Filtered By
Computer Network Operations X
Document Topic [filter]
Results
113 Total
0.0

Interview with an SID “Hacker” — Part 2: Hacker Culture and Worker Retention

Document

Release Date: 2015-06-11 Document Date: 2012-07-13
This 12 July 2012 post from the NSA newsletter SIDToday describes the internal culture of Tailored Access Operations (TAO) from the perspective of a practitioner: see the Intercept article What the Snowden Files Say About the Osama Bin Laden Raid, 18 May 2015.
sidtoday-interview-with-a-sid-hacker-p1-normal.gif: DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL Welcome! Saturday, 10 Nov 2012 •...
0.0

Another Successful Olympics Story

Document

Release Date: 2015-09-29 Document Date: 2004-10-06
This post from the NSA’s internal SIDToday newsletter, dated 6 October 2004, reviews the agency’s operations for the recently-concluded Athens Olympics: see the Intercept article A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?, 29 September 2015.
id-863-redacted-formatted-p1-normal.gif: DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U) Another Successful Olympics Story FROM:...
0.0

PullThrough Steering Group Meeting #16

Document

Release Date: 2015-09-25 Document Date: 2008-02-29
This set of GCHQ minutes from 29 February 2008 describes a set of tools that were under development at that point, including the metadata analysis tool KARMA POLICE: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
pull-through-steering-group-minutes-p1-normal.gif: TOP SECRET STRAP1 THQ/1202THQ/1900/0058 29 February 2008 PullThrough Steering Group Meeting #16 29 February 2008. Distribute to: In...
0.0

Intrusion Analysis / JeAC

Document

Release Date: 2015-06-22 Document Date: 2008-07-23
This GCHQ document, last updated on 23 July 2008, provides information about the agency’s systems for detecting network threats and authorisation procedures: see the Intercept article Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law, 22 June 2015.
SECRET STRAP1 Intrusion Analysis/JeAC The IA team conducts all-source analysis both of emerging and current electronic attack types. It forms part of the Joint Electronic Attack Cell (JeAC)...
0.0

ISA-94: Application for renewal of warrant GPW/1160 in respect of activities which involve the modification of commercial software

Document

Release Date: 2015-06-22 Document Date: 2008-06-13
This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
TOP SECRET STRAP2 UK EYES ONLY Date: 13 June 2008 GCHQ Reference: A/9014/9105/55 Sian MacLeod Mariot Leslie Foreign Secretary ISA-94: APPLICATION FOR RENEWAL OF WARRANT GPW/1160 IN...
0.0

GCSB has identified an MFA data link

Document

Release Date: 2015-04-19 Document Date: 2013-04-01
This short extract from an April 2013 NSA document describes a “verbal agreement” between GCSB and NSA to proceed with the FROSTBITE / BASILHAYDEN project to infiltrate a Chinese diplomatic data link: see the New Zealand Herald article Leaked papers reveal NZ plan to spy on China for US, 19 April 2015.
(TS//SI//NF) New Zealand: GCSB has identified an MFA data link between the Chinese Consulate and Chinese Visa Office in Auckland. NSA and GCSB have verbally agreed to move forward with a coopera...
0.0

PCS Harvesting at Scale

Document

Release Date: 2015-02-19 Document Date: 2010-04-27
This April 2010 GCHQ report proposes an automated approach to seizing large numbers of mobile phone encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
TOP SECRET STRAP 1 Reference: OPC-TDSD/TECH/21 Date: 27th April 2010 PCS Harvesting at Scale (OPC-TDSD) (OPC-TDSD) (OPC-CAP) (OPC-TDSD) Summary This report explores the ...
0.0

DAPINO GAMMA CNE Presence and IPT codes

Document

Release Date: 2015-02-19
This undated Wiki page details aspects of GCHQ’s DAPINO GAMMA operation against mobile SIM manufacturer Gemalto: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
[edit] DAPINO GAMMA CNE Presence and IPT keys [edit] Our Workshop Aims To investigate Gemalto to look for: • 1. Find more external IP addresses (France and Poland are prioirities) for acces...
0.0

CCNE Jan10-Mar10 Trial

Document

Release Date: 2015-02-19
These six slides from 2010 GCHQ presentation outline the results of a trial operation to acquire SIM encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
where-are-these-keys.pdf: TOP SECRET STRAP 1 Where are these keys? Keys live on the SIM card in the phone They also need to be present on the mobile network; are kept carefully protecte...
0.0

CNE access to core mobile networks

Document

Release Date: 2015-02-19 Document Date: 2010-01-01
This slide from a 2010 GCHQ presentation shows that the agency believed it had penetrated “the entire network” of GEMALTO, the world’s largest mobile SIM manufacturer: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
SECRET STRAP 1 CNE access to core mobile networks CNE access to core mobile networks - Billing servers to suppress SMS billing - Authentication servers to obtain K’s, Ki’s and OTA k...
0.0

NATO Civilian Intelligence Council – Cyber Panel – Talking Points

Document

Release Date: 2015-02-04 Document Date: 2011-09-14
This US National Intelligence Council memo dated 14 September 2011 provides US talking points for a forthcoming NATO meeting and includes the assessment that the threat presented by Anonymous and hacktivist activity is “minimal”: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
SECRET//REL TO USA, NATO NIM/Cyber 14 September 2011 Talking Points Subject: (S//REL NATO) NATO Civilian Intelligence Council—Cyber Panel National Input A. Threat Overview (U) (U...
0.0

Computer-Network Exploitation Successes South of the Border

Document

Release Date: 2013-10-20 Document Date: 2010-11-15
This extract from a 15 November 2010 NSA memo reveals that the agency has been able to access Mexican President Felipe Calderon’s email account: see the Der Spiegel article NSA Accessed Mexican President’s Email, 20 October 2013.
(TS//SI//REL) Computer-Network Exploitation Successes South of the Border I FROM: .* BA. Chief, NSA-Texas TAO/Requiremcnts & Targeting (FTS327) Run Date: 11/15/2010 rS//SI//REL) TAO-en...
0.0

DEFIANTWARRIOR and the NSA’s Use of Bots

Document

Release Date: 2015-01-17 Document Date: 2010-05-24
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL USA, FVEY DEFIANTWARRIO R 7 / //and the ; NSA's Uè^ojÆotá/ Overall Classification: TOP SECRET//COMINT//REL FVEY Current As Of: 24 May 2010 Derived From: NSA/CSS...
0.0

Chinese Exfiltrate Sensitive Military Technology

Document

Release Date: 2015-01-17
These three undated NSA slides describe alleged Chinese cyberattacks against US military targets, codenamed BYZANTINE HADES: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
(U) Acquired radar design - (U) Numbers and types of modules (U) Detailed engine schematics (U) Methods for cooling gases (U) Leading and trailing edge treatments (U) Aft deck he...
0.0

BYZANTINE HADES: An Evolution of Collection

Document

Release Date: 2015-01-17 Document Date: 2010-06-01
This June 2010 NSA presentation for the SIGDEV conference describes efforts to trace a suspected Chinese cyber attack: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL (S//REL)BYZANTINE HADES: An Evolution of Collection NTOC, V225 SIGINT Development Conference June 2010 TOP SECRET//COMINT//REL TO...
0.0

TUTELAGE

Document

Release Date: 2015-01-17
This undated NSA presentation describes tecniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET II COMINT ■ Communications Security Establishment Canada Centre de la sécurité des télécommunications Canada CSEC SIGINT Cyber Discovery: Summary of the current effort ...
0.0

SNOWGLOBE: From Discovery to Attribution

Document

Release Date: 2015-01-17 Document Date: 2011-01-01
This 2011 CSEC presentation describes how the agency analysed SNOWGLOBE, which it considered “to be a state-sponsored CNO effort, put forth by a French intelligence agency”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Overall Classification: TOP SECRET II COMINT II REL TO CAN, AUS, GBR, NZL, USA ■ ■ Communications Security Establishment Canada SNOWGLOBE: From Discovery to Attribution CSEC CNT/Cyb...
0.0

TRANSGRESSION Overview for Pod58

Document

Release Date: 2015-01-17 Document Date: 2010-02-07
This 7 February 2010 NSA presentation outlines techniques to “discover, understand, evaluate, and exploit foreign CNE/CNA exploits”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOPSECRET//COMINT//REL TO USA, FVEY TRANSGRESSION Overview for Pod58 S31177 7 Feb 2010 DERIVED FROM: NSA/CSSM 1-52 DATED 08 JAN 2007 DECLASSIFY ON: 20320108 TOPSECRET//COMINT//REL T...
0.0

‘4th Party Collection’: Taking Advantage of Non-Partner Computer Network Exploitation Activity

Document

Release Date: 2015-01-17 Document Date: 2008-01-07
This 7 January 2008 post from NSA Menwith Hill Station’s internal Horizon newsletter describes the practice of piggybacking on other states’ computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
SIDToday - '4th Party Collection': Taking Advantage of Non-Partner Computer Network Exploitation Activity DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA ...
0.0

Moving Data Through Disconnected Networks

Document

Release Date: 2015-01-17 Document Date: 2012-06-18
This June 2012 NSA presentation describes methods to exfiltrate data, even from networks that are apparently offline: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Moving Data Through Disconnected Networks Delay-Tolerant Networking and the IC (U//FOUO) June ; The overall classification of this briefing is: TOP SECRET//COMINT//REL TO USA, FVEY ...
0.0

CNE End Point Requirements

Document

Release Date: 2015-01-17
This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1 COMINT CNE End Point Requirements CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...
0.0

Mobile apps doubleheader: BADASS Angry Birds

Document

Release Date: 2015-01-17
This undated joint GCHQ/CSEC presentation provides an overview of “exploring and exploiting leaky mobile apps”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Mobile apps doubleheader: BADASS Angry Birds From 6 weeks to 6 minutes: protocols exploitation in a rapidly changing world Exploring and Exploiting Leaky Mobile Apps with BADASS GTE/GCHQ GA...
0.0

CNE Presence in CT10 Status Report

Document

Release Date: 2015-01-17
This undated NSA paper describes a project to recognise and process data that comes from third party attacks on computers: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//NOFORN//20291123 CNE Presence in CT10 Status Report Authors: SNIP Intern 1LT (U//FOUO) Executive Summary (S//SI//REL USA, FVEY) This paper discusses the work ...
0.0

CyberCOP

Document

Release Date: 2015-01-12 Document Date: 2013-04-11
These three slides, taken from a 11 April 2013 NSA presentation show screenshots from a tool called CyberCOP, which appears to monitor botnets and the DDOS attacks they perform: see the NDR.de article Cyberkrieg: Wie gefährdet ist Deutschland?, 12 January 2015.
TOP SECRET//SI//REL TO USA, FVEY CYBER COP CDOSG Apr 11, 2013 CyberCOP Product Manager Overall Classification: TOP SECRET//SI//REL TO USA,FVEY TOP SECRET//SI//REL TO USA, FVEY ...
0.0

HOPSCOTCH

Document

Release Date: 2014-12-13
This undated extract from a GCHQ document cites the codename HOPSCOTCH, also found in an analysis of Regin malware: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
31. Sending all these edges from one cloud to the other would have other advantages. It would essentially allow us to have all summarised contact pairs in one location and this would make other ...
0.0

Belgacom_connections

Document

Release Date: 2014-12-13
This undated GCHQ screenshot, which appears to be from a map viewer called CARBON ROD, shows the international connections that made Belgacom a desirable target for the agnecy: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
Meteor Mobile Telecommunications bmited ITS Gn\bH; Germ; VO D AF 0 M E_U K_AS N VodaTo ASN-BICS UK PXket Backboj ier Services fBtepmblic- FRANCÍ sipska; Herzei 'elek&miini...
0.0

GCHQ NAC Business Review – January to March 2011

Document

Release Date: 2014-12-13 Document Date: 2011-01-01
This extract from a 2011 GCHQ Network Analysis Centre document details progress in the operation against Belgian telecommunications company Belgacom in the first quarter of 2011: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
Successful MyNOC surge effort against GRX Operators, that enhanced network knowledge of the various operators, their customer sets, knowledge of and access to both encrypted and unencrypted GRX ...
0.0

Making Network Sense of the encryption problem

Document

Release Date: 2014-12-13 Document Date: 2011-01-01
This 2011 presentation by the head of GCHQ’s Network Analysis Centre outlines the agency’s interest in exploiting telecommunications companies, namely to “get at the data before it is encrypted”: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
TOP SECRET STRAP 2 // REL TO USA, AUS, CAN, GBR, NZL ------m/\cz NETWORK ^IM^ySIS CSfSJTRe Making Network Sense of the encryption problem Roundtable Head of GCHQ NAC This info...
0.0

CNE EndPoint Project Load

Document

Release Date: 2014-11-25
This undated extract from a GCHQ document describes progress in infiltrating a Flag Telecom cable through the NIGELLA access point – as the cable’s owner did not have a partnership with GCHQ, the agency classed this project as “computer network exploitation” (CNE), hacking its way in with Cable & Wireless’ assistance: see the Süddeutsche Zeitung […]
Overview CNE.EnriPQint.RrQie.çt.lnPati Notes Page Sheet 1: CNE EndPoint Project Load TOP SECRET STRAP 1 End-Point Projects PFENNING ALPHA REDACTED Flag Telecom Secure access un...
0.0

MUGSHOT

Document

Release Date: 2014-08-15
These slides, taken from an undated GCHQ presentation, show the operation of the agency’s automated tool for compromising Operational Relay Boxes (ORBs): see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014.
Abbildung23-1298aca890a5439a.png: ^CCHQ^ © Crown Copyright. All rights reserved. ing OrbsAbbildung24-900db32885f0cc0f.png: Benefits ■ Automated Vulnerability Assessment - Using Vuln...

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh