Results
29 Total
0.0
Email Address vs User Activity
Document
Release Date:
2015-07-01
Document Date:
2009-06-24
This NSA presentation from 24 June 2009 explains how to use the email search functionality within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
vs User Activity
24 June 2009
"»Ol 01
t » «4
Ha#f* IWt
De rived From: NSA/CSSM 1-52 ...
0.0
Advanced HTTP Activity Analysis
Document
Release Date:
2015-07-01
Document Date:
2009-01-01
This 114-page NSA training presentation from 2009 explains how agency analysts can exploit HTTP traffic within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
Advanced HTTP Activity
Analysis
2009
Goal
The goal of this training is to get you
familiar with basic HTTP traffic and
understand how to target and expliot it
using X-KEYSCORE
Ag...
0.0
CNE End Point Requirements
Document
Release Date:
2015-01-17
This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1 COMINT
CNE End Point Requirements
CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...
0.0
Content Extraction Analytics
Document
This 21 May 2009 presentation from the NSA’s Center for Content Extraction includes a slide that shows that the communications of 122 heads of government were stored in the agency’s central “Target Knowledge Base”, 11 of whom are named. The collection for most of these targets was automated: see the Der Spiegel article ‘A’ for […]
Human Language
technology
Center for Content Extraction
Content Extraction Analytics
SIGDEV End-to-End Demo
21 May 2009
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassily On:...
0.0
CSEC – Advanced Network Tradecraft
Document
Release Date:
2013-10-06
Document Date:
2012-06-01
This CSEC presentation from June 2012, slides from which were first published by Fantástico in October 2013, describes the Canadian agency’s use of the Olympia suite of analytic tools in the context of spying on Brazil’s Ministry of Mines and Energy: see the Globe and Mail article How CSEC became an electronic spying giant, 30 […]
1-b5263447e8.jpg:
AND THEY SAID TO THE
TITANS: « WATCH OUT
OLYMPIANS IN THE
HOUSE! »
CSEC - Advanced Network Tradecraft
SD Conference June 2012
Overall Classification: TOP SECRET//SI2-6...
0.0
X-KEYSCORE as a SIGDEV tool
Document
Release Date:
2015-07-01
Document Date:
2009-01-01
This 2009 NSA presentation describes some of the plug ins available and the way the tool relates to other NSA methods for searching internet metadata, with XKeyScore having the broadest capability: see the book No Place To Hide, 13 May 2014.
xks-as-a-sigdev-tool-p1-normal.gif:
X-KEYSCORE as a SIGDEV tool
2009
■EBTxks-as-a-sigdev-tool-p2-normal.gif:
What is X-KEYSCORE?xks-as-a-sigdev-tool-p3-normal.gif:
TOP SECRET//COMINT//ORC...
0.0
Analyzing Mobile/Cellular DNI in XKeyScore
Document
Release Date:
2015-07-01
Document Date:
2009-05-01
This NSA presentation from May 2009 describes the procedure for analysing phone data within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015. analyzing-mobile-cellular-dni-in-xks
Analyzing
Mobile/Cellular DNI in
XKEYSCORE
May 2009
TOP SECRET//COMINT//REL TO USA, AUS, CAN. GBR. NZL//20291123
08
TOP SECRET/,'COMINT//REL TO USA, AUS, CAN, GBR, NZL
Mobile DNI
...
0.0
VPN SigDev Basics
Document
Release Date:
2014-12-28
This undated NSA presentation describes how to perform attacks against VPNs: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
(TS//SI//REL)VPN SigDev
Basics
S31244 - OTTERCREEK
Derived From: NSA/CSSM 1-52
Dated: 20070108
______Declassify On: 20341101
TOP S...
USD-1031TE, USD-1Q31TE, USF-790, USF-790, USF-790, USD-10D1TE, USD-10J1TE, USD-10D1TE, USF-790, UKC-12SW, UKC-125W, UKC-12SW, UKC-12SW, UKC-125W, UKC-125W, UKC-12SW, UKC-12SW, US-967J, UKC-12SW, UKC-12SW
0.0
Analytic Challenges from Active-Passive Integration
Document
Release Date:
2014-12-28
This undated NSA presentation from the agency’s Information Technology Directorate, aimed at analysts, describes techniques for decrypting IPSec VPN traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This Briefing is Classified TOP SECRET//COMINT//REL USA, FVEY
Analytic Challenges from
Active-Passive Integration
S324
This Briefing is Classified TOP SECRET//COMINT//REL USA,FVEY
DER...
0.0
Making Things Measurable: Technology Trending Challenges and Approaches
Document
Release Date:
2014-12-28
Document Date:
2012-06-06
This 40-page NSA presentation for the June 2012 SIGDEV conference includes a ranking of cryptographic protocols in order of ‘risk’ the they pose to the agency’s operations: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//REL FVEY//20340601
SIGDEV Conference 2012
(U) Making Things Measureable:
Technology Trending Challenges and
Approaches
June 2012
TOP SECRET//COMINT//REL FVEY/...
0.0
Converged Analysis of Smartphone Devices
Document
Release Date:
2014-01-27
Document Date:
2010-05-01
This NSA presentation from May 2010 describes the kinds of information the agency can extract from smartphone traffic, describing the use of mobile apps as a “golden nugget”. Note that this is the first version of this document released online: see the Pro Publica article Spy Agencies Probe Angry Birds and Other Apps for Personal […]
(U) Converged Analysis of
Smartphone Devices
Identification/Processing/Tasking -
All in a day’s work
TOP SECRET//COMINT/REL TO USA, FVEY
si
Converged mobile devices
offering adv...
0.0
Content acquisition optimisation
Document
Release Date:
2013-10-14
This Special Source Operations presentation describes the NSA’s problems with overcollection of data from email address books and buddy lists: see the Washington Post article NSA collects millions of e-mail address books globally, 14 October 2013.
TOP SECRET//SI//NOFORN
Content Acquisition Optimization
TOP SECRET//SI//NOFORN
TOP SECRET//SI//NOFORN
Yahoo Webmessenger
• Update data sent to individuals logged into Yahoo's Instan...
0.0
FAIRVIEW Dataflow Diagrams
Document
Release Date:
2015-08-15
Document Date:
2012-04-01
This April 2012 NSA presentation uses an AT&T specific term – Common Backbone or CBB – to refer to the Internet backbone of the corporate partner it codenames FAIRVIEW: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.
Dataflow Diagrams
April 2012
Note: Please refer to previous diagrams for decommissioned systems.
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20361101
TOP SECRET//COMIN...
0.0
VOIP in XKEYSCORE
Document
Release Date:
2015-07-01
Document Date:
2009-03-01
This NSA presentation from March 2009 shows how VOIP intercepts are handled in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
voip-in-xks-p1-normal.gif:
TOP SECRET//COMINT7/REL TO USA. AUS, CAN, GBR, NZL//20291123
VOIP in
XKEYSCORE
March 2009
TOP SECRET//COMINT//REL TO USA. AUS. CAN, GBR, NZL//20291123voip-in-...
0.0
DNI 101 How Do I Begin Analyzing a Target’s Email Address?
Document
Release Date:
2015-07-01
This undated NSA document provides a decision tree for the analysis of email addresses, IP addresses, cookies and phone numbers in XKeyScore and other agency tools: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//20291123
DNI101
How Do I Begin Analyzing a Target's Email Address?
TOP SECRET//COMINT//20291i23
[ =Tool/Database^ What Things Are Found Doing DNI Analysis and What...
0.0
CNE Analysis in XKeyScore
Document
Release Date:
2015-07-01
Document Date:
2009-10-15
This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
CNE Analysis in
XKEYSCORE
15 October 2009
xkeyscore@nsa.ic.gov
l@nsa.ic.gov)
y
>M 1-5
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
DERIVED F ROM: Ñ WCSSM 1-52
DATED: 2...
0.0
SPINALTAP: Making Passive Sexy for Generation Cyber
Document
Release Date:
2015-01-17
This undated NSA Menwith Hill presentation describes SPINALTAP, a project to combine data from active operations and passive signals intelligence: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, FVEY
/
'■%.^
(U//FOUO) SPINALTAP:
Making Passive Sexy for
Generation Cyber
TOP SECRET//COMINT//REL TO USA, FVEY
TOP SECRET//COMINT//REL TO USA, FVE...
UKJ-26, USJ-759A, UKJ-26, UKJ-260D, UKJ-260G, UKJ-26, UKJ-260D, DS-30G, DS-300, DS-300, DS-300, DS-300, UKJ-260, UKJ-260, UKJ-260, UKJ-260, UKJ-26CO, UKJ-260CI, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-26CO, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-2G0CI, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-260CI, UKJ-260CI, UKJ-26CO, UKJ-260, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, US-972U, US-972U, UKC-302A, UKC-302A, UKC-3024, UKC-302A, USD-1079, UKC-3024, UKC-302A, UKC-302A, UKC-3024, UKC-3024, USJ-759A, USJ-759A, USJ-759, USJ-759, US-9664, US-9664, US-9664, US-9664, US-9664, US-9664, UKC-3024, UKC-3024, UKC-3024, US-968Z, UKC-3024, UKC-3024, USJ-759A, USJ-759, US-955A, US-96, US-966A, US-96, US-966A, US-966A, US-966A
0.0
Special Source Operations Weekly – 14 March 2013
Document
Release Date:
2014-06-18
Document Date:
2013-03-14
This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as […]
UNCLASSIFIED//FOR OFFICIAL USE ONLY
14 MARCH 2013
Special
Source
Operations
Watkly
UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) CORPORATE TEAM
...
0.0
NSA QUANTUM Tasking Techniques for the R&T Analyst
Document
Release Date:
2013-12-29
This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the […]
image-583967-galleryV9-quqn.jpg:
TOP SECRET//SI//REL USA, AUS, CAN, GBR, NZL
(TS) NSA QUANTUM Tasking Techniques
for the R&T Analyst
POC:
TAO RTD | Team
- Booz Allen Hamilton SDS2
...
0.0
Special Source Operations overview
Document
Release Date:
2013-11-04
This presentation gives an overview of the NSA’s programmes targeting the fibre optic cables that carry much of the world’s internet traffic. One slide gives a breakdown of which data sources form the basis of Presidential daily briefings. Another shows that the access point used to collect Yahoo and Google cloud data (MUSCULAR) is operated […]
TOP SECRET//COMINT//NOFORN
Special Source Operations
r
The Cryptologic Provider of
Intelligence from GlobalHigh-Capacity
Telecommunications Systems P
TOP SECRET//COMINT//NOFORN
TO...
0.0
HTTP Activity vs. User Activity
Document
Release Date:
2015-07-01
Document Date:
2009-06-19
This NSA presentation from 19 June 2009 explains the metadata capabilities of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
m
V
HTTP Activity vs
User Activity
19 June 2009
Derived From: NSA/CSSM 1-52
Bated :l2007i
MM
TOP SEC...
0.0
iPhone target analysis and exploitation with unique device identifiers
Document
Release Date:
2015-01-17
Document Date:
2010-11-12
This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1
12th November 2010
ICTR-MCT Team (ICTR-MCT-GCHQ-dl)
MHE Team (MHETeam-GCHQ-dl)
OPDSDHQ^^^H
TEA
Benhall Records Centre
iPhone target analysis and exploitation wit...
0.0
SSO Collection Optimization overview
Document
Release Date:
2013-10-14
Document Date:
2012-01-01
This NSA Special Source Operations presentation describes the agency’s collection of webmail address books and contact lists: see the Washington Post article NSA collects millions of e-mail address books globally, 14 October 2013.
TOP SECRET//SI//NOFORN
SSO Collection Optimization
Core SSO Team:
TOP SECRET//SI//NOFORN
TOP SECRET//SI//NOFORN
Address Books
• Email address books for most major webmail are col...
US-3171, DS-200B, US-3261, US-3145, US-3180, US-3180, DS-200B, US-3171, US-3171, US-3180, US-3145, AUC-393, AUC-395, DS-200A, DS-200B, DS-200X, DS-300, DS-410, NZC-333, UKC-125, UKC-206D, UKC-215, UKC-302A, UKJ-260D, US-3101M, US-3105, US-3145
0.0
Legalities
Document
Release Date:
2015-09-25
Document Date:
2007-10-01
This GCHQ spreadsheet from October 2007 provides a guide to the permissibility of using named GCHQ and NSA databases and shows the absence of safeguards against exploiting the metadata of persons located in the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
As of Oct 2007
Legalities - GCHQ Databases eg Pilbeam. Salamanca, UDAQ etc
in the event that both the nabo w/.<V and the location of the tar get is confirmed
metadata content UK pers...
0.0
SSO Corporate Portfolio Overview
Document
Release Date:
2015-08-15
This undated NSA presentation, presented together with speaking notes, provides an introduction to the main cable access programmes facilitated by the agency’s corporate partners and specifies the relevant SIGADs: see the book No Place to Hide, 13 May 2014.
SSO Corporate
Portfolio
Overview
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20361201
Agenda
2
What is SSO Corporate access collection?
(TS//SI//NF) Access an...
BLACKPEARL, BLARNEY, BLUEZEPHYR, CADENCE, COBALTFALCON, COWBOY, DARKTHUNDER, DISHFIRE, FAIRVIEW, OCELOT, MAINWAY (MW), MARINA, MISTRALWIND, MONKEYROCKET, NUCLEON, OAKSTAR, OCTAVE, ORANGEBLOSSOM, ORANGECRUSH, PERFECTSTORM, PINWALE, SERRATEDEDGE, SHIFTINGSHADOW, SILVERZEPHYR (SZ), STEELFLAUTA, STORMBREW, TOYGRIPPE, TWISTEDPATH, WHITESQUALL, XKEYSCORE (XKS), YACHTSHOP, YANKEE
0.0
Full Log vs. HTTP
Document
Release Date:
2015-07-01
Document Date:
2009-06-11
This NSA presentation from 11 June 2009 explains the scope of metadata collection within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
Log vs. HTTP
11 June 2009
* WHv:i
DERIV
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
TOP SECRET//...
0.0
HIDDENSALAMANDER: Alerting and Characterization of Botnet Activity in TURMOIL
Document
Release Date:
2015-01-17
This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
P SECRET//COMINT//REL TO USA, FVEY
HIDDENSALAMANDER
Alerting and Characterization of
_____iyiissiQr\]
CAPABILIT, ES
Botnet Activity in TURMOIL
Briefers:
SECRET//REL TO USA, FV...
0.0
User’s Guide for PRISM Skype Collection
Document
Release Date:
2014-12-28
Document Date:
2012-08-01
This NSA document from August 2012 provides guidance for analysts on ordering the PRISM collection of Skype communications, capabilities that were added over the course of 2011: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//NOFORN
(TS//SI//NF) User’s Guide For PRISM Skype Collection
August 2012
POC For Document:
S3531
l. (TS//SI//NF) Introduction
a. PRISM Skype collection can be ...
0.0
SSO Collection Optimization
Document
Release Date:
2013-11-04
Slides from an undated Special Source Operations presentation include references to data structures and formats that could only have been obtained from the internal systems of Yahoo and Google: see the Washington Post article How we know the NSA had access to internal Google and Yahoo cloud data, 4 November 2013.
TOP SECRET//SI//NOFORN
SSO Collection Optimization
Core SSO Team:
TOP SECRET//SI//NOFORN
TOP SECRET//SI//NOFORN
TUDDS Block
TOP SECRET//SI//NOFORN
TOP SECRET//SI//NOFORN
TU...