Snowden Doc Search

MILKWHITE Enrichment Services (MES) Programme

Document

Release Date: 2016-06-07 Document Date: 2011-03-09

This two-page extract from a larger GCHQ document dated 9 March 2011 describes MILKWHITE, the codename under which metadata gathered by the agency is shared with other branches of the British government: see the Intercept article Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure, 7 June 2016.

TOP SECRET STRAP1 9 March 2011 DISCOVER ID 5100181 E. MILKWHITE Enrichment Service (MES) Programme In FY11/12 the MES Programme will continue to support the Home Office Communications Ca...

HIMR Data Mining Research Problem Book

Document

Release Date: 2016-02-02 Document Date: 2011-09-20

This GCHQ research report dated 20 September 2011, cowritten by researchers at Heilbronn Institute for Mathematical Research based at the University of Bristol, concerns the use of data mining techniques to develop usable intelligence as well as the contradictions that arise from the use of algorithms to identify wrong doers, or potential wrong doers. The […]

UK TOP SECRET STRAP1 COMINT AUS/CAN/NZ/UK/US EYES ONLY Reference: OPC-M/TECH.A/455 (v1.0, r206) Date: 20 September 2011 Copy no: HIMR Data Mining Research Problem Book OPC-MCR, G...

MHS FISINT Successfully Collects Israeli F-16 Heads Up Display

Document

Release Date: 2016-01-29 Document Date: 2008-02-01

This March 2008 post from the internal NSA newsletter SIDToday, describes the Menwith Hill station’s success in intercepting the video feeds from Israeli F-16 fighter jets and drones: see the Intercept article Spies in the Sky: Israeli Drone Feeds Hacked by British and American Intellience, 29 January 2016.

TOP SECRET//COMINT/TALENT KEYHOLE// REL TO USA, FVEY published March 2008 MHS FISINT Successfully Collects Israeli F-16 Heads-Up Display (S//SI//REL) , Menwith Hill Station (F77) (S...

GCHQ Analytic Cloud Challenges

Document

Release Date: 2015-09-25 Document Date: 2012-05-14

This GCHQ presentation dated 14 May 2012 describes the agency receiving “more than 50 billion events [metadata records] per day” and some of the tools available for analysing that mass of data: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

gchq-analytic-cloud-challenges-p1-normal.gif: GCHQ Analytic Cloud Challenges Innovation Lead for Data, Analytics & Visualisation Engineering This information is exempt from Disclosure unde...

HRA auditing

Document

Release Date: 2015-09-25

This undated page from GCHQ’s internal GCWiki describes the agency’s audit procedure to document compliance with the UK Human Rights Act: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

hra-auditing-p1-normal.gif: UK CONFIDENTIAL The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report inappropriate content. For GCWiki help contact: webtea...

Events analysis

Document

Release Date: 2015-09-25 Document Date: 2008-11-27

This GCHQ slide taken from a presentation dates 27 November 2008 confirms that agency metadata repositories can be datamined for information relating to individuals within the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

Events analysis SALAMANCA, HAUSTORIUM, THUGGEE, IMMINGLE less intrusive than communications content authorisation not needed for individuals in the UK necessity and proportionality st...

Next Generation Events

Document

Release Date: 2015-09-25 Document Date: 2009-03-23

This GCHQ presentation from 23 March 2009 discusses the agency’s plan for “processing Events [metadata] at scale”: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

nge-anyst-exch-redacted-p1-normal.gif: TOP SECRET STRAP 1 Analysis Next Generation Events TOP SECRET STRAP 1 23 March 2009nge-anyst-exch-redacted-p2-normal.gif: TOP SECRET STRAP 1 ...

Events Product Centre

Document

Release Date: 2015-09-25 Document Date: 2010-11-01

This GCHQ presentation from November 2010 shows that the agency was logging 30 billion metadata records per day by that year: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

operational-engineering-nov-2010-p1-normal.gif: •¿events Events Product Centre W: CHQ SECRET STRAP1operational-engineering-nov-2010-p2-normal.gif: »¿events Agenda «Welcome «Im...

PullThrough Steering Group Meeting #16

Document

Release Date: 2015-09-25 Document Date: 2008-02-29

This set of GCHQ minutes from 29 February 2008 describes a set of tools that were under development at that point, including the metadata analysis tool KARMA POLICE: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

pull-through-steering-group-minutes-p1-normal.gif: TOP SECRET STRAP1 THQ/1202THQ/1900/0058 29 February 2008 PullThrough Steering Group Meeting #16 29 February 2008. Distribute to: In...

QFDs and BLACKHOLE Technology behind GCHQ/INOC

Document

Release Date: 2015-09-25 Document Date: 2009-03-01

This GCHQ presentation from March 2009 describes the BLACKHOLE database used to store raw metadata records from TEMPORA, with about 10 billion records being added each day: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

qfd-blackhole-technology-behind-inoc-p1-normal.gif: QFDsand BLACHOLE Technology behind GCHQ/INOCqfd-blackhole-technology-behind-inoc-p2-normal.gif: TRAP2 COMINT Probes Flat Store Analytic e...

TINT external

Document

Release Date: 2015-09-25 Document Date: 2009-07-01

This short extract from a July 2009 GCHQ document describes BLACK HOLE, the agency’s massive respository for unselected metadata: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

Purpose For exporting bulk, unselected metadata (in SLR format) to a repository where higher-order analytics can be carried out. Data To/From GCHQ Connection To/From GCHQ Anticipated Volume V...

Legal Authorisation Flowcharts: TARGETING and COLLECTION

Document

Release Date: 2015-06-22 Document Date: 2008-11-01

This GCHQ document from November 2008 provides a guide to the legal authorisations required for different forms of agency activity: see the Intercept article Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law, 22 June 2015.

UK CONFIDENTIAL Version 6, dated 11/08 Side l The issue on GCVYeb is die definitive version; printed copies may be out of date. Terms are defined in the glossary at http w.v ope rations^'po...

Intrusion Analysis / JeAC

Document

Release Date: 2015-06-22 Document Date: 2008-07-23

This GCHQ document, last updated on 23 July 2008, provides information about the agency’s systems for detecting network threats and authorisation procedures: see the Intercept article Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law, 22 June 2015.

SECRET STRAP1 Intrusion Analysis/JeAC The IA team conducts all-source analysis both of emerging and current electronic attack types. It forms part of the Joint Electronic Attack Cell (JeAC)...

ACNO Skill Levels: Malware Analysis & Reverse Engineering

Document

Release Date: 2015-06-22

This undated GCHQ training document details the requirements for analysts engaged in the reverse engineering of commercial antivirus software: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.

SECRET ACNO Skill 12: Malware Analysis & Reverse Engineering Knowledge of: • Relevant Operating Systems. • Current trends in attack vectors & targeted applications / protocols / services...

ISA-94: Application for renewal of warrant GPW/1160 in respect of activities which involve the modification of commercial software

Document

Release Date: 2015-06-22 Document Date: 2008-06-13

This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.

TOP SECRET STRAP2 UK EYES ONLY Date: 13 June 2008 GCHQ Reference: A/9014/9105/55 Sian MacLeod Mariot Leslie Foreign Secretary ISA-94: APPLICATION FOR RENEWAL OF WARRANT GPW/1160 IN...

PCS Harvesting at Scale

Document

Release Date: 2015-02-19 Document Date: 2010-04-27

This April 2010 GCHQ report proposes an automated approach to seizing large numbers of mobile phone encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.

TOP SECRET STRAP 1 Reference: OPC-TDSD/TECH/21 Date: 27th April 2010 PCS Harvesting at Scale (OPC-TDSD) (OPC-TDSD) (OPC-CAP) (OPC-TDSD) Summary This report explores the ...

DAPINO GAMMA CNE Presence and IPT codes

Document

Release Date: 2015-02-19

This undated Wiki page details aspects of GCHQ’s DAPINO GAMMA operation against mobile SIM manufacturer Gemalto: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.

[edit] DAPINO GAMMA CNE Presence and IPT keys [edit] Our Workshop Aims To investigate Gemalto to look for: • 1. Find more external IP addresses (France and Poland are prioirities) for acces...

CCNE Jan10-Mar10 Trial

Document

Release Date: 2015-02-19

These six slides from 2010 GCHQ presentation outline the results of a trial operation to acquire SIM encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.

where-are-these-keys.pdf: TOP SECRET STRAP 1 Where are these keys? Keys live on the SIM card in the phone They also need to be present on the mobile network; are kept carefully protecte...

CNE access to core mobile networks

Document

Release Date: 2015-02-19 Document Date: 2010-01-01

This slide from a 2010 GCHQ presentation shows that the agency believed it had penetrated “the entire network” of GEMALTO, the world’s largest mobile SIM manufacturer: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.

SECRET STRAP 1 CNE access to core mobile networks CNE access to core mobile networks - Billing servers to suppress SMS billing - Authentication servers to obtain K’s, Ki’s and OTA k...

CNE End Point Requirements

Document

Release Date: 2015-01-17

This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

TOP SECRET STRAP1 COMINT CNE End Point Requirements CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...

Mobile apps doubleheader: BADASS Angry Birds

Document

Release Date: 2015-01-17

This undated joint GCHQ/CSEC presentation provides an overview of “exploring and exploiting leaky mobile apps”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

Mobile apps doubleheader: BADASS Angry Birds From 6 weeks to 6 minutes: protocols exploitation in a rapidly changing world Exploring and Exploiting Leaky Mobile Apps with BADASS GTE/GCHQ GA...

TLS Trends at GCHQ

Document

Release Date: 2014-12-28

This undated GCHQ presentation explains the agency’s FLYING PIG database and its role in undermining SSL/TLS encryption: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

TS//SI//REL TLS trends at GCHQ TS//S1//REL TS//SI//REL Source of data Our TLS events come from our TLS app - Runs on special source (approx. 200 x 10G) and Comsat data -Produ...

BULLRUN

Document

Release Date: 2014-12-28

This undated presentation from GCHQ’s PTD (Penetrating Target Defences) unit gives an overview of BULLRUN efforts to defeat encryption: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

TOP SECRET STRAP1 BULLRUN PTD Lead for Special Operations and Policy PTD "We penetrate targets' defences." This information is exempt from disclosure under the Freedom of Information A...

BULLRUN CoI – Briefing Sheet

Document

Release Date: 2013-09-05

This undated GCHQ document provides a classification guide for BULLRUN – NSA and GCHQ’s attempts to weaken or defeat cryptographic protocols – and specifies some of its achievements: see the ProPublica article Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security, 5 September 2013.

TOP SECRET STRAP1 COMINT BULLRUN Col - Briefing Sheet Introduction 1. The ability to exploit targets’ encrypted communications is extremely fragile and is often enabled through sensiti...

HOPSCOTCH

Document

Release Date: 2014-12-13

This undated extract from a GCHQ document cites the codename HOPSCOTCH, also found in an analysis of Regin malware: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.

31. Sending all these edges from one cloud to the other would have other advantages. It would essentially allow us to have all summarised contact pairs in one location and this would make other ...

Belgacom_connections

Document

Release Date: 2014-12-13

This undated GCHQ screenshot, which appears to be from a map viewer called CARBON ROD, shows the international connections that made Belgacom a desirable target for the agnecy: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.

Meteor Mobile Telecommunications bmited ITS Gn\bH; Germ; VO D AF 0 M E_U K_AS N VodaTo ASN-BICS UK PXket Backboj ier Services fBtepmblic- FRANCÍ sipska; Herzei 'elek&miini...

GCHQ NAC Business Review – January to March 2011

Document

Release Date: 2014-12-13 Document Date: 2011-01-01

This extract from a 2011 GCHQ Network Analysis Centre document details progress in the operation against Belgian telecommunications company Belgacom in the first quarter of 2011: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.

Successful MyNOC surge effort against GRX Operators, that enhanced network knowledge of the various operators, their customer sets, knowledge of and access to both encrypted and unencrypted GRX ...

Making Network Sense of the encryption problem

Document

Release Date: 2014-12-13 Document Date: 2011-01-01

This 2011 presentation by the head of GCHQ’s Network Analysis Centre outlines the agency’s interest in exploiting telecommunications companies, namely to “get at the data before it is encrypted”: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.

TOP SECRET STRAP 2 // REL TO USA, AUS, CAN, GBR, NZL ------m/\cz NETWORK ^IM^ySIS CSfSJTRe Making Network Sense of the encryption problem Roundtable Head of GCHQ NAC This info...

WOLFRAMITE

Document

Release Date: 2014-12-04 Document Date: 2011-03-09

This extract from a GCHQ document dated 9 March 2011 describes WOLFRAMITE, an agency project to defeat the A5/3 GSM cipher: see the Intercept article Operation Auroragold: How the NSA Hacks Cellphone Networks Worldwide, 4 December 2014.

TOP SECRET STRAP 1 Strategic Objective Goal/Aim Programme Outcomes Target Capability deliveries for 2011/12 Meet the Mobile Broadband challenge. • Scaling up the exploitation of handse...

CNE EndPoint Project Load

Document

Release Date: 2014-11-25

This undated extract from a GCHQ document describes progress in infiltrating a Flag Telecom cable through the NIGELLA access point – as the cable’s owner did not have a partnership with GCHQ, the agency classed this project as “computer network exploitation” (CNE), hacking its way in with Cable & Wireless’ assistance: see the Süddeutsche Zeitung […]

Overview CNE.EnriPQint.RrQie.çt.lnPati Notes Page Sheet 1: CNE EndPoint Project Load TOP SECRET STRAP 1 End-Point Projects PFENNING ALPHA REDACTED Flag Telecom Secure access un...

e-Highlighter