DocumentRelease Date: 2015-06-22
These undated slides from GCHQ’s National Defence Intelligence and Security Team claim that the agency collects “around 100,000,000 malware events per day”: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
GCHQ's developing Cyber Defence Mission Reduce vulnerability Reduce harm Enable prosperity TOP SECRET 5EYES The Cyber Defence Mission Support national situational awareness - Supp...
DocumentRelease Date: 2009-07-01
This NSA presentation from July 2009 describes the kinds of information drawn from online forums that can be accessed in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
web-forum-exploitation-using-xks-p1-normal.gif: OPSECRET//COMINT//REL TO USA, AUS. CAN, GBR, NZL Web Forum Exploitation using XKEYSCORE S2I7 July 2009 TOP SECRET//COMINT//REL TO USA,...
DocumentDocument Date: 2009-09-01Release Date: 2014-05-13
This September 2009 NSA presentation outline some of the insights that analysts can gather from online social networks (OSNs) and show the XKeyScore interface for performing such searches: see the book No Place To Hide, 13 May 2014.
TOP SECRET//COMINT//REL TO USA, FVEY (S//SI//REL) Tracking Targets on Online Social Networks The overall classification of this briefing to TOP SECRET//COMINT//REL TO USA, FVEY Online...
DocumentDocument Date: 2009-01-01Release Date: 2015-07-01
This 2009 NSA presentation describes some of the plug ins available and the way the tool relates to other NSA methods for searching internet metadata, with XKeyScore having the broadest capability: see the book No Place To Hide, 13 May 2014.
xks-as-a-sigdev-tool-p1-normal.gif: X-KEYSCORE as a SIGDEV tool 2009 ■EBTxks-as-a-sigdev-tool-p2-normal.gif: What is X-KEYSCORE?xks-as-a-sigdev-tool-p3-normal.gif: TOP SECRET//COMINT//ORC...
DocumentDocument Date: 2012-12-01Release Date: 2015-07-01
This 143-page NSA presentation from December 2012 provides a general introduction to the architecture, operation and administration of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
xks-system-administration-p1-normal.gif: TOP SECRET II SI II REL TO USA. AUS. CAN. GBR. NZL December 2012 t-—v.—r---------------- TOP SECRET // Si II REL TO USA, AUS, CAN, GBR, NZLxks-sy...
DocumentDocument Date: 2011-08-23Release Date: 2015-08-15
This 23 August 2011 post from the internal NSA newsletter SSO Weekly describes the disruption caused to collection from a Japanese-American cable by an earthquake. The date of service resumption correlated with the AT&T operated cable in the region: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, […]
(TS//SI//NF) FAIRVIEW: CLIFFSIDE Site - Collection Resumes After Months By H on 2011-08-23 0805 ~5 (TS//SI//NF) On 5 Aug 2011, collection of DNR and DNI traffic at the FAIRVIEW CLIFF...
DocumentDocument Date: 2008-01-01Release Date: 2016-01-29
This GCHQ manual from 2008 explains how analysts would unscramble the video signals from Israeli drones: see the Intercept article Spies in the Sky: Israeli Drone Feeds Hacked by British and American Intellience, 29 January 2016.
SECRET ISUAV Video Descrambling Author: vereîon^ra Introduction Analogue video from Israeli UAVs has been intercepted in both clear (i.e. unencrypted) and scrambled (i.e. encrypted...
DocumentDocument Date: 2012-10-03Release Date: 2013-11-26
Extracts from an NSA document dated 3 October 2012 show that the agency proposed using records of online activity to discredit six individuals. Also included is the document’s distribution list and the targeting rationale for the six individuals involved (all identifying information has been redacted): see the Huffington Post article Top-Secret Document Reveals NSA Spied […]
rad2.jpg: PREFACE (U) (TS SI REL TO USA, FVEYFISA) This SIGiNT assessment exammes access as one element in the process of Islamic radicakabon in order to identify vulnerabilities Using sit pr...
DocumentDocument Date: 2013-03-14Release Date: 2014-06-18
This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as […]
UNCLASSIFIED//FOR OFFICIAL USE ONLY 14 MARCH 2013 Special Source Operations Watkly UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY (U) CORPORATE TEAM ...
DocumentDocument Date: 2012-08-31Release Date: 2014-05-13
Ths internal NSA post dated 31 August 2012 announces improvements to the way the agency shares information about its PRISM operations with the FBI and CIA. PRISM, the document concludes, “is a team sport!”: see the book No Place To Hide, 13 May 2014.
Page 116 (TS//SI//NF) Expanding PRISM Sharing With FBI and CIA By | NAMi.Rtt>AfiM3 1 on 2012-08-31 0947 (TS//SI//NF) Special Source Operations (SSO) has recently expanded sharing with the ...
DocumentDocument Date: 2012-09-19Release Date: 2014-06-18
This internal NSA post dated 19 September 2012, describes GCHQ’s operation Tempora which, make “more than 40 billion pieces of content a day” available to analysts from both agencies: see the Der Spiegel article The NSA in Germany: Snowden’s Documents Available for Download, 18 June 2014.
(C//REL) TEMPORA -- "The World s Largest XKEYSCORE" - Is Now Available to Qualified NSA Users (U//FOUO) NSA Integree at GCIIQ Run Date: 09/19/2012 (U//FOUO) SIGINT analysts: We have all...
DocumentDocument Date: 2012-05-21Release Date: 2014-06-18
This page from GCHQ’s internal GCWiki, last edited in May 2012, provides background information on the agency’s “internet buffer business capability”: see the Der Spiegel article The NSA in Germany: Snowden’s Documents Available for Download, 18 June 2014.
 News BREAKING NEWS (May 2012) - The second tranche of 'deep dive' processing capability at RPC has gone live. In addition 2 extra lOG's are being processed at OPC. This brings the curre...
DocumentDocument Date: 2011-01-22Release Date: 2014-07-05
These two slides from a 22 January 2011 NSA PowerPoint presentation constitute the first document drawing on intercepted communications content to be made public. The subject of this presentation was captured in Abbottabad, Pakistan on 23 January 2011: see the Washington Post article In NSA-intercepted data, those not targeted far outnumber the foreigners who are, […]
Muhammad Tahir Shahzad AKA Abu Hamza 22 JANUARY 2011 OVERALL CLASSIFICATION OF DOCUMENT: (U//FOUO) The following information has not been fully analyzed and may be incomplete and sub...
DocumentDocument Date: 2009-07-27Release Date: 2014-11-25
These July 2009 documents provide a full list of the fibre-optic cables GCHQ had access to at that point, including details of location, bandwidth and corporate partners: see the Süddeutsche Zeitung article Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ’s Spying Efforts, 25 November 2014. […]
partner_cables.pdf: Partner Cable UK? REMEDY GERONTIC DACRON LITTLE PINNAGE STREET CAR VITREOUS Apolo UK IRU/LC DCO IRU/LC IRU/LC IRU/LC CANTAT 3 UK DCO IRU/LC Concerto UK D...
GEMINI, ARCANO, BROKER, CATEGORY, DACRON, DONNINGTON, ELAPSE, GERONTIC, GIB(B)US, GRASP, HIASCO, KIRKISTOWN, KNAPWEED, LATUS, LINNELL, LITTLE, MONDELLO, NIGELLA, NUMDAH, PFENNING ALPHA, PINNAGE, PRESCOTT, REMEDY, SCEPTRE, STELLABLUE, TEMPORA, VITREOUS
Australia (AUS/AU), Bahamas (BHS/BS), Belgium (BEL/BE), Bermuda (BMU/BM), Canada (CAN/CA), China (CHN/CN), Denmark (DNK/DK), Egypt (EGY/EG), Finland (FIN/FI), France (FRA/FR), Germany (DEU/DE), Guam (GUM/GU), Iceland (ISL/IS), India (IND/IN), Ireland (IRL/IE), Isle of Man (IMN/IM), Italy (ITA/IT), Jamaica (JAM/JM), Japan (JPN/JP), Korea (KOR/KR), Latvia (LVA/LV), Malta (MLT/MT), Netherlands (NLD/NL), Nigeria (NGA/NG), Philippines (PHL/PH), Poland (POL/PL), Portugal (PRT/PT), Russia (RUS/RU), Spain (ESP/ES), Sweden (SWE/SE), United Kingdom (GBR/GB)
DocumentRelease Date: 2014-11-25
This undated screenshot from GCHQ’s internal GCWiki provides details of INCENSER, “a GERONTIC delivery from the NIGELLA access” – in other words, a supply of data arranged by Cable & Wireless from a rival company’s infrastructure: see the Süddeutsche Zeitung article Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ’s Spying Efforts, 25 November 2014. Download […]
TOP SECRET STRAP 1 COMINT The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report inappropriate content. For GCWiki help contact: page PTC Glossary F...
DocumentDocument Date: 2013-01-06Release Date: 2015-03-15
This XKeyScore fingerprint, dated 6 January 2013, shows the extent to which New Zealand’s GCSB targeted Solomon Islands public officials and civil society: see the New Zealand Herald article Revealed: The names NZ targeted using NSA’s XKeyscore system, 15 March 2015.
2 Classification: 3 5-eyes releasable 4 Top Secret 5 COMINT 6 ________ 7 Last modified: 2013-01-06 8 9 NOTE WELL that the contents of this file are managed by the GUI. 10 A...
DocumentDocument Date: 2011-01-01Release Date: 2015-03-23
This CSEC presentation from 2011 communicates Canada’s current and future cyberwar plans to their Five Eyes partners: see the article Communication Security Establishment’s cyberwarfare toolbox revealed, 23 March 2015.
CLASSIFICATION: CLASSIFICATION: TOP SECRET // COMINT // REL FVEY Project Overview Current Status Proposed Architecture Towards 2015 CLASSIFICATION: TOP SECRET // COMINT // REL FYEY ...
DocumentDocument Date: 2010-01-01Release Date: 2015-02-25
This 2010 CSEC document complete with speakers’ notes shows that visits to Canadian government websites were monitored, and hundreds of thousands of emails to government email addresses retained every day, for cybersecurity purposes: see the CBC News article CSE monitors millions of Canadian emails to government, 25 February 2015.
TOP SECRET 1^1 Communications Security Centre de la sécurité Establishment Canada des télécommunications Canada CSEC ITS/N2E Cyber Threat Discovery I DISCOCON 2010 m/4 ...
DocumentDocument Date: 2012-03-23Release Date: 2015-06-04
This NSA memo from 23 March 2012 presentation describes the agency’s proposal for a fourth FAA 702 certification that would allow it to target hackers “tied to malicious cyber activity”: see the New York Times article Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border, 4 June 2015.
(TS//SI//NF) New FAA702 Certification in the Works - Cyber Threat By on 2012-03-23 1423 (TS//SI//NF) NSA has drafted a new FAA702 Certification to target Cyber Threats. It is close to being r...
DocumentDocument Date: 2010-05-01Release Date: 2015-07-01
This 61-page NSA presentation from May 2010 provides analysts with a guide to tracking individuals within XKeyScore using the system’s fingerprint capability: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL Introduction to Context Sensitive Scanning with X-KEYSCORE Fingerprints May 2010 TOP SECRET //COMINT //REL TO USA, AUS, CAN, GBR, NZL ...
DocumentDocument Date: 2012-03-28Release Date: 2015-08-15
This 28 March 2012 post from the NSA internal newsletter SSO Weekly describes the agency’s relationship with AT&T (FAIRVIEW) as “highly collaborative”: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.
(TS//SI//REL FVEY) FAIRVIEW Tour By on 2012-03-28 1333 (TS//SI//REL FVEY) On 23 March, S3 and GAO Technical Directors: S3 - and HHHH7an^b^blGINT Lom^^nce and Arcnl^^U^e Lead I, a...
DocumentDocument Date: 2012-04-18Release Date: 2015-08-15
This 18 April 2012 post from the NSA internal newsletter SSO Weekly reveals that AT&T (FAIRVIEW) cooperated with the NSA, under the terms of a FISA court order, to enable the agency to surveil the internet traffic going to and from the United Nations headquarters in New York: see the New York Times article AT&T […]
(TS//SI//NF) United Nations DNI Collection Enabled By on 2012-04-18 0853 (TS//SI//NF) FAIRVIEW and BLARNEY engineers collaborated to enable the delivery of 700Mbps of paired packet switched t...
DocumentDocument Date: 2008-02-29Release Date: 2015-09-25
This set of GCHQ minutes from 29 February 2008 describes a set of tools that were under development at that point, including the metadata analysis tool KARMA POLICE: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
pull-through-steering-group-minutes-p1-normal.gif: TOP SECRET STRAP1 THQ/1202THQ/1900/0058 29 February 2008 PullThrough Steering Group Meeting #16 29 February 2008. Distribute to: In...
DocumentDocument Date: 2011-09-19Release Date: 2015-07-01
This NSA presentation dated 19 September 2011 outlines the use of Workflows within XKeyScore and includes screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
xks-workflows-2011-p1-normal.gif: XKEYSCORE Workflows 19 September 2011 SECRET7/COMINT//REL TO USA, AUS, CAN, GBR, MZL i —* DERIVED FROM: NSA/CSSM 1-52 DATED: 20070108...
DocumentDocument Date: 2009-03-01Release Date: 2015-07-01
This NSA presentation from March 2009 shows how VOIP intercepts are handled in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
voip-in-xks-p1-normal.gif: TOP SECRET//COMINT7/REL TO USA. AUS, CAN, GBR, NZL//20291123 VOIP in XKEYSCORE March 2009 TOP SECRET//COMINT//REL TO USA. AUS. CAN, GBR, NZL//20291123voip-in-...
DocumentDocument Date: 2010-11-22Release Date: 2015-07-01
This 67-page NSA presentation from November 2010 explains how to create the “Fingerprints” which enable analysts to trace individuals within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
writing-xks-fingerprints-p1-normal.gif: Writing XKS Fingerprints November 2010 TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZLwriting-xks-fingerprints-p2-normal.gif: Agenda • Naming...
DocumentDocument Date: 2012-01-01Release Date: 2016-01-29
This GCHQ presentation from 2012 describes the Troodos (Cyprus) station’s successes in intercepting signals from drones, including Israeli-made drones “carrying weapons” and Iranian-made drones being used in Syria, which were the subject of “presidential” interest: see the Intercept article Spies in the Sky: Israeli Drone Feeds Hacked by British and American Intellience, 29 January 2016. […]
TOP SECRET STRAP1 Significant TRF TROODOS stories over past 6 months I TOP SECRET STRAP1 Success against Syria • 17th Feb 2012 collection on an undocumented frequency of 120...
DocumentDocument Date: 2004-10-06Release Date: 2015-09-29
This post from the NSA’s internal SIDToday newsletter, dated 6 October 2004, reviews the agency’s operations for the recently-concluded Athens Olympics: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
id-863-redacted-formatted-p1-normal.gif: DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U) Another Successful Olympics Story FROM:...
DocumentRelease Date: 2013-06-21
This concluding slide from an undated GCHQ presentation on Tempora reminds analysts that they are in a “enviable” and “privileged” position – “you have access to a lot of sensitive data… have fun and make the most of it”: see the Guardian article Mastering the internet: how GCHQ set out to spy on the world […]
Conclusion TOP SECRET STRAP1 ® You are in a privileged position — repay that trust, o You have ready access to a lot of sensitive data, o Understand your legal obligations — don’t become a...
DocumentDocument Date: 2011-09-20Release Date: 2016-02-02
This GCHQ research report dated 20 September 2011, cowritten by researchers at Heilbronn Institute for Mathematical Research based at the University of Bristol, concerns the use of data mining techniques to develop usable intelligence as well as the contradictions that arise from the use of algorithms to identify wrong doers, or potential wrong doers. The […]
UK TOP SECRET STRAP1 COMINT AUS/CAN/NZ/UK/US EYES ONLY Reference: OPC-M/TECH.A/455 (v1.0, r206) Date: 20 September 2011 Copy no: HIMR Data Mining Research Problem Book OPC-MCR, G...