This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated GCHQ presentation describes some of the Question Focused Databases (QFDs) developed to analyse the massive amount of raw data the agency collects from undersea cables: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This GCHQ presentation dated 14 May 2012 describes the agency receiving “more than 50 billion events [metadata records] per day” and some of the tools available for analysing that mass of data: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This GCHQ presentation from 23 March 2009 discusses the agency’s plan for “processing Events [metadata] at scale”: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This GCHQ presentation from March 2009 describes the BLACKHOLE database used to store raw metadata records from TEMPORA, with about 10 billion records being added each day: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This CSE (then CSEC) presentation from 2012 describes the Canadian agency’s file download monitoring operation: see the Intercept article Canada Casts Global Surveillance Dragnet Over File Downloads, 28 January 2015. cse-presentation-on-the-levitation-project

This GCHQ briefing from September 2009 describes the tools then available to analyse metadata collected on a massive scale: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This page from GCHQ’s internal GCWiki, last updated on 1 May 2012 documents progress in a variety of the agency’ projects: see Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure, 7 June 2016.

This page from GCHQ’s internal GCWiki describes the BLAZING SADDLES tool for handling huge amounts of metadata and the specialised analysis it supports: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This undated page from GCHQ’s internal GCWiki provides technical information about the agency’s BLACK HOLE repository: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This document dated 20 January 2011 provides the research agenda for a joint NSA/GCHQ group tasked with developing “a sound understanding of the threat that encryption brings to our ability to do target discovery/development as well as devising mitigations”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December […]

This GCHQ presentation from 2011 provides the background to the agency’s hacking attack on Belgacom: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014. gchq-mobile-networks-in-my-noc-world

This 2011 presentation, created by GCHQ’s Network Analysis Centre describes new techniques for gathering reconnaissance on the IT personnel of targeted organisations (their “Network Operations Centres”), using Belgacom as an example in several slides: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014. Download […]

This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated page from GCHQ’s internal GCWiki shows some of the background to the agency’s attack on Dutch SIM manufacturer Gemalto, specifically the harvesting of facebook cookies associated with the firm’s staff: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This GCHQ presentation from March 2009 shows that the agency has targeted a number of popular websites in a concerted effort to harvest cookies (“target detection indentifiers”) on a massive scale: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This joint NSA/GCHQ research paper dated 20 January 2011 cites encryption as a threat impacting on both agencies: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This undated page from GCHQ’s internal GCWiki provides a definition of “event”, the term the agency uses to refer to a metadata record, showing the variety of data collected: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

This GCHQ document from 18 August 2009 describes BLACK HOLE, a massive data repository, and describes how this interacts with other systems developed by the agency: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.