DocumentRelease Date: 2013-12-02
Extracts from a draft report of a meeting between representatives of 5-Eyes partners at GCHQ in Cheltenham show that Australia took a relatively permissive approach to the sharing of its citizens’ metadata: see the Guardian article Australian spy agency offered to share data about ordinary citizens, 2 December 2013.
aus1.jpeg: 4. CSEC are able to make use of unselected (comment do we need to define selected' and 'iinselected" and “unintentional* in the context of this section As I D*rrv*d From NSACSSM 1-...
DocumentDocument Date: 2012-09-06Release Date: 2013-06-08
This three-page memo is an internal guide to the NSA’s Boundless Informant tool, which allows the agency’s Global Access Operations to assess its collection capabilities by means of metadata record counts: see the Guardian article Boundless Informant: the NSA’s secret tool to track global surveillance data, 8 June 2013.
UNCLASSIFIED//FOR OFFICIAL USE ONLY BOUNDLESSINFORMANT - Frequently Asked Questions_09-06-2012 (U/FOUO) Questions 1 ) What is BOUNDLESSINFORMANT? What is its purpose? 2) Who are the in...
DocumentDocument Date: 2008-01-01Release Date: 2013-12-09
An NSA document from 2008 shows that efforts to collect data from players of World of Warcraft started that year with the development of specialised exploits by GCHQ. The operation was based at Menwith Hill in the UK: see the New York Times article Spies’ Dragnet Reaches a Playing Field of Elves and Trolls, 9 […]
TOP SECRET//COMINT//REL TO USA, FVEY (TS//SI//REL) MHS and GCHQ “Get in the Game” with Target Development for World of Warcraft Online Gaming (TS//SI//REL) Although online gaming may seem...
DocumentDocument Date: 2012-12-31Release Date: 2014-05-13
This 31 December 2012 post from the NSA’s intranet describes the scale of the metadata records handled by the SHELLTRUMPET analysis tool: see the book No Place To Hide, 13 May 2014.
Page 100 (S//SI//REL TO USA, FVEY) SHELLTRUMPET Processes it|'s One Trillionth Metadata Record (S//SI//REL TO USA, FVEY) On December 21, 2012 SHELLTRUMPET processed its One Trillionth meta...
DocumentRelease Date: 2014-05-13
This Boundless Informant slide shows the number of phone records collected between 10 December 2012 and 8 January 2013 by NSA’s unidentified corporate partner FAIRVIEW (US-990) – some 6 billion in total: see the book No Place To Hide, 13 May 2014.
Page 105 Dec 10 Dec 17 Dec24 Dec31 Jan ^ Signal Profile H PCS INMAR a WOP a HPCP VSAT PSTN DNI Most Volume US-990 6,142,932,557 Records Top 5 Techs US-990: ...
DocumentDocument Date: 2013-01-01Release Date: 2013-07-01
This Boundless Informant slide shows the number of German phone (DNR) and internet (DNI) records collected day-by-day between 10 December 2012 and 8 January 2013, from sources codenamed US-987LA and US-987LB: see the Der Spiegel article How the NSA Targets Germany and Europe, 1 July 2013.
GERMANY. Last 30 Days B 3* B C*<* * ■ 50.000.000 u ftf 40.000.000 - 30.000.000 1 ^ Signal Profile Most Volume Top 5 Techs n US 987LA 47 12i6 8*4 Records ■ ...
DocumentDocument Date: 2007-05-15Release Date: 2014-08-25
This ODNI briefing from 15 May 2007 describes the rationale for ICREACH and the scale of metadata sharing that was envisioned: see the Intercept article The Surveillance Engine: How the NSA Built Its Own Secret Google, 25 August 2014.
This Briefing is Classified TOP SECRET//COMINT//NOFORN//20320108 spates °v — — *i©#0*ie#a*i©#©'i©#©*iC#G*i©#©‘i©#0’i©#0*i©,©,iC#&‘ie#©*iC#3'i©#0*iC#©*ie#©*iC#3 1©#C*’€•©•’€...
DocumentDocument Date: 2012-01-01Release Date: 2015-01-28
This CSE (then CSEC) presentation from 2012 describes the Canadian agency’s file download monitoring operation: see the Intercept article Canada Casts Global Surveillance Dragnet Over File Downloads, 28 January 2015. cse-presentation-on-the-levitation-project
TOP SECRET//SI//REL CAN, AUS, GBR, NZL, USA LEVITATION and the FFU Hypothesis cse-cst.gc.ca TOP SECRET//SI//REL CAN, AUS, GBR, NZL, USA What is LEVITATION? A behaviour-based target...
Bahrain (BHR/BH), Brazil (BRA/BR), Canada (CAN/CA), Germany (DEU/DE), Iraq (IRQ/IQ), Jordan (JOR/JO), Kenya (KEN/KE), Kuwait (KWT/KW), Morocco (MAR/MA), Qatar (QAT/QA), Saudi Arabia (SAU/SA), Senegal (SEN/SN), Spain (ESP/ES), United Arab Emirates (ARE/AE), United Kingdom (GBR/GB), United States (USA/US), Yemen (YEM/YE)
DocumentDocument Date: 2011-01-03Release Date: 2013-09-28
This NSA memo, dated 3 January 2011, draws analysts’ attention to a rule change, allowing “contact chaining, and other analysis, from and through any selector, irrespective of nationality and location, in order to follow or discover valid foreign intelligence targets”: see the New York Times article N.S.A. Gathers Data on Social Connections of U.S. Citizens, […]
(S//SI//REL) New Contact-Chaining Procedures to Allow Better, Faster Analysis FROM: Run Date: 01/03/2011 (U//FOUO) Editor’s note: A briefing will be held on 7 January from 1000-1130 in ...
DocumentDocument Date: 2009-03-01Release Date: 2015-09-25
This GCHQ presentation from March 2009 describes the BLACKHOLE database used to store raw metadata records from TEMPORA, with about 10 billion records being added each day: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
qfd-blackhole-technology-behind-inoc-p1-normal.gif: QFDsand BLACHOLE Technology behind GCHQ/INOCqfd-blackhole-technology-behind-inoc-p2-normal.gif: TRAP2 COMINT Probes Flat Store Analytic e...
DocumentDocument Date: 2011-07-01Release Date: 2015-09-25
This GCHQ presentation from July 2011 discusses various technical aspects of “population-scale” datamining: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
cloud-developers-exchange-july-2011-p1-normal.gif: “ICTR Cloud Efforts” developing “canonical” SIGINT analytics, finding hard targets and exploratory data analysis at scale Data Mining Re...
DocumentDocument Date: 2009-08-18Release Date: 2015-09-25
This GCHQ document from 18 August 2009 describes BLACK HOLE, a massive data repository, and describes how this interacts with other systems developed by the agency: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
nge-black-hole-conop-p1-normal.gif: SECRET STRAP1 18th August 2009 Next Generation Events (NGE) - BLACK HOLE ConOp Author: l(TDB),| l(TSE), I |(TDB) Issue Date Author Amendm...
DocumentDocument Date: 2009-03-24Release Date: 2013-06-27
A review of NSA activities beginning shortly after 9/11 until January 2007 describes the warrantless mass surveillance activities authorised by President Bush, including a program codenamed STELLARWIND: see the Guardian article NSA collected US email records in bulk for more than two years under Obama, 27 June 2013.
TOP SECRET//STLW//COMINT/ORCON/NOFORN ST-09-0002 WORKING DRAFT OFFICE OF THE INSPECTOR GENERAL NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE 24 March 2009 (U) TABLE OF CONTENTS ...
DocumentRelease Date: 2013-11-04
This Boundless Informant slide shows the number of WINDSTOP records collected day-by-day between 10 December 2012 and 8 January 2013. WINDSTOP covers at least four NSA collection systems that depend on Five Eyes partners; the MUSCULAR project to intercept traffic from Google and Yahoo data centres is representated by the code DS-200B. In the given […]
WINDSTOP- Last 30 Days DNI DNR 600,000,000 -j 500,000,000 - 400,000,000 - 300,000,000 - 200,000,000 - 100,000,000 - 1221 12.-12 12.'15 12-16 1221 12-13 12...
DocumentRelease Date: 2013-11-17
Two slides from a GCHQ presentation describe the Royal Concierge programme “a SIGINT driven hotel reservation tip-off service”: see the Der Spiegel article ‘Royal Concierge’: GCHQ Monitors Hotel Reservations to Track Diplomats, 17 November 2013.
image-568949-galleryV9-sitq1.jpg: TOP SECRET//COMINT//REL TO USA, AUS. CAN, GBR, NZL * ^CCHQ^ (TS//SI//REL) Contact mapping - tip-off to Diplomatic travel plans (TS//SI//REL) - ROYAL ...
DocumentDocument Date: 2012-03-01Release Date: 2014-02-10
Extracts from a March 2012 NSA document in which an operator describes a CIA/NSA effort to map the wi-fi “of every major town in Yemen”: see the Intercept article The NSA’s Secret Role in the U.S. Assassination Program, 10 February 2014.
DT-1.png: (S//SI//REL) Testing the New Technique on a UAV (TS//SI//REL) As part of the GILGAMESH (PREDATOR-based active geolocation) effort, this team used some advanced mathematics to develo...
DocumentDocument Date: 2012-06-01Release Date: 2013-10-06
This CSEC presentation from June 2012, slides from which were first published by Fantástico in October 2013, describes the Canadian agency’s use of the Olympia suite of analytic tools in the context of spying on Brazil’s Ministry of Mines and Energy: see the Globe and Mail article How CSEC became an electronic spying giant, 30 […]
1-b5263447e8.jpg: AND THEY SAID TO THE TITANS: « WATCH OUT OLYMPIANS IN THE HOUSE! » CSEC - Advanced Network Tradecraft SD Conference June 2012 Overall Classification: TOP SECRET//SI2-6...
DocumentRelease Date: 2014-05-13
This undated NSA document describes a new data collection stream from Poland, demonstrating how the NSA’s relationships with governments and corporate partners can interact: see the book No Place To Hide, 13 May 2014.
Page 106 (TS//SI//NF) ORANGECRUSH, part of the OAKSTAR program under SSO's corporate portfolio, began forwarding metadata from a third party partner site (Poland) to NSA repositories as of 3 ...
DocumentDocument Date: 2013-03-26Release Date: 2013-06-11
These undated heat maps show the number of pieces of communications data the NSA gathers per country in a particular 30 day period, divided into telephony (DNR) and internet (DNI) metadata. Details in the second map refer to a period in January 2013 and third to a period ending in February the same year: see […]
boundlessinformant.pdf: Page 93 BOUNDLESSINFORMANT Top 5 Countries (i»t 30 o«>» t-om «¡xu/i ■Ohm.pdf: BOUNDLESSINFORMANT im!MwamHMiM:rta.]a;ii]aaMaiM,(.yiii:am«.'.«M«iMiaiiiiiPH;i!i...
DocumentRelease Date: 2014-08-15
This undated GCHQ presentation describes the agency’s HACIENDA system, capable of port scanning entire countries, which became a standard tool in 2009 available to all FIve Eyes partners: see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014. <
Abbildung01-dc8cb7bf5376218d.png: What is HACIENDA? • Data reconnaissance tool developed by the CITD team in JTRIG • Port Scans entire countries - Uses nmap as port scanning tool - U...
DocumentRelease Date: 2014-06-18
This Boundless Informant slide shows the number of phone (DNR) and internet (DNI) records collected day-by-day between 10 December 2012 and 8 January 2013, from NSA’s foreign partners: see the Der Spiegel article Spying Together: Germany’s Deep Cooperation with the NSA, 18 June 2014.
FOREIGN PARTNER - Last 30 Days DNR DNI 400.000. 000 -| 350.000. 000 - 300.000. 000 - 12-11 121Ö 12'U Dec 10 Dec 17 Dec 24 Dec 31 Jan Signal Profile Mo...
DocumentDocument Date: 2010-01-01Release Date: 2013-09-16
These three slides from an NSA presentation made for the 2010 SIGDEV conference show that the agency is actively targeting payments networks: see the Der Spiegel article ‘Follow the Money’: NSA Monitors Financial World, 13 September 2013.
(S//REL TO USA, FVEY) NSA: How Network Mapping is Helping to Target the Credit Card Authorization Networks (U//FOUO) NSA, Network Analysis Center 2010 SIGDEV Conference 09/13/13 SE...
DocumentDocument Date: 2009-04-01Release Date: 2015-07-01
This NSA presentation from April 2009 explains how analysts can make use of document metadata available through XKeyScore, together with worked examples and screenshots: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL//20291123 Finding and Querying on Document Metadata tooz|/ 1 Booz|Allen| Hamilton Sigint Development Support / SIGINT Technica...
DocumentDocument Date: 2009-06-19Release Date: 2015-07-01
This NSA presentation from 19 June 2009 explains the metadata capabilities of XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL m V HTTP Activity vs User Activity 19 June 2009 Derived From: NSA/CSSM 1-52 Bated :l2007i MM TOP SEC...
DocumentRelease Date: 2015-07-01
This undated NSA presentation gives a technical introduction to the treatment of AppIDs within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
xks-application-ids-p1-normal.gif: XKEYSCORE Appids & Fingerprints firstname.lastname@example.org: • Syntax is similar to C: functionCname', level, coptional info ) = 'se...
DocumentDocument Date: 2008-11-27Release Date: 2015-09-25
This GCHQ slide taken from a presentation dates 27 November 2008 confirms that agency metadata repositories can be datamined for information relating to individuals within the UK: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
Events analysis SALAMANCA, HAUSTORIUM, THUGGEE, IMMINGLE less intrusive than communications content authorisation not needed for individuals in the UK necessity and proportionality st...
DocumentRelease Date: 2015-09-25
This page from GCHQ’s internal GCWiki describes the BLAZING SADDLES tool for handling huge amounts of metadata and the specialised analysis it supports: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
blazing-saddles-tools-p1-normal.gif: TOP SECRET STRAP 1 COMINT The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report inappropriate content. For GCWiki h...
DocumentDocument Date: 2012-05-14Release Date: 2015-09-25
This GCHQ presentation dated 14 May 2012 describes the agency receiving “more than 50 billion events [metadata records] per day” and some of the tools available for analysing that mass of data: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
gchq-analytic-cloud-challenges-p1-normal.gif: GCHQ Analytic Cloud Challenges Innovation Lead for Data, Analytics & Visualisation Engineering This information is exempt from Disclosure unde...
DocumentRelease Date: 2015-09-03
This undated GCHQ presentation describes some of the Question Focused Databases (QFDs) developed to analyse the massive amount of raw data the agency collects from undersea cables: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
demystifying-nge-rock-ridge-p1-normal.gif: demystifying-nge-rock-ridge-p2-normal.gif: tr tr tr tr Scope and Aims Increase maturity and availability of QFDs Pull through more QFDs ...
DocumentRelease Date: 2013-06-21
This concluding slide from an undated GCHQ presentation on Tempora reminds analysts that they are in a “enviable” and “privileged” position – “you have access to a lot of sensitive data… have fun and make the most of it”: see the Guardian article Mastering the internet: how GCHQ set out to spy on the world […]
Conclusion TOP SECRET STRAP1 ® You are in a privileged position — repay that trust, o You have ready access to a lot of sensitive data, o Understand your legal obligations — don’t become a...