This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This NSA TURBULENCE presentation dated August 2009 explains the APEX method of combining passive with active methods to exfiltrate data from networks attacked: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

This extract from the US Intelligence Community’s Congressional Budget Justification for the Fiscal Year 2013 (the “Black Budget”) provides the budget for GENIE the project “which underpins NSA/CSS’ Computer Network Operations (CNO) Endpoint capabilities conducted by the Tailored Access Operations (TAO) Group: see the Der Spiegel article The Digital Arms Race: NSA Preps America for […]

This presentation from the 2010 SIGDEV Conference describes the contribution made by GCHQ to the development of Quantum techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This undated NSA wiki page describes LONGHAUL, an “end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.

These pages from an NSA internal catalogue describe the tools available to the agency in 2008: see the Der Spiegel article NSA’s Secret Toolbox: Unit Offers Spy Gadgets for Every Need, 30 December 2013

This NSA presentation dated 27 October 2009 outlines the use of intercepted IPSec VPN data within the agency: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This 29 August 2006 post from the internal NSA newsletter SIDToday explains how the Human Language Technology analysts working on speech-to-text technology within the agency understand their role in dealing with large amounts of intercepted data: see the Intercept article The Computers are Listening: How the NSA Converts Spoken Words Into Searchable Text, 5 May […]

This undated NSA technical document provides information about the Universal Targeting Tool (UTT), “a mission critical component of the TURBULENCE architecture”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This slide lists the range of selectors the Turmoil infrastructure at UK base Menwith Hill can use to identify targets, many of which show the ability of Five Eyes agencies to piggyback on commercial services: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

These diagrams describe the operation of the NSA’s Quantum Insert attack: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

Slides from an NSA Turbulence presentation describe two of the agency’s specialised implants, aimed at compromising virtual private networks (VPNs) and online telephony (VOIP): see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

This undated presentation from NSA’s UK-based Menwith Hill station describes the various uses of open source intelligence (OSINT) in computer network operations, including the monitoring of hacker forums and spotting opportunities for so-called “Fourth Party Collection”: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.

This NSA slide from a 2012 presentation on Cyber 702 Authorities shows that the agency’s authority to undertake warantless wiretapping of US persons’ internet traffic was extended over the course of 2012: see the New York Times article Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border, 4 June 2015.

This undated NSA presentation describes the Spin 9 system for decrypting VPN data: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

This undated page from NSA’s internal WikiInfo describes VALIANTSURF “the coverterm for the development of Data Network Cipher (DNC) exploitation capabilities in TURMOIL”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.