Results
30 Total
0.0
CNE End Point Requirements
Document
Release Date:
2015-01-17
This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1 COMINT
CNE End Point Requirements
CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...
0.0
OAKSTAR Weekly Update – 15 March 2013
Document
Release Date:
2018-03-20
Document Date:
2013-03-01
This internal NSA technical newsletter states that the source of information codenamed MONEYROCKET is collecting information on “senders and receivers of bitcoin” and users Liberty Reserve: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.
TOP SECRET//COMINT//NOFORN
OAKSTAR Weekly Update
Program Highlights Week of: March 9-15, 2013
ETS:
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
TOP SECRET//C...
0.0
Advanced HTTP Activity Analysis
Document
Release Date:
2015-07-01
Document Date:
2009-01-01
This 114-page NSA training presentation from 2009 explains how agency analysts can exploit HTTP traffic within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
Advanced HTTP Activity
Analysis
2009
Goal
The goal of this training is to get you
familiar with basic HTTP traffic and
understand how to target and expliot it
using X-KEYSCORE
Ag...
0.0
Email Address vs User Activity
Document
Release Date:
2015-07-01
Document Date:
2009-06-24
This NSA presentation from 24 June 2009 explains how to use the email search functionality within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
vs User Activity
24 June 2009
"»Ol 01
t » «4
Ha#f* IWt
De rived From: NSA/CSSM 1-52 ...
0.0
SIGINT Development Support II Program Management Review
Document
Release Date:
2016-08-19
Document Date:
2013-04-24
Four slides taken from a 24 April 2013 NSA presentation detail how SECONDDATE man-in-the-middle attacks were used against targets in Pakistan and Lebanon: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
TOP SECRET//SI//NOFORN
The overall classification of this brief is
(U) SIGINT Development Support II
Program Management Review
► 24 April 2013
TOP SECRET//COMINT//NOFORN
Derived Fro...
0.0
Content Extraction Analytics
Document
This 21 May 2009 presentation from the NSA’s Center for Content Extraction includes a slide that shows that the communications of 122 heads of government were stored in the agency’s central “Target Knowledge Base”, 11 of whom are named. The collection for most of these targets was automated: see the Der Spiegel article ‘A’ for […]
Human Language
technology
Center for Content Extraction
Content Extraction Analytics
SIGDEV End-to-End Demo
21 May 2009
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassily On:...
0.0
X-KEYSCORE as a SIGDEV tool
Document
Release Date:
2015-07-01
Document Date:
2009-01-01
This 2009 NSA presentation describes some of the plug ins available and the way the tool relates to other NSA methods for searching internet metadata, with XKeyScore having the broadest capability: see the book No Place To Hide, 13 May 2014.
xks-as-a-sigdev-tool-p1-normal.gif:
X-KEYSCORE as a SIGDEV tool
2009
■EBTxks-as-a-sigdev-tool-p2-normal.gif:
What is X-KEYSCORE?xks-as-a-sigdev-tool-p3-normal.gif:
TOP SECRET//COMINT//ORC...
0.0
Analyzing Mobile/Cellular DNI in XKeyScore
Document
Release Date:
2015-07-01
Document Date:
2009-05-01
This NSA presentation from May 2009 describes the procedure for analysing phone data within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015. analyzing-mobile-cellular-dni-in-xks
Analyzing
Mobile/Cellular DNI in
XKEYSCORE
May 2009
TOP SECRET//COMINT//REL TO USA, AUS, CAN. GBR. NZL//20291123
08
TOP SECRET/,'COMINT//REL TO USA, AUS, CAN, GBR, NZL
Mobile DNI
...
0.0
VPN SigDev Basics
Document
Release Date:
2014-12-28
This undated NSA presentation describes how to perform attacks against VPNs: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
(TS//SI//REL)VPN SigDev
Basics
S31244 - OTTERCREEK
Derived From: NSA/CSSM 1-52
Dated: 20070108
______Declassify On: 20341101
TOP S...
USD-1031TE, USD-1Q31TE, USF-790, USF-790, USF-790, USD-10D1TE, USD-10J1TE, USD-10D1TE, USF-790, UKC-12SW, UKC-125W, UKC-12SW, UKC-12SW, UKC-125W, UKC-125W, UKC-12SW, UKC-12SW, US-967J, UKC-12SW, UKC-12SW
0.0
Analytic Challenges from Active-Passive Integration
Document
Release Date:
2014-12-28
This undated NSA presentation from the agency’s Information Technology Directorate, aimed at analysts, describes techniques for decrypting IPSec VPN traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This Briefing is Classified TOP SECRET//COMINT//REL USA, FVEY
Analytic Challenges from
Active-Passive Integration
S324
This Briefing is Classified TOP SECRET//COMINT//REL USA,FVEY
DER...
0.0
Converged Analysis of Smartphone Devices
Document
Release Date:
2014-01-27
Document Date:
2010-05-01
This NSA presentation from May 2010 describes the kinds of information the agency can extract from smartphone traffic, describing the use of mobile apps as a “golden nugget”. Note that this is the first version of this document released online: see the Pro Publica article Spy Agencies Probe Angry Birds and Other Apps for Personal […]
(U) Converged Analysis of
Smartphone Devices
Identification/Processing/Tasking -
All in a day’s work
TOP SECRET//COMINT/REL TO USA, FVEY
si
Converged mobile devices
offering adv...
0.0
Making Things Measurable: Technology Trending Challenges and Approaches
Document
Release Date:
2014-12-28
Document Date:
2012-06-06
This 40-page NSA presentation for the June 2012 SIGDEV conference includes a ranking of cryptographic protocols in order of ‘risk’ the they pose to the agency’s operations: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//REL FVEY//20340601
SIGDEV Conference 2012
(U) Making Things Measureable:
Technology Trending Challenges and
Approaches
June 2012
TOP SECRET//COMINT//REL FVEY/...
0.0
VOIP in XKEYSCORE
Document
Release Date:
2015-07-01
Document Date:
2009-03-01
This NSA presentation from March 2009 shows how VOIP intercepts are handled in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
voip-in-xks-p1-normal.gif:
TOP SECRET//COMINT7/REL TO USA. AUS, CAN, GBR, NZL//20291123
VOIP in
XKEYSCORE
March 2009
TOP SECRET//COMINT//REL TO USA. AUS. CAN, GBR, NZL//20291123voip-in-...
0.0
DNI 101 How Do I Begin Analyzing a Target’s Email Address?
Document
Release Date:
2015-07-01
This undated NSA document provides a decision tree for the analysis of email addresses, IP addresses, cookies and phone numbers in XKeyScore and other agency tools: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//20291123
DNI101
How Do I Begin Analyzing a Target's Email Address?
TOP SECRET//COMINT//20291i23
[ =Tool/Database^ What Things Are Found Doing DNI Analysis and What...
0.0
CNE Analysis in XKeyScore
Document
Release Date:
2015-07-01
Document Date:
2009-10-15
This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
CNE Analysis in
XKEYSCORE
15 October 2009
xkeyscore@nsa.ic.gov
l@nsa.ic.gov)
y
>M 1-5
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
DERIVED F ROM: Ñ WCSSM 1-52
DATED: 2...
0.0
Atomic SIGINT Data Format (ASDF) Configuration Readme
Document
Release Date:
2015-07-01
This undated NSA document explains how to set up an aspect of the XKeyScore architecture: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
SECRET
(U//FOUO) Atomic SIGINT Data Format (ASDF)
Configuration Read Me
(U) Overview
(U//FOUO) The ASDF Configuration Read Me is designed to provide procedures for other organizations
...
0.0
SPINALTAP: Making Passive Sexy for Generation Cyber
Document
Release Date:
2015-01-17
This undated NSA Menwith Hill presentation describes SPINALTAP, a project to combine data from active operations and passive signals intelligence: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, FVEY
/
'■%.^
(U//FOUO) SPINALTAP:
Making Passive Sexy for
Generation Cyber
TOP SECRET//COMINT//REL TO USA, FVEY
TOP SECRET//COMINT//REL TO USA, FVE...
UKJ-26, USJ-759A, UKJ-26, UKJ-260D, UKJ-260G, UKJ-26, UKJ-260D, DS-30G, DS-300, DS-300, DS-300, DS-300, UKJ-260, UKJ-260, UKJ-260, UKJ-260, UKJ-26CO, UKJ-260CI, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-26CO, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-2G0CI, UKJ-260CI, UKJ-260, UKJ-260, UKJ-260, UKJ-260CI, UKJ-260CI, UKJ-26CO, UKJ-260, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, USJ-759A, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, DS-300, US-972U, US-972U, UKC-302A, UKC-302A, UKC-3024, UKC-302A, USD-1079, UKC-3024, UKC-302A, UKC-302A, UKC-3024, UKC-3024, USJ-759A, USJ-759A, USJ-759, USJ-759, US-9664, US-9664, US-9664, US-9664, US-9664, US-9664, UKC-3024, UKC-3024, UKC-3024, US-968Z, UKC-3024, UKC-3024, USJ-759A, USJ-759, US-955A, US-96, US-966A, US-96, US-966A, US-966A, US-966A
0.0
FAIRVIEW Dataflow Diagrams
Document
Release Date:
2015-08-15
Document Date:
2012-04-01
This April 2012 NSA presentation uses an AT&T specific term – Common Backbone or CBB – to refer to the Internet backbone of the corporate partner it codenames FAIRVIEW: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.
Dataflow Diagrams
April 2012
Note: Please refer to previous diagrams for decommissioned systems.
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20361101
TOP SECRET//COMIN...
0.0
NSA QUANTUM Tasking Techniques for the R&T Analyst
Document
Release Date:
2013-12-29
This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the […]
image-583967-galleryV9-quqn.jpg:
TOP SECRET//SI//REL USA, AUS, CAN, GBR, NZL
(TS) NSA QUANTUM Tasking Techniques
for the R&T Analyst
POC:
TAO RTD | Team
- Booz Allen Hamilton SDS2
...
0.0
Special Source Operations Weekly – 14 March 2013
Document
Release Date:
2014-06-18
Document Date:
2013-03-14
This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as […]
UNCLASSIFIED//FOR OFFICIAL USE ONLY
14 MARCH 2013
Special
Source
Operations
Watkly
UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) CORPORATE TEAM
...
0.0
Analysis of Converged Data
Document
Release Date:
2014-03-12
Document Date:
2009-01-01
This slide from a 2009 presentation from the NSA’s Technology Directorate explains how Turbine’s “high-level tasking” effectively automates much of the agency’s offensive operations: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TECHNOLOGY
DIRECTORATE
Analysis of Converged Data
Converged data leads to better analysis, which leads to more focused tasking
Note: Our goals for high-level tasking are to relieve the ...
0.0
iPhone target analysis and exploitation with unique device identifiers
Document
Release Date:
2015-01-17
Document Date:
2010-11-12
This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1
12th November 2010
ICTR-MCT Team (ICTR-MCT-GCHQ-dl)
MHE Team (MHETeam-GCHQ-dl)
OPDSDHQ^^^H
TEA
Benhall Records Centre
iPhone target analysis and exploitation wit...
0.0
HTTP Activity vs. User Activity
Document
Release Date:
2015-07-01
Document Date:
2009-06-19
This NSA presentation from 19 June 2009 explains the metadata capabilities of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
m
V
HTTP Activity vs
User Activity
19 June 2009
Derived From: NSA/CSSM 1-52
Bated :l2007i
MM
TOP SEC...
0.0
OAKSTAR Weekly Update – 22 March 2013
Document
Release Date:
2018-03-20
Document Date:
2013-03-01
This internal NSA technical update from March 2013 makes it clear that information from the access point codenamed MONEYROCKET, which tracked Bitcoin users, could be accessed through the agency’s main search interface for analysts, XKeyScore: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.
TOP SECRET//COMINT//NOFORN
OAKSTAR Weekly Update
Program Highlights Week of: March 16-22, 2013
ETS:
PRIMECANE
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
T...
0.0
HIDDENSALAMANDER: Alerting and Characterization of Botnet Activity in TURMOIL
Document
Release Date:
2015-01-17
This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
P SECRET//COMINT//REL TO USA, FVEY
HIDDENSALAMANDER
Alerting and Characterization of
_____iyiissiQr\]
CAPABILIT, ES
Botnet Activity in TURMOIL
Briefers:
SECRET//REL TO USA, FV...
0.0
Full Log vs. HTTP
Document
Release Date:
2015-07-01
Document Date:
2009-06-11
This NSA presentation from 11 June 2009 explains the scope of metadata collection within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
Log vs. HTTP
11 June 2009
* WHv:i
DERIV
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
TOP SECRET//...
0.0
Legalities
Document
Release Date:
2015-09-25
Document Date:
2007-10-01
This GCHQ spreadsheet from October 2007 provides a guide to the permissibility of using named GCHQ and NSA databases and shows the absence of safeguards against exploiting the metadata of persons located in the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
As of Oct 2007
Legalities - GCHQ Databases eg Pilbeam. Salamanca, UDAQ etc
in the event that both the nabo w/.<V and the location of the tar get is confirmed
metadata content UK pers...
0.0
SSO Corporate Portfolio Overview
Document
Release Date:
2015-08-15
This undated NSA presentation, presented together with speaking notes, provides an introduction to the main cable access programmes facilitated by the agency’s corporate partners and specifies the relevant SIGADs: see the book No Place to Hide, 13 May 2014.
SSO Corporate
Portfolio
Overview
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 203612011
What is SSO’s Corporate
Portfolio?
What data can we collect?
Where do I go for...
US-990, US-3206, US-3217, US-984, US-3230, US-984X*, US-3247, US-3251, US-3273, US-983, US-3277, US-3140, US-3354, US-3105S1, US-3105S1, US-3150, US-984XR, US-984X2, US-984T, US-984X, US-984X1, US-984P, US-984, US-984, US-984X*, US-3206
BLACKPEARL, BLARNEY, BLUEZEPHYR, CADENCE, COBALTFALCON, COWBOY, DARKTHUNDER, DISHFIRE, FAIRVIEW, OCELOT, MAINWAY (MW), MARINA, MISTRALWIND, MONKEYROCKET, NUCLEON, OAKSTAR, OCTAVE, ORANGEBLOSSOM, ORANGECRUSH, PERFECTSTORM, PINWALE, SERRATEDEDGE, SHIFTINGSHADOW, SILVERZEPHYR (SZ), STEELFLAUTA, STORMBREW, TOYGRIPPE, TWISTEDPATH, WHITESQUALL, XKEYSCORE (XKS), YACHTSHOP, YANKEE
0.0
OAKSTAR Weekly Update – 8 March 2013
Document
Release Date:
2018-03-20
Document Date:
2013-03-01
This internal NSA technical update from March 2013 describes a source of information codenamed MONEYROCKET, which provides data on users of the digital currency Bitcoin: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.
TOP SECRET//COMINT//NOFORN
OAKSTAR Weekly Update
Program Highlights Week of: March 2-8, 2013
ETS:
Derived From: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20320108
TOP SECRET//COMI...
0.0
User’s Guide for PRISM Skype Collection
Document
Release Date:
2014-12-28
Document Date:
2012-08-01
This NSA document from August 2012 provides guidance for analysts on ordering the PRISM collection of Skype communications, capabilities that were added over the course of 2011: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TOP SECRET//COMINT//NOFORN
(TS//SI//NF) User’s Guide For PRISM Skype Collection
August 2012
POC For Document:
S3531
l. (TS//SI//NF) Introduction
a. PRISM Skype collection can be ...