Results
54 Total
0.0
Assessment of Intelligence Opportunity – Juniper
Document
Release Date:
2015-12-23
Document Date:
2011-02-03
This GCHQ report dated 3 February 2011 and written by a seconded NSA staff member, alludes to the agencies’ capabilities against 13 models of firewalls produced by Juniper Networks, Inc: see the Intercept article NSA Helped British Spies Find Security Holes In Juniper Firewalls, 23 December 2015.
TOP SECRET STRAP1
ASSESSMENT OF INTELLIGENCE OPPORTUNITY - JUNIPER
03 February 2011
Executive Summary
Background
• Juniper Networks, Inc. headquartered in Sunnyvale, California, USA is...
Australia (AUS/AU), Barbados (BRB/BB), Canada (CAN/CA), Cayman Islands (CYM/KY), China (CHN/CN), Hong Kong (HKG/HK), France (FRA/FR), Germany (DEU/DE), India (IND/IN), Japan (JPN/JP), Netherlands (NLD/NL), Pakistan (PAK/PK), Saudi Arabia (SAU/SA), United Kingdom (GBR/GB), United States (USA/US), Yemen (YEM/YE)
0.0
DEFIANTWARRIOR and the NSA’s Use of Bots
Document
Release Date:
2015-01-17
Document Date:
2010-05-24
This 24 May 2010 NSA presentation describes the ways the agency uses botnets (“bot herding”): see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL USA, FVEY
DEFIANTWARRIO R 7
/ //and the ;
NSA's Uè^ojÆotá/
Overall Classification: TOP SECRET//COMINT//REL FVEY
Current As Of: 24 May 2010
Derived From: NSA/CSS...
DEFIANTWARRIOR, FREEFLOW-compliant, INCENSER, ISLANDTRANSPORT (IT), OLYMPUS, PUZZLECUBE, QUANTUMBOT, TREASUREMAP (TM), TURBINE, TURBULENCE (TU), UNITEDRAKE, XKEYSCORE (XKS), STELLABLUE
0.0
BYZANTINE HADES: An Evolution of Collection
Document
Release Date:
2015-01-17
Document Date:
2010-06-01
This June 2010 NSA presentation for the SIGDEV conference describes efforts to trace a suspected Chinese cyber attack: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL
(S//REL)BYZANTINE HADES: An
Evolution of Collection
NTOC, V225
SIGINT Development Conference
June 2010
TOP SECRET//COMINT//REL TO...
0.0
TUTELAGE
Document
Release Date:
2015-01-17
This undated NSA presentation describes techniques for repurposing third party attack tools: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA,
FVEY
TOP SECRET//COMINT//REL TO USA,
TOP SECRET//COMINT//REL TO USA,
FVEY
Before TUTELAGE...
AFTERk
INTRUSION
Manual Analysis of Reporting Lo...
0.0
SNOWGLOBE: From Discovery to Attribution
Document
Release Date:
2015-01-17
Document Date:
2011-01-01
This 2011 CSEC presentation describes how the agency analysed SNOWGLOBE, which it considered “to be a state-sponsored CNO effort, put forth by a French intelligence agency”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Overall Classification: TOP SECRET II COMINT II REL TO CAN, AUS, GBR, NZL, USA
■ ■ Communications Security
Establishment Canada
SNOWGLOBE:
From Discovery to Attribution
CSEC CNT/Cyb...
0.0
TRANSGRESSION Overview for Pod58
Document
Release Date:
2015-01-17
Document Date:
2010-02-07
This 7 February 2010 NSA presentation outlines techniques to “discover, understand, evaluate, and exploit foreign CNE/CNA exploits”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOPSECRET//COMINT//REL TO USA, FVEY
TRANSGRESSION Overview for Pod58
S31177
7 Feb 2010
DERIVED FROM: NSA/CSSM 1-52
DATED 08 JAN 2007
DECLASSIFY ON: 20320108
TOPSECRET//COMINT//REL T...
0.0
CNE End Point Requirements
Document
Release Date:
2015-01-17
This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET STRAP1 COMINT
CNE End Point Requirements
CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIOR...
0.0
CNE Presence in CT10 Status Report
Document
Release Date:
2015-01-17
This undated NSA paper describes a project to recognise and process data that comes from third party attacks on computers: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//NOFORN//20291123
CNE Presence in CT10 Status Report
Authors:
SNIP Intern
1LT
(U//FOUO) Executive Summary
(S//SI//REL USA, FVEY) This paper discusses the work ...
0.0
CyberCOP
Document
Release Date:
2015-01-12
Document Date:
2013-04-11
These three slides, taken from a 11 April 2013 NSA presentation show screenshots from a tool called CyberCOP, which appears to monitor botnets and the DDOS attacks they perform: see the NDR.de article Cyberkrieg: Wie gefährdet ist Deutschland?, 12 January 2015.
TOP SECRET//SI//REL TO USA, FVEY
CYBER
COP
CDOSG
Apr 11, 2013
CyberCOP Product Manager
Overall Classification: TOP SECRET//SI//REL TO USA,FVEY
TOP SECRET//SI//REL TO USA, FVEY
...
0.0
PCS Harvesting at Scale
Document
Release Date:
2015-02-19
Document Date:
2010-04-27
This April 2010 GCHQ report proposes an automated approach to seizing large numbers of mobile phone encryption keys: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
TOP SECRET STRAP 1
Reference: OPC-TDSD/TECH/21
Date: 27th April 2010
PCS Harvesting at Scale
(OPC-TDSD)
(OPC-TDSD)
(OPC-CAP)
(OPC-TDSD)
Summary
This report explores the ...
Afghanistan (AFG/AF), Bangladesh (BGD/BD), Dominica (DMA/DM), French Guiana (GUF/GF), Gabon (GAB/GA), Guadeloupe (GLP/GP), Iceland (ISL/IS), India (IND/IN), Indonesia (IDN/ID), Iran (IRN/IR), Italy (ITA/IT), Martinique (MTQ/MQ), Montenegro (MNE/ME), Namibia (NAM/NA), Pakistan (PAK/PK), Saint Lucia (LCA/LC), Serbia (SRB/RS), Somalia (SOM/SO), Tajikistan (TJK/TJ), Turkmenistan (TKM/TM), United Kingdom (GBR/GB), Vietnam (VNM/VN), Yemen (YEM/YE), Zimbabwe (ZWE/ZW)
0.0
Computer-Network Exploitation Successes South of the Border
Document
Release Date:
2013-10-20
Document Date:
2010-11-15
This extract from a 15 November 2010 NSA memo reveals that the agency has been able to access Mexican President Felipe Calderon’s email account: see the Der Spiegel article NSA Accessed Mexican President’s Email, 20 October 2013.
(TS//SI//REL) Computer-Network Exploitation Successes South of the Border
I FROM: .* BA.
Chief, NSA-Texas TAO/Requiremcnts & Targeting (FTS327)
Run Date: 11/15/2010
rS//SI//REL) TAO-en...
0.0
ISA-94: Application for renewal of warrant GPW/1160 in respect of activities which involve the modification of commercial software
Document
Release Date:
2015-06-22
Document Date:
2008-06-13
This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
TOP SECRET STRAP2 UK EYES ONLY
Date: 13 June 2008
GCHQ Reference: A/9014/9105/55
Sian MacLeod
Mariot Leslie
Foreign Secretary
ISA-94: APPLICATION FOR RENEWAL OF WARRANT GPW/1160 IN...
0.0
GCSB has identified an MFA data link
Document
Release Date:
2015-04-19
Document Date:
2013-04-01
This short extract from an April 2013 NSA document describes a “verbal agreement” between GCSB and NSA to proceed with the FROSTBITE / BASILHAYDEN project to infiltrate a Chinese diplomatic data link: see the New Zealand Herald article Leaked papers reveal NZ plan to spy on China for US, 19 April 2015.
(TS//SI//NF) New Zealand: GCSB has identified an MFA data link between the
Chinese Consulate and Chinese Visa Office in Auckland. NSA and GCSB have
verbally agreed to move forward with a coopera...
0.0
QUANTUMTHEORY success at SARATOGA
Document
Release Date:
2016-08-19
Document Date:
2011-04-15
This 15 April 2011 article from the NSA’s internal newsletter Special Source Operations News discusses the delivery of malware to a target in Pakistan while they were using Facebook: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
(TS//SI//NF) DGO Enables Endpoint Implants via QUANTUMTHEORY
By [[REDACTED]] on 2011-09-26 1548
(TS//SI//NF) In another example of the emerging collaboration between the Endpoint
and Midpoint ...
0.0
SIGINT Development Support II Program Management Review
Document
Release Date:
2016-08-19
Document Date:
2013-04-24
Four slides taken from a 24 April 2013 NSA presentation detail how SECONDDATE man-in-the-middle attacks were used against targets in Pakistan and Lebanon: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
TOP SECRET//SI//NOFORN
The overall classification of this brief is
(U) SIGINT Development Support II
Program Management Review
► 24 April 2013
TOP SECRET//COMINT//NOFORN
Derived Fro...
0.0
Stealthy Techniques Can Crack Some of SIGINT’s Hardest Targets
Document
Release Date:
2014-05-13
Document Date:
2010-06-01
A June 2010 report from the NSA internal newsletter SIDtoday, authored by the chief of the agency’s Access and Target Development, describes the interdiction and backdooring of “shipments of computer network devices (servers, routers, etc.)”: see the book No Place To Hide, 13 May 2014.
TOP SECRET//COMINT//NOFORN
June 2010
(U) Stealthy Techniques Can Crack Some of SIGINT’s
Hardest Targets
By: (U//FOUO)|
1, Chief, Access and Target Development (S3261)
(TS//SE/NF)...
0.0
Hacking Routers
Document
Release Date:
2014-03-12
Document Date:
2012-12-01
This extract from an NSA document dated December 2012 shows the agency’s concern that other nation-state actors are adopting similar techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
(TS//SI//REL) Happy Friday my esteemed and valued Intelligence Community colleagues! There has been a topic of conversation that has started to rumble beneath the
surface of the Cyber-scene latel...
0.0
Making Network Sense of the encryption problem
Document
Release Date:
2014-12-13
Document Date:
2011-01-01
This 2011 presentation by the head of GCHQ’s Network Analysis Centre outlines the agency’s interest in exploiting telecommunications companies, namely to “get at the data before it is encrypted”: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
TOP SECRET STRAP 2 // REL TO USA, AUS, CAN, GBR, NZL
------m/\cz
NETWORK ^IM^ySIS CSfSJTRe
Making Network Sense of
the encryption problem
Roundtable
Head of GCHQ NAC
This info...
0.0
Fourth Party Opportunities
Document
Release Date:
2015-01-17
This undated NSA presentation describes the process of Fourth Party collection – “I drink your milkshake”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Fourth Party
Opportunities
O
TOP SECRET//COMINT//REL TO USA, FVEY
SECRET//COMINT//REL TO USA, FVEY
(U) What is 4th Party
..................
0.0
Is there “fifth party” collection?
Document
Release Date:
2015-01-17
Document Date:
2011-01-01
This undated post from an NSA discussion board describes “fourth party collection” – piggybacking on another state’s computer network exploitation operation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
(TS//SI//REL) Is there "fifth party" collection? | Round Table
Dynamic Page - Highest Possible Classification is
TOP SECRET // SI / TK // REL TO USA, FVEY
(TS//SI//REL) Is there "fifth part...
0.0
FASHIONCLEFT Interface Control Document
Document
Release Date:
2015-01-17
Document Date:
2009-06-15
This internal NSA document dated 15 June 2009 describes a protocol the agency uses to exfiltrate data from its computer network exploitation operations: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Classification: TOP SECRET//COMINT//X1 // COMINT // XI
FASHIONCLEFT
Interface Control Document
Updated: 15 June 2009
Document Number: TAO.DNT_SE07_005_V1.1
28 March 2005
FASHIONCLE...
0.0
Case Studies of Integrated Cyber Operation Techniques
Document
Release Date:
2014-03-12
This undated NSA SIGINT presentation describes nine varieties of QUANTUM malware attack, their operational status and success in the field: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOP SECRET//COMINT//REL USA, FVEY
Case Studies of Integrated Cyber
Operation Techniques
NSA/CSS Threat Operations Center
VS
TOP SECRET//COMINT//REL USA, FVEY
(U//FOUO) TUiT0t.EÄ,©i...
0.0
Black Budget entry on Computer Network Operations GENIE project
Document
Release Date:
2015-01-17
Document Date:
2012-02-18
This extract from the US Intelligence Community’s Congressional Budget Justification for the Fiscal Year 2013 (the “Black Budget”) provides the budget for GENIE the project “which underpins NSA/CSS’ Computer Network Operations (CNO) Endpoint capabilities conducted by the Tailored Access Operations (TAO) Group: see the Der Spiegel article The Digital Arms Race: NSA Preps America for […]
TOP SECRET//SI/TK//NOFORN
(U) COMPUTER NETWORK OPERATIONS
(U) GENIE
This Exhibit is SECRET//NOFORN
FY 20111 Actual FY 2012 Enacted FY 2013 Request FY 2012 - FY 2013
Base...
0.0
CSEC Cyber Threat Capabilities
Document
Release Date:
2015-03-23
Document Date:
2011-01-01
This CSE presentation from 2011 describes some of the cyber warfare tools at the agency’s disposal: see the article Communication Security Establishment’s cyberwarfare toolbox revealed, 23 March 2015.
■ ^ ■ Communications Security Centre de la sécurité TOP SECRET//COMINT//REL TO FVEY
Establishment Canada des télécommunications Canada
CSEC Cyber Threat Capabilities
SIGINT and ITS: an en...
0.0
Iran – Current Topics, Interaction with GCHQ
Document
Release Date:
2015-02-10
Document Date:
2013-04-12
This NSA talking points memo dated 12 April 2013 notes that Iran “has demonstrated a clear ability to learn from the capabilities and actions of others”: see the Intercept article NSA Claims Iran Learned from Western Cyberattacks, 10 February 2015.
TOP SECRET//COMINT//NOFORN
(U) Topic: Iran - Current Topics, Interaction with GCHQ
(U) Director's Talking Points:
* (TS//SI//REL TO USA, FVEY) Emphasize that we have successfully worked
mu...
0.0
Computer Network Exploitation (CNE) Classification Guide / 2-59
Document
Release Date:
2014-10-10
Document Date:
2010-03-01
This 2010 NSA classication guide outlines the sensitivity of aspects of the agency’s hacking activities: see the Intercept article Core Secrets: NSA Saboteurs in China and Germany, 10 October 2010.
TOP SECRET//SI//REL TO USA, FVEY
(U) CLASSIFICATION GUIDE TITLE/NUMBER: Computer Network Exploitation
(CNE) Classification Guide / 2-59
(U) PUBLICATION DATE: 1 March 2010
(U) OFFICE OF O...
0.0
Sentry Eagle National Initiative – Security Framework
Document
Release Date:
2014-10-10
This group of three undated NSA slides provides a graphical representation of the sensitivity of aspects of the agency’s SENTRY EAGLE programme: see the Intercept article Core Secrets: NSA Saboteurs in China and Germany, 10 October 2014.
TOP SECRET//COMINT//NOFORN
SENTRY EAGLE
National Initiative - Security Framework
DERIVED FROM: NSA/CSS Manual 1-52. Dated: 20041123.
Declassify On: 20291123 TOP SECRET//COMINT//NOFORN
...
0.0
QUANTUMTHEORY
Document
Release Date:
2014-03-12
Document Date:
2010-01-01
This presentation from the 2010 SIGDEV Conference describes the contribution made by GCHQ to the development of Quantum techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
SIGDEV: Discovery in the Cyber Ag>
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) Clas...
0.0
Introduction to WLAN / 802.11 Active CNE Operations
Document
Release Date:
2016-08-19
Document Date:
2010-12-15
This NSA presentation from December 2010 forms the second part of a course in using the agency’s CNE tools: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
TOP SECRET//COMINT//NOFORN
CLOSE «
ACCESS
Introduction to WLAN / 802.11
Active CNE Operations
December 15-16, 2010
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
Classifi...
0.0
Wireless LAN/CNE Tool Training Course and Evaluation
Document
Release Date:
2016-08-19
Document Date:
2010-12-15
This NSA presentation from December 2010 forms the first part of a course in using the agency’s CNE tools: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
TOP SECRET//COMINT//NOFORN
CLOSE «
ACCESS
Wireless LAN / CNE Tool Training
Course and Evaluation
TOP SECRET//COMINT//NOFORN
TOP SECRET//COMINT//NOFORN
Classification
#4
CLOSE...