This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This NSA TURBULENCE presentation dated August 2009 explains the APEX method of combining passive with active methods to exfiltrate data from networks attacked: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated NSA SIGINT presentation describes nine varieties of QUANTUM malware attack, their operational status and success in the field: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This undated NSA presentation sets out the network-mapping tool Treasure Map, and supplies information on some of the agency’s collection access points: see the Intercept article New Zealand Launched Mass Surveillance Project While Publicly Denying It, 15 September 2014.

This undated NSA wiki page describes LONGHAUL, an “end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.

This internal document prepares for a visit of senior officers from Germany’s BND: see the Der Spiegel article New NSA Revelations: Inside Snowden’s Germany File, 18 June 2014.

These slides from an NSA presentation show how the automated malware deployment tool Turbine depends on a network of passive collection sensors (Turmoil), installed at locations including Fort Meade in Maryland, Misawa in Japan and Menwith Hill in the UK: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, […]

This background paper briefs issues to be discussed for a visit of senior BND personnel to Fort Meade, including Special Source Operations collaboration on a cable tap codenamed WHARPDRIVE: see the Der Spiegel article New NSA Revelations: Inside Snowden’s Germany File, 18 June 2014. media-34117

This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated presentation from NSA’s UK-based Menwith Hill station describes the various uses of open source intelligence (OSINT) in computer network operations, including the monitoring of hacker forums and spotting opportunities for so-called “Fourth Party Collection”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This 2010 presentation and speaking notes from the NSA’s Office of Legal Counsel explains the legal authorities governing the agency’s computer network operations (CNO) activities: see the New York Times article Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border, 4 June 2015.

This internal NSA briefing document from 19 April 2014 supplies background information for a Strategic Planning Meeting with senior BND officers to discuss future collaboration between Germany and the US: see the Der Spiegel article Spying Together: Germany’s Deep Cooperation with the NSA, 18 June 2014.