This GCHQ presentation dated 14 May 2012 describes the agency receiving “more than 50 billion events [metadata records] per day” and some of the tools available for analysing that mass of data: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This short extract from a July 2009 GCHQ document describes BLACK HOLE, the agency’s massive respository for unselected metadata: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This NSA presentation dated 5 March 2009 outlines the use of Workflows within XKeyScore and includes screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated NSA technical document provides configuration information for TRAFFICTHIEF, the live alerts element of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated GCHQ presentation describes the agency’s HACIENDA system, capable of port scanning entire countries, which became a standard tool in 2009 available to all FIve Eyes partners: see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014. <

This April 2012 NSA presentation uses an AT&T specific term – Common Backbone or CBB – to refer to the Internet backbone of the corporate partner it codenames FAIRVIEW: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.

This NSA presentation dated 19 September 2011 outlines the use of Workflows within XKeyScore and includes screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated NSA technical document provides configuration information for XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated NSA technical document provides an overview and configuration instructions for the tasking tool CADENCE, which can be integrated with XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This 2010 NSA presentation describes Project Camberdada, an attempt to subvert popular antivirus software by means of surveilling email traffic: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.

This 13 September 2010 presentation from the NSA’s OTP VPN Exploitation Team explains the work of the division: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This undated NSA technical document provides information about the Universal Targeting Tool (UTT), “a mission critical component of the TURBULENCE architecture”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This GCHQ document from 18 August 2009 describes BLACK HOLE, a massive data repository, and describes how this interacts with other systems developed by the agency: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This undated NSA presentation describes the Spin 9 system for decrypting VPN data: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This undated page from NSA’s internal WikiInfo describes VALIANTSURF “the coverterm for the development of Data Network Cipher (DNC) exploitation capabilities in TURMOIL”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This February 2012 presentation from NSA’s Technology Directorate describes a system codenamed BLUESNORT and its relationship to associated systems: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.