This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This June 2010 CSEC presentation for the CSEC conference outlines counter-computer network exploitation (CCNE) techniques: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This 2010 CSEC document complete with speakers’ notes shows that visits to Canadian government websites were monitored, and hundreds of thousands of emails to government email addresses retained every day, for cybersecurity purposes: see the CBC News article CSE monitors millions of Canadian emails to government, 25 February 2015.

This CSEC presentation for a November 2010 conference outlines CSEC capabilities in the recognition of trojans and other “network based anomolies”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This page from GCHQ’s internal GCWiki describes tools developed by the Joint Threat Research Intelligence Group and their status. The page was last edited in July 2012 and was accessed nearly 20,000 times: see the Intercept article Hacking Online Polls and Other Ways British Spies Seek to Control the Internet, 14 July 2014. jtrigall