Snowden Doc Search

CNE End Point Requirements

Document

Release Date: 2015-01-17

This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

TOP SECRET STRAP1 COMINT CNE End Point Requirements CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...

OAKSTAR Weekly Update – 15 March 2013

Document

Release Date: 2018-03-20 Document Date: 2013-03-01

This internal NSA technical newsletter states that the source of information codenamed MONEYROCKET is collecting information on “senders and receivers of bitcoin” and users Liberty Reserve: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.

TOP SECRET//COMINT//NOFORN OAKSTAR Weekly Update Program Highlights Week of: March 9-15, 2013 ETS: Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 20320108 TOP SECRET//C...

Advanced HTTP Activity Analysis

Document

Release Date: 2015-07-01 Document Date: 2009-01-01

This 114-page NSA training presentation from 2009 explains how agency analysts can exploit HTTP traffic within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

Advanced HTTP Activity Analysis 2009 Goal The goal of this training is to get you familiar with basic HTTP traffic and understand how to target and expliot it using X-KEYSCORE Ag...

Email Address vs User Activity

Document

Release Date: 2015-07-01 Document Date: 2009-06-24

This NSA presentation from 24 June 2009 explains how to use the email search functionality within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 vs User Activity 24 June 2009 "»Ol 01 t » «4 Ha#f* IWt De rived From: NSA/CSSM 1-52 ...

SIGINT Development Support II Program Management Review

Document

Release Date: 2016-08-19 Document Date: 2013-04-24

Four slides taken from a 24 April 2013 NSA presentation detail how SECONDDATE man-in-the-middle attacks were used against targets in Pakistan and Lebanon: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.

TOP SECRET//SI//NOFORN The overall classification of this brief is (U) SIGINT Development Support II Program Management Review ► 24 April 2013 TOP SECRET//COMINT//NOFORN Derived Fro...

Content Extraction Analytics

Document

This 21 May 2009 presentation from the NSA’s Center for Content Extraction includes a slide that shows that the communications of 122 heads of government were stored in the agency’s central “Target Knowledge Base”, 11 of whom are named. The collection for most of these targets was automated: see the Der Spiegel article ‘A’ for […]

Human Language technology Center for Content Extraction Content Extraction Analytics SIGDEV End-to-End Demo 21 May 2009 Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassily On:...

X-KEYSCORE as a SIGDEV tool

Document

Release Date: 2015-07-01 Document Date: 2009-01-01

This 2009 NSA presentation describes some of the plug ins available and the way the tool relates to other NSA methods for searching internet metadata, with XKeyScore having the broadest capability: see the book No Place To Hide, 13 May 2014.

xks-as-a-sigdev-tool-p1-normal.gif: X-KEYSCORE as a SIGDEV tool 2009 ■EBTxks-as-a-sigdev-tool-p2-normal.gif: What is X-KEYSCORE?xks-as-a-sigdev-tool-p3-normal.gif: TOP SECRET//COMINT//ORC...

Analyzing Mobile/Cellular DNI in XKeyScore

Document

Release Date: 2015-07-01 Document Date: 2009-05-01

This NSA presentation from May 2009 describes the procedure for analysing phone data within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015. analyzing-mobile-cellular-dni-in-xks

Analyzing Mobile/Cellular DNI in XKEYSCORE May 2009 TOP SECRET//COMINT//REL TO USA, AUS, CAN. GBR. NZL//20291123 08 TOP SECRET/,'COMINT//REL TO USA, AUS, CAN, GBR, NZL Mobile DNI ...

VPN SigDev Basics

Document

Release Date: 2014-12-28

This undated NSA presentation describes how to perform attacks against VPNs: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL (TS//SI//REL)VPN SigDev Basics S31244 - OTTERCREEK Derived From: NSA/CSSM 1-52 Dated: 20070108 ______Declassify On: 20341101 TOP S...

Analytic Challenges from Active-Passive Integration

Document

Release Date: 2014-12-28

This undated NSA presentation from the agency’s Information Technology Directorate, aimed at analysts, describes techniques for decrypting IPSec VPN traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This Briefing is Classified TOP SECRET//COMINT//REL USA, FVEY Analytic Challenges from Active-Passive Integration S324 This Briefing is Classified TOP SECRET//COMINT//REL USA,FVEY DER...

Converged Analysis of Smartphone Devices

Document

Release Date: 2014-01-27 Document Date: 2010-05-01

This NSA presentation from May 2010 describes the kinds of information the agency can extract from smartphone traffic, describing the use of mobile apps as a “golden nugget”. Note that this is the first version of this document released online: see the Pro Publica article Spy Agencies Probe Angry Birds and Other Apps for Personal […]

(U) Converged Analysis of Smartphone Devices Identification/Processing/Tasking - All in a day’s work TOP SECRET//COMINT/REL TO USA, FVEY si Converged mobile devices offering adv...

Making Things Measurable: Technology Trending Challenges and Approaches

Document

Release Date: 2014-12-28 Document Date: 2012-06-06

This 40-page NSA presentation for the June 2012 SIGDEV conference includes a ranking of cryptographic protocols in order of ‘risk’ the they pose to the agency’s operations: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

TOP SECRET//COMINT//REL FVEY//20340601 SIGDEV Conference 2012 (U) Making Things Measureable: Technology Trending Challenges and Approaches June 2012 TOP SECRET//COMINT//REL FVEY/...

VOIP in XKEYSCORE

Document

Release Date: 2015-07-01 Document Date: 2009-03-01

This NSA presentation from March 2009 shows how VOIP intercepts are handled in XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

voip-in-xks-p1-normal.gif: TOP SECRET//COMINT7/REL TO USA. AUS, CAN, GBR, NZL//20291123 VOIP in XKEYSCORE March 2009 TOP SECRET//COMINT//REL TO USA. AUS. CAN, GBR, NZL//20291123voip-in-...

DNI 101 How Do I Begin Analyzing a Target’s Email Address?

Document

Release Date: 2015-07-01

This undated NSA document provides a decision tree for the analysis of email addresses, IP addresses, cookies and phone numbers in XKeyScore and other agency tools: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

TOP SECRET//COMINT//20291123 DNI101 How Do I Begin Analyzing a Target's Email Address? TOP SECRET//COMINT//20291i23 [ =Tool/Database^ What Things Are Found Doing DNI Analysis and What...

CNE Analysis in XKeyScore

Document

Release Date: 2015-07-01 Document Date: 2009-10-15

This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

CNE Analysis in XKEYSCORE 15 October 2009 xkeyscore@nsa.ic.gov l@nsa.ic.gov) y >M 1-5 TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL DERIVED F ROM: Ñ WCSSM 1-52 DATED: 2...

Atomic SIGINT Data Format (ASDF) Configuration Readme

Document

Release Date: 2015-07-01

This undated NSA document explains how to set up an aspect of the XKeyScore architecture: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

SECRET (U//FOUO) Atomic SIGINT Data Format (ASDF) Configuration Read Me (U) Overview (U//FOUO) The ASDF Configuration Read Me is designed to provide procedures for other organizations ...

SPINALTAP: Making Passive Sexy for Generation Cyber

Document

Release Date: 2015-01-17

This undated NSA Menwith Hill presentation describes SPINALTAP, a project to combine data from active operations and passive signals intelligence: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

TOP SECRET//COMINT//REL TO USA, FVEY / '■%.^ (U//FOUO) SPINALTAP: Making Passive Sexy for Generation Cyber TOP SECRET//COMINT//REL TO USA, FVEY TOP SECRET//COMINT//REL TO USA, FVE...

FAIRVIEW Dataflow Diagrams

Document

Release Date: 2015-08-15 Document Date: 2012-04-01

This April 2012 NSA presentation uses an AT&T specific term – Common Backbone or CBB – to refer to the Internet backbone of the corporate partner it codenames FAIRVIEW: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.

Dataflow Diagrams April 2012 Note: Please refer to previous diagrams for decommissioned systems. Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 20361101 TOP SECRET//COMIN...

NSA QUANTUM Tasking Techniques for the R&T Analyst

Document

Release Date: 2013-12-29

This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the […]

image-583967-galleryV9-quqn.jpg: TOP SECRET//SI//REL USA, AUS, CAN, GBR, NZL (TS) NSA QUANTUM Tasking Techniques for the R&T Analyst POC: TAO RTD | Team - Booz Allen Hamilton SDS2 ...

Special Source Operations Weekly – 14 March 2013

Document

Release Date: 2014-06-18 Document Date: 2013-03-14

This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as […]

UNCLASSIFIED//FOR OFFICIAL USE ONLY 14 MARCH 2013 Special Source Operations Watkly UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY (U) CORPORATE TEAM ...

Analysis of Converged Data

Document

Release Date: 2014-03-12 Document Date: 2009-01-01

This slide from a 2009 presentation from the NSA’s Technology Directorate explains how Turbine’s “high-level tasking” effectively automates much of the agency’s offensive operations: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

TECHNOLOGY DIRECTORATE Analysis of Converged Data Converged data leads to better analysis, which leads to more focused tasking Note: Our goals for high-level tasking are to relieve the ...

iPhone target analysis and exploitation with unique device identifiers

Document

Release Date: 2015-01-17 Document Date: 2010-11-12

This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

TOP SECRET STRAP1 12th November 2010 ICTR-MCT Team (ICTR-MCT-GCHQ-dl) MHE Team (MHETeam-GCHQ-dl) OPDSDHQ^^^H TEA Benhall Records Centre iPhone target analysis and exploitation wit...

HTTP Activity vs. User Activity

Document

Release Date: 2015-07-01 Document Date: 2009-06-19

This NSA presentation from 19 June 2009 explains the metadata capabilities of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL m V HTTP Activity vs User Activity 19 June 2009 Derived From: NSA/CSSM 1-52 Bated :l2007i MM TOP SEC...

OAKSTAR Weekly Update – 22 March 2013

Document

Release Date: 2018-03-20 Document Date: 2013-03-01

This internal NSA technical update from March 2013 makes it clear that information from the access point codenamed MONEYROCKET, which tracked Bitcoin users, could be accessed through the agency’s main search interface for analysts, XKeyScore: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.

TOP SECRET//COMINT//NOFORN OAKSTAR Weekly Update Program Highlights Week of: March 16-22, 2013 ETS: PRIMECANE Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 20320108 T...

HIDDENSALAMANDER: Alerting and Characterization of Botnet Activity in TURMOIL

Document

Release Date: 2015-01-17

This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

P SECRET//COMINT//REL TO USA, FVEY HIDDENSALAMANDER Alerting and Characterization of _____iyiissiQr\] CAPABILIT, ES Botnet Activity in TURMOIL Briefers: SECRET//REL TO USA, FV...

Full Log vs. HTTP

Document

Release Date: 2015-07-01 Document Date: 2009-06-11

This NSA presentation from 11 June 2009 explains the scope of metadata collection within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 Log vs. HTTP 11 June 2009 * WHv:i DERIV TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 TOP SECRET//...

Legalities

Document

Release Date: 2015-09-25 Document Date: 2007-10-01

This GCHQ spreadsheet from October 2007 provides a guide to the permissibility of using named GCHQ and NSA databases and shows the absence of safeguards against exploiting the metadata of persons located in the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

As of Oct 2007 Legalities - GCHQ Databases eg Pilbeam. Salamanca, UDAQ etc in the event that both the nabo w/.<V and the location of the tar get is confirmed metadata content UK pers...

SSO Corporate Portfolio Overview

Document

Release Date: 2015-08-15

This undated NSA presentation, presented together with speaking notes, provides an introduction to the main cable access programmes facilitated by the agency’s corporate partners and specifies the relevant SIGADs: see the book No Place to Hide, 13 May 2014.

SSO Corporate Portfolio Overview Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 203612011 What is SSO’s Corporate Portfolio? What data can we collect? Where do I go for...

OAKSTAR Weekly Update – 8 March 2013

Document

Release Date: 2018-03-20 Document Date: 2013-03-01

This internal NSA technical update from March 2013 describes a source of information codenamed MONEYROCKET, which provides data on users of the digital currency Bitcoin: see the Intercept article The NSA Worked To “track Down” Bitcoin Users, Snowden Documents Reveal, 20 March 2018.

TOP SECRET//COMINT//NOFORN OAKSTAR Weekly Update Program Highlights Week of: March 2-8, 2013 ETS: Derived From: NSA/CSSM 1-52 Dated: 20070108 Declassify On: 20320108 TOP SECRET//COMI...

User’s Guide for PRISM Skype Collection

Document

Release Date: 2014-12-28 Document Date: 2012-08-01

This NSA document from August 2012 provides guidance for analysts on ordering the PRISM collection of Skype communications, capabilities that were added over the course of 2011: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

TOP SECRET//COMINT//NOFORN (TS//SI//NF) User’s Guide For PRISM Skype Collection August 2012 POC For Document: S3531 l. (TS//SI//NF) Introduction a. PRISM Skype collection can be ...

e-Highlighter