This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This NSA presentation from 15 October 2009 explains how analysts can exploit the products of the agency’s CNE hacking operations within XKeyScore and provides examples with screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This undated page from the NSA’s internal WikiInfo site describes QUANTUMSHOOTER, an implant that allows computers to be controlled remotely: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.

These slides from an NSA presentation show how the automated malware deployment tool Turbine depends on a network of passive collection sensors (Turmoil), installed at locations including Fort Meade in Maryland, Misawa in Japan and Menwith Hill in the UK: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, […]

This extract from an undated NSA document describes the planned capability of the automated malware injection system Turbine as extending to “potentially millions of implants”: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This slide from a 2009 presentation from the NSA’s Technology Directorate explains how Turbine’s “high-level tasking” effectively automates much of the agency’s offensive operations: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This slide lists the range of selectors the Turmoil infrastructure at UK base Menwith Hill can use to identify targets, many of which show the ability of Five Eyes agencies to piggyback on commercial services: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

These diagrams describe the operation of the NSA’s Quantum Insert attack: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

Slides from an NSA Turbulence presentation describe two of the agency’s specialised implants, aimed at compromising virtual private networks (VPNs) and online telephony (VOIP): see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

These extracts from a 2009 NSA presentation describes the agency’s system for automated malware injection on an “industrial-scale”: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This undated page from NSA’s internal WikiInfo describes some of the agency’s techniques for capturing IPSec Virtual Private Network (VPN) traffic: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.