Results
79 Total
0.0
Interview with an SID “Hacker” — Part 2: Hacker Culture and Worker Retention
Document
Release Date:
2015-06-11
Document Date:
2012-07-13
This 12 July 2012 post from the NSA newsletter SIDToday describes the internal culture of Tailored Access Operations (TAO) from the perspective of a practitioner: see the Intercept article What the Snowden Files Say About the Osama Bin Laden Raid, 18 May 2015.
sidtoday-interview-with-a-sid-hacker-p1-normal.gif:
DYNAMIC PAGE - HIGHEST
POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA
AUS CAN GBR NZL
Welcome! Saturday, 10 Nov 2012
•...
0.0
Another Successful Olympics Story
Document
Release Date:
2015-09-29
Document Date:
2004-10-06
This post from the NSA’s internal SIDToday newsletter, dated 6 October 2004, reviews the agency’s operations for the recently-concluded Athens Olympics: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
id-863-redacted-formatted-p1-normal.gif:
DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
(U) Another Successful Olympics Story
FROM:...
0.0
DEFIANTWARRIOR and the NSA’s Use of Bots
Document
Release Date:
2015-01-17
Document Date:
2010-05-24
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL USA, FVEY
DEFIANTWARRIO R 7
/ //and the ;
NSA's Uè^ojÆotá/
Overall Classification: TOP SECRET//COMINT//REL FVEY
Current As Of: 24 May 2010
Derived From: NSA/CSS...
DEFIANTWARRIOR, FREEFLOW-compliant, INCENSER, ISLANDTRANSPORT (IT), OLYMPUS, PUZZLECUBE, QUANTUMBOT, TREASUREMAP (TM), TURBINE, TURBULENCE (TU), UNITEDRAKE, XKEYSCORE (XKS), STELLABLUE
0.0
Chinese Exfiltrate Sensitive Military Technology
Document
Release Date:
2015-01-17
These three undated NSA slides describe alleged Chinese cyberattacks against US military targets, codenamed BYZANTINE HADES: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
(U) Acquired radar design
- (U) Numbers and types of
modules
(U) Detailed engine
schematics
(U) Methods for cooling gases
(U) Leading and trailing edge
treatments
(U) Aft deck he...
0.0
BYZANTINE HADES: An Evolution of Collection
Document
Release Date:
2015-01-17
Document Date:
2010-06-01
This June 2010 NSA presentation for the SIGDEV conference describes efforts to trace a suspected Chinese cyber attack: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
(S//REL)BYZANTINE HADES: An
Evolution of Collection
NTOC, V225
SIGINT Development Conference
June 2010
TOP SECRET//COMINT//REL TO...
0.0
TUTELAGE
Document
Release Date:
2015-01-17
This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA,
FVEY
TOP SECRET//COMINT//REL TO USA,
TOP SECRET//COMINT//REL TO USA,
FVEY
Before TUTELAGE...
AFTERk
INTRUSION
Manual Analysis of Reporting Lo...
0.0
TRANSGRESSION Overview for Pod58
Document
Release Date:
2015-01-17
Document Date:
2010-02-07
This 7 February 2010 NSA presentation outlines techniques to “discover, understand, evaluate, and exploit foreign CNE/CNA exploits”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOPSECRET//COMINT//REL TO USA, FVEY
TRANSGRESSION Overview for Pod58
S31177
7 Feb 2010
DERIVED FROM: NSA/CSSM 1-52
DATED 08 JAN 2007
DECLASSIFY ON: 20320108
TOPSECRET//COMINT//REL T...
0.0
‘4th Party Collection’: Taking Advantage of Non-Partner Computer Network Exploitation Activity
Document
Release Date:
2015-01-17
Document Date:
2008-01-07
This 7 January 2008 post from NSA Menwith Hill Station’s internal Horizon newsletter describes the practice of piggybacking on other states’ computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
SIDToday - '4th Party Collection': Taking Advantage of Non-Partner Computer Network Exploitation Activity
DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA ...
0.0
Moving Data Through Disconnected Networks
Document
Release Date:
2015-01-17
Document Date:
2012-06-18
This June 2012 NSA presentation describes methods to exfiltrate data, even from networks that are apparently offline: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Moving Data Through
Disconnected Networks
Delay-Tolerant Networking and
the IC (U//FOUO)
June ;
The overall classification of this briefing is:
TOP SECRET//COMINT//REL TO USA, FVEY
...
0.0
CNE Presence in CT10 Status Report
Document
Release Date:
2015-01-17
This undated NSA paper describes a project to recognise and process data that comes from third party attacks on computers: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//NOFORN//20291123
CNE Presence in CT10 Status Report
Authors:
SNIP Intern
1LT
(U//FOUO) Executive Summary
(S//SI//REL USA, FVEY) This paper discusses the work ...
0.0
CyberCOP
Document
Release Date:
2015-01-12
Document Date:
2013-04-11
These three slides, taken from a 11 April 2013 NSA presentation show screenshots from a tool called CyberCOP, which appears to monitor botnets and the DDOS attacks they perform: see the NDR.de article Cyberkrieg: Wie gefährdet ist Deutschland?, 12 January 2015.
TOP SECRET//SI//REL TO USA, FVEY
CYBER
COP
CDOSG
Apr 11, 2013
CyberCOP Product Manager
Overall Classification: TOP SECRET//SI//REL TO USA,FVEY
TOP SECRET//SI//REL TO USA, FVEY
...
0.0
Computer-Network Exploitation Successes South of the Border
Document
Release Date:
2013-10-20
Document Date:
2010-11-15
This extract from a 15 November 2010 NSA memo reveals that the agency has been able to access Mexican President Felipe Calderon’s email account: see the Der Spiegel article NSA Accessed Mexican President’s Email, 20 October 2013.
(TS//SI//REL) Computer-Network Exploitation Successes South of the Border
I FROM: .* BA.
Chief, NSA-Texas TAO/Requiremcnts & Targeting (FTS327)
Run Date: 11/15/2010
rS//SI//REL) TAO-en...
0.0
GCSB has identified an MFA data link
Document
Release Date:
2015-04-19
Document Date:
2013-04-01
This short extract from an April 2013 NSA document describes a “verbal agreement” between GCSB and NSA to proceed with the FROSTBITE / BASILHAYDEN project to infiltrate a Chinese diplomatic data link: see the New Zealand Herald article Leaked papers reveal NZ plan to spy on China for US, 19 April 2015.
(TS//SI//NF) New Zealand: GCSB has identified an MFA data link between the
Chinese Consulate and Chinese Visa Office in Auckland. NSA and GCSB have
verbally agreed to move forward with a coopera...
0.0
QUANTUMTHEORY success at SARATOGA
Document
Release Date:
2016-08-19
Document Date:
2011-04-15
This 15 April 2011 article from the NSA’s internal newsletter Special Source Operations News discusses the delivery of malware to a target in Pakistan while they were using Facebook: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
(TS//SI//NF) DGO Enables Endpoint Implants via QUANTUMTHEORY
By [[REDACTED]] on 2011-09-26 1548
(TS//SI//NF) In another example of the emerging collaboration between the Endpoint
and Midpoint ...
0.0
SIGINT Development Support II Program Management Review
Document
Release Date:
2016-08-19
Document Date:
2013-04-24
Four slides taken from a 24 April 2013 NSA presentation detail how SECONDDATE man-in-the-middle attacks were used against targets in Pakistan and Lebanon: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
TOP SECRET//SI//NOFORN
The overall classification of this brief is
(U) SIGINT Development Support II
Program Management Review
► 24 April 2013
TOP SECRET//COMINT//NOFORN
Derived Fro...
0.0
VALIDATOR and OLYMPUSFIRE
Document
Release Date:
2014-01-01
Document Date:
2004-01-01
These two pages from a 2004 NSA briefing document describes two trojan implants used with the FOXACID system: see the Der Spiegel article NSA-Totalausspähung: FDP-Politiker Baum setzt auf Generalbundesanwalt, 1 January 2014.
image-583936-galleryV9-hpue.jpg:
TOP SECRET//COMINT//MR
VALIDATOR
VALIDATOR is a part of a backdoor access system under the FOXACID project. The
VALIDATOR is a client/server-based system t...
0.0
DROPMIRE
Document
Release Date:
2013-06-30
Document Date:
2007-01-01
This redacted slide from a 2007 NSA presentation describes NSA operations against the EU embassy in Washington DC: see the Guardian article New NSA leaks show how US is bugging its European allies, 30 June 2013.
DROPMIRE
-DROPMIRE implanted on the Cryptofax at the EU Embassy D.C.
The EU pass diplomatic cables via this system back to the MI A.
0.0
Stealthy Techniques Can Crack Some of SIGINT’s Hardest Targets
Document
Release Date:
2014-05-13
Document Date:
2010-06-01
A June 2010 report from the NSA internal newsletter SIDtoday, authored by the chief of the agency’s Access and Target Development, describes the interdiction and backdooring of “shipments of computer network devices (servers, routers, etc.)”: see the book No Place To Hide, 13 May 2014.
TOP SECRET//COMINT//NOFORN
June 2010
(U) Stealthy Techniques Can Crack Some of SIGINT’s
Hardest Targets
By: (U//FOUO)|
1, Chief, Access and Target Development (S3261)
(TS//SE/NF)...
0.0
Hacking Routers
Document
Release Date:
2014-03-12
Document Date:
2012-12-01
This extract from an NSA document dated December 2012 shows the agency’s concern that other nation-state actors are adopting similar techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
(TS//SI//REL) Happy Friday my esteemed and valued Intelligence Community colleagues! There has been a topic of conversation that has started to rumble beneath the
surface of the Cyber-scene latel...
0.0
Fourth Party Opportunities
Document
Release Date:
2015-01-17
This undated NSA presentation describes the process of Fourth Party collection – “I drink your milkshake”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Fourth Party
Opportunities
O
TOP SECRET//COMINT//REL TO USA, FVEY
SECRET//COMINT//REL TO USA, FVEY
(U) What is 4th Party
..................
0.0
Is there “fifth party” collection?
Document
Release Date:
2015-01-17
Document Date:
2011-01-01
This undated post from an NSA discussion board describes “fourth party collection” – piggybacking on another state’s computer network exploitation operation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
(TS//SI//REL) Is there "fifth party" collection? | Round Table
Dynamic Page - Highest Possible Classification is
TOP SECRET // SI / TK // REL TO USA, FVEY
(TS//SI//REL) Is there "fifth part...
0.0
FASHIONCLEFT Interface Control Document
Document
Release Date:
2015-01-17
Document Date:
2009-06-15
This internal NSA document dated 15 June 2009 describes a protocol the agency uses to exfiltrate data from its computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Classification: TOP SECRET//COMINT//X1 // COMINT // XI
FASHIONCLEFT
Interface Control Document
Updated: 15 June 2009
Document Number: TAO.DNT_SE07_005_V1.1
28 March 2005
FASHIONCLE...
0.0
The FASHIONCLEFT Protocol
Document
This NSA presentation dated 16 October 2008 describes the FASHIONCLEFT protocol used to exfiltrate data from trojans and implants to the agency: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
The
Fashioncleft
.. Protocol
Hi STDP, S32354
“go Itiny-url?q=p5atn”
October 16, 2008
TOP SECRET//COMINT//RELTO USA,FVEY
1
| TOP SECRET//COMINT//RELTO USA,FVEY
Definition...
0.0
APEX Active/Passive Exfiltration
Document
Release Date:
2015-01-17
Document Date:
2009-08-01
This NSA TURBULENCE presentation dated August 2009 explains the APEX method of combining passive with active methods to exfiltrate data from networks attacked: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Active/Passive Exfiltration
"go apex"
STDP: S32354 & T112, NCSC/C91
August 2009
OP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
TOP SECRET//COMHMT//REL TO USA. AUS. CAN....
0.0
Case Studies of Integrated Cyber Operation Techniques
Document
Release Date:
2014-03-12
This undated NSA SIGINT presentation describes nine varieties of QUANTUM malware attack, their operational status and success in the field: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOP SECRET//COMINT//REL USA, FVEY
Case Studies of Integrated Cyber
Operation Techniques
NSA/CSS Threat Operations Center
VS
TOP SECRET//COMINT//REL USA, FVEY
(U//FOUO) TUiT0t.EÄ,©i...
0.0
Using XKEYSCORE to Enable TAO
Document
Release Date:
2015-07-01
Document Date:
2009-07-16
This NSA presentation from 16 July 2009 explains how the XKeyScore system supports the agency’s Tailored Access Operations: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
using-xks-to-enable-tao-p1-normal.gif:
TOP SECRET//COMINT//REL TO USA. AUS, CAN. GBR. NZL//20291123
Ait* tuv.
Using XKEYSCORE
to Enable TAO
Booz I AJIen l Hamilton SDS Analyst
16 July ...
0.0
Expeditionary Access Operations: NSA’s Close Access Network Exploitation Program
Document
Release Date:
2016-08-19
This undated presentation from the NSA’s Expeditionary Access Operations discusses how malware techniques are used in the field: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
EXPEDITIONARY ACCESS OPERATIONS
NSA’s Close Access Network Exploitation Program
Expeditionary Access Operations
(S//SI//REL) S3283 is the expeditionary arm of TAO which
conducts worldwide...
0.0
SIGDEV: Is It Time for a ‘Target Reboot’?
Document
Release Date:
2015-11-18
Document Date:
2011-03-23
This 23 March 2011 article from the internal NSA newsletter SIDToday describes an analyst’s surprise at discovering that the agency was collecting internal communications from Venezuelan energy company Petróleos de Venezuela (PDVSA): see the Intercept article Overwhelmed NSA Surprised To Discover Its Own Surveillance “Goldmine” on Venezuela’s Oil Executives, 18 November 2015.
sigdev-is-it-time-for-a-target-reboot-p1-normal.gif:
DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION
IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
Welcome! Saturday, 10 Nov 2012
...
0.0
Exploiting Foreign Lawful Intercept (LI) Roundtable
Document
Release Date:
2015-09-29
Document Date:
2012-01-01
This NSA presentation from 2012 discusses techniques for subverting “lawful intercept” systems used abroad: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
2012-lawful-intercept-redacted2-p1-normal.gif:
TOP SECRET//SI//REL TO USA, FVEY
(S//SI//REL) Exploiting Foreign
Lawful Intercept (LI)
Roundtable
S31122
TOP SECRET//SI//REL TO USA, FVEY...
0.0
Iran – Current Topics, Interaction with GCHQ
Document
Release Date:
2015-02-10
Document Date:
2013-04-12
This NSA talking points memo dated 12 April 2013 notes that Iran “has demonstrated a clear ability to learn from the capabilities and actions of others”: see the Intercept article NSA Claims Iran Learned from Western Cyberattacks, 10 February 2015.
TOP SECRET//COMINT//NOFORN
(U) Topic: Iran - Current Topics, Interaction with GCHQ
(U) Director's Talking Points:
* (TS//SI//REL TO USA, FVEY) Emphasize that we have successfully worked
mu...