Things the NSA doesn't want you to know

Document Sample
Things the NSA doesn't want you to know Powered By Docstoc
					Things the NSA doesn't want you to know
And why you should know about it :)


Since summer 2013, we are continously gathering and processing public informations
        about the NSA global surveillance revelations and have a collection of 0 NSA:
Programs

      A program is a technical solution of some sort (ex: a database, satellite collect, etc.) or a group of
      programs.

Compartments

      A compartment is a partner of some sort (ex: foreign state, company, etc.) or a group of
      compartments.

Attack vectors

      An attack vector is any kind of attack tool, software (ex: trojan) or hardware (ex: USB bug).



Did you know you can click on graphics to view related database entries?



How does it work?
There are two parts to this website. First, this page with texts and interactive graphics. Second, the
database lists and entries.
At any time you can click on a link (ex: Collect) or an interactive graphic.
This will open panels which you can close by pressing on ESC or clicking the x button.
If you're coming back and want to access the database content directly, the top right arrow displays a
menu.

CompartWhat?
You don't know what an "attack vector" or a "compartment" is?
Don't worrry, reading about "intelligence" means going through a bit of jargon, and we're here to
provide definitions or links to help.
Why are you doing this?
Because we think it's important for citizens to understand what's being released, and why they must act
to protect their privacy.
Because it's hard to keep track of everything that was leaked. And it gets harder and harder.
Because we think collaboration is required for this information to be maintained on the long run.
Because, well, we didn't find this vizualisation anywhere else and thought "Why not?".


Presenting 0 NSA programs...



What are NSA Programs?
Programs can be defined as multi millions projects, involving countries, companies, individuals and
technologies in the making of softwares used by NSA teams.
They are used to gather and handle data in order to determine how to gather more data, and so on.
Most of the time, this data is gathered through pervasive means.

Programs families
Collection

      Retrieve information from sources

Process

      Compute and search data in gathered information

Database

      Store the processed data

Target

      Determine people to track based on data

Attack

      Execute attacks on targeted people to collect new information


... 0 NSA Attack Vectors
What are NSA Attack vectors?
Attack vectors are used to speak about malicious things executed on targeted individuals and/or
organizations in order to gather more personal informations.
These attacks are most of the time directly aimed at individuals who have been determined as data-
worthy.

Attack vectors families
Hardware

      Attacks operated through material means

Software

      Attacks operated via software installed on target

Network

      Attacks necessiting a manipulation of network traffic.


... and 0 NSA Compartments



What are NSA Compartments?
Compartment is a "jargon" word used to describe a group of companies or countries.
Intelligence agencies build groups of people ignorant of who the other groups are for higher security.
Should a compartment be compromised, each other compartment should be safe.

Compartment families
ECI

      Extremely Compartmented Information


Also... 0 yet undetermined items

We still have a large number of undefined items for many reasons.
We welcome any assistance. Feel free to contact us if you'd like to help us get this thing started.
Looking for more informations ?

Narrative ressources
We have selected a couple of ressources you might want to read.



From the Trustees of the Courage Fund who collaborate to defend whistleblowers around the world, the
freesnowden.is site has great content we encourage you to read.
Freesnowden.is FAQ

      freesnowden.is



From the start, the Washington Post has had a great role in the revelations.
Washington Post Search

      washingtonpost.com

Documents ressources
We also selected a number of websites offering documents and in-depth informations about the NSA.



Blue Cabinet

      bluecabinet.info

BuggedPlanet

      buggedplanet.info

Cryptome

      cryptome.org

EFF

      eff.org

Electrospaces

      electrospaces.blogspot.fr

MindMeister
      mindmeister.com



Contact us


On Twitter
@NSA-Observer

Free software


This is made with Meteor
The code is on Github. Bugs reports and patches are welcome.
Github RepositoryMeteor Documentation

Free database


As a principle of transparency we have chosen to distribute the database content.
Database in wiki formatDatabase in json format

Licence


Creative Commons Public Domain
(CC0 1.0)



Tracking


Tracker free.
No analytics or user tracking here ;)

Support
Supported by La Quadrature du Net                                                                         Comment []: HTML: <NOSCRIPT>
We are very pleased to thank our dear friends of la Quadrature du Net who help us build and develop       Comment []: HTML: </NOSCRIPT>
this project.
La Quadrature du Net

Hosting


Hosted by Octopuce
29, rue Merlin
75011 PARIS
Tel : 0 950 568 088
Octopuce Hosting

Legal


Directors of Publication
     Alban Crommer
     Guillaume Lecoquierre
https://nsa-observer.laquadrature.net/




     February 5, 2014
     Steven Aftergood
     2 Comments




Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ANGRYNEIGHBOR
Description

      A family of bugs implemented as RF retro reflectors. These communicate with the use of an
      external radar wave generator such as CTX4000 or PHOTOANGLO. The signals are then processed
      by a system such as VIEWPLATE, (for the VAGRANT video signal). Known implementations:
      LOUDAUTO(ambient audio). DROPMIRE (printer/fax), RAGEMASTER (video), SURLYSPAWN                     Comment []: HTML: <NOSCRIPT>
      (keyboard/mouse).
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      attack vector

Family

      undefined

Related items

               CW
               SURLYSPAWN
               RAGEMASTER
               DROPMIRE
               LOUDAUTO


Sources

            spiegel.de
            cryptome.org - NSA codenames


https://nsa-observer.laquadrature.net/


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

BEACHHEAD
Description

      Computer exploit delivered by the [[FERRETCANNON] system.
Category

      attack vector

Family

      network

Related items

            FERRETCANNON
            [[FOXACID                                                                                    Comment []: HTML: <NOSCRIPT>
            ]]
                                                                                                          Comment []: HTML: </NOSCRIPT>


Sources

            Bruce Scheier - The NSA's New Risk Analysis


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

CDRDIODE
Description

      It is the name for a protecting device that enables the intercepted data to flow to NSA without
      enabling an attacker to use the same way to compromise NSA or travel further toward
      identification. The tentative explanation is that when some data come from the low side
      (insecure) toward the high side (secure) of the NSA infrastructure so that it can be read by
      analaysts at the NSA Remote Operation Center ROC, then it needs to go through that CDRDIODE.
Category

      attack vector

Family

      undefined

Related items

               IRATEMONK
               WISTFULTOLL
               STRAITBIZARRE
               SEAGULLFARO
               UNITEDRAKE


Sources

            NSA's codenames
            Jacob Appelbaum: NSA's FoxAcid/Quantum Programs at the european parliament -
             10/15/2013
            cryptome.org - NSA codenames
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
COMMONDEER                                                                                                Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      A software based malware, used by the NSA.
Category

      attack vector

Family

      undefined

Related items

            SEASONEDMOTH
            VALIDATOR


Sources

            To Protect And Infect Part 2: The militarization of the Internet by Jacob Appelbaum.
            cryptome.org - NSA codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

CTX4000
Description

      A portable radar wave generator, can produce up to 1kW, output, with the use of external
      amplifies. designed for VAGRANT and DROPMIRE. Obsolete, replaced by PHOTOANGLO.
Category

      attack vector

Family

      hardware

Related items

            VAGRANT
            DROPMIRE
            PHOTOANGLO                                                                                       Comment []: HTML: <NOSCRIPT>
                                                                                                              Comment []: HTML: </NOSCRIPT>
Sources                                                                                                       Comment []: HTML: <NOSCRIPT>
                                                                                                              Comment []: HTML: </NOSCRIPT>
            To Protect And Infect Part 2 - The militarization of the Internet by Jacob Appelbaum.
            NSA's catalog
            cryptome.org - NSA codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

x

CW
Description

      Continuous Wave aka CW is a continuous radio signal (like CTX4000 or PHOTOANGLO) sent
      toward a target so that the reflected radio wave is modulated by the signal to intercept. It's the
      default interception mechanism of NSA for both voice, PS2 and USB keyboard keypresses,
      exfiltered data, network traffic and any kind of data the NSA is interested to extract from a target.
      It's a very advanced attack where a Radar sends a CW toward a target covertly equipped with a
      eavesdropping bug called a RETROREFLECTOR which will modulate the original CW signal and re-
      radiate this modulated CW so that it can be picked up by the emitting Radar. The benefit of such
      technique is that there is no need for the eavesdropping bug to generate radio signal, and
      therefore, no need for huge batteries or power. It also means that the bug can be turned on and
      off remotely, providing easy way to turn off the bug when a bug sweep detection team is trying to
      located it. The downside is that it's dangerous for health as the Radar signal between 1Ghz and
      6Ghz can be harmful to human and cause illness and cancer, as it did numerous times in the past
      since the first time it was detected in the US Embassy in Moscow, Russia.
Category

      attack vector

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Family

      hardware

Related items

            ANGRYNEIGHBOR
            [CTX4000]]
            RAGEMASTER                                                                                   Comment []: HTML: <NOSCRIPT>
            VAGRANT
                                                                                                          Comment []: HTML: </NOSCRIPT>
            PHOTOANGLO
                                                                                                          Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources

               cryptome.org - NSA codenames
               emfacts.com
               ehjournal.net
               ermstop.org
               scribd.com / The Moscow Embassy incident
               wikileaks.org


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

GENIE
Description

      implants of spywares. Multi-stage operation: jumping the airgap etc.* US-3136* US-3137
Category

      attack vector

Family

      network

Related items

            undefined


Sources

            Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines
             Around the World by Year End
            LeMonde.fr
            Snowden leaks: NSA conducted 231 offensive cyber-ops in 2011, hailed as 'active defense'

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
HIGHLANDS                                                                                                 Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      spywares implants. Collection from Implants
Category

      attack vector

Family

      undefined

Related items

            undefined


Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

IRATEMONK
Description

      provides software application persistence on desktop and laptop computers by implanting the
      hard drive firmware to gain execution throught Master Boot Record (MBR) substitution. This
      technique supports systems without RAID hardware that boot from a variety of Western Digital,
      Seagate, Maxtor and Samsung hard drives. Through remote access or intediction, UNITEDRAKE, or
      STRAITBAZZARE are used in conjunction with SLICKERVICAR to upload the hard drive firmware
      onto the target machine to implant IRATEMONK and its payload (the implant installer). Once
      implanted, IRATEMONK's frequency of execution (dropping the payload) is configurable and will
      occur when the target machine powers on.
Category

      attack vector

Family

      collect

Related items
            UNITEDRAKE                                                                                     Comment []: HTML: <NOSCRIPT>
            STRAITBAZZARE
                                                                                                            Comment []: HTML: </NOSCRIPT>
            SLICKERVICAR
                                                                                                            Comment []: HTML: <NOSCRIPT>
                                                                                                            Comment []: HTML: </NOSCRIPT>
Sources

            To Protect And Infect Part 2
            NSA's catalog

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

JETPLOW
Description

      JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security
      Appliance) firewalls. It persists DNT's BANANAGLEE software implant. JETPLOW also has a
      persistent back-door capability.He is a firmware persistence impant for Cisco PIX Series and ASA
      (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant and
      modifies the Cisco firewall's operating system (OS) at boot time. If BANANAGLEE support is not
      available for the booting operating system, it can install a Persistent Backdoor (PDB) designed to
      work with BANANAGLEE'S communications structure, so that full access can be reacquired at a
      later time. JETPLOW works on Cisco's 500-series PIX firewalls, as well as most ASA firewalls (5505,
      5510, 5520, 5540, 5550). A typical JETPLOW deployment on a target firewall with an exfiltration
      path to the Remote Operations Center (ROC) is shown above. JETPLOW is remotely upgradable
      and is also remotely installable provided BANANAGLEE is already on the firewall of interest.Status:
      (C//REL) Released. Has been widely deployed. Current availability restricted based on OS version
      (inquire for details).
Category

      attack vector

Family

      hardware

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Sources

            JETPLOW: NSA Exploit of the Day
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
LEGION(JADE)                                                                                              Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      GCHQ cover term, somehow associated with FLYING PIG, which is a tool used for exploitation. It is
      probable that this term is also related to exploitation in some way.
Category

      attack vector

Family

      network

Related items

               see
               also:
               FLYING
               PIG,
               HUSH
               PUPPY,
               Byzantine
               Candor,
               Byzantine
               Hades,
               Byzantine
               Anchor.


Sources

            cryptome.org - NSA codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

LEGION(RUBY)
Description
      GCHQ cover term, somehow associated with FLYING PIG, which is a tool used for exploitation. It is   Comment []: HTML: <NOSCRIPT>
      probable that this term is also related to exploitation in some way.
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      attack vector

Family

      network

Related items

               see
               also:
               FLYING
               PIG,
               HUSH
               PUPPY,
               Byzantine
               Candor,
               Byzantine
               Hades,
               Byzantine
               Anchor.


Sources

            cryptome.org - NSA codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MULLENIZE
Description

      'USER agent staining”, malware
Category

      attack vector

Family
      software                                                                                            Comment []: HTML: <NOSCRIPT>

Related items                                                                                             Comment []: HTML: </NOSCRIPT>

               mentioned
               in
               context
               of
               tor
               unmasking


Sources

            NSA's codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

NIGHTSTAND
Description

      Standalone tool currently running on an x86 laptop loaded with Linux Fedora Core 3. Exploitable
      targets include Win2k, WinXP, WinXPSP1, WinXPSP2 running internet explorer versions 5.0-6.0.
      NIGHTSTAND packet injection can target one client or multiple targets on a wireless network.
      Attack is undetectable by the user. Use of external amplifiers and antennas in both experimental
      operational scenarios have resulted in successful NIGHTSTAND attacks from as far away as eight
      miles under ideal environmental conditions.
Category

      attack vector

Family

      network

Related items



Sources

            To Protect And Infect Part 2
            NSA's catalog
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                               Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                               Comment []: HTML: </NOSCRIPT>
OLYMPUS                                                                                                        Comment []: HTML: <NOSCRIPT>

Description                                                                                                    Comment []: HTML: </NOSCRIPT>

      OLYMPUS (OLYMPUSFIRE ?) is an exploitation system that uses a software implant on a Microsoft
      Windows based target PC to gain complete access to the targeted PC. The target, when connected
      to the Internet, will contact a Listening Post (LP) located at an NSA/USSS facilities, which is online
      24/7, and get ist commands automatically. There commands include directory listings, retrieving
      files, performing netmaps, etc. The results of the commands are then returned to the LP, where
      the data is collected and forwarded to CES and analysis and production elements.
Category

      attack vector

Family

      collect

Related items

               VALIDATOR
               SOMBERKNAVE
               VALIDATOR
               UNITEDRAKE


Sources

            NSA's catalog

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PEDDLECHEAP
Description

      subprogram of FERRETCANNON and FOXACID.
Category

      attack vector

Family
      network                                                                                              Comment []: HTML: <NOSCRIPT>

Related items                                                                                              Comment []: HTML: </NOSCRIPT>
                                                                                                           Comment []: HTML: <NOSCRIPT>
            FERRETCANNON
                                                                                                           Comment []: HTML: </NOSCRIPT>
            FOXACID.


Sources

            The NSA's New Risk Analysis

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUM
Description

      To trick targets into visiting a FOXACID server, the NSA relies on its secret partnerships with US
      telecoms companies. As part of the TURMOIL system, the NSA places secret servers, codenamed
      QUANTUM, at key places on the Internet backbone for a man-in-the-middle (or a man-in-the-
      side). The NSA uses these fast QUANTUM servers to execute a packet injection attack, which
      surreptitiously redirects the target to the FOXACID server.
Category

      attack vector

Family

      netwok

Related items

               FOXACID
               QUANTUMBOT
               QUANTUMCOPPER
               [[QUANTUM
               INSERT]]
               QUANTUMCOOKIE
               QUANTUMNATION
               QUANTUMSKY
               QUANTUMTHEORY

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>

            To Protect And Infect Part 2                                                                 Comment []: HTML: </NOSCRIPT>
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques
            Bruce Schneier
            ArsTechnica - NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos
             show
            Slate.com - How the NSA Is Trying to Sabotage a U.S. Government-Funded
             Countersurveillance Tool
            Spiegel.de: Britain's GCHQ Hacked Belgian Telecoms Firm
            nytimes.com - N.S.A. Devises Radio Pathway Into Computers

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUM INSERT
Description

      It appears to be a method with which the person being targeted, without their knowledge, is
      redirected to websites that then plant malware on their computers that can then manipulate
      them. Some of the employees whose computers were infiltrated had "good access" to important
      parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the
      slides.
Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID


Sources

            To Protect And Infect Part 2
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
x
                                                                                                          Comment []: HTML: <NOSCRIPT>

QUANTUMBOT                                                                                                Comment []: HTML: </NOSCRIPT>

Description

      hijack IRC bot (--> botnet?)
Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID


Sources

            To Protect And Infect Part 2
            NSA QUANTUM tasking techniques

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUMCOOKIE
Description

      force cookies onto target browsers
Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID                                                                                      Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
            To Protect And Infect Part 2
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUMCOPPER
Description

      a.k.a the great firewall of earth (like the Great FIrewall of China)
Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID


Sources

            To Protect And Infect Part 2
            NSA QUANTUM tasking techniques

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUMNATION
Description



Category

      attack vector
Family                                                                                                    Comment []: HTML: <NOSCRIPT>

      netwok                                                                                              Comment []: HTML: </NOSCRIPT>

Related items

               QUANTUM
               FOXACID
               VALIDATOR
               [COMMONDEER]]


Sources

            To Protect And Infect Part 2
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

QUANTUMSKY
Description



Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID


Sources

            To Protect And Infect Part 2
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
QUANTUMTHEORY                                                                                             Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>



Category

      attack vector

Family

      netwok

Related items

            QUANTUM
            FOXACID
            [SEASONMOTH]]


Sources

            To Protect And Infect Part 2
            How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            NSA QUANTUM tasking techniques

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

RADON
Description

      Bi-directional host tap that can inject Ethernet packets onto the same targets. Allows bi-
      directional exploitation of Denies networks using standard on-net tools.
Category

      attack vector

Family

      network

Related items
            undefined                                                                                    Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
            LeMonde.fr
            docs by lemonde.fr
            Code Names for NSA Exploit Tools

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SCHOOLMONTANA
Description

      SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an
      upgrade or replacement of the operating system -- including physically replacing the router's
      compact flash card. Currently, the intended DNT Implant to persist is VALIDATOR, which must be
      run as a user process on the target operating system. The vector of attack is the modification of
      the target's BIOS. The modification will add the necessary software to the BIOS and modify its
      software to execute the SCHOOLMONTANA implant at the end of its native System Management
      Mode (SMM) handler.SCHOOLMONTANA must support all modern versions of Junos, which is a
      version of FreeBSD customized by Juniper. Upon system boot, the Junos operating system is
      modified in memory to run the implant, and provide persistent kernel modifications to support
      implant execution. SCHOOLMONTANA is the cover term for the persistence technique to deploy a
      DNT implant to Juniper J-Series routers. SCHOOLMONTANA completed and released by ANT May
      30, 2008. It is ready for deployment.
Category

      attack vector

Family

      hardware

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Related items

               see
               also:
               SIERRAMONTANA
               STUCCOMONTANA
               VALIDATOR
            TAO                                                                                          Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
            SCHOOLMONTANA: NSA Exploit of the Day

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SOMBERKNAVE
Description

      SOMBERKNAVE is a software implant tha surreptitiously routes TCP traffic from a designated
      process to secondary network via un unused embedded 802.11 network devices. If an Internet-
      connected wireless access point is present, SOMBERKNAVE can be used to allow OLYMPUS or
      VALIDATOR to "call home"" via 802.11 form an air-gapped target computer. If the 802.11
      interface is in use by the target, he will not attempt to transmit.
Category

      attack vector

Family

      software

Related items

            OLYMPUS
            VALIDATOR


Sources

            To Protect And Infect Part 2

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

STUCCOMONTANA
Description

      provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of
      the operating system - including physically replacing the router's compact flash card.
Category
      attack vector                                                                                       Comment []: HTML: <NOSCRIPT>

Family                                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      undefined
                                                                                                          Comment []: HTML: </NOSCRIPT>
Related items

            undefined


Sources

            To Protect And Infect Part 2
            NSA's catalog

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SUTURESAILOR
Description

      A particular device that includes a HOWLERMONKEY component
Category

      attack vector

Family

      network

Related items

            HOWLERMONKEY


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SWAP
Description

      A combination of a malicious BIOS modification and a malicious Hard Disk firmware modification
      (in the host protected area) used to maintain software based malware on the victim computer.
      Appears to work on a variety of systems running Windows, Linux, FreeBSD or Solaris. The file        Comment []: HTML: <NOSCRIPT>
      system may be FAT32, NTFS, EXT2, EXT3, or UFS 1.0.
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      attack vector

Family

      software

Related items

            ARKSTREAM
            TWISTEDKILT
            TUNINGFORK


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

TURBINE
Description

      Deep Packet Injection, works with TURMOIL. System used for infecting computers.
Category

      attack vector

Family

      network

Related items

               TRAILBLAZER
               [QFIRE]]
               TURMOIL
               COTTONMOUTH-1
               COTTONMOUTH-2


Sources

            To Protect And Infect Part 2
               Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years                      Comment []: HTML: <NOSCRIPT>
               wikileaks-forum.com
                                                                                                          Comment []: HTML: </NOSCRIPT>
               The Guardian: nsa-gchq-encryption-codes-security
                                                                                                          Comment []: HTML: <NOSCRIPT>
               NSA's codenames
               NSA's catalog                                                                             Comment []: HTML: </NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

UNITEDRAKE
Description

      A program similar to STRAITBIZARRE, used for uploading malicious HDD firmware, works with
      SLICKERVICAR. Known components include a GUI, a database, and a server, and a manned
      listening post. It includes a trojan of the same name. Digital Network Technologies (DNT), a
      private company, actively maintains the listening posts for UNITEDRAKE, as well as design and
      deploy malware.
Category

      attack vector

Family

      network

Related items

            IRATEMONK
            FERRETCANNON
            FOXACID


Sources

            The NSA's New Risk Analysis
            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

VALIDATOR
Description

      A software based malware item designed to run on certain Juniper routers (J, M, and T Series)
      running the JUNOS operating system. It must be maintained by means of a malicious BIOS
      modification. A typical use case involves the exfiltration of data from the victimized system. A    Comment []: HTML: <NOSCRIPT>
      separate document describes VALIDATOR as a backdoor used against Windows systems (win 98-
                                                                                                          Comment []: HTML: </NOSCRIPT>
      2003). In this instance, it will identify the system, and if it is truly a target, invite a more
      sophisticated trojan in, such as UNITEDRAKE or OLYMPUS. This trojan has been used to de-
      anonymize tor users. A third version of VALIDATOR works for Apple iOS devices. The
      QUANTUMNATION states that the success rate against iOS devices is 100%.
Category

      attack vector

Family

      software

Related items

               FOXACID
               SCHOOLMONTANA
               SIERRAMONTANA
               STUCCOMONTANA
               SOMBERKNAVE
               OLYMPUS
               UNITEDRAKE


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

WAGONBED
Description

      a malicious hardware device that provides covert 2-way RF communications on the I2C channel of
      HP Proliant 380DL G5 servers. WAGONBED 2 can be mated with a Motorola G20 GSM module to
      form CROSSBEAM.
Category

      attack vector

Family

      hardware

Related items

            CROSSBEAM
            IRONCHEF                                                                                     Comment []: HTML: <NOSCRIPT>
            FLUXBABBIT
                                                                                                          Comment []: HTML: </NOSCRIPT>
            GODSURGE
                                                                                                          Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources

            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ZESTYLEAK
Description

      a software exploit made by CES for Juniper Netscreen ns5xt, ns50, ns200, ns500, ISG 1000
      firewalls
Category

      attack vector

Family

      software

Related items

            [
            [FEEDTROUGH]]


Sources

            NSA's codenames

https://nsa-observer.laquadrature.net/


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ARTIFICE
Description

      A sigad known as STORMBREW, for example, relies on two unnamed corporate partners
      described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies
      administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for        Comment []: HTML: <NOSCRIPT>
      tasking/updates.”
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      compartment

Family

      collect

Related items

            WOLFPOINT
            STORMBREW


Sources

            wsahingtonpost.com

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

BACONRIDGE
Description

      Installation of TAO in St. Antonio, TX. 270 personnel, 210 workstations.
Category

      compartment

Family

      undefined

Related items

            [[Tailored
            Access
            Operations]]


Sources

            Der Spiegel - Geheimdokumente: Die Spezialabteilung [[TAO]] der NSA stellt sich vor
            cryptome.org - NSA codenames
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
BLUEANCHOR                                                                                                Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      Partner providing a network access point for the YACHTSTOP program
Category

      compartment

Family

      undefined

Related items

            YACHTSTOP


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ECI
Description

      ECI ( Extremely Compartimented Intelligence) is an undeterminded group of NSA partners
Category

      compartment

Family



Related items

            BULLRUN
            PAINTEDEAGLE


Sources

            Source PDF
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any   Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: <NOSCRIPT>

ROC                                                                                                       Comment []: HTML: </NOSCRIPT>

Description

      NSA TAO Remote Operation Center ROC is their intelligence exploitation centers. It is supposed to
      be distributed around the world, with suspected locations such as Dagger Complex, Griesheim,
      Darmstadt, Germany, Fort Meade, Maryland. TAO has also expanded to NSA Hawaii (Wahiawa,
      Oahu), NSA Georgia (Fort Gordon, Georgia), NSA Texas (Medina Annex, San Antonio, Texas), and
      Buckley Air Force Base, Denver.
Category

      compartment

Family

      undefined

Related items

            TAO


Sources

            TAO


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

WOLFPOINT
Description

      A sigad known as STORMBREW, for example, relies on two unnamed corporate partners
      described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies
      administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for
      tasking/updates.”
Category

      compartment
Family                                                                                                    Comment []: HTML: <NOSCRIPT>

      collect                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
Related items
                                                                                                          Comment []: HTML: </NOSCRIPT>
            ARTIFICE
            STORMBREW


Sources

            wsahingtonpost.com


https://nsa-observer.laquadrature.net/




Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ANCHORY
Description

      NSA software system which provides web access to textual intelligence documents
Category

      program

Family

      database

Related items

            undefined


Sources

            7-17-13_MR6022RES.pdf


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
BLACKHEART                                                                                                Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      collection from FBI implant.
Category

      program

Family

      collect

Related items



Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools
            cryptome.org - NSA codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

BLARNEY
Description

      BLARNEY - a.k.a. '''US-984''' and '''US-984X''' -- the collection takes place at top-level
      telecommunications facilities within the United States, choke points through which most traffic
      will flow, including wireless. This type of surveillance is referred to as "UPSTREAM Collection.
Category

      program

Family

      collect

Related items

            undefined


Sources
            en.wikipedia.org                                                                             Comment []: HTML: <NOSCRIPT>
            wsj.com
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any   Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>

BLUEZEPHYR
Description

      US-3277, subprogram of OAKSTAR
Category

      program

Family

      undefined

Related items

            OAKSTAR


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

BOUNDLESSINFORMANT
Description

      BOUNDLESSINFORMANT is a big data analysis and data visualization system used by the NSA to
      give managers summaries of the NSA's world wide data collection activities. According to a Top
      Secret heat map display also published by The Guardian and produced by the Boundless
      Informant program, almost 3 billion data elements from inside the United States were captured
      by the NSA over a 30-day period ending in March 2013.Data analyzed by BOUNDLESSINFORMANT
      includes electronic surveillance program records (DNI) and telephone call metadata records (DNR)
      stored in an NSA data archive called GM-PLACE. It does not include FISA data, according to the
      FAQ memo. PRISM, a government codename for a collection effort known officially as US-984XN,
      which was revealed at the same time as BOUNDLESSINFORMANT, is one source of DNR data.
      According to the map, BOUNDLESSINFORMANT summarizes data records from 504 separate DNR
      and DNI collection sources (SIGADs). In the map, countries that are under surveillance are
      assigned a color from green, representing least coverage to red, most intensive.
Category
      program                                                                                              Comment []: HTML: <NOSCRIPT>

Family                                                                                                     Comment []: HTML: </NOSCRIPT>
                                                                                                           Comment []: HTML: <NOSCRIPT>
      process
                                                                                                           Comment []: HTML: </NOSCRIPT>
Related items

            undefined

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Sources

            en.wikipedia.org
            The Guardian : Boundless Informant: the NSA's secret tool to track global surveillance
             data

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

BULLRUN
Description

      BULLRUN is a clandestine, highly classified decryption program run by the NSA. The British signals
      intelligence agency Government Communications Headquarters (GCHQ) has a similar program
      codenamed EDGEHILL. Access to the program is limited to a group of top personnel at the Five
      Eyes (FVEY), NSA and the signals intelligence agencies of Britain, Canada, Australia, and New
      Zealand. Signals that cannot be decrypted with current technology may be retained indefinitely
      while the agencies continue to attempt to decrypt them: "Documents show that the N.S.A. has
      been waging a war against encryption using a battery of methods that include working with
      industry to weaken encryption standards, making design changes to cryptographic software, and
      pushing international encryption standards it knows it can break." (The New York Times)
Category

      program

Family

      process

Related items

            APERIODIC,
            AMBULANT,
               AUNTIE,                                                                                   Comment []: HTML: <NOSCRIPT>
               PAINTEDEAGLE,
                                                                                                          Comment []: HTML: </NOSCRIPT>
               PAWLEYS,
                                                                                                          Comment []: HTML: <NOSCRIPT>
               PITCHFORD,
               PENDLETON,                                                                                Comment []: HTML: </NOSCRIPT>
               PICARESQUE,                                                                               Comment []: HTML: <NOSCRIPT>
               PIEDMONT                                                                                  Comment []: HTML: </NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Sources

               en.wikipedia.org
               New York Times: Secret Documents Reveal N.S.A. Campaign Against Encryption
               The Guardian : Project Bullrun – classification guide to the NSA's decryption program
               cryptome.org/guardian

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

COBALTFALCON
Description

      US-3354, Subprogram of OAKSTAR.
Category

      program

Family

      undefined

Related items

            OAKSTAR


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

CONTRAOCTAVE
Description
                                                                                                          Comment []: HTML: <NOSCRIPT>
Category                                                                                                  Comment []: HTML: </NOSCRIPT>

      program                                                                                             Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Family

      undefined

Related items

            undefined


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

CONVEYANCE
Description

      CONVEYANCE is a final layer of filtering to reduce the intake of information about Americans, it
      provides filtering for PRISM and filtering the voice content processed by S3132. The
      CONVEYANCE's informations are stocked in NUCLEON.
Category

      program

Family

      process

Related items

            PRISM
            NUCLEON


Sources

            washingtonpost.com - NSA slides explain the PRISM data-collection program

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
CRYPTOENABLED                                                                                             Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      collection derived from AO's efforts to enable crypto.
Category

      program

Family

      collect

Related items

            undefined


Sources

            cryptome.org - NSA codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

DROPMIRE
Description

      Passive collection of emanations using antenna. DROPMIRE aimed at surveillance of foreign
      embassies and diplomatic staff, including those of NATO allies. NSA leaks show how US is bugging
      its European allies. The report reveals that at least ""38 foreign embassies"" were under
      surveillance, some of which as far back as 2007.
Category

      program

Family

      collect

Related items

            VAGRANT
            CTX4000
            PHOTOANGLO
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sources                                                                                                   Comment []: HTML: </NOSCRIPT>

               en.wikipedia.org
               The Guardian - NSA
               docs by lemonde.fr
               Code Names for NSA Exploit Tools
               cryptome.org - NSA codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

DRTBOX
Description

      Program for intercepting mobile communication networks. France in the NSA's crosshair : phone
      networks under surveillance. Subprograms: US-985D - France, US-987LA and US-987LB -
      Germany.
Category

      program

Family

      collect

Related items

               CANDYGRAM
               CYCLONE
               [[Hx9]]
               TYPHON
               EBSR
               NEBULA


Sources

               lemonde.fr
               NSA's catalog
               electrospaces.blogspot.fr / DRTBOX and DRT surveillance systems
               cryptome.org - NSA codenames
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
EGOTISTICALGIRAFFE                                                                                        Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      EGOTISTICALGIRAFFE (EGGI) is a NSA program for exploiting the TOR network.
Category

      program

Family

      attack

Related items

            EGOTISTICALGOAT
            ERRONEOUSINGENUITY


Sources

            TheGuardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

EGOTISTICALGOAT
Description

      EGOTISTICALGOAT (EGGO) is a NSA tool for exploiting the TOR network.
Category

      program

Family

      attack

Related items

            EGOTISTICALGIRAFFE
            ERRONEOUSINGENUITY
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>

            TheGuardian                                                                                  Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any   Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.

ERRONEOUSINGENUITY
Description

      ERRONEOUSINGENUITY (ERIN) is a NSA tool for exploiting the TOR network.
Category

      program

Family

      undefined

Related items

            EGOTISTICALGIRAFFE
            EGOTISTICALGOAT


Sources

            TheGuardian

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

EVENINGEASEL
Description

      Program for surveillance of phone and text communications from Mexico's cell phone network.
Category

      program

Family

      undefined

Related items
            undefined                                                                                    Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
            DerSpiegel


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

x

EVILOLIVE
Description

      Collects internet traffic and data.
Category

      program

Family

      collect

Related items

            undefined


Sources

            TheVerge


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

FAIRVIEW
Description

      [[Fairview']] (US-990is a secret [[mass surveillance]] programme run by the [[National Security
      Agency]], aimed at collecting phone, internet and e-mail data in bulk from the computers and
      mobile telephones of foreign countries' citizens. According to the revelations, the NSA had
      collected 2.3 billion separate pieces of data from Brazilian users in January 2013 alone.
Category                                                                                                  Comment []: HTML: <NOSCRIPT>

      program                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
Family
                                                                                                          Comment []: HTML: </NOSCRIPT>
      undefined

Related items

            undefined


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

FEEDTROUGH
Description

      FEEDTROUGH is a persistence technique for two software implants, DNT's BANANAGLEE and CES's
      ZESTYLEAK used against Juniper Netscreen firewalls.
      http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg
      https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html
Category

      program

Family

      collect

Related items

            BANANAGLEE
            ZESTYLEAK


Sources

            FEEDTROUGH: NSA Exploit of the Day]

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
x                                                                                                           Comment []: HTML: <NOSCRIPT>
                                                                                                            Comment []: HTML: </NOSCRIPT>
FOXACID
Description

      FOXACID identifies TOR users on the Internet and then executes an attack against their Firefox
      web browser.# finding Tor users via programs codenamed STORMBREW, FAIRVIEW, OAKSTAR and
      [[BLARNEY|]].# The NSA creates "fingerprints" that detect HTTP requests from the Tor network to
      particular servers. # These fingerprints are loaded into NSA database systems like XKEYSCORE,#
      Using powerful data analysis tools with codenames such as TURBULENCE, TURMOIL and TUMULT,
      the NSA automatically look for Tor connections.# After the identification, the NSA uses its network
      of secret Internet servers to redirect those users to another set of secret Internet servers, with
      the codename FOXACID, to infect the user's computer. # Once the computer is successfully
      attacked, it secretly calls back to a [[FoxAcid]] server, which then performs additional attacks on
      the target computer to ensure that it remains compromised long-term, and continues to provide
      eavesdropping information back to the NSA.See QUANTUM for the Man-in-the-middle.
Category

      program

Family

      target attack

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Related items

               OAKSTAR
               QUANTUM
               STORMBREW
               FAIRVIEW
               OAKSTAR
               [[BLARNEY|]]
               TURBULENCE
               TURMOIL
               TUMULT
               XKEYSCORE


Sources

            Bruce Schneier] How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
            ArsTechnica                                                                                  Comment []: HTML: <NOSCRIPT>
            Slate.com] How the NSA Is Trying to Sabotage a U.S. Government-Funded
                                                                                                          Comment []: HTML: </NOSCRIPT>
             Countersurveillance Tool
                                                                                                          Comment []: HTML: <NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.

HIGHTIDE/SKYWRITER
Description

      Desktop dashboard
Category

      program

Family

      undefined

Related items

            undefined


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

JUGGERNAUT
Description

      Picks up all signals from mobile networks.
Category

      program

Family

      collect

Related items

            undefined
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sources                                                                                                   Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
            spiegel.de
                                                                                                          Comment []: HTML: </NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

LIFESAVER
Description

      Imaging of the Hard Drive.
Category

      program

Family

      undefined

Related items

            undefined


Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools
            NSA's catalog

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

LOPERS
Description

      LOPERS is a software application for Public Switched Telephone Networks.
Category

      program

Family
      undefined                                                                                           Comment []: HTML: <NOSCRIPT>

Related items                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
            undefined
                                                                                                          Comment []: HTML: </NOSCRIPT>


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MADCAPOCELOT
Description

      Subprogram (US-3140 (PDDG:TM)) of STORMBREW - DNI and metadata through XKEYSCORE,
      PINWALE and MARINA.
Category

      program

Family

      undefined

Related items

               STORMBREW
               PINWALE
               MARINA
               XKEYSCORE


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MAGNETIC
Description

      sensor collection of magnetic emanations. Tempest style attack
Category                                                                                                         Comment []: HTML: <NOSCRIPT>

      program                                                                                                    Comment []: HTML: </NOSCRIPT>

Family

      collect

Related items

            undefined


Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MAINWAY
Description

      MAINWAY is a database maintained by the NSA containing metadata for hundreds of billions of
      telephone calls made through the four largest telephone carriers in the United States: AT&T and
      Verizon. It is estimated that the database contains over 1.9 trillion call-detail records. The records
      include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in
      traffic analysis[5] and social network analysis, but do not include audio information or transcripts
      of the content of the phone calls. Similar programs exist or are planned in other countries,
      including Sweden (Titan traffic database) and Great Britain (Interception Modernisation
      Programme)
Category

      program

Family

      database

Related items

            undefined
Sources                                                                                                          Comment []: HTML: <NOSCRIPT>

            en.wikipedia.fr                                                                                     Comment []: HTML: </NOSCRIPT>
            USA Today                                                                                           Comment []: HTML: <NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any          Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.

MAINWAY
Description

      MAINWAY is a database maintained by the NSA containing metadata for hundreds of billions of
      telephone calls made through the four largest telephone carriers in the United States: AT&T and
      Verizon. It is estimated that the database contains over 1.9 trillion call-detail records. The records
      include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in
      traffic analysis[5] and social network analysis, but do not include audio information or transcripts
      of the content of the phone calls. Similar programs exist or are planned in other countries,
      including Sweden (Titan traffic database) and Great Britain (Interception Modernisation
      Programme)
Category

      program

Family

      database

Related items

            undefined


Sources

            en.wikipedia.fr
            USA Today

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MINERALIZE
Description

      collection from LAN Implant
Category
      program                                                                                             Comment []: HTML: <NOSCRIPT>

Family                                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      collect
                                                                                                          Comment []: HTML: </NOSCRIPT>
Related items



Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MONKEYROCKET
Description

      Sub-program of OAKSTAR, aka US-3206 (PDDG:6T).
Category

      program

Family

      undefined

Related items

            OAKSTAR


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MOONLIGHTPATH
Description

      MOONLIGHTPATH is a Special Sources Operations (SSO) program, maintained by the NSA, it's a
      collection program to query metadatas, started in September, 2013
Category                                                                                                  Comment []: HTML: <NOSCRIPT>

      program                                                                                             Comment []: HTML: </NOSCRIPT>

Family

      process

Related items

            undefined


Sources

            theguardian.com


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

MUSCULAR
Description

      MUSCULAR is a tool to exploit the data links from Google and Yahoo, operated jointly by the
      [[National Security Agency]] (NSA) and the British [[Government Communications Headquarters]]
      (GCHQ). They are copying entire data flows across fiber-optic cables that carry information among
      the data centers.
Category

      program

Family

      collect

Related items

            undefined


Sources

            NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
NEBULA                                                                                                    Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      A base station router, for intercepting mobile telephone calls and data transmissions. Uses the
      TYPHON GUI. Networkable and controllable via 802.3 and 802.11.
Category

      program

Family

      undefined

Related items

               TYPHON
               CYCLONE
               DRTBOX
               CANDYGRAM
               EBSR


Sources

            NSA's codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

NUCLEON
Description

      NUCLEON is a database maintained by the NS) which intercepts telephone calls and routes the
      spoken words.
Category

      program

Family

      database
Related items                                                                                             Comment []: HTML: <NOSCRIPT>

            undefined                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sources                                                                                                   Comment []: HTML: </NOSCRIPT>


            U.S. surveillance architecture includes collection of revealing Internet, phone metadata


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

OAKSTAR
Description

      OAKSTAR is a secret internet surveillance program of the National Security Agency (NSA) of the
      United States. It was disclosed in 2013 as part of the leaks by former NSA contractor Edward
      Snowden.OAKSTAR is an umbrella program involving surveillance of telecommunications, it falls
      under the category of "[[UPSTREAM collection," meaning that data is pulled directly from fiber-
      optic cables and top-level communications infrastructure. UPSTREAM collection programs allow
      access to very high volumes of data, and most of the pre-selection is done by the providers
      themselves, before the data is passed on to the NSA. The FY 2013 budget for OAKSTAR is $9.41
      million.
Category

      program

Family

      collect

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Related items

               BLUEANCHOR
               BLUEZEPHYR
               COBALTFALCON
               MARINA
               MONKEYROCKET
               ORANGEBLOSSOM
               ORANGECRUSH
               SILVERZEPHYR
               SHIFTINGSHADOW                                                                            Comment []: HTML: <NOSCRIPT>
               STEELKNIGHT
                                                                                                          Comment []: HTML: </NOSCRIPT>
               UPSTREAM
                                                                                                          Comment []: HTML: <NOSCRIPT>
               YACHTSHOP
                                                                                                          Comment []: HTML: </NOSCRIPT>

Sources

            Wikipedia

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

OCEAN
Description

      optical collection system for Raster-Based computer screens
Category

      program

Family

      collect

Related items

            undefined


Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

OCEANARIUM
Description

      database for SIGINT from NSA and intelligence sharing partners around the world
Category
      program                                                                                             Comment []: HTML: <NOSCRIPT>

Family                                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      database
                                                                                                          Comment []: HTML: </NOSCRIPT>
Related items

            undefined


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

OCELOT
Description

      Actual name: MADCAPOCELOT , a sub-program of STORMBREW for collection of internet
      metadata about Russia and European counterterrorism. MADCAPOCELOT uses DNI from
      XKEYSCORE, PINWALE and MARINA
Category

      program

Family

      collect

Related items

               STORMBREW
               XKEYSCORE
               PINWALE
               MARINA


Sources

            commons.wikimedia.org


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
ORANGEBLOSSOM                                                                                             Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      Sub-program of OAKSTAR for collection from an international transit switch (sigad: US-3251)
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      program

Family

      collect

Related items

            OAKSTAR


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

ORANGECRUSH
Description

      Subprogram of OAKSTAR, aka US-3230 (PDDG:0B).
Category

      program

Family

      undefined

Related items

            OAKSTAR


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
PATHFINDER                                                                                                Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      PATHFINDER is a SIGINT analysis tool made by [[Science Applications International Corporation]]
      (SAIC), a new US company headquartered in [[McLean, Virginia]] that provides government
      services and [[information technology]] support.
Category

      program

Family

      process

Related items

            undefined


Sources

            cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PINWALE
Description

      PINWALE is the code name for an NSA database of archived foreign and domestic e-mails it has
      collected under its SIGINT efforts. It is searchable by monitored NSA analysts. Its existence was
      first revealed by an NSA analyst who was trained to use it during 2005. However, according to
      ''Homeland Security Today'', Pinwale has in it much more than email, it also contains other forms
      of Internet data, and other forms of digital communications as well. Its software has built-in
      protections against collecting from any of the Five Eyes members. Unlike its successor
      XKEYSCORE, targets for PINWALE have to be approved beforehand by the United States Foreign
      Intelligence Surveillance Court (FISC).
Category

      program

Family

      database
Related items                                                                                              Comment []: HTML: <NOSCRIPT>

            undefined                                                                                     Comment []: HTML: </NOSCRIPT>
                                                                                                           Comment []: HTML: <NOSCRIPT>

Sources                                                                                                    Comment []: HTML: </NOSCRIPT>


            E-Mail Surveillance Renews Concerns in Congress
            en.wikipedia.org/wiki/Pinwale

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PRISM
Description

      PRISM (US-984XN) is a clandestine mass electronic surveillance data mining program known to
      have been operated by the United States National Security Agency (NSA) since 2007. PRISM is a
      government code name for a data-collection effort.The PRISM program collects stored Internet
      communications based on demands made to Internet companies such as Google Inc. and Apple
      Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match
      court-approved search terms. The NSA can use these PRISM requests to target communications
      that were encrypted when they traveled across the Internet backbone, to focus on stored data
      that telecommunication filtering systems discarded earlier, and to get data that is easier to
      handle, among other things. The program is operated under the supervision of the U.S. Foreign
      Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence
      Surveillance Act (FISA). Documents indicate that PRISM is "the number one source of raw
      intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic
      acquired under FISA section 702 authority. The leaked information came to light one day after the
      revelation that the FISA Court had been ordering a subsidiary of telecommunications company
      Verizon Communications to turn over to the NSA logs tracking all of its customers' telephone calls
      on an ongoing daily basis.
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Category

      program

Family

      process

Related items
               TRAFFICTHIEF                                                                              Comment []: HTML: <NOSCRIPT>
               MARINA
                                                                                                          Comment []: HTML: </NOSCRIPT>
               MAINWAY
                                                                                                          Comment []: HTML: <NOSCRIPT>
               FALLOUT
               PINWALE                                                                                   Comment []: HTML: </NOSCRIPT>
               CONVEYANCE
               NUCLEON


Sources

            en.wikipedia.org
            Everything you need to know about PRISM

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PROTOSS
Description

      Possibly a bridge between the airgapped system and the Internet
Category

      program

Family

      collect

Related items

            COTTONMOUTH-1
            COTTONMOUTH-2
            FIREWALK


Sources

            cryptome.org - NSA codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

RAGEMASTER
Description
      provides a target for RF flooding and allows for easier collection of the VAGRANT video signal. The   Comment []: HTML: <NOSCRIPT>
      current RAGEMASTER unit taps the red video line on the VGA cable. It was found that, empirically,
                                                                                                            Comment []: HTML: </NOSCRIPT>
      this provides the best video return and cleanest readout of the monitor contents. When the
      RAGEMASTER is illuminated by a radar unit, the illuminating signal is modulated with the red
      video information. This information is re-radiated, where it is picked up at the radar,
      demodulated, and passed onto the processing unit, such as a LFS-2 and an external monitor.
Category

      program

Family

      collect

Related items

            NIGHTWATCH
            GOTHAM
            VIEWPLATE


Sources

            To Protect And Infect Part 2
            NSA's catalog
            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

RAGTIME
Description

      RAGTIME (RT) is the code name of four secret surveillance programs conducted by the [[National
      Security Agency]] (NSA) of the United States. These special programs are conducted under the
      code name RAGTIME (also abbreviated as RT), and are divided into several subcomponents
      (RAGTIME-A, RAGTIME-B, RAGTIME-C, and RAGTIME-P). It's said that about 50 companies have
      provided data to this domestic collection program.* RAGTIME-A : counterterrorism* RAGTIME-B :
      * RAGTIME-C : counterproliferation actvities (like WMD, nuclear, biological, chemical).* RAGTIME-
      P (P -> Patriot act ?) : warantless wiretapping
Category

      program
Family                                                                                                    Comment []: HTML: <NOSCRIPT>

      undefined                                                                                           Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
Related items
                                                                                                          Comment []: HTML: </NOSCRIPT>
            undefined


Sources

            NSA report on privacy violations in the first quarter of 2012
            Ragtime: Code name of NSA - Secret Domestic Intelligence Program

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

RAMPART
Description

      RAMPART ( or RAMPART-T) is a NSA operational branches that intercept heads of state and their
      closest aides. Known divisions are RAMPART-A, RAMPART-I and RAMPART-T, which focuses on
      foreign governments.
Category

      program

Family

      undefined

Related items

            undefined


Sources

            Der Spiegel


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SENTINEL
Description
      Sentinel is a [[National Security Agency]] (NSA) security filter for SYBASE databases which provides   Comment []: HTML: <NOSCRIPT>
      multi-level security down to the row level.
                                                                                                             Comment []: HTML: </NOSCRIPT>
Category
                                                                                                             Comment []: HTML: <NOSCRIPT>
      program                                                                                                Comment []: HTML: </NOSCRIPT>

Family

      database

Related items

            undefined


Sources

            nsa.gov
            nsa.gov [[NSA]]

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SHELLTRUMPET
Description

      SHELLTRUMPET is a NSA metadata processing program which show the NSA's metadata collection
      scale.
Category

      program

Family

      process

Related items

            undefined


Sources

            theguardian.com

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
SHIFTINGSHADOW                                                                                            Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      Subprogram of OAKSTAR, aka [[.US-3217]] (PDDG:MU)
Category

      program

Family

      undefined

Related items

            OAKSTAR


Sources



Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SILVERZEPHYR
Description

      Subprogram of OAKSTAR, aka US-3257 (PDDG:SK), DNR (metadata, voice, fax), DNI (content,
      metadata)
Category

      program

Family

      undefined

Related items

            OAKSTAR
            STEELKNIGHT


Sources
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                             Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                             Comment []: HTML: </NOSCRIPT>
STEELFLAUTA                                                                                                  Comment []: HTML: <NOSCRIPT>

Description                                                                                                  Comment []: HTML: </NOSCRIPT>

      SSO Corporate/ TAO (Tailored Access Operations) Shaping
Category

      program

Family

      collect

Related items



Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

STELLARWIND
Description

      STELLARWIND (STLW) is the code name of a Sensitive Compartmented Information security
      compartment for information collected under the President's Surveillance Program (PSP). This
      was a program by the United States National Security Agency (NSA) during the presidency of
      George W. Bush and revealed by Thomas Tamm to the The New York Times in 2008. The
      operation was approved by President George W. Bush shortly after the September 11 attacks in
      2001. STELLARWIND was succeeded during the presidency of Barack Obama by four major lines of
      intelligence collection in the territorial United States together capable of spanning the full range
      of modern telecommunications. The program's activities involved data mining of a large database
      of the communications of American citizens, including e-mail communications, phone
      conversations, financial transactions, and Internet activity.
Category

      program

Family

      collect
Related items                                                                                                Comment []: HTML: <NOSCRIPT>

            BLARNEY                                                                                         Comment []: HTML: </NOSCRIPT>
                                                                                                             Comment []: HTML: <NOSCRIPT>

Sources                                                                                                      Comment []: HTML: </NOSCRIPT>


            en.wikipedia.org

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

STORMBREW
Description

      STORMBREW (aka US-983 (PDDG:FL) is an umbrella program involving surveillance of
      telecommunications. It falls under the category of "UPSTREAM collection," meaning that data is
      pulled directly from fiber-optic cables and top-level communications infrastructure. There is also a
      SIGAD of the same name, which is described as a "key corporate partner." A map shows that the
      collection is done entirely within the United States. This corporate partner has servers in
      Washington, California, Texas, Florida, and in or around New York, Virginia, and Pennsylvania.
      UPSTREAM collection programs allow access to very high volumes of data, and most of the pre-
      selection is done by the providers themselves, before the data is passed on to the NSA.
Category

      program

Family

      undefined

Related items

               MADCAPOCELOT,
               STORMBREW,
               PINWALE,
               MARINA
               UPSTREAM
               XKEYSCORE

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Sources

            en.wikipedia.org
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
STRAITBIZARRE                                                                                             Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      Software made By Digital Network Technologies (DNT) for controlling and receiving data from
      “implants”. Also involved somewhere in the process of uploading malicious HD firmware (works
      with a tool called SLICKERVICAR to accomplish this)
Category

      program

Family

      collect

Related items

               COTTONMOUTH-I
               COTTONMOUTH-II
               COTTONMOUTH-III
               DROPOUTJEEP
               IRATEMONK
               [[TOTEGHOSTLY
               2.0]]


Sources

            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

SURLYSPAWN
Description

      has the capability to gather keystrokes without requiring any software running on the targeted
      system. It also only requires that the targeted system be touched once. The retro-reflector is
      compatible with both USB ans PS/2 keyboards. The simplicity of the design allows the form factor
      to be tailored for specific operational requirements.
Category
      program                                                                                               Comment []: HTML: <NOSCRIPT>

Family                                                                                                      Comment []: HTML: </NOSCRIPT>

      collect

Related items

            ANGRYNEIGHBOR,
            TAO


Sources

            To Protect And Infect Part 2
            NSA's catalog

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

TAWDRYYARD
Description

      TAWDRYYARD is used as a beacon, typically to assist in locating and identifying deployed
      RAGEMASTER units. Current designs allows it to be detected and located quite easily within a 5°'
      radius of the radar system being used to illuminate it. It allows a standard lithium coin cell to
      power it for months or years. The simplicity of the design allows to form factor to be tailored for
      specific operational requirements. Future capabilities being considered are returnof GPS
      coordinates and a unique target identifier and automatic processing to scan a target area for
      presence of TAWDRYYARDs. All components are COTS and so are non-attributable to NSA.
Category

      program

Family

      target

Related items

               RAGEMASTER
               ANGRYNEIGHBOR
               VAGRANT
               DROPMIRE
               SURLYSPAWN
            CTX4000                                                                                         Comment []: HTML: <NOSCRIPT>
            [PHOTOANGLO]]
                                                                                                             Comment []: HTML: </NOSCRIPT>
            RAGEMASTER
                                                                                                             Comment []: HTML: <NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                             Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                             Comment []: HTML: <NOSCRIPT>
Sources
                                                                                                             Comment []: HTML: </NOSCRIPT>
            To Protect And Infect Part 2
            NSA's catalog
            wikimedia.org - NSA TAWDRYYARD

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

THINTREAD
Description

      THINTREAD is the name of a project that the NSA pursued during the 1990s. The program
      involved wiretapping and sophisticated analysis of the resulting data, but according to the article,
      the program was discontinued three weeks before the September 11, 2001 attacks due to the
      changes in priorities and the consolidation of U.S. intelligence authority. The "change in priority"
      consisted of the decision made by the director of NSA General Michael V. Hayden to go with a
      concept called TRAILBLAZER, despite the fact that THINTREAD was a working prototype that
      protected the privacy of U.S. citizens.ThinThread was dismissed and replaced by the TRAILBLAZER
      Project
Category

      program

Family

      collect

Related items

            TRAILBLAZER


Sources

            en.wikipedia.org

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
TRAFFICTHIEF                                                                                              Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>

      According to an XKEYSCORE presentation, TRAFFICTHIEF is a database of "Meta-data from a
      subset of tasked strong-selectors" According to the XKEYSCORE presentation, a example of a
      strong selector is an email address. In other words, it would be a database of the metadata
      associated with names, phone numbers, email addresses, etc., that the intelligence services are
      specifically targeting.
Category

      program

Family

      database

Related items

            XKEYSCORE


Sources

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

TRAILBLAZER
Description

      TRAILBLAZER was a United States NSA program intended to develop a capability to analyze data
      carried on communications networks like the Internet. It was intended to track entities using
      communication methods such as cell phones and e-mail. It ran over budget, failed to accomplish
      critical goals, and was cancelled.
Category

      program

Family

      collect

Related items

            undefined
Sources                                                                                                   Comment []: HTML: <NOSCRIPT>

            en.wikipedia.org                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any   Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.                                                          Comment []: HTML: <NOSCRIPT>

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any   Comment []: HTML: </NOSCRIPT>
tracker or any script linking to another domain.

TRAILBLAZER
Description

      TRAILBLAZER was a United States NSA program intended to develop a capability to analyze data
      carried on communications networks like the Internet. It was intended to track entities using
      communication methods such as cell phones and e-mail. It ran over budget, failed to accomplish
      critical goals, and was cancelled.
Category

      program

Family

      collect

Related items

            undefined


Sources

            en.wikipedia.org


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

TURMOIL
Description

      TURMOIL is involved in the process of decrypting communications by using Deep Packet
      Inspection ( Passive dragnet surveillance sensors).
Category
      program                                                                                             Comment []: HTML: <NOSCRIPT>

Family                                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      collect target
                                                                                                          Comment []: HTML: </NOSCRIPT>
Related items

            QFIRE


Sources

               To Protect And Infect Part 2
               Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years
               wikileaks-forum.com
               The Guardian: nsa-gchq-encryption-codes-security

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

TUTELAGE
Description

      Part of the [[Turbulence (NSA)|TURBULENCE]] program. NSA's own defense system against
      hacking.
Category

      program

Family

      undefined

Related items

            TURBULENCE


Sources

            NSA's codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.
UPSTREAM                                                                                                  Comment []: HTML: <NOSCRIPT>

Description                                                                                               Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      The UPSTREAM program, or "Room 641A", is a telecommunication interception facility operated
      by [[AT&T]] for the NSA that commenced operations in 2003 and was exposed in 2006. Room             Comment []: HTML: </NOSCRIPT>
      641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three
      floors of which were occupied by AT&T before SBC purchased AT&T. The room was referred to in
      internal AT&T documents as the SG3 [Study Group 3] Secure Room. It is fed by fiber optic lines
      from beam splitters installed in fiber optic trunks carrying Internet backbone traffic and, as
      analyzed by J. Scott Marcus, a former CTO for GTE and a former adviser to the FCC, has access to
      all Internet traffic that passes through the building, and therefore "the capability to enable
      surveillance and analysis of internet content on a massive scale, including both overseas and
      purely domestic traffic." Former director of the NSA's World Geopolitical and Military Analysis
      Reporting Group, William Binney, has estimated that 10 to 20 such facilities have been installed
      throughout the United States.
Category

      program

Family

      collect

Related items

            undefined

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

Sources

            Whistle-Blower's Evidence
            Room 641A

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

VAGRANT
Description

      Collection of computer Screens. The monitor cables are rigged with an RF retro reflector,
      [[(RAGEMASTER]]). VAGRANT collection therefor requires a continuous RF generator such as
      CTX4000 or PHOTOANGLO, and a system to process and display the returned video signal such as
      NIGHTWATCH, GOTHAM, LS-2 (with an external monitor), or VIEWPLATE. Known to be deployed
      in the field , as of September 2010 at the following embassies: Brazil's UN Mission in NY           Comment []: HTML: </NOSCRIPT>
      (POKOMOKE), France's UN Mission in NY (BLACKFOOT), India's Embassy and annex in DC, and
                                                                                                          Comment []: HTML: <NOSCRIPT>
      India's UN Mission in New York. India's embassies were slated to be detasked, at the time of the
      document. Context of documents seems to suggest, but does not definitively prove that the           Comment []: HTML: </NOSCRIPT>
      coverterm VAGRANT only applies to the signal itself.
Category

      program

Family

      collect

Related items

               CTX4000
               CW
               DROPMIRE
               RAGEMASTER
               PHOTOANGLO
               NIGHTWATCH
               GOTHAM,
               LS-2

            VIEWPLATE


Sources

            docs by lemonde.fr
            Code Names for NSA Exploit Tools
            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

VIEWPLATE
Description

      Replacement for the NIGHTWATCH system.
Category

      program

Family
      undefined                                                                                           Comment []: HTML: <NOSCRIPT>

Related items                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
            NIGHTWATCH
                                                                                                          Comment []: HTML: </NOSCRIPT>
            PHOTOANGLO


Sources

            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

WATERWITCH
Description

      Handheld device for homing in on target handsets, used in conjunction with TYPHON or similar
      systems to provide more precise location information.
Category

      program

Family

      target

Related items

            TYPHON


Sources

            To Protect And Infect Part 2
            NSA's catalog
            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

WISTFULTOLL
Description
      A plugin for UNITEDRAKE and STRAITBIZARRE that extracts WMI and registry information from the         Comment []: HTML: <NOSCRIPT>
      victim machine. Also available as a stand-alone executable. Can be installed either remotely, or by
                                                                                                            Comment []: HTML: </NOSCRIPT>
      USB thumb drive. In the latter case, exfiltrated data will be stored on that same thumb drive.
      Works on Windows 2000, XP, and 2003.
Category

      program

Family

      undefined

Related items

               IRATEMONK,
               STRAITBIZARRE,
               SEAGULLFARO,
               UNITEDRAKE,
               RETURNSPRING


Sources

            NSA's codenames

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

XKEYSCORE
Description

      XKeyscore (XKS) is a formerly secret computer system used by the United States National Security
      Agency for searching and analyzing Internet data about foreign nationals across the world. The
      program is run jointly with other agencies including Australia's Defence Signals Directorate, and
      New Zealand's Government Communications Security Bureau. XKeyscore is an NSA data-retrieval
      system which consists of a series of user interfaces, backend databases, servers and software that
      selects certain types of metadata that the NSA has already collected using other
      methods.According to the published slides, these come from three different sources:* FORNSAT -
      which means "foreign satellite collection", and refers to intercepts from satellites (ECHELON) that
      process data used by other countries* Overhead - American satellites* Special Source Operations
      (SSO -Division of the NSA that cooperates with American mobile phone operators* Tailored
      Access Operations (TAO - Division of the NSA that deals with hacking and cyberwarfare* F6 - Joint
      operation of the CIA and NSA (Special Collection Service) that carries out clandestine operations
      including espionage on foreign diplomats and leaders* FISA - All types of surveillance approved by
      the Foreign Intelligence Surveillance Court* 3rd party - Foreign partners of the NSA such as        Comment []: HTML: <NOSCRIPT>
      Belgium, Denmark, France, Germany, Italy, Japan, the Netherlands, Norway, Sweden, etc
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
                                                                                                          Comment []: HTML: <NOSCRIPT>
tracker or any script linking to another domain.
                                                                                                          Comment []: HTML: </NOSCRIPT>
Category

      program

Family

      process

Related items

            undefined


Sources

               en.wikipedia.org
               Phone Records Program Released
               Is XKeyscore Still Active? Defense Contractor Posted a Job Listing for It 2 weeks Ago
               What's XKEYSCORE?
               NSA online - metadata collection (The Guardian)
               NSA's Internet Taps Can Find Systems to Hack, Track VPNs and Word Docs

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

YACHTSHOP
Description

      Subprogram of OAKSTAR, aka US-3247 (PDDG:PJ)
Category

      program

Family

      undefined

Related items

            OAKSTAR
            MARINA
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sources                                                                                                   Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
                                                                                                          Comment []: HTML: </NOSCRIPT>
Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

x

YELLOWPIN
Description

      a particular device that includes a HOWLERMONKEY component
Category

      program

Family

      collect

Related items

             HOWLERMONKEY


Sources

             NSA's codenames


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

AMBULANT
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI
Related items                                                                                             Comment []: HTML: <NOSCRIPT>

             BULLRUN                                                                                     Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>

Sources                                                                                                   Comment []: HTML: </NOSCRIPT>


             cryptome.org/guardian

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

APERIODIC
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI

Related items

             BULLRUN


Sources

             cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

AUNTIE
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family
      ECI                                                                                                 Comment []: HTML: <NOSCRIPT>

Related items                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
             BULLRUN
                                                                                                          Comment []: HTML: </NOSCRIPT>


Sources

             cryptome.org/guardian

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

AUNTIE
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI

Related items

             BULLRUN


Sources

             cryptome.org/guardian

Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PAWLEYS
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family
      ECI                                                                                                 Comment []: HTML: <NOSCRIPT>

Related items                                                                                             Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
             BULLRUN
                                                                                                          Comment []: HTML: </NOSCRIPT>


Sources

             cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PENDLETON
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI

Related items

             BULLRUN


Sources

             cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PICARESQUE
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category
      compartiment                                                                                        Comment []: HTML: <NOSCRIPT>

Family                                                                                                    Comment []: HTML: </NOSCRIPT>
                                                                                                          Comment []: HTML: <NOSCRIPT>
      ECI
                                                                                                          Comment []: HTML: </NOSCRIPT>
Related items

             BULLRUN


Sources

             cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PIEDMONT
Description

      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI

Related items

             BULLRUN


Sources

             cryptome.org/guardian


Sorry, but this site relays entirely on javascript. <br /> For your information, it doesn't include any
tracker or any script linking to another domain.

PIEDMONT
Description
      An undetermined, highly confidential compartiment mentioned in the BULLRUN documents.
Category

      compartiment

Family

      ECI

Related items

             BULLRUN


Sources

             cryptome.org/guardian


https://nsa-observer.laquadrature.net/

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:0
posted:2/8/2014
language:English
pages:84