Results
13 Total
0.0
DEFIANTWARRIOR and the NSA’s Use of Bots
Document
Release Date:
2015-01-17
Document Date:
2010-05-24
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL USA, FVEY
DEFIANTWARRIO R 7
/ //and the ;
NSA's Uè^ojÆotá/
Overall Classification: TOP SECRET//COMINT//REL FVEY
Current As Of: 24 May 2010
Derived From: NSA/CSS...
DEFIANTWARRIOR, FREEFLOW-compliant, INCENSER, ISLANDTRANSPORT (IT), OLYMPUS, PUZZLECUBE, QUANTUMBOT, TREASUREMAP (TM), TURBINE, TURBULENCE (TU), UNITEDRAKE, XKEYSCORE (XKS), STELLABLUE
0.0
TUTELAGE
Document
Release Date:
2015-01-17
This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA,
FVEY
TOP SECRET//COMINT//REL TO USA,
TOP SECRET//COMINT//REL TO USA,
FVEY
Before TUTELAGE...
AFTERk
INTRUSION
Manual Analysis of Reporting Lo...
0.0
CNE Analysis in XKeyScore
Document
Release Date:
2015-07-01
Document Date:
2009-10-15
This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
CNE Analysis in
XKEYSCORE
15 October 2009
xkeyscore@nsa.ic.gov
l@nsa.ic.gov)
y
>M 1-5
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
DERIVED F ROM: Ñ WCSSM 1-52
DATED: 2...
0.0
Quantum Shooter SBZ Notes
Document
Release Date:
2015-01-17
This undated page from the NSA’s internal WikiInfo site describes QUANTUMSHOOTER, an implant that allows computers to be controlled remotely: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
QUANTUM Shooter SBZ Notes - Wikiinfo
The accredited security level of this system is: TOP SECRET//SI-GAMMA/TALENT
KEYHOLE//ORCON/PROPIN/RELIDO/REL TO USA, FVEY *
TOP SECRET//SI//REL TO USA,...
0.0
QFIRE pilot report
Document
Release Date:
2013-12-29
Document Date:
2011-06-03
This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.
image-584092-galleryV9-icxm.jpg:
Getting Close to the
Forward-based Defense with QFIRE
June 3, 2011
QFIRE Pilot Lead
NSA/Technology Directorate
Derived From: NSA/CSSM 1-52
Dated: 20...
0.0
TURMOIL
Document
Release Date:
2014-03-12
These slides from an NSA presentation show how the automated malware deployment tool Turbine depends on a network of passive collection sensors (Turmoil), installed at locations including Fort Meade in Maryland, Misawa in Japan and Menwith Hill in the UK: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, […]
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
Sensors: Passive Collection
\
Internet
* Cloud
Internet
1 Cloud
Internet
<1 Cloud
pUttMQJ.l I (S//SI//REÜ High-spe...
0.0
A new intelligent command and control capability
Document
Release Date:
2014-03-12
This extract from an undated NSA document describes the planned capability of the automated malware injection system Turbine as extending to “potentially millions of implants”: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
(TS//SI//REL) A new intelligent command and control capability designed to manage a very large number of covert implants for
active SIGINT and active Attack that reside on the GENIE covert infras...
0.0
Analysis of Converged Data
Document
Release Date:
2014-03-12
Document Date:
2009-01-01
This slide from a 2009 presentation from the NSA’s Technology Directorate explains how Turbine’s “high-level tasking” effectively automates much of the agency’s offensive operations: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TECHNOLOGY
DIRECTORATE
Analysis of Converged Data
Converged data leads to better analysis, which leads to more focused tasking
Note: Our goals for high-level tasking are to relieve the ...
0.0
Selector types
Document
Release Date:
2014-03-12
This slide lists the range of selectors the Turmoil infrastructure at UK base Menwith Hill can use to identify targets, many of which show the ability of Five Eyes agencies to piggyback on commercial services: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOP SECRET//COMINT//REL TO USA, FVEY
Selector Types
Machine IDs
- Cookies
• Hotmail GUIDs
• Google prefIDs
• YahooBcookies
• mallruMRCU
• yandexUid
• twitter Hash
• r...
0.0
QUANTUMINSERT
Document
Release Date:
2014-03-12
These diagrams describe the operation of the NSA’s Quantum Insert attack: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TS//REL
QUANTUM INSERT
TS//REL
QUANTUM INSERT
TS//REL
QUANTUM INSERT
TS//REL
QUANTUM INSERT
TS//REL
QUANTUM INSERT
0.0
VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN
Document
Release Date:
2014-03-12
Slides from an NSA Turbulence presentation describe two of the agency’s specialised implants, aimed at compromising virtual private networks (VPNs) and online telephony (VOIP): see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123
APEX VPN Phases
► VPN Phase 1: IKE Metadata Only (Spin 15)
- IKE packets are exfiled to TURMOIL APEX.
■ APEX reconstructs/r...
0.0
TURBINE
Document
Release Date:
2014-03-12
Document Date:
2009-01-01
These extracts from a 2009 NSA presentation describes the agency’s system for automated malware injection on an “industrial-scale”: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOPSHJE17/COMINT7/RELIO USA, FVE/
(U) Automation
(TS73//FEL) TURBINEcan talkto active & passive sensors/shooters
■ (TS7S//REL) Maintenance tasks on routers
■ (TS7S//REL) Dynamic target...
0.0
TURMOIL/APEX/APEX High Level Description Document
Document
Release Date:
2014-12-28
This undated page from NSA’s internal WikiInfo describes some of the agency’s techniques for capturing IPSec Virtual Private Network (VPN) traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
TURMOIL/APEX/APEX High Level Description Document - Wikiinfo
The accredited security level of this system is: TOP SECRET//SI-GAMMA/TALENT
KEYHOLE//ORCON/PROPIN/RELIDO/REL TO USA, FVEY *
TOP...