This 21 May 2009 presentation from the NSA’s Center for Content Extraction includes a slide that shows that the communications of 122 heads of government were stored in the agency’s central “Target Knowledge Base”, 11 of whom are named. The collection for most of these targets was automated: see the Der Spiegel article ‘A’ for […]

This undated NSA presentation from the agency’s Information Technology Directorate, aimed at analysts, describes techniques for decrypting IPSec VPN traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This undated NSA presentation describes how to perform attacks against VPNs: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This 114-page NSA training presentation from 2009 explains how agency analysts can exploit HTTP traffic within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated NSA presentation, presented together with speaking notes, provides an introduction to the main cable access programmes facilitated by the agency’s corporate partners and specifies the relevant SIGADs: see the book No Place to Hide, 13 May 2014.

This presentation gives an overview of the NSA’s programmes targeting the fibre optic cables that carry much of the world’s internet traffic. One slide gives a breakdown of which data sources form the basis of Presidential daily briefings. Another shows that the access point used to collect Yahoo and Google cloud data (MUSCULAR) is operated […]

This 32-page NSA presentation dated 25 February 2008 details XKeyscore, a tool used to search unfiltered internet traffic in real time. Two slightly different versions of this presentation have been published; both follow below: see the Guardian article XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’, 31 July 2013.

This NSA presentation from 24 June 2009 explains how to use the email search functionality within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This NSA presentation from 11 June 2009 explains the scope of metadata collection within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This NSA presentation from May 2009 describes the procedure for analysing phone data within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015. analyzing-mobile-cellular-dni-in-xks

This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This GCHQ spreadsheet from October 2007 provides a guide to the permissibility of using named GCHQ and NSA databases and shows the absence of safeguards against exploiting the metadata of persons located in the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This April 2012 NSA presentation uses an AT&T specific term – Common Backbone or CBB – to refer to the Internet backbone of the corporate partner it codenames FAIRVIEW: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.

Slides from an undated Special Source Operations presentation include references to data structures and formats that could only have been obtained from the internal systems of Yahoo and Google: see the Washington Post article How we know the NSA had access to internal Google and Yahoo cloud data, 4 November 2013.

This NSA presentation from May 2010 describes the kinds of information the agency can extract from smartphone traffic, describing the use of mobile apps as a “golden nugget”. Note that this is the first version of this document released online: see the Pro Publica article Spy Agencies Probe Angry Birds and Other Apps for Personal […]

This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated NSA Menwith Hill presentation describes SPINALTAP, a project to combine data from active operations and passive signals intelligence: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated NSA document provides a decision tree for the analysis of email addresses, IP addresses, cookies and phone numbers in XKeyScore and other agency tools: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

Nineteen slides from a 41-slide April 2013 NSA presentation describing the PRISM collection of data via internet service providers, “the SIGAD most used in NSA reporting.” Slides have been published gradually by several media organisations: see the Washington Post article NSA slides explain the PRISM data-collection program, 6 June 2013.

This NSA Special Source Operations presentation describes the agency’s collection of webmail address books and contact lists: see the Washington Post article NSA collects millions of e-mail address books globally, 14 October 2013.

This NSA document from August 2012 provides guidance for analysts on ordering the PRISM collection of Skype communications, capabilities that were added over the course of 2011: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This 40-page NSA presentation for the June 2012 SIGDEV conference includes a ranking of cryptographic protocols in order of ‘risk’ the they pose to the agency’s operations: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This 2009 NSA presentation describes some of the plug ins available and the way the tool relates to other NSA methods for searching internet metadata, with XKeyScore having the broadest capability: see the book No Place To Hide, 13 May 2014.

This CSEC presentation from June 2012, slides from which were first published by Fantástico in October 2013, describes the Canadian agency’s use of the Olympia suite of analytic tools in the context of spying on Brazil’s Ministry of Mines and Energy: see the Globe and Mail article How CSEC became an electronic spying giant, 30 […]

This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the […]

This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as […]

This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This NSA presentation from 19 June 2009 explains the metadata capabilities of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This NSA presentation from March 2009 shows how VOIP intercepts are handled in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.