Released on July 8, 2015

 

Global SIGINT Highlight Released on July 20, 2015

 

View More NSA Targets / Intercepts:

NSA's 2005 Assessment of The New York Times Warrantless Wiretapping Story

June 26, 2015

How The NSA Started Investigating The NYT’s Warrantless Wiretapping Story - The Intercept

NSA damage assessment on New York Times Warrantless Wiretapping story in 2005
Close Out for "Bush Lets U.S. Spy on Callers without Courts" - ACTION MEMORANDUM (13 pages)

GCHQ: UK Involvement in US Drone Strikes

June 24, 2015

GCHQ documents raise fresh questions over UK complicity in US drone strikes - The Guardian

Documents on 2012 Drone Strike Detail How Terrorists Are Targeted - New York Times


DOCUMENTS CITED BUT NOT RELEASED:

  • GCHQ: Comet News (2-year span): A regular series of newsletters which are used to update GCHQ personnel on the work of Overhead, an operation based on satellite, radio and some phone collection of intelligence.

  • GCHQ: 2009 legal briefing: Prepared for GCHQ personnel sharing target intelligence in Afghanistan which instructed them to refer to senior compliance staff before sharing information with the US if they believed it may be used for a “detention or cross-border operation”.

  • GCHQ: October 2010 guide to targeting: Includes a reference to the International Security Assistance Force in Afghanistan, indicating that it was written to assist in strikes there.


OVERHEAD; WIDOWMAKER

Espionnage Élysée: U.S. Surveillance Operations Against France

June 23, 2015

Espionnage Élysée - WikiLeaks

WikiLeaks - Chirac, Sarkozy et Hollande : trois présidents sur écoute - Libération

2006-2012: Hollande, Sarkozy et Chirac écoutés - Mediapart


NSA target list for France
NSA database extract of significant French political and economic targets - View larger  (Source)

 

NSA Global SIGINT Highlights:

Wikileaks NSA document - French President Approves Secret Eurozone Consultations
French President Approves Secret Eurozone Consultations, Meeting With German Opposition - View larger   (PDF)
Wikileaks NSA document showing US Intercepts of France Complaining About US Intercepts of France
Sensitive Issues on the Agenda When French, U.S. Presidents Meet Next Week in Washington - View larger   (PDF)

 

Wikileaks NSA document - US Spying On Chirac Discussing UN Appointments
French President Presses for Selection of Roed-Larsen as Deputy UNSYG - View larger   (PDF)
Wikileaks NSA document - US Spying on Sarkozy Talking Tough on Israel-Palestine
Sarkozy Determined to Proceed With Mideast Initiative, May Pressure U.S. President
View larger   (PDF)
Wikileaks NSA document - US Eavesdrops as Sarkozy Plots French Leadership on Financial Crisis
Sarkozy Sees Himself as Only One Who Can Resolve World Financial Crisis - View larger   (PDF)

 

 

June 29, 2015 - Additional Documents Released

NSA Global SIGINT Highlights:


NSA Spying Orders:

 

Analysis:  Wikileaks published some of the most secret NSA reports so far - Electrospaces.net

Related Leak:  NSA Spying in Berlin / Chancellor Merkel's Cell Phone

 

View More NSA Targets / Intercepts:

NSA and GCHQ Targeted Popular Security Software

June 22, 2015

Popular Security Software Came Under Relentless NSA And GCHQ Attacks - The Intercept

NSA Kaspersky user-agent strings
NSA: Kaspersky User Agent-Strings (14 pages)

 

NSA slides - CAMBERDADA virus detection for NSA
NSA: Project CAMBERDADA - Using SIGINT to Learn about New Viruses (13 slides)

 

GCHQ’s NDIST Developing Cyber Defence Mission
GCHQ: Developing Cyber Defence Mission (3 slides)

 

GCHQ Application for Renewal of Warrant GPW/1160
GCHQ: Application for Renewal of Warrant GPW/1160 (5 pages)

 

Software Reverse Engineering
GCHQ: Software Reverse Engineering (2 pages)
Reverse Engineering - GCHQ Wiki
GCHQ: GCWiki - Reverse Engineering (4 pages)
Malware Analysis
GCHQ: ACNO Skill 12 - Malware Analysis & Reverse Engineering (2 pages)

 

CAMBERDADA

GCHQ Domestic Law Enforcement, Online Propaganda and Psychology Research

June 22, 2015

Controversial GCHQ Unit Engaged In Domestic Law Enforcement, Online Propaganda, Psychology Research - The Intercept

Behavioural Science Support for JTRIG’S Effects and Online HUMINT Operations
Behavioural Science Support for JTRIG’S Effects and Online HUMINT Operations (42 pages)

 

UK Ministry Stakeholder Relationships Spreadsheets
GCHQ: UK Ministry Stakeholder Relationships Spreadsheets (13 documents merged in 26 pages)

GCHQ Hacking

June 22, 2015

Spies Hacked Computers Thanks To Sweeping Secret Warrants - The Intercept

Foreign and Commonwealth Office Relationships Goals
GCHQ: Foreign & Commonwealth Office Relationships & Goals - View full size  (Source)
GCWiki: TECA Product Centre
GCWiki: TECA Product Centre
(4 pages)
GCHQ Intrusion Analysis
GCHQ: Intrusion Analysis
(2 pages)

 

GCHQ Legal Authorisation Flowcharts - targeting and collection
GCHQ: Legal Authorisation Flowchart - Targeting and Collection (4 pages)

 

GCHQ: Operational Legalities
GCHQ: Operational Legalities (78 slides and Speaker Notes)

 

Documents cited that were also released in the other two 6/22/15 stories above:

  • GCHQ: Application for Renewal of Warrant GPW/1160 (5 pages)
  • GCHQ: UK Ministry Stakeholder Relationships Spreadsheets (13 documents merged in 26 pages)
  • GCHQ: Software Reverse Engineering (2 pages)
  • GCHQ: GCWiki - Reverse Engineering (4 pages)
  • GCHQ: ACNO Skill 12 - Malware Analysis & Reverse Engineering (2 pages)

 

BROAD OAK; UDAQ; DISHFIRE; IIB

NSA’s Domestic Cybersecurity Surveillance

June 4, 2015

Hunting for Hackers, NSA Secretly Expands Internet Spying at U.S. Border - New York Times

New Snowden Documents Reveal Secret Memos Expanding Spying - Pro Publica

NSA slide - Key Cyber milestone dates
Some Key (SSO) Cyber Milestone Dates Since Fall 2005 (1 slide)
NSA PRISM slide - What's Next
PRISM slide: What's Next?
(1 slide)
NSA PRISM slide - Conclusion
PRISM slide: Conclusion
(1 slide)

 

2012 NSA Newsletter on Cyber 702 authorities
New FAA702 Certification in the Works - Cyber Threat 2012 (1 page)
FBI - NSA deal to use NSA data for FBI cyber FISA
SSO's Support to the FBI for Implementation of their Cyber FISA Orders
(4 pages)

 

NSA CNO legal authorities - FISA rules
2010 NSA Office of General Counsel: CNO Legal Authorities (66 slides and speaker notes)

 

Classified annexes to White House Cyberspace Policy Review - 2009
Classified Annexes to 2009 White House Cyberspace Policy Review (16 pages)

 

Analysis:  The NSA’s Domestic Cybersecurity Surveillance - WebPolicy.org

Critics of "Collect it all" and NSA Information Overload

May 28, 2015

Inside NSA, Officials Privately Criticize “Collect It All” Surveillance - The Intercept

NSA SIDToday articles about Collect It All
  • 1/18/11:  Too Many Choices (2 pages)
  • 4/15/11:  Cognitive Overflow? (1 page)
  • 6/25/12:  Summit Fever (2 pages)
  • 1/23/12:  Do We Need a Bigger SIGINT Truck? (2 pages)


NSA SIDToday newsletters about Collect It All
  • 10/3/11:  Overcome With Overload? Help is Here with IM&S (1 page)
  • 8/16/12:  In Praise of Not Knowing (2 pages)
  • 3/15/11:  The Fallacies Behind the Scenes (2 pages)
  • 9/24/10:  Leave Bright Pebbles, Not Breadcrumbs for Those Coming After You (2 pages)


NSA newsletters posted on NSAnet
  • 9/18/07:  Data Is Not Intelligence (2 pages)
  • 4/6/11:  Is There a Sustainable Ops Tempo in S2? (3 pages)
  • 8/29/06:  Dealing With a Tsunami of Intercept (2 pages)
  • 8/1/11:  SIGINT Mission Thread 3 (2 pages)


Sigint Challenges -XKEYCON11- NSA needle in a haystack slide
NSA slide - May 2011

Google and Samsung App Stores Targeted for Android Spyware

May 21, 2015

Spy Agencies Target Mobile Phones, App Stores To Implant Spyware - CBC News

NSA Planned To Hijack Google App Store To Hack Smartphones - The Intercept

Irritant Horn slides - google app store hack - NSA
2012 Five Eyes presentation: Synergising Network Analysis Tradecraft (26 slides and speaker notes)

Related: A Chatty Squirrel: Privacy and Security Issues with UC Browser - Citizen Lab

 

IRRITANT HORN; FRETTING YETI; CRAFTY SHACK

NSA Documents Related to the Osama Bin Laden Raid

May 21, 2015

NSA Plan To Find Bin Laden By Hiding Tracking Devices In Medical Supplies - The Intercept

NSA Plan To Find Bin Laden By Hiding Tracking Devices In Medical Supplies
Medical Pattern of Life: Targeting High Value Individual #1 (10 slides)

 

May 18, 2015  (Updated June 11, 2015)

What The Snowden Files Say About The Osama Bin Laden Raid - The Intercept

NSA SIDToday on Osama Bin Laden raid
  • SIDToday 7/18/07: “SIGINT Obtains Details of Usama bin Laden Message to Top al-Qa’ida Leader in Iraq” (2 pages)
  • SIDToday 5/17/11: “What Does the Death of Usama bin Laden Mean?” (3 pages)
  • SIDToday 11/22/11: “SIGINT Year in Review November 2011” (2 pages)
  • GCWiki 9/8/11: JTAC Attack Methodology Team Wiki (3 pages)


NATO Afghanistan Intelligence Report, May 13, 2011
NATO Afghanistan Intelligence Report, 5/13/11
(3 pages)
NATO Afghanistan Intelligence Report, June 1, 2011
NATO Afghanistan Intelligence Report, 6/1/11
(2 pages)


Secret Southwest Regional Command Report, June 19, 2011
Southwest Regional Command Report, 6/19/11
(4 pages)
Secret Southwest Regional Command Report, June 23, 2011
Southwest Regional Command Report, 6/23/11
(3 pages)


Black Budget - Osama Bin Laden
Excerpts from the FY 2013 Black Budget (1 page)    (View more of the Black Budget)

Top Secret NCTC terrorism report
NCTC Current Status of Major Terrorism Figures (1 page)

SIDToday - TAO hacker interview
SIDToday 7/13/12: Interview with a SID Hacker
Part 2: Hacker Culture and Worker Retention (4 pages)


NSA's SKYNET Program Labeled Al-Jazeera Journalist as Al Qaeda Member

May 8, 2015

U.S. Gov't Designated Prominent Al Jazeera Journo As “Member Of Al Qaeda” - The Intercept

Al Jazeera Journalist Responds To U.S. Labeling Him Al Qaeda - The Intercept

NSA SKYNET slides showing Al Jazeera journalist Ahmad Muaffaq Zaidan as a member of Al Qaeda
SKYNET: Courier Detection Via Machine Learning (20 slides)

NSA SKYNET - cloud based behavior analytics
SKYNET: Applying Advanced Cloud-Based Behavior Analytics (20 slides)

 

Analysis:  The NSA’s SKYNET program may be killing thousands of innocent people - Ars Technica

 

SKYNET; ANCHORY; DEMONSPIT; TUSKATTIRE; GMHALO; GMPLACE; FASCIA; ROLLERCOASTER


How the NSA Uses Speech-to-Text Technology

May 5, 2015

How The NSA Converts Spoken Words Into Searchable Text - The Intercept


NSA RT 10 overview
RT10 Overview - June 2006 (15 slides)

 

NSA SIDToday
  • SIDToday 8/1/06: For Media Mining, the Future is Now! (Part 1) (2 pages)
  • SIDToday 8/7/06: For Media Mining, the Future is Now! (Part 2) (2 pages)
  • SIDToday 8/29/06: Dealing With a "Tsunami" of Intercept (2 pages)
  • SIDToday 10/23/08: A Tool that Enables Non-Linguists to Analyze Foreign-TV News (1 page)
  • SIDToday 5/25/11: Finding Nuggets Quickly in a Heap of Voice Collection, From Mexico to Afghanistan (2 pages)

 

NSA Human Language Technology (HLT) documents
  • SIDToday 5/26/11: How Is Human Language (HLT) Progressing? (2 pages)
  • GCHQ 12/7/09: SIRDCC Speech Technology WG assessment of current STT technology (11 pages)
  • 2011 Classification Guide for Human Language Technology (HLT) Models (4 pages)
  • Black Budget FY 2013: Number of voice files rendered searchable by text queries (1 page)
  • Black Budget FY 2013: Human Language Technology (HLT) Research Project (5 pages)

 

More on this topic:
RelatedThe Black Budget

 

RHINEHART; SPIRITFIRE

New Zealand's Plans for Spying on China for the NSA

April 18, 2015

Leaked Papers Reveal NZ plan to Spy on China for US - New Zealand Herald

New Zealand Plotted Hack On China With NSA - The Intercept


Excerpt from NSA report: "NSA activities in progress 2013"

 


Excerpt from "SUSLOW Monthly Report for March 2013" (Read more of the report here)

 


Excerpt from April 2013 NSA document

 

Information paper: NSA Intelligence Relationship with New Zealand
NSA Intelligence Relationship with New Zealand (3 pages) - This was previously released here

 

FROSTBITE; BASILHAYDEN

Ramstein's Role in U.S. Drone Operations

April 17, 2015

Germany Is The Tell-Tale Heart Of America’s Drone War - The Intercept

Bündnisse: Der Krieg via Ramstein - Der Spiegel

Ramstein - US drone program in Germany
Architecture of U.S. Drone Operations (2 pages)

New Zealand's GCSB Shares Intelligence Data With Bangladesh

April 15, 2015

Secret files reveal GCSB spies on and for the South-East Asian nation - New Zealand Herald

New Zealand Spy Data Shared With Bangladeshi Human Rights Abusers - The Intercept

Information paper: NSA Intelligence Relationship with New Zealand
NSA Intelligence Relationship with New Zealand (3 pages)

GCSB SIGINT Development Quarterly Report - New Zealand Bangladesh
GCSB SIGINT Development Quarterly Report - July 2009 (9 pages)

 

Related Leak: New Zealand's Role in Five Eyes Global Surveillance

GCHQ's JTRIG Operation QUITO in the Falkland Islands

April 2, 2015

Britain Used Spy Team To Shape Latin American Public Opinion On Falklands - The Intercept

New Snowden Documents Reveals a Spying Plan for Britain in Malvinas Argentina - Todo Notícias

>NSA Extended Enterprise Report - July 2008
NSA Extended Enterprise Report - July 2008 (1 page)
Behavioural Science Support for JTRIG
Behavioural Science Support for JTRIG (1 page)
Op QUITO - JTRIG Wiki Highlights - August 2009
Op QUITO - JTRIG Wiki Highlights - August 2009 (1 page)

 

GCHQ Mission Driven Access Workshop
GCHQ Mission Driven Access Workshop (2 slides)
NAC 2Q 2011 Business Review
NAC 2Q 2011 Business Review (1 page)
Comet News - March 2010
Comet News - March 2010
(1 page)

 

QUITO

Netanyahu’s Spying Denials Contradicted By NSA Documents

March 25, 2015

Netanyahu’s Spying Denials Contradicted By Secret NSA Documents - The Intercept


Which Foreign Intelligence Service Is the Biggest Threat to the US Excerpt from 2008 NSA document “Which Foreign Intelligence Service Is the Biggest Threat to the US?

 

History of the US – Israel SIGINT Relationship - Jonathan Pollard Excerpt from 2007 NSA document "History of the US – Israel SIGINT Relationship, post 1992"

 

2013 Black Budget - Israel spying
2013 Black Budget - Israel spying
2013 Black Budget - Israel spying Three excerpts from the 2013 Black Budget (1, 2, 3)

 

Related Leaks:

Canada's CSE Cyberwarfare Toolbox

March 23, 2015

Communication Security Establishment's Cyberwarfare Toolbox Revealed - CBC News

Documents Reveal Canada’s Secret Hacking Tactics - The Intercept


CASCADE: Joint Cyber Sensor Architecture
CASCADE: Joint Cyber Sensor Architecture (33 slides and speaker notes)

NSA memo on intelligence relationship with CSE
NSA Information Paper (April 2013): NSA Intelligence Relationship with CSE (4 pages)

CSEC Cyber Threat Capabilities - slides
CSEC Cyber Threat Capabilities (25 slides and speaker notes)

CSEC - Cyber Threat Detection slides
Cyber Threat Detection (7 slides and speaker notes)

CSEC SIGINT Cyber Discovery
CSEC SIGINT Cyber Discovery: Summary of the Current Effort (22 slides)

 

Related:  CSE's response to CBC's questions

 

CASCADE; PHOTONIC PRISM; EONBLUE; INDUCTION; THIRD-EYE; CRUCIBLE; SUNWHEEL; CHOKEPOINT; CASSIOPEIA; SEEDSPHERE; CROSSBOW; LODESTONE; REPLICANTFARM; SLIPSTREAM; WARRIORPRIDE; FASTFLUX


New Zealand's Role in Five Eyes Global Surveillance

March 22, 2015

How Spy Agency Homed in on Groser's Rivals - New Zealand Herald

New Zealand Spied On WTO Director Candidates - The Intercept

 XKeyscore source code for GCSB - WTO candidates
XKEYSCORE fingerprint defining WTO Director candidates as GCSB targets (2 pages)

 

March 14, 2015

Can't Take My Eyes Off Of You, Neighbour - New Zealand Herald

New Zealand Used NSA System To Target Officials, Anti-Corruption Campaigner - The Intercept

 XKEYSCORE fingerprint used by New Zealand GCSB to spy on the minister and cabinet of the Solomon Islands
XKEYSCORE fingerprint defining GCSB targets in the Solomon Islands (1 page)

 

March 10, 2015

New Zealand's Spy Reach Stretches Across Globe - New Zealand Herald

New Zealand Targets Trade Partners, Hacks Computers In Spy Operations - The Intercept

SUSLOW monthly report on WARRIORPRIDE
SUSLOW Monthly Report for March 2013 (2 pages)
Information paper: NSA Intelligence Relationship with New Zealand
NSA Intelligence Relationship with New Zealand (3 pages)
SIGINT Development Forum (SDF) Minutes
SIGINT Development Forum Minutes - June 2009 (3 pages)

 

March 7, 2015

Snowden files: Inside Waihopai's domes - Sunday Star-Times

Documents Shine Light On Shadowy New Zealand Surveillance Base - The Intercept

GCSB Update 22 April 2010 - New Zealand Waihopai Ironsand satellite interception station
GCSB Update 22 April 2010 (13 slides)

GCSB Update 21 March 2012 - Darkquest, Fallowhaunt, Shadowcat - New Zealand Waihopai Ironsand satellite interception station
GCSB Update 21 March 2012 (17 slides)

GCSB second party rules
NSA document: Second Party National Identity Rules - New Zealand GCSB (5 pages)

 

March 5, 2015

The price of the Five Eyes club: Mass spying on friendly nations - New Zealand Herald

Snowden GCSB revelations / Russel Norman says GCSB 'breaking the law' - New Zealand Herald

New Zealand Spies On Neighbors In Secret ‘Five Eyes’ Global Surveillance - The Intercept



Related Story:
Top-secret documents reveal Australia targeting Indonesia, South Pacific mobile phone networks

 




GCSB SIGINT Development Quarterly Report (6 pages)                Key Activities (1 slide)

 

Analysis:  New Zealand and XKEYSCORE: Not Much Evidence For Mass Surveillance - Electrospaces.net

Torus Analysis:  Expanded Communications Satellite Surveillance and Intelligence Activities Utilising Multi-beam Antenna Systems - Nautilus Institute

Related Leak: GCSB: New Zealand's Mass Surveillance Project

 

XKEYSCORE; IRONSAND; CAPRICA; PREBOIL; PLOUGHSHARES; LEGALREPTILE; LATENTHEAT; SEMITONE; SURFBOARD; FALLOWHAUNT; JUGGERNAUT; LOPERS; DARKQUEST; WEALTHYCLUSTER; COMMONGROUND; VENUSAFFECT; SHADOWCAT; TORUS; APPARITION; STONEGATE


Royal Bank of Canada and Rogers Communications Inc. Are Included in a List of Corporate Networks in an NSA Presentation

March 17, 2015

NSA trying to map Rogers, RBC communications traffic, leak shows - The Globe and Mail


DOCUMENT CITED BUT NOT RELEASED:

  • Private Networks: Analysis, Contextualization and Setting the Vision (40 slides): One slide in the 2012 presentation titled “Realms in Analyst Tools,” shows a drop-down menu listing 15 firms including “RoyalBankOfCanada” and “RogersWireless.ca”. The document does not say what data the NSA has collected about these firms or indicate the agency’s objective.


CIA's Effort to Break the Security of Apple's iPhones and iPads

March 10, 2015

The CIA Campaign To Steal Apple’s Secrets - The Intercept


TCB Jamboree 2012 Invitation
TCB Jamboree 2012 Invitation
(1 page)
Strawhorse
Strawhorse: Attacking the MacOS and iOS Software Development Kit (1 page)
TPM Vulnerabilities
TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker (1 page)


TCB Jamboree 2012
TCB Jamboree 2012 (1 page)
Apple A4/A5 Application Processors Analysis
Apple A4/A5 Application Processors Analysis (1 page)
Differential Power Analysis on the Apple A4 Processor
Differential Power Analysis on the Apple A4 Processor (1 page)


Secure Key Extraction by Physical De-Processing of Apple's A4 Processor
Secure Key Extraction by Physical De-Processing of Apple's A4 Processor (1 page)
Rocoto: Implanting the iPhone
Rocoto: Implanting the iPhone
(1 page)
Smurf Capability - iPhone
Smurf Capability - iPhone
(1 page)


Black Budget: Analysis of Target Systems
Black Budget: Analysis of Target Systems (3 pages)   (View more from the Black Budget)

 

ROCOTO; STRAWHORSE; SMURF; WARRIORPRIDE

CSE Monitors Millions of Canadian Emails Sent to Government

February 25, 2015

CSE monitors millions of Canadian emails to government - CBC News

Canadian Spies Collect Domestic Emails In Secret Security Sweep - The Intercept


CSEC slides about emails -  ITS/N2E: Cyber Threat Discovery
CSEC ITS/N2E: Cyber Threat Discovery (30 slides and speaker notes)

CSEC Slides - Pony Express - Cyber Network Defence R&D Activities
CSEC: Cyber Network Defence R&D Activities (16 slides and speaker notes)

 

CSE's Response to this story:  CSE response to CBC

 

PONY EXPRESS

NSA and GCHQ Targeted SIM Card Manufacturer To Steal Encryption Keys For Mobile Phones

February 19, 2015

The Great Sim Heist: How Spies Stole The Keys To The Encryption Castle - The Intercept


GCHQ slide - CNE Access to Core Mobile Networks
CNE Access to Core Mobile Networks (1 slide)
GCHQ slide - Where Are These Keys?
Where Are These Keys? (1 slide)
GCHQ slide - CCNE Successes Jan10-Mar10 Trial - Somalia
CCNE Successes Jan10-Mar10 Trial (1 slide)

 

DAPINO GAMMA CNE Presence Wiki
DAPINO GAMMA CNE Presence Wiki (1 page)
DAPINO GAMMA Gemalto Yuaawaa Wiki
DAPINO GAMMA Gemalto Yuaawaa Wiki (1 page)
DAPINO GAMMA Target Personalisation Centres Gemalto Wiki
DAPINO GAMMA Target Personalisation Centres Gemalto Wiki (1 page)

 

IMSIs Identified with Ki Data for Network Providers Jan10-Mar10 Trial
IMSIs Identified with Ki Data for Network Providers Jan10-Mar10 Trial (1 slide)
CCNE Stats Summaries Jan10-Mar10 Trial
CCNE Stats Summaries Jan10-Mar10 Trial (1 slide)
CNE Email Harvesting Jan10-Mar10 Trial
CNE Email Harvesting Jan10-Mar10 Trial (1 slide)

 

PCS Harvesting at Scale
PCS Harvesting at Scale (24 pages)

 

CCNE Email Addresses - Huawei, gmail- Jan10-Mar10 Trial
CCNE Email Addresses Jan10-Mar10 Trial (1 slide)

 

Gemalto's statement related to this story:  Gemalto presents the findings of its investigations

Analysis:  NSA and GCHQ stealing SIM card keys: a few things you should know - Electrospaces.net

 

DAPINO GAMMA; HIGHLAND FLING

Kaspersky Lab Reveals Discovery of Sophisticated Nation-State Malware Platforms

February 16, 2015

Equation: The Death Star of Malware Galaxy - Kaspersky Lab

Equation Group: Questions And Answers - Kaspersky Lab

Related Stories and Analysis:


Related Leaks:

 

UNITEDRAKE; STRAITBIZZARE; VALIDATOR; SLICKERVICAR; SKYHOOKCHOW; STEALTHFIGHTER; DRINKPARSLEY; STRAITACID; LUTEUSOBSTOS; STRAITSHOOTER, DESERTWINTER; GROK


Iran Learned from Western Cyber Attacks

February 10, 2015

NSA Claims Iran Learned From Western Cyberattacks - The Intercept

NSA director'scomments on how Iran is learning from NSA and GCHQ cyberattacks - hacking
Topic: Iran - Current Topics, Interaction With GCHQ (2 pages)

IPT ruling GCHQ illegal - The regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities … contravened Articles 8 or 10 ECHR

Investigatory Powers Tribunal (IPT) ruling on regulations covering access by GCHQ to emails and phone records intercepted by the NSA breached human rights law. (Source)

NSA/GCHQ/CSE Rely On Hackers For Intel And Expertise

February 4, 2015

Western Spy Agencies Secretly Rely On Hackers For Intel And Expertise - The Intercept

LOVELY HORSE - GCHQ Wiki Overview
GCHQ GCWiki: LOVELY HORSE (2 pages)
HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE - Open Source for Cyber Defence/Progress
GCHQ GCWiki: Open Source for Cyber Defence/ Progress (2 pages)

NATO Civilian Intelligence Council - Cyber Panel - US Talking Points
NATO Civilian Intelligence Council - Cyber Panel National Input (3 pages)
INTOLERANT - Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers
SIDToday: Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers (1 page)

 

INTOLERANT; LOVELY HORSE; HAPPY TRIGGER; TWO FACE; ZOOL

Canada's CSE Tracks Millions of Downloads Daily

January 28, 2015

Canada Casts Global Surveillance Dragnet Over File Downloads - The Intercept

CSE tracks millions of downloads daily (Video) CNC News


CSEC Levitation slides - tracking downloads for terrorist content
CSE: LEVITATION and the FFU Hypothesis (21 slides)

 

Related:  Levitation: Inspire-Ing Work from CSE

 

LEVITATION; ATOMIC BANJO

BADASS: Spying on Smart Phone Users

January 26, 2015

Secret ‘BADASS’ Intelligence Program Spied On Smartphones - The Intercept

 Exploring and exploiting leaky mobile apps with BADASS
GCHQ: Mobile Apps Doubleheader: BADASS Angry Birds (58 slides)

 

RELATED LEAKS:  NSA and the Digital Arms Race
                              NSA and GCHQ Collect Data from Phone Apps

 

BADASS

MORECOWBELL: Covert DNS Monitoring

January 24, 2015

MoreCowBells: New revelations about the NSA's practices - Le Monde (English translation)

NSA slides - MORECOWBELL - showing covert DNS monitoring system - PACKAGEDGOODS
MORECOWBELL: A Covert HTTP/DNS Monitoring System For Operations Support (5 slides)

 

Analysis:  NSA’s MORECOWBELL: Knell for DNS - GNUnet.org

 

MORECOWBELL; PACKAGEDGOODS

GCHQ: Journalists' Emails Were Harvested Via Fiber-Optic Tap and Posted on GCHQ's Intranet

January 19, 2015

GCHQ captured emails of journalists from top international media - The Guardian

DOCUMENTS CITED BUT NOT RELEASED:

  • Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise in November 2008 of a then-new tool being used to strip irrelevant data out of the agency’s cable tapping process.

  • Top Secret GCHQ document discussing Ripa states that the fact that billing records captured under Ripa are available to any government agency is “unclassified” provided that there is “no mention of bulk”. The same document also states that the fact that billing records “kept under Ripa are not limited to warranted targets” must be kept as one of the agency’s most tightly guarded secrets, at a classification known as “Top secret strap 2”.

  • GCHQ information security assessment listed “investigative journalists” as a threat in a hierarchy alongside terrorists or hackers

  • A restricted document intended for army intelligence warned that “journalists and reporters representing all types of news media represent a potential threat to security”. It continued: “Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest." (more)


NSA and the Digital Arms Race

January 17, 2015

The Digital Arms Race: NSA Preps America for Future Battle - Der Spiegel

Related Stories:
Related Documents Released From the UK Home Office on 2/6/2015:

Analysis:

 

NETWORK ATTACKS AND EXPLOITATION:

Excerpt from the secret NSA budget on Computer Network Operations / Code word GENIE
Black Budget excerpt: GENIE Project (9 pages)   (View more from the Black Budget)

Classification guide for computer network exploitation (CNE)
NSA Classification Guide: Computer Network Exploitation (8 pages)

NSA training course material on computer network operations
NIOC Maryland Advanced Computer Network Operations Course (55 slides)

Overview of methods for NSA integrated cyber operations
Case Studies of Integrated Cyber Operation Techniques (18 slides)

NSA project description to recognize and process data that comes from third party attacks on computers
CNE Presence in CT10 Status Report (4 pages)

 Exploring and exploiting leaky mobile apps with BADASS
GCHQ: Mobile Apps Doubleheader: BADASS Angry Birds (58 slides)

iPhone target analysis and exploitation with Apple's unique device identifiers (UDID)
GCHQ: iPhone Target Analysis and Exploitation With Unique Device Identifiers (11 pages)

Report of an NSA Employee about a Backdoor in the OpenSSH Daemon
SNIPs of SIGINT: Monthly Notes for June 2012 (5 pages)

 Overview of projects of the TAO/ATO department such as the remote destruction of network cards
WikiInfo: Persistence Division S3285/InternProjects (13 pages)

NSA document on QUANTUMSHOOTER, an implant to remote-control computers with good network connections from unknown third parties
WikiInfo: QUANTUM Shooter SBZ Notes (6 pages)

Document about the expansion of the Remote Operations Center (ROC) on endpoint operations
SIDToday: Expanding Endpoint Operations (3 pages)
Document explaining the role of the Remote Operations Center (ROC)
SIDToday: The ROC: NSA's Epicenter for Computer Network Operations (3 pages)

Interview with an employee of NSA's department for Tailored Access Operations about his field of work
SIDToday: Interview with a SID "Hacker"
- How Does TAO Do Its Work? (4 pages)
NSA Supply-chain interdiction
SIDToday: Stealthy Techniques Can Crack Some of SIGINT's Hardest Targets (2 pages)

 

MALWARE AND IMPLANTS:  

CSEC document about the recognition of trojans and other network based anomaly
CSEC SIGINT Cyber Discovery Conference GCHQ/Nov 2010: Summary of the current effort (22 slides)

The formalized process through which analysts choose their data requirement and then get to know the tools that can do the job
GCHQ: CNE End Point Requirements (9 pages)

QUANTUMTHEORY is a set of technologies allowing man-on-the-side interference attacks on TCP/IP connections (includes STRAIGHTBIZARRE and DAREDEVIL)
2010 SIGINT Development Conference: QUANTUMTHEORY (11 slides)


Sample malware code:  QWERTY, a keylogger plugin for the WARRIORPRIDE malware framework

 

EXFILTRATION:  

Explanation of the APEX method of combining passive with active methods to exfiltrate data from networks attacked
APEX Active/Passive Exfiltration (55 slides)

Explanation of APEX shaping to put exfiltrating network traffic into patterns that allow plausible deniability
Analytic Challenges from Active-Passive Integration (13 slides)

Presentation on the FASHIONCLEFT protocol that the NSA uses to exfiltrate data from trojans and implants to the NSA
The FASHIONCLEFT Protocol (19 slides)

Methods to exfiltrate data even from devices which are supposed to be offline
Moving Data Through Disconnected Networks - Delay-Tolerant Networking and the IC (80 slides)

Document detailing SPINALTAP, an NSA project to combine data from active operations and passive signals intelligence
SPINALTAP: Making Passive Sexy for Generation Cyber (43 slides)

Technical description of the FASHIONCLEFT protocol the NSA uses to exfiltrate data from Trojans and implants to the NSA
FASHIONCLEFT Interface Control Document (28 pages)

 


FOURTH PARTY ACCESS:  

Overview of the TRANSGRESSION program to analyze and exploit foreign CNA/CNE exploits
TRANSGRESSION Overview for Pod58 (16 slides)

SNOWGLOBE, in which a suspected French government trojan is analyzed to find out if it can be helpful for own interests
CSEC: SNOWGLOBE - From Discovery to Attribution (25 slides)

NSA fourth party access / I drink your milkshake
Fourth Party Opportunities - I drink your milkshake (26 slides)

 NSA Program TUTELAGE to instrumentalize third party attack tools
TUTELAGE 411 (30 slides)

Codename BYZANTINE HADES / NSA research on the targets of Chinese network exploitation tools, DOD, White House, facebook - China hackers
BYZANTINE HADES (Chinese CNE): An Evolution of Collection (27 slides)

CSEC document on the handling of existing trojans when trojanizing computers
CSEC Counter-CNE: Discovering aliens on CNE infrastructure (30 slides)

Analysis of Chinese methods and performed actions in the context of computer network exploitation
Chinese Exfiltrate Sensitive Military Technology (3 slides)

Description of an NSA employee on fifth party access / When the targeted fourth party has someone under surveillance who puts others under surveillance
Round Table: Is there a fifth party collection? (3 pages)
4th party collection / Taking advantage of non-partner computer network exploitation activity
SIDToday: 4th Party Collection - Taking Advantage of Non-Partner CNE Activity (3 pages)
Combination of offensive and defensive missions / How fourth-party missions are being performed
SIDToday: NSA's Offensive and Defensive Missions - NTOC Hawaii (3 pages)

 

BOTNET TAKEOVERS:  

Overview on the NSA use of bots and the DEFIANTWARRIOR program
DEFIANTWARRIOR and the NSA's Use of Bots (65 slides)

HIDDENSALAMANDER / Program for the recognition of botnet activity and options for takeover of clients and data
HIDDENSALAMANDER: Alerting and Characterization of Botnet Activity in TURMOIL (21 slides)

 

 

Related: Snowden leaks: South Korea’s North Korea program a target of “double hacking”

 

 

ALTEREDCARBON; ARGYLEALIEN; ARROWECLIPSE; BADASS; BARNFIRE; BENTWHISTLE; BERSERKR; BLACKHOLE; BORGERKING; BOXINGGRUMBLE; BRAVENICKEL; BYZANTINE HADES; BYZANTINE CANDOR; CUTEBOY; BYZANTINE FOOTHOLD; CASTLECRASHER; CENTRICDUD; CHIMNEYPOOL; CLOUDSHIELD; DAREDEVIL; DEADSEA; DEFIANTWARRIOR; DIRTYDEEDS; EASYKRAKEN; EONBLUE; FAKEDOUBT; FASHIONCLEFT; FELONYCROWBAR; FINGERGNOME; FORESTPLACE; FREEFLOW; FRIEZERAMP; FROZENEARTH; FUSSYKEEL; FUZZYEBOLA; GENIE; GOLDEN EYE; GOPHERRAGE; HAMMERCHANT; HAMMERMILL; HAMMERSTEIN; HANGARSURPLUS; HIDDENSALAMANDER; HIGH NOTE; INCENSOR; IRATEMONK; ISLANDTRANSPORT; JUMPDOLLAR; KIRKBOMB; LOOKING GLASS; MADBISHOP; MIDDLEMAN; MOPNGO; MOUSETRAP; MUGSHOT; PANT SPARTY; PASSIONATEPOLKA; PITIEDFOOL; PLUCKHAGEN; POLITERAIN; POUNDSAND; PRESSUREWAVE; REPLICANTFARM; ROGUESAMURAI; QUANTUMBISCUIT; QUANTUMBOT; QUANTUMCOPPER; QUANTUMDEFENSE; QUANTUMDNS; QUANTUMHAND; QUANTUMINSERT; QUANTUMMUSH; QUANTUMPHANTOM; QUANTUMSANDMAN; QUANTUMSKY; QUANTUMSMACKDOWN; QUANTUMSQUEEL; QUANTUMSQUIRREL; QUANTUMTHEORY; QWERTY; ROCK OPERA; SADDLEBACK; SIERRAMIST; SNOWGLOBE; SODAPRESSED; SPINALTAP; SPITEFULANGEL; STYLISHCHAMP; STRAITBIZZARE; STARGATE; SURPLUSHANGAR; TORNSTEAK; TRAFFICTHIEF; TRANSGRESSION; TUNINGFORK; TURBINE; TURBULENCE; TURMOIL; TUTELAGE; TWISTEDKILT; VOYEUR; WARRIORPRIDE; WICKEDVICAR; WIDOWKEY; WISTFULTOLL; ZOMBIEARMY


US Cybersecurity Rpt: Encryption Vital; Memo on GCHQ Hacking

January 15, 2015

Secret US cybersecurity report: encryption vital to protect private data - The Guardian

DOCUMENTS CITED BUT NOT RELEASED:

  • 2009 document from US National Intelligence Council that gives a five-year forecast on the “global cyber threat to the US information infrastructure" and makes clear that encryption was the “best defence” for computer users to protect private data.

  • 2008 GCHQ memo addressed to the foreign secretary, David Miliband requesting a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The memo cited examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. GCHQ had also been working to “exploit” the anti-virus software Kaspersky. Also, the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.


NSA's Role in Cyber Warfare

January 10, 2015

Battlefield Internet: Weaponizing Cyberspace - NDR

NSA Cyber Cop (CYBERCOP) slides
Cyber Cop (3 slides)

 

View the Battlefield Internet video

 

RELATED:
Exclusive: Edward Snowden on Cyber Warfare - Transcript of James Bamford's interview with Edward Snowden for an upcoming film on NOVA (PBS) about cyber warfare.