Filtered By
Computer Network OperationsX
Document Topic [filter]
Results
113 Total
1.0

SNOWGLOBE: From Discovery to Attribution

Document

Document Date: 2011-01-01Release Date: 2015-01-17
This 2011 CSEC presentation describes how the agency analysed SNOWGLOBE, which it considered “to be a state-sponsored CNO effort, put forth by a French intelligence agency”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Overall Classification: TOP SECRET II COMINT II REL TO CAN, AUS, GBR, NZL, USA ■ ■ Communications Security Establishment Canada SNOWGLOBE: From Discovery to Attribution CSEC CNT/Cyb...
1.0

Moving Data Through Disconnected Networks

Document

Document Date: 2012-06-18Release Date: 2015-01-17
This June 2012 NSA presentation describes methods to exfiltrate data, even from networks that are apparently offline: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Moving Data Through Disconnected Networks Delay-Tolerant Networking and the IC (U//FOUO) June ; The overall classification of this briefing is: TOP SECRET//COMINT//REL TO USA, FVEY ...
1.0

iPhone target analysis and exploitation with unique device identifiers

Document

Document Date: 2010-11-12Release Date: 2015-01-17
This GCHQ research paper dated 12 November 2010 discuss some of the agency’s attacks against iPhone handsets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1 12th November 2010 ICTR-MCT Team (ICTR-MCT-GCHQ-dl) MHE Team (MHETeam-GCHQ-dl) OPDSDHQ^^^H TEA Benhall Records Centre iPhone target analysis and exploitation wit...
1.0

APEX Active/Passive Exfiltration

Document

Document Date: 2009-08-01Release Date: 2015-01-17
This NSA TURBULENCE presentation dated August 2009 explains the APEX method of combining passive with active methods to exfiltrate data from networks attacked: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Active/Passive Exfiltration "go apex" STDP: S32354 & T112, NCSC/C91 August 2009 OP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 TOP SECRET//COMHMT//REL TO USA. AUS. CAN....
1.0

NAC 2Q 2011 Business Plan Review

Document

Document Date: 2011-09-08Release Date: 2015-04-02
This short extract from a GCHQ Network Analysis Centre report covering the period July-September 2011 describes “offensive cyber operations” against Iran, Argentina and Libya: see the Intercept article Britain Used Spy Team to Shape Latin American Public Opinion on Falklands, 2 April 2015.
TOP SECRET STRAP1 AUS/CAN/NZ/UK/US EYES ONLY \ 2Q NAC Business Plan Review July - September 2011 network >'N>n_,=*5i5 centre ,.A - . TOP SECRET STRAP1 AUS/CAN/NZ/UK/US EYES ONLY ...
1.0

DAPINO GAMMA Gemalto Yuaawaa

Document

Document Date: 2011-01-01Release Date: 2015-02-19
This Wiki page from 2011 details aspects of GCHQ’s DAPINO GAMMA operation against mobile SIM manufacturer Gemalto: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
[edit] Other Gemalto Yuaawaa - secure file sharing service identified, apparently used by gemalto employees- maybe just as testers? Findings from JTRIG research identified as a Gem...
1.0

PCS Harvesting at Scale

Document

Document Date: 2010-04-27Release Date: 2015-02-19
This April 2010 GCHQ report proposes an automated approach to seizing large numbers of mobile phone encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
TOP SECRET STRAP 1 Reference: OPC-TDSD/TECH/21 Date: 27th April 2010 PCS Harvesting at Scale (OPC-TDSD) (OPC-TDSD) (OPC-CAP) (OPC-TDSD) Summary This report explores the ...
1.0

Computer-Network Exploitation Successes South of the Border

Document

Document Date: 2010-11-15Release Date: 2013-10-20
This extract from a 15 November 2010 NSA memo reveals that the agency has been able to access Mexican President Felipe Calderon’s email account: see the Der Spiegel article NSA Accessed Mexican President’s Email, 20 October 2013.
(TS//SI//REL) Computer-Network Exploitation Successes South of the Border I FROM: .* BA. Chief, NSA-Texas TAO/Requiremcnts & Targeting (FTS327) Run Date: 11/15/2010 rS//SI//REL) TAO-en...
1.0

NATO Civilian Intelligence Council – Cyber Panel – Talking Points

Document

Document Date: 2011-09-14Release Date: 2015-02-04
This US National Intelligence Council memo dated 14 September 2011 provides US talking points for a forthcoming NATO meeting and includes the assessment that the threat presented by Anonymous and hacktivist activity is “minimal”: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
SECRET//REL TO USA, NATO NIM/Cyber 14 September 2011 Talking Points Subject: (S//REL NATO) NATO Civilian Intelligence Council—Cyber Panel National Input A. Threat Overview (U) (U...
1.0

Exploiting Foreign Lawful Intercept (LI) Roundtable

Document

Document Date: 2012-01-01Release Date: 2015-09-29
This NSA presentation from 2012 discusses techniques for subverting “lawful intercept” systems used abroad: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
2012-lawful-intercept-redacted2-p1-normal.gif: TOP SECRET//SI//REL TO USA, FVEY (S//SI//REL) Exploiting Foreign Lawful Intercept (LI) Roundtable S31122 TOP SECRET//SI//REL TO USA, FVEY...
1.0

Targets visiting specific websites

Document

Release Date: 2015-07-01
Ths undated set of annotated screenshots from XKeyScore provides a worked example of a search: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
xks-targets-visiting-specific-websites-p1-normal.gif: TOP SECRET//COMINT//REL TO USA, AUS, CAN. GBR. NZU/20320108 Center.! =*oc Book Aleo Hammer See next page for Derived From: NSA'CSSM ...
1.0

QFIRE pilot report

Document

Document Date: 2011-06-03Release Date: 2013-12-29
This NSA presentation from 3 June 2011 describes QFIRE, “a consolidated QUANTUMTHEORY platform”, that links the NSA’s enormous passive monitoring operation (TURMOIL) with the active hacking of systems undertaken by the agency’s Tailored Acess Operations division (TURBINE): see the Der Spiegel article, Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.
image-584092-galleryV9-icxm.jpg: Getting Close to the Forward-based Defense with QFIRE June 3, 2011 QFIRE Pilot Lead NSA/Technology Directorate Derived From: NSA/CSSM 1-52 Dated: 20...
1.0

NSA QUANTUM Tasking Techniques for the R&T Analyst

Document

Release Date: 2013-12-29
This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the […]
image-583967-galleryV9-quqn.jpg: TOP SECRET//SI//REL USA, AUS, CAN, GBR, NZL (TS) NSA QUANTUM Tasking Techniques for the R&T Analyst POC: TAO RTD | Team - Booz Allen Hamilton SDS2 ...
1.0

Update software on all Cisco ONS nodes

Document

This NSA report dated 11 April 2014 describes the difficulties with the network switches the agency had compromised on Cisco devices in order to collect data from Cisco customers: see the book No Place To Hide, 13 May 2014.
Page 150 TOP SECRET//COMINT//REL TO USA, FVEY (Report generated on:4/11/2013 3:31:05PM ) NewCrossProgram | Active ECP Count: | i~~| CrossProgram-1-13 New ECP Lead: I name redacted"! ...
1.0

The Hacking Process

Document

Release Date: 2014-08-15
These slides from an undated NSA SIGDEV presentation show that the agency uses exactly the same methodology to exploit targets as criminals: see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014.
Abbildung09-ac51d29297309215.png: TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL The Hacking Process 1 . (R)econnaissance 2. (I)nfection 3. (C)ommand And Control 4. (E)xfiltrat...
1.0

GCHQ NAC Business Review – April to June 2011

Document

Document Date: 2011-02-01Release Date: 2014-12-13
This extract from a 2011 GCHQ document details progress in the operation against Belgian telecommunications company Belgacom in the second quarter of 2011: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
CNE Access to BELGACOM GRX Operator: (GREEN) Following the successful NAC MyNOC OP SOCIALIST to provide CNE access to the BELGACOM GRX Operator (MERION ZETA), the NAC have continued to provide a...
1.0

Classification guide for ECI Pawleys (PAW)

Document

Document Date: 2006-11-14Release Date: 2014-10-10
This 2006 NSA classification guide outlines the sensitivity of the agency’s clandestine human and electronic access to systems in order to “obtain cryptographic information and material”: see the Intercept article Core Secrets: NSA Saboteurs in China and Germany, 10 October 2014.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 0^ftUJDt54 SD7 AôEWf b<Kf' DTBb3LP HDEYI D0<XS«X 0*YR Jfi! (55^ BUH 5654 ...
1.0

Mobile Networks in MyNOC World

Document

Document Date: 2011-01-01Release Date: 2014-12-13
This GCHQ presentation from 2011 provides the background to the agency’s hacking attack on Belgacom: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014. gchq-mobile-networks-in-my-noc-world
TOP SECRET STRAP 2 Mobile Networks in World Head of GCHQ NAC n/\c This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptio...
1.0

GCHQ NAC Business Review – January to March 2011

Document

Document Date: 2011-01-01Release Date: 2014-12-13
This extract from a 2011 GCHQ Network Analysis Centre document details progress in the operation against Belgian telecommunications company Belgacom in the first quarter of 2011: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
Successful MyNOC surge effort against GRX Operators, that enhanced network knowledge of the various operators, their customer sets, knowledge of and access to both encrypted and unencrypted GRX ...
1.0

Expanding Endpoint Operations

Document

Document Date: 2004-09-17Release Date: 2015-01-17
This 17 September 2004 article from the internal NSA newsletter SIDToday describes the establishment of a new Remote Operations Center (ROC) for performing endpoint (hacking) attacks: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
SIDToday - Expanding Endpoint Operations DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U//FOUO) Expanding Endpoint Operations FRO...
1.0

HIDDENSALAMANDER: Alerting and Characterization of Botnet Activity in TURMOIL

Document

Release Date: 2015-01-17
This undated NSA presentation describes techniques for detecting botnets: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
P SECRET//COMINT//REL TO USA, FVEY HIDDENSALAMANDER Alerting and Characterization of _____iyiissiQr\] CAPABILIT, ES Botnet Activity in TURMOIL Briefers: SECRET//REL TO USA, FV...
1.0

TUTELAGE

Document

Release Date: 2015-01-17
This undated NSA presentation describes tecniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET II COMINT ■ Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada CSEC SIGINT Cyber Discovery: Summary of the current effort ...
1.0

CASCADE – Joint Cyber Sensor Architecture

Document

Document Date: 2011-01-01Release Date: 2015-03-23
This CSEC presentation from 2011 communicates Canada’s current and future cyberwar plans to their Five Eyes partners: see the article Communication Security Establishment’s cyberwarfare toolbox revealed, 23 March 2015.
CLASSIFICATION: CLASSIFICATION: TOP SECRET // COMINT // REL FVEY Project Overview Current Status Proposed Architecture Towards 2015 CLASSIFICATION: TOP SECRET // COMINT // REL FYEY ...
1.0

Software reverse engineering

Document

Document Date: 2008-07-15Release Date: 2015-06-22
This GCHQ document last updated on 15 June 2008 describes the purpose of the agency’s attempts to reverse engineer commercial antivirus software: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
TOP SECRET Software Reverse Engineering Network Defence performs reverse engineering both of malicious and of non- malicious code - i.e,.code is translated from machine-readable to human-re...
1.0

ISA-94: Application for renewal of warrant GPW/1160 in respect of activities which involve the modification of commercial software

Document

Document Date: 2008-06-13Release Date: 2015-06-22
This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
TOP SECRET STRAP2 UK EYES ONLY Date: 13 June 2008 GCHQ Reference: A/9014/9105/55 Sian MacLeod Mariot Leslie Foreign Secretary ISA-94: APPLICATION FOR RENEWAL OF WARRANT GPW/1160 IN...
1.0

PullThrough Steering Group Meeting #16

Document

Document Date: 2008-02-29Release Date: 2015-09-25
This set of GCHQ minutes from 29 February 2008 describes a set of tools that were under development at that point, including the metadata analysis tool KARMA POLICE: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
pull-through-steering-group-minutes-p1-normal.gif: TOP SECRET STRAP1 THQ/1202THQ/1900/0058 29 February 2008 PullThrough Steering Group Meeting #16 29 February 2008. Distribute to: In...
1.0

XKEYSCORE for Counter-CNE

Document

Document Date: 2011-03-01Release Date: 2015-07-01
This NSA presentation from March 2011 discusses the use of the XKeyScore tool for countering foreign CNE attacks: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
xks-for-counter-cne-p1-normal.gif: TOP SECRET//COMINT//REL TO USA, FVEY Using the XKS CNE dataset and a DISGRUNTLEDDUCK fingerprint, we now see at least 21 TAO boxes with evidence of this in...
1.0

Using XKEYSCORE to Enable TAO

Document

Document Date: 2009-07-16Release Date: 2015-07-01
This NSA presentation from 16 July 2009 explains how the XKeyScore system supports the agency’s Tailored Access Operations: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
using-xks-to-enable-tao-p1-normal.gif: TOP SECRET//COMINT//REL TO USA. AUS, CAN. GBR. NZL//20291123 Ait* tuv. Using XKEYSCORE to Enable TAO Booz I AJIen l Hamilton SDS Analyst 16 July ...
1.0

What’s the worst that could happen?

Document

Document Date: 2010-03-01Release Date: 2016-02-02
This GCHQ document from March 2010 presents a checklist of factors analysts should consider before going ahead with an operation to infiltrate a communications network, by physical or other means. Among the concerns raised is the risk that British actions may enable US authorities to conduct operations “which we would not consider permissible”: see the […]
TOP SECRET STRAP 1 What’s the worst that could happen? This document contains examples of specific risk which may affect operations and which may need to be considered when writing submissi...
1.0

Another Successful Olympics Story

Document

Document Date: 2004-10-06Release Date: 2015-09-29
This post from the NSA’s internal SIDToday newsletter, dated 6 October 2004, reviews the agency’s operations for the recently-concluded Athens Olympics: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
id-863-redacted-formatted-p1-normal.gif: DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U) Another Successful Olympics Story FROM:...

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh