Difference between revisions of "NSA surveillance tools"

From La Quadrature du Net
Jump to navigationJump to search
m
(Replaced content with " Please go to https://nsa-observer.laquadrature.net")
Line 1: Line 1:
Copy of https://pad.lqdn.fr/p/nsa_surveillance_tools (more than 400, yes FOUR HUNDREDS surveillance programs or tools - AFA(we)K.)
 
  
Please attempt to provide for each program the following information in the following format (between ----------)  :
 
  
-------------------------------------------------------------------------------------------------------
+
Please go to https://nsa-observer.laquadrature.net
=== Name (how to contribute to https://pad.lqdn.fr/p/nsa_surveillance_tools )  ===
 
 
 
<nowiki>""Short Description"" : what it is or does
 
""Category"" : either program|compartment|attack vector (see Categories note for definition)
 
""Family"" : either collect | process | database | target | attack  (see Families note for definition)
 
""Related items"" : {list of programs or compartments, space separated, wiki style links}
 
""Status"" : either active|inactive|unknown (if you have no idea)
 
""Links"" :
 
* [http://wikipedia|Wikipedia]
 
* [http://src|Source PDF/document]
 
* [http://etc|More]</nowiki>
 
-------------------------------------------------------------------------------------------------------
 
 
 
<!--
 
Useful links
 
 
 
General documentation
 
http://cryptome.org/2013/12/appelbaum-30c3.pdf..
 
*https://en.wikipedia.org/wiki/Global_surveillance_by_category <<<<<
 
Jacob Appelbaum 30c3 Protect and Infect Slides - http://cryptome.org/2013/12/appelbaum-30c3.pdf
 
Full 50 pages of the NSA ANT Catalog with crisp images in 11 separate files: http://cryptome.org/2013/12/nsa-Crisp
 
QUANTUMTHEORY Images: http://cryptome.org/2013/12/nsa-quantumtheory.pdf
 
Crisp QUANTUM Tasking Images: http://cryptome.org/2013/12/nsa-quantum-tasking.pdf
 
http://www.mindmeister.com/fr/308518551/the-national-security-agency-operates-more-than-500-separate-signals-intelligence-platforms-employs- <<<<<
 
,
 
*http://cryptome.org/2013/11/snowden-tally.htm
 
*https://www.eff.org/nsa-spying/nsadocs <<<<<
 
*https://en.wikipedia.org/wiki/Category:National_Security_Agency
 
*http://pastebin.com/2puqUUXC
 
*http://pastebin.com/tCF8XBbd
 
*http://cryptome.org/2014/01/nsa-codenames.htm <<<<<<
 
* http://buggedplanet.info
 
- - > http://buggedplanet.info/index.php?title=Category:NSA_codewords
 
* http://bluecabinet.info
 
https://buggedplanet.info/index.php?title=Category:NSA_programs
 
 
 
* http://electrospaces.blogspot.fr/p/nicknames-and-codewords.html !
 
* http://williamaarkin.wordpress.com/2012/03/13/nsa-code-names-revealed/
 
 
 
Reading and understanding the NSA docs  (classification and acronyms)
 
* https://en.wikipedia.org/wiki/Sensitive_Compartmented_Information
 
* https://en.wikipedia.org/wiki/Classified_information_in_the_United_States   
 
* https://en.wikipedia.org/wiki/Special_access_program
 
* http://www.abovetopsecret.com/forum/thread971628/pg1
 
 
 
 
 
Note : Categories
 
Program          A program is a technical solution of some sort (ex: a database, satellite collect, etc.) or a group of programs.
 
Compartment    A compartment is a partner of some sort (ex: foreign state, company, etc.) or a group of compartments.
 
attack vector    An attack vector is any kind of attack tool, software (ex: trojan) or hardware (ex: USB bug).
 
 
 
DSI tool : Digital Network Intelligence the NSA term for the collection of data from the Internet. (from https://en.wikipedia.org/wiki/DNI) < corresponds to family:collect
 
 
 
Note : Families
 
    For category:programs :
 
 
 
    Collect            A collection program attempts to retrieve signal by any mean necessary (either global or local)
 
 
 
    Process          Such a program receives raw data (think packets), attempts to read from it  and stores this information in a database
 
 
 
    Database          Stores data for later use
 
 
 
    Target              Once  the processed signal is stored, targeting allows the analyst to find new targets
 
 
 
    Attack              Once a target is found, it is attacked in order to collect more informations
 
 
 
 
 
    For category:attack vector
 
 
 
    software          Any bytecode executed on an target computer (ex: Trojan, keylogger, etc.)
 
 
 
    hardware        Any physical device deployed in target environment (ex: USB or video cable implant)
 
 
 
    network          Any network operation executed on target network traffic (ex: packets manipulation, stream injection)
 
 
 
 
 
 
 
Note : Online documentation
 
As with any kind of work, we relay on others work. You'll find a number of links at the end of this document who will help you to dig / understand in case of need.
 
 
 
NO REF:
 
 
 
    BACONRIDGt (NSA datacenter in St.Antonio, TX) BANANAGLEE (DNT software exploit. Related to TAO, https://www.schneier.com/blog/archives/2013/12/more_about_the.html)  BLACKPEARL  BLINDDATE  BSR  BULLDOZER  Byzantine Anchor (BA)  Byzantine Candor (BC)  Byzantine Hades (BH) BANYAN  BELLTOPPER BELLVIEW BINOCULAR BLACKFOOT BLACKMAGIC BLACKWATCH BULLSEYE
 
 
 
    CANDYGRAM  CDR Diode  CHIMNEYPOOL  CONJECTURE  CONOP  COTS  CROSSBEAM  CRUMPET Covert network (CCN)  CRYPTO ENABLED  CW  CYCLONE Hx9  CADENCE  CANNON LIGHT CARBOY II CARILLION  CASPORT CENTERMASS  CHALKFUN  CHASEFALCON CHEWSTICK CHIPPEWA  CIMBRICINEPLEX CLOUD  COASTLINE  CREDIBLE CREST  CRISSCROSS
 
 
 
    DANDERSPRIT  DANDERSPRITZ  DIETYBOUNCE  DOCKETDICTATE  DOGCOLLAR DANCINGOASIS DANGERMOUSE DECKPIN DELTA  DIKTER DISHFIRE DRAGONFLY DRUID DYNAMO
 
 
 
    EBSR  ENTOURAGE  EPICFAIL EWALK
 
 
 
      FERRETCANNON  FET  FINKDIFFERENT (FIDI)  FIREWALK  FLUXBABBIT  FLYING PIG  FOXSEARCH  FREEFLOW  FREEZEPOST  FRIEZERAMP  FUNNELOUT FACELIFT FALLOUT FASCIA FISHBOWL FOXTRAIL
 
 
 
    GALAXY  GECKO II  GENESIS  GEOFUSION  GINSU  GOPHERSET  GOURMETTROUGH  GREAT EXPECTATIONS GAMUT  GENTE GLOBAL BROKER
 
 
 
    HALLUXWATER  HAMMERMILL  HC12  HEADWATER  HOLLOWPOINT  HOWLERMONKEY (HM)  HOWLERMONKRY  HUSH PUPPY HERCULES  HOMEBASE
 
 
 
    ISLANDTRANSPORT  INTELINK ISHTAR IVY BELLS
 
 
 
    JETPLOW  JUNIORMINT 
 
 
 
    KONGUR  KLONDIKE (KDK)
 
 
 
    LANDSHARK  LEGION (JADE)  LEGION (RUBY)  LFS-2  LHR  LOUDAUTO LITHIUM LONGHAUL
 
 
 
    MAESTRO  MCM  MIDDLEMAN  MJOLNIR  MOCCASIN  MONKEYCALENDAR  MULLENIZE  MUTANT BROTH  MAGIC LANTERN  MAILORDER MAIN CORE MAUI MESSIAH METTLESOME  MORAY
 
 
 
    NEBULA  NEWTONS CRADLE  NIGHTWATCH
 
 
 
    OCONUS  OLYMPUS  OMNIGAT  ONIONBREATH  OSMJCM-II  OILSTOCK  OCTAVE OCTSKYWARD ONEROOF OSCAR
 
 
 
    PARCHDUSK  PHOTOANGLO  PICASSO  PPM  PROTOSS  PSP PLUS  PROTON PUZZLECUBE PAWLEYS PITCHFORD PENDLETON PICARESQUE PIEDMONT. PAINTEDEAGLE
 
 
 
      QIM/JMSQ  QUICKANT 
 
 
 
      REMATION II  Retro reflector  RETURNSPRING  ROCKYKNOB  RONIN
 
 
 
      SDR  SEAGULLFARO  SERUM  SHARPFOCUS (SF2)  SHORTSHEET SLICKERVICAR  SNEAKERNET  SOUFFLETROUGH  SPARROW II  SPECULATION  SSG  STRAITBAZARRE  STRAITBIZARRE (SB)  TRIKEZONE  STRONGMITE    STUXNET  SURPLUSHANGAR  SUTURESAILOR  SWAP SABRE SEMESTER SETTEE  SHARKFIN  SOLIS  SPHINX SPINNERET SPOKE  SPOTBEAM STEELKNIGHT STONE STUMPCURSOR  SURREY SCHOOLMONTANA SIERRAMONTANA SEASONEDMOTH STRAITBAZZARE SSP (Mexican Public SecuritySecretariat, http://www.spiegel.de/fotostrecke/nsa-dokumente-die-abteilung-tao-der-nsa-fotostrecke-105355-6.html related to TAO)
 
 
 
    TLN  TOTECHASER  TOTEGHOSTLY TRINITY    TUNING FORK    TUROPANDA  TWISTEDKILT TALENT KEYHOLE (TK) TALK QUICK TAPERLAY TAROTCARD TEMPEST TREASUREMAP TRIBUTARY TRINE TUNINGFORK TUSKATTIRE
 
 
 
    UMBRA UNIFORM
 
 
 
    WHITETAMALE  WEALTHYCLUSTER WRANGLER WEBCANDID WHITEBOX
 
 
 
      XCONCORD
 
 
 
    ZESTYLEAK
 
-->
 
 
 
 
 
== A ==
 
 
 
=== AGILEVIEW ===
 
""Short Description"" : NSA internet information tool or database / digital network intelligence tools (DNI tool)
 
""Category"" : program
 
""Family"" :collect
 
""Related items"" :
 
""Status"" :
 
 
 
=== AGILITY ===
 
""Short Description"" : NSA internet information tool or database / digital network intelligence tools (DNI tool)
 
""Category"" : program
 
""Family"" :collect
 
""Related items"" :
 
""Status"" :
 
 
 
=== AIGHANDLER ===
 
""Short Description"" : Geolocation analysis (?).
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
*
 
 
 
=== AIRGAP/COZEN ===
 
""Short Description"" : Priority missions tool used to determine SIGINT gaps
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== AIRSTEED ===
 
""Short Description"" : Cell phone tracking program of the Global Access Operations (GAO)
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ALPHA ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ALTEREGO ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== AMBULANT ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ANCHORY ===
 
""Short Description"" : NSA software system which provides web access to textual intelligence documents
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://muckrock.s3.amazonaws.com/foia_files/7-17-13_MR6022RES.pdf|7-17-13_MR6022RES.pdf]
 
 
 
 
 
 
 
=== ANGRYNEIGHBOR ===
 
""Short Description"" :
 
""Category"" : attack vector
 
""Family"" :
 
""Related items"" : [[CW]] [[SURLYSPAWN]] [[RAGEMASTER]] [[DROPMIRE]] [[LOUDAUTO]]
 
""Status"" :
 
 
 
=== APERIODIC ===
 
""Short Description"" :
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== AQUADOR ===
 
""Short Description"" :
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ARGON ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ARKSTREAM ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ARTEMIS ===
 
""Short Description"" : Geospatial analysis
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== ASSOCIATION ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== AUNTIE ===
 
""Short Description"" :
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== AUTOSOURCE ===
 
""Short Description"" :
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
== B ==
 
 
 
=== BACONRIDGE ===
 
""Short Description"" : Installation of TAO in St. Antonio, TX. 270 personnel, 210 workshations.
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[Tailored Access Operations]]
 
""Links"" :
 
* [
 
    http://www.spiegel.de/fotostrecke/nsa-dokumente-die-abteilung-tao-der-nsa-fotostrecke-105355-14.html|Der Spiegel] Geheimdokumente: Die Spezialabteilung TAO der NSA stellt sich vor
 
 
 
 
 
=== BEACHHEAD ===
 
""Short Description"" :Computer exploit delivered by the system.
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" : [[FERRETCANNON]] [[FOXACID ]]
 
""Links"" :
 
* [https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html|Bruce Scheier] The NSA's New Risk Analysis
 
 
 
=== BLACKHEART ===
 
""Short Description"" : collection from FBI implant.
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== BEACHHEAD ===
 
""Short Description"" :Computer exploit delivered by the system.
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" : [[FERRETCANNON]] [[FOXACID ]]
 
 
 
=== BLARNEY ===
 
""Short Description"" :[[BLARNEY]] ('''US-984''' and '''US-984X'''). The collection takes place at top-level telecommunications facilities  within the United States, choke points through which most traffic will  flow, including wireless. This type of surveillance is referred to as  "[[UPSTREAM]] Collection.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://en.wikipedia.org/wiki/Blarney_%28code_name%29|en.wikipedia.org]
 
 
 
=== BLUEANCHOR ===
 
""Short Description"" :Partner providing a network access point for the [[YACHTSTOP]] program
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[YACHTSTOP]]
 
""Status"" :
 
 
 
=== BLUEZEPHYR ===
 
""Short Description"" : [[US-3277]], subprogram of [[OAKSTAR]]
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[OAKSTAR]]
 
""Status"" :
 
 
 
=== BOUNDLESSINFORMANT ===
 
""Short Description"" : [[BOUNDLESSINFORMANT]] is a big data analysis and data visualization system used by the NSA to give managers summaries of the NSA's world wide data collection activities. According to a Top Secret heat map display also published by The Guardian  and produced by the Boundless Informant program, almost 3 billion data  elements from inside the United States were captured by the NSA over a  30-day period ending in March 2013.Data analyzed by BOUNDLESSINFORMANT includes electronic surveillance program records (DNI) and telephone call metadata records (DNR) stored in an NSA data archive called GM-PLACE. It does not include FISA data, according to the FAQ memo. [[PRISM]],  a government codename for a collection effort known officially as US-984XN, which was revealed at the same time as BOUNDLESSINFORMANT, is  one source of DNR data. According to the map, BOUNDLESSINFORMANT summarizes data records from 504 separate DNR and DNI collection sources  (SIGADs).  In the map, countries that are under surveillance are assigned a color  from green, representing least coverage to red, most intensive.
 
""Category"" : program
 
""Family"" : process
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://en.wikipedia.org/wiki/Boundless_Informant|en.wikipedia.org]
 
* [http://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining|The Guardian] : Boundless Informant: the NSA's secret tool to track global surveillance dat
 
 
 
=== BULLRUN ===
 
""Short Description"" : [[BULLRUN]]  is a clandestine, highly classified decryption program run by the NSA. The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed [[EDGEHILL]]. Access to the program is limited to a group of top personnel at the Five Eyes (FVEY), NSA and the signals intelligence  agencies of Britain, Canada, Australia, and New Zealand. Signals that  cannot be decrypted with current technology may be retained indefinitely  while the agencies continue to attempt to decrypt them.
 
 
 
"Documents show that the N.S.A. has been waging a  war against encryption using a battery of methods that include working  with industry to weaken encryption standards, making design changes to  cryptographic software, and pushing international encryption standards  it knows it can break." (The New York Times)
 
""Category"" : program
 
""Family"" : process
 
""Related items"" : [[APERIODIC]], [[AMBULANT]], [[AUNTIE]], [[PAINTEDEAGLE]], [[PAWLEYS]], [[PITCHFORD]], [[PENDLETON]], [[PICARESQUE]], [[PIEDMONT]]
 
""Status"" :
 
""Links"" :
 
* [https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29|en.wikipedia.org]
 
* [http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0|Secret Documents Reveal N.S.A. Campaign Against Encryption]
 
* [http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide|The Guardian] : Project Bullrun – classification guide to the NSA's decryption program
 
 
 
== C ==
 
 
 
=== CDRDIODE ===
 
""Short Description"" :It is the name for a protecting device that enables the intercepted data to flow to NSA without enabling an attacker to use the same way to compromise NSA or travel further toward identification. The tentative explanation is that when some data come from the low side (insecure) toward the high side (secure) of the NSA infrastructure so that it can be read by analaysts at the NSA Remote Operation Center [[ROC]], then it needs to go through that [[CDRDIODE]].
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[IRATEMONK]] [[WISTFULTOLL]]
 
""Status"" :
 
""Links"" :
 
* [http://cryptome.org/2014/01/nsa-codenames.htm|NSA's codenames]
 
* [https://www.youtube.com/watch?v=R8QFPf2RMCQ|Jacob Appelbaum: NSA's FoxAcid/Quantum Programs] at the european parliament - 10/15/2013
 
 
 
=== COBALTFALCON ===
 
""Short Description"" : [[US-3354]], Subprogram of [[OAKSTAR]].
 
""Category"" : program
 
""Family"" :
 
""Related items"" :[[OAKSTAR]]
 
""Status"" :
 
 
 
=== COMMONDEER ===
 
""Short Description"" :
 
""Category"" : attack vector
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2: The militarization of the Internet by Jacob Appelbaum.]
 
 
 
=== CONTRAOCTAVE ===
 
""Short Description"" :
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== CONVEYANCE ===
 
""Short Description"" :[[CONVEYANCE]] is a final layer of filtering to reduce the intake of information about Americans, it provides filtering for [[PRISM]] and filtering the voice content processed by S3132. The CONVEYANCE's informations are stocked in [[NUCLEON]].
 
""Category"" : program
 
""Family"" : process
 
""Related items"" : [[PRISM]] [[NUCLEON]]
 
""Status"" :
 
""Links"" :
 
* [http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/|washingtonpost.com] NSA slides explain the PRISM data-collection program
 
 
 
=== COTTONMOUTH-1 ===
 
""Short Description""  : will provide air-gap bridging software persistence capability "in-field" reprogrammability, and covert communications with a host software implant over the USB. The RF link will enable command and data infiltration and exfiltration. CM-1 will also communicate with Data Network Technologies (DNT) software ([[STRAITBIZARRE]] through a covert channel implemented on the USB, using this communication channel to pass commands and data between hardware and software implants. CM-1 will be a [[GENIE]]-compliant based on [[CHIMNEYPOOL]].  CM-1 conceals digital components ([[TRINITY]]), USB 1.1 FS hub, switches, and [[HOWLERMONKEY]] (HM) RF Transceiver within the USB Séries-A cable connector. [[MOCCASIN]] is the version permanently connected to a USB keyboard. Another version can be made with an unmodified USB connector at the other end. CMH-I has the ability to communicate to other CM devices over the RF link using an over-the-air protocol called [[SPECULATION]].
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[COTTONMOUTH]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== COTTONMOUTH-2 ===
 
""Short Description""  : will  provide air-gap bridging software persistence capability "in-field"  reprogrammability, and covert communications with a host software  implant over the USB. The RF link will enable command and data  infiltration and exfiltration. CM-1 will also communicate with Data  Network Technologies (DNT) software ([[STRAITBIZARRE]] through a covert  channel implemented on the USB, using this communication channel to pass  commands and data between hardware and software implants. CM-1 will  be a [[#GENIE|]]-compliant based on [[CHIMNEYPOOL]].  CM-1 conceals  digital components ([[TRINITY]]), USB 2.0 HS hub, switches, (...?)
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[COTTONMOUTH]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== COTTONMOUTH-3 ===
 
""Short Description""  :
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[COTTONMOUTH]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== COURIERSKILL ===
 
""Short Description""  : Collection mission system.
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
 
 
=== CRYPTOENABLED ===
 
""Short Description"" :collection derived from AO's efforts to enable crypto.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" : [http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html|LeMonde.fr] La diplomatie Française sur écoute aux États-unis
 
 
 
=== CUSTOMS ===
 
""Short Description"" : customs opportunities (not [[LIFESAFER]])
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== CTX4000 ===
 
""Short Description"" : the CTX4000 is a portable continuous wave radar unit, it can be used to illuminate a target system to recover different off net information. Primary uses include [[VAGRANT]] and [[DROPMIRE]] collection. (see also [[CW]])
 
""Category"" : attack vector
 
""Family"" : hardware
 
""Related items"" : [[VAGRANT]] [[DROPMIRE]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
* [[CW]] - Continuous Wave
 
 
 
=== CW ===
 
""Short Description"" :Continuous Wave aka [[CW]] is a continuous radio signal (like the [[CTX4000]]) sent toward a target so that the reflected radio wave is modulated by the signal to intercept. It's the default interception mechanism of NSA for both voice, PS2 and USB keyboard keypresses, exfiltered data, network traffic and any kind of data the NSA is interested to extract from a target. It's a very advanced attack where a Radar sends a [[CW]] toward a target covertly equipped with a eavesdropping bug called a [[RETROREFLECTOR]] which will modulate the original [[CW]] signal and re-radiate this modulated [[CW]] so that it can be picked up by the emitting Radar. The benefit of such technique is that there is no need for the eavesdropping bug to generate radio signal, and therefore, no need for huge batteries or power. It also means that the bug can be turned on and off remotely, providing easy way to turn off the bug when a bug sweep detection team is trying to located it. The downside is that it's dangerous for health as the Radar signal between 1Ghz and 6Ghz can be harmful to human and cause illness and cancer, as it did numerous times in the past since the first time it was detected in the US Embassy in Moscow, Russia.
 
""Category"" : attack vector
 
""Family"" : hardware
 
""Related items"" : [[ANGRYNEIGHBOR]] [CTX4000]] [[RAGEMASTER]]  [[VAGRANT]]
 
""Status"" :
 
""Links"" :
 
* [http://www.emfacts.com/2012/06/john-goldsmith-on-scientific-misconduct-and-the-lilienfeld-study-an-oldie-but-still-relevant-today/ |emfacts.com]
 
* [http://www.ehjournal.net/content/11/1/85|ehjournal.net]
 
* [http://emrstop.org/index.php?option=com_content&view=article&id=118:they-have-known-about-microwave-radiation-harm-for-decades&catid=31:emf-politics-a-research-analyses&Itemid=40|ermstop.org]
 
* [http://www.scribd.com/doc/13616226/The-Moscow-Embassy-incident|scribd.com / The Moscow Embassy incident]
 
* [http://www.wikileaks.org/plusd/cables/1976MOSCOW01437_b.html#efmAtaAwK|wikileaks.org]
 
 
 
== D ==
 
 
 
=== DARKTHUNDER ===
 
""Short Description"" :SSO Corporate/ TAO (Tailored Access Operations) Shaping  A SIGAD used for TAO, and thus [[QUANTUM]], [[FOXACID]].
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[QUANTUM]], [[FOXACID]]
 
""Status"" :
 
 
 
=== DEITYBOUNCE ===
 
""Short Description"" : DEITYBOUNCE provides software application persistence  on Dell PowerEdge servers by exploiting the motherboard BIOS and  utilizing System Management Mode (SMM) to gain periodic execution while  the Operating System loads. This technique supports multi-processor systems with  RAID hardware and Microsoft Windows 2000, 2003, and XP. It currently  targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS  versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7. Through remote access or interdiction, [[ARKSTREAM]] is  used to reflash the BIOS on a target machine to implant DEITYBOUNCE and  its payload (the implant installer). Implantation via interdiction may  be accomplished by nontechnical operator through use of a USB thumb  drive. Once implanted, DEITYBOUNCE's frequency of execution (dropping  the payload) is configurable and will occur when the target machine  powers on.
 
Status: Released / Deployed. Ready for Immediate Delivery
 
""Category"" :
 
""Family"" :
 
""Related items"" :  [[ARKSTREAM]]
 
""Status"" :
 
""Links"" :
 
* [https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html|DEITYBOUNCE: NSA Exploit of the Day]
 
* [http://leaksource.files.wordpress.com/2013/12/nsa-ant-deitybounce.jpg?w=1208&h=1562|ANT Product Data]
 
* [https://www.schneier.com/blog/archives/2013/12/more_about_the.html|More about the NSA's Tailored Access Operations Unit ]
 
 
 
 
 
=== DEWSWEEPER ===
 
""Short Description"" :USB (Universal Serial Bus) hardware host tap that provides COVERT link over US link into a target network. Operates w/RF relay subsystem to provide wireless Bridge into target network.
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.documentcloud.org/documents/807030-ambassade.html#document/p1|LeMonde.fr] - Snowden's docs
 
 
 
=== DROPMIRE ===
 
""Short Description"" : Passive collection of emanations using antenna. [[DROPMIRE]]  aimed at surveillance of foreign embassies and diplomatic staff, including those of NATO allies. NSA leaks show how US is bugging its European allies. The report reveals that at least ""38 foreign embassies"" were under surveillance, some of which as far back as 2007.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [[http://www.guardian.co.uk/world/2013/jun/30/nsa-leaks-us-bugging-european-allies|The Guardian - NSA]
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== DROPOUTJEEP ===
 
""Short Description"" : DROPOUTJEEP is a [[STRAITBIZARRE]] based software implant for the Apple iphone operating system and uses the [[CHIMNEYPOOL]] framework. DROPOUTJEEP is compliant with the [[FREEFLOW]] project, therefore it is supported in the [[TURBULENCE]] architecture.
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[STRAITBIZARRE]] [[CHIMNEYPOOL]] [[TURBULENCE]] [[FREEFLOW]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== DRTBOX ===
 
""Short Description"" :Program for intercepting mobile communication networks. France in the NSA's crosshair : phone networks under surveillance.
 
* [[US-985D]] - France
 
* [[US-987LA]] - Germany
 
* [[US-987LB]] - Germany
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-phone-networks-under-surveillance_3499741_651865.html?xtmc=drtbox&amp;xtcr=1|lemonde.fr]
 
 
 
== E ==
 
 
 
=== ECI === 
 
""Short Description"" : ECI ( Extremely Compartimented Intelligence) is an undeterminded group of NSA partners
 
""Category"" : compartment
 
""Related items"" : [[BULLRUN]] [[PAINTED EAGLE]]
 
""Status"" : unknown
 
""Links"" :
 
* [https://www.eff.org/files/2013/11/15/20130905-guard-bullrun.pdf|Source PDF]""
 
 
 
 
 
=== EGOTISTICALGIRAFFE  ===
 
""Short Description"" : EGOTISTICALGIRAFFE (EGGI) is a NSA program for exploiting the TOR network.
 
""Category"" : program
 
""Family"" : attack
 
""Related items"" : [[EGOTISTICALGOAT]] [[ERRONEOUSINGENUITY]]
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document|TheGuardian]
 
 
 
=== EGOTISTICALGOAT ===
 
""Short Description"" : EGOTISTICALGOAT (EGGO) is a NSA tool for exploiting the TOR network.
 
""Category"" : program
 
""Family"" : attack
 
""Related items"" : [[EGOTISTICALGIRAFFE]] [[ERRONEOUSINGENUITY]]
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document|TheGuardian]
 
 
 
=== ENDUE ===
 
""Short Description"" :A [[COI]] for sensitive decrypts of the [[BULLRUN]] program
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[BULLRUN]]
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document|TheGuardian]
 
* [http://cryptome.org/2013/09/nsa-bullrun-brief-propublica-13-0905.pdf|cryptome.org]
 
 
 
=== ERRONEOUSINGENUITY ===
 
""Short Description"" : ERRONEOUSINGENUITY (ERIN) is a NSA tool for exploiting the TOR network.
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[EGOTISTICALGIRAFFE]] [[EGOTISTICALGOAT]]
 
""Status"" :
 
 
 
=== EVENINGEASEL ===
 
""Short Description"" :Program for surveillance of phone and text communications from Mexico's cell phone network.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817.html|DerSpiegel]: NSA Accessed Mexican President's Email
 
 
 
=== EVILOLIVE ===
 
""Short Description"" :Collects internet traffic and data.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.theverge.com/2013/6/27/4470442/nsa-surveillance-programs-bulk-collection-of-internet-metadata|TheVerge] - NSA expanded bulk collection of internet data under newly uncovered surveillance programs
 
 
 
== F ==
 
 
 
=== FAIRVIEW ===
 
""Short Description"" :[[Fairview']] ([[US-990]]is a secret [[mass surveillance]] programme run by the [[National Security Agency]], aimed at collecting phone, internet and e-mail data in bulk from the computers and mobile telephones of foreign countries' citizens. According to the revelations, the NSA had collected 2.3 billion separate pieces of data from Brazilian users in January 2013 alone.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== FEEDTROUGH ===
 
""Short Description"" : FEEDTROUGH is a persistence technique for two software implants, DNT's  BANANAGLEE and CES's ZESTYLEAK used against Juniper Netscreen firewalls. http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[BANANAGLEE]] [[ZESTYLEAK]]
 
""Status"" :
 
""Links"" :
 
* [[https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html|FEEDTROUGH: NSA Exploit of the Day]]
 
 
 
=== FOXACID ===
 
""Short Description"" : FOXACID identifies TOR users on the Internet and then executes an attack against their Firefox web browser.
 
# finding Tor users via programs codenamed [[STORMBREW]], [[FAIRVIEW]], [[OAKSTAR]] and [[BLARNEY|BLARNEY]].
 
# The NSA creates "fingerprints" that detect HTTP requests from the Tor network to particular servers.
 
# These fingerprints are loaded into NSA database systems like [[XKEYSCORE]],
 
# Using powerful data analysis tools with codenames such as [[TURBULENCE]], [[TURMOIL]] and [[TUMULT]], the NSA automatically look for Tor connections.
 
# After the identification, the NSA uses its network of secret Internet servers to redirect those users to another set of secret Internet servers, with the codename [[FOXACID]], to infect the user's computer.
 
# Once the computer is successfully attacked, it secretly calls back to a [[FoxAcid]] server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.
 
See [[QUANTUM]] for the Man-in-the-middle.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :[[OAKSTAR]] [[QUANTUM]] [[STORMBREW]] [[FAIRVIEW]] [[OAKSTAR]] [[BLARNEY|BLARNEY]] [[TURBULENCE]] [[TURMOIL]] [[TUMULT]] [[XKEYSCORE]]
 
""Status"" :
 
""Links"" :
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|Bruce Schneier] How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID]
 
* [http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/|ArsTechnica] NSA repeatedly tries to unpeel TOR anonymity and spy on users, memos show
 
* [http://www.slate.com/blogs/future_tense/2013/10/04/tor_foxacid_flying_pig_nsa_attempts_to_sabotage_countersurveillance_tool.html|Slate.com] How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool]
 
http://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fotostrecke-105358.html|Spiegel.de]
 
 
 
== G ==
 
 
 
=== GENIE ===
 
""Short Description"" :implants of spywares
 
* [[US-3136]]
 
* [[US-3137]]
 
""Category"" :attack vector
 
""Family"" : network
 
""Related items"" :
 
""Status"" : projected ?
 
""Links"" :
 
* [http://leaksource.wordpress.com/2013/08/31/codename-genie-nsa-to-control-85000-implants-in-strategically-chosen-machines-around-the-world-by-year-end/|Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the World by Year End]
 
* [http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html|LeMonde.fr] la diplomatie française était sur écoute aux Etats-Unis
 
* [http://rt.com/usa/nsa-cyber-operations-classified-247/|Snowden leaks: NSA conducted 231 offensive cyber-ops in 2011, hailed as 'active defense']
 
</ref>
 
 
 
 
 
=== GHOSTMACHINE ===
 
""Short Description"" :[[GHOSTMACHINE]] is the NSA's SSO (Special Source Operations) cloud analytics platform.
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
*  [http://cryptome.org/2013/12/nsa-ghost-machine.pdf|Cryptome.org].
 
 
 
=== GODSURGE ===
 
""Short Description"" : runs on the [[FLUXBABBIT]] hardware implant and provides software application persistence on Dell PowerEdge servers by exploiting the JTAG debugging interface of the server's processors.
 
""Family"" : attack vector
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
== H ==
 
 
 
=== HIGHLANDS ===
 
""Short Description"" : spywares implants.
 
""Category"" : attack vector
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== HIGHTIDE/SKYWRITER ===
 
""Short Description"" : Desktop dashboard
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== HOWLERMONKEY ===
 
""Short Description"" : It takes as little as 30 minutes to install some of  the NSA's new wireless bugs (one of which uses a so call HOWLERMONKEY transmitter to fit into the victim's USB plug, with no visible profile).
 
""Family""": attack vector
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.dailytech.com/Businesses+Deny+Helping+NSA+Plant+Bugs+in+Americans+Gadgets/article34022.htm|dailytech.com]
 
 
 
== I ==
 
=== IRATEMONK ===
 
""Short Description"" : provides software application persistence on desktop and laptop computers by implanting the hard drive firmware to gain execution throught Master Boot Record (MBR) substitution. This technique supports systems without RAID hardware that boot from a variety of Western Digital, Seagate, Maxtor and Samsung hard drives. Through remote access or intediction, [[UNITEDRAKE]], or [[STRAITBAZZARE]] are used in conjunction with [[SLICKERVICAR]] to upload the hard drive firmware onto the target machine to implant IRATEMONK and its payload (the implant installer). Once implanted, IRATEMONK's frequency of execution (dropping the payload) is configurable and will occur when the target machine powers on.
 
""Category"" : attack vector
 
""Family"" : collect
 
""Related items"" :[[UNITEDRAKE]] [[STRAITBAZZARE]] [[SLICKERVICAR]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== IRONCHEF ===
 
""Short Description"" :  IRONCHEF provides access persistence to target systems  by exploiting the motherboard BIOS and utilizing System Management Mode  (SMM) to communicate with a hardware implant that provides two-way RF  communication..This technique supports the HP Proliant 380DL G5  server, onto which a hardware implant has been installed that  communicates over the I2C Interface [[WAGONBED]]. Through interdiction, IRONCHEF, a software CNE implant  and the hardware implant are installed onto the system. If the software  CNE implant is removed from the target machine, IRONCHEF is used to  access the machine, determine the reason for removal of the software,  and then reinstall the software from a listening post to the target  system.
 
""Family""": attack vector
 
""Category"" : attack
 
""Family"" :
 
""Related items"" : [[WAGONBED]], [[TAO]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
* [https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of_1.html|IRONCHEF: NSA Exploit of the Day]
 
* http://leaksource.files.wordpress.com/2013/12/nsa-ant-ironchef.jpg|IRONCHEF - ANT product data]
 
 
== J ==
 
 
 
=== JUGGERNAUT ===
 
""Short Description"" :Picks up all signals from mobile networks.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
[http://www.spiegel.de/fotostrecke/photo-gallery-nsa-documentation-of-spying-in-germany-fotostrecke-99672-4.html|spiegel.de] Photo Gallery: NSA Documentation of Spying in Germany
 
 
 
== L ==
 
 
 
=== LIFESAVER ===
 
""Short Description"" : Imaging of the Hard Drive.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
 
 
=== LOPERS ===
 
""Short Description"" :[[LOPERS]] is a software application for Public Switched Telephone Networks.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
== M ==
 
 
 
=== MADCAPOCELOT ===
 
""Short Description"" :Subprogram ([[US-3140]] (PDDG:TM)) of [[STORMBREW]] - DNI and metadata through [[XKEYSCORE]], [[PINWALE]] and [[MARINA]].
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[STORMBREW]] [[PINWALE]] [[MARINA]] [[XKEYSCORE]]
 
""Status"" :
 
 
 
=== MAGNETIC ===
 
""Short Description"" :sensor collection of magnetic emanations.
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
 
 
=== MAINWAY ===
 
""Short Description"" : MAINWAY is a database maintained by the NSA containing metadata for hundreds of billions of telephone calls made through the four largest telephone carriers in the United States: AT&T and Verizon.
 
It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis[5] and social network analysis, but do not include audio information or transcripts of the content of the phone calls. Similar programs exist or are planned in other countries, including Sweden (Titan traffic database) and Great Britain (Interception Modernisation Programme)
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/MAINWAY|en.wikipedia.fr]
 
* [http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm|USA Today]
 
 
 
 
 
 
 
=== MARINA ===
 
""Short Description"" :MARINA is a metadata database for the NSA, it aggregates NSA metadata from a large scale of sources. Any computer metadata picked up by NSA is routed in this system. MARINA tracks the browser datas, gathering contacts and contents of a user. MARINA can look in the last 365 days of DNI such as page request, emails, voice over IP, pictures (by webcam), list of logins/passwords for each « contact » (and not "target")...
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents | theguardian.com "NSA stores metadata of millions of web users for up to a year, secret files show"]
 
* [http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html | spiegel.de]
 
 
 
=== MINERALIZE ===
 
""Short Description"" : collection from LAN Implant
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== MONKEYROCKET  ===
 
""Short Description"" :Sub-program of [[OAKSTAR]], aka [[US-3206]] (PDDG:6T).
 
""Category"" : program
 
""Family"" :
 
""Related items"" :OAKSTAR
 
""Status"" :
 
 
 
=== MOONLIGHTPATH ===
 
""Short Description"" :[[MOONLIGHTPATH]] is a Special Sources Operations ([[SSO]]) program, maintained by the NSA, it's a collection program to query metadatas, started in September, 2013
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection|theguardian.com] How the NSA is still harvesting your online data
 
 
 
=== MUSCULAR ===
 
""Short Description"" :[[MUSCULAR]] is a  tool to exploit the data links from Google and Yahoo, operated jointly by the [[National Security Agency]] (NSA) and the British [[Government Communications Headquarters]] (GCHQ). They are copying entire data flows across fiber-optic cables that carry information among the data centers.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html|NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say]
 
 
 
== N ==
 
 
 
=== NIGHTSTAND ===
 
""Short Description""  : Standalone tool currently running on an x86 laptop loaded with Linux Fedora Core 3. Exploitable targets include Win2k, WinXP, WinXPSP1, WinXPSP2 running internet explorer versions 5.0-6.0. NIGHTSTAND packet injection can target one client or multiple targets on a wireless network. Attack is undetectable by the user. Use of external amplifiers and antennas in both experimental operational scenarios have resulted in successful NIGHTSTAND attacks from as far away as eight miles under ideal environmental conditions.
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== NUCLEON ===
 
""Short Description"" :[[NUCLEON]] is a database maintained by the NS) which intercepts telephone calls and routes the spoken words.
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.washingtonpost.com/investigations/us-surveillance-architecture-includes-collection-of-revealing-internet-phone-metadata/2013/06/15/e9bf004a-d511-11e2-b05f-3ea3f0e7bb5a_story_1.html|U.S. surveillance architecture includes collection of revealing Internet, phone metadata]
 
 
 
== O ==
 
 
 
=== OAKSTAR ===
 
""Short Description"" :[[OAKSTAR]]  is a secret internet surveillance program of the National Security Agency (NSA) of the United States. It was disclosed in 2013 as part of the leaks by former NSA contractor Edward Snowden.
 
OAKSTAR is an umbrella program involving surveillance of telecommunications, it falls under the category of "[[UPSTREAM collection," meaning that data is pulled directly from fiber-optic cables and top-level communications infrastructure.
 
 
 
[[UPSTREAM]]  collection programs allow access to very high volumes of data, and most of the pre-selection is done by the providers themselves, before the data is passed on to the NSA. The FY 2013 budget for OAKSTAR is $9.41 million.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :  [[BLUEANCHOR]] [[BLUEZEPHYR]] [[COBALTFALCON]] [[MARINA]] [[MONKEYROCKET]] [[ORANGEBLOSSOM]] [[ORANGECRUSH]] [[SILVERZEPHYR]] [[SHIFTINGSHADOW]] [[STEELKNIGHT]] [[UPSTREAM]]  [[YACHTSHOP]]
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/OAKSTAR|Wikipedia]
 
 
 
=== OCEAN ===
 
""Short Description""  : optical collection system for Raster-Based computer screens
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
 
 
=== OCEANARIUM ===
 
""Short Description""  : Database for SIGINT from NSA and intelligence sharing partners around the world
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
 
 
=== OCELOT ===
 
""Short Description"" :Actual name: [[MADCAPOCELOT]] , a sub-program of [[STORMBREW]] for collection of internet metadata about Russia and European counterterrorism. MADCAPOCELOT uses [[DNI]] from [[XKEYSCORE]], [[PINWALE]] and [[MARINA]]
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [https://commons.wikimedia.org/wiki/File:US-3140_MADCAPOCELOT_-_crop.jpg|commons.wikimedia.org]
 
 
 
=== OLYMPUS ===
 
""Short Description"" : OLYMPUS (OLYMPUSFIRE ?) is an exploitation system that uses a software implant on a Microsoft Windows based target PC to gain complete access to the targeted PC. The target, when connected to the Internet, will contact a Listening Post (LP) located at an NSA/USSS facilities, which is online 24/7, and get ist commands automatically. There commands include directory listings, retrieving files, performing netmaps, etc. The results of the commands are then returned to the LP, where the data is collected and forwarded to CES and analysis and production elements.
 
""Category"" : attack vector
 
""Family"" : collect
 
""Related items"" : [[VALIDATOR]]
 
""Status"":
 
 
 
=== ORANGEBLOSSOM ===
 
""Short Description"" :Sub-program of [[OAKSTAR]] for collection from an international transit switch (sigad: [[US-3251]])
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" : [[OAKSTAR]]
 
""Status"" :
 
 
 
=== ORANGECRUSH ===
 
""Short Description"" :Subprogram of [[OAKSTAR]], aka [[US-3230]] (PDDG:0B).
 
""Category"" : program
 
""Family"" :
 
""Related items"" :OAKSTAR
 
""Status"" :
 
 
 
== P ==
 
 
 
=== PATHFINDER ===
 
""Short Description"" :[[PATHFINDER]] is a [[SIGINT]] analysis tool made by [[Science Applications International Corporation]] (SAIC), a new US company headquartered in [[McLean, Virginia]] that provides government services and [[information technology]] support.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
 
 
=== PEDDLECHEAP ===
 
""Short Description"" : subprogram of [[FERRETCANNON]] and [[FOXACID]].
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" : [[FERRETCANNON]] [[FOXACID]].
 
""Status"" :
 
""Links"" :
 
* [https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html|The NSA's New Risk Analysis]
 
 
 
=== PINWALE ===
 
""Short Description"" : PINWALE is the code name for an NSA database of archived foreign and domestic e-mails it has collected under its SIGINT efforts.  It is searchable by monitored NSA analysts. Its existence was first revealed by an NSA analyst who was trained to use it during 2005. However, according to ''Homeland Security Today'', Pinwale has in it much more than email, it also contains other forms of Internet data, and other forms of digital communications as well. Its software has built-in protections against collecting from any of the Five Eyes members. Unlike its successor  [[XKEYSCORE]], targets for PINWALE have to be approved beforehand by the United States Foreign Intelligence Surveillance Court (FISC).
 
""Category"" : program
 
""Family"" : database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.nytimes.com/2009/06/17/us/17nsa.html|E-Mail Surveillance Renews Concerns in Congress]
 
 
 
 
 
=== PRISM ===
 
""Short Description"" : PRISM (US-984XN) is a clandestine mass electronic surveillance data mining program known to have been operated by the United States National Security Agency (NSA) since 2007. PRISM is a government code name for a data-collection effort.The PRISM program collects stored Internet communications based on demands made to Internet companies such as Google Inc. and Apple Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. The NSA can use these PRISM requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle, among other things. The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA). Documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority. The leaked information came to light one day after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers' telephone calls on an ongoing daily basis.
 
""Category"" : program
 
""Family"" : process
 
""Related items"" : [[TRAFFICTHIEF]] [[MARINA]] [[MAINWAY]] [[FALLOUT]] [[PINWALE]] [[CONVEYANCE]] [[NUCLEON]]
 
""Status"" : active
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/PRISM_(surveillance_program)|en.wikipedia.org]
 
* [http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet|Everything you need to know about PRISM]
 
 
 
 
 
== Q ==
 
 
 
=== QFIRE ===
 
""Short Description"" : [[TURMOIL]] (Deep Packet Inspection) and [[TURBINE]] (Deep Packet Injection) combined with additionnal infrastructure that they co-opt through pwnage of routers and other operations
 
""Category"" :  attack vector
 
""Family"" : network
 
""Related items"" : [[TURMOIL]] [TURBINE]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm|Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years]
 
* [http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/|wikileaks-forum.com]
 
 
 
=== QUANTUM ===
 
""Short Description"" : To trick targets into visiting a [[FOXACID]] server, the NSA relies on its secret partnerships with US telecoms companies. As part of the [[TURMOIL]] system, the NSA places secret servers, codenamed [[QUANTUM]], at key places on the Internet backbone for a man-in-the-middle (or a man-in-the-side). The NSA uses these fast [[QUANTUM]] servers to execute a packet injection attack, which surreptitiously redirects the target to the [[FOXACID]] server.
 
""Category"" : attack vector
 
""Family"" : netwok
 
""Related items"" : [[FOXACID]] [[QUANTUMBOT]] [[QUANTUMCOPPER]] [[QUANTUM INSERT]] [[QUANTUMCOOKIE]] [[QUANTUMNATION]] [[QUANTUMSKY]] [[QUANTUMTHEORY]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
[https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|Bruce Schneier]: How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID
 
[http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/ [ArsTechnica - NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show]
 
[http://www.slate.com/blogs/future_tense/2013/10/04/tor_foxacid_flying_pig_nsa_attempts_to_sabotage_countersurveillance_tool.html [Slate.com - How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool]
 
[http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html Spiegel.de: Britain's GCHQ Hacked Belgian Telecoms Firm]
 
 
 
=== QUANTUMBOT ===
 
""Short Description"" : hijack IRC bot (--> botnet?)
 
""Category"" :  attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]] [[FOXACID]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
=== QUANTUMCOPPER ===
 
""Short Description"" : a.k.a the great firewall of earth (like the Great FIrewall of China)
 
""Category"" : attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
=== QUANTUMCOOKIE ===
 
""Short Description"" : force cookies onto target browsers
 
""Category"" :attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]]
 
""Status"" : attack vector
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
=== QUANTUM INSERT ===
 
""Short Description"" : It appears to be a method with which the person being targeted, without  their knowledge, is redirected to websites that then plant malware on  their computers that can then manipulate them. Some of the employees  whose computers were infiltrated had "good access" to important parts of  Belgacom's infrastructure, and this seemed to please the British spies,  according to the slides.
 
""Category"" : attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]]
 
""Status"" : attack vector
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
=== QUANTUMNATION ===
 
""Short Description"" :
 
""Category"" :  attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]] [[VALIDATOR]] [COMMONDEER]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
===QUANTUMSKY ===
 
""Short Description"" :
 
""Category"" :  attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
=== QUANTUMTHEORY ===
 
""Short Description"" :
 
""Category"" : attack vector
 
""Family"" : netwok
 
""Related items"" : [[QUANTUM]]  [[FOXACID]] [SEASONMOTH]]
 
""Status"" : active
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html|How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier
 
* [http://cryptome.org/2013/12/nsa-quantum-tasking.pdf|NSA QUANTUM tasking techniques]
 
 
 
== R ==
 
 
 
=== RADON ===
 
""Short Description"" :Bi-directional host tap that can inject Ethernet packets onto the same targets. Allows bi-directional exploitation of Denies networks using standard on-net tools.
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html|LeMonde.fr]
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
=== RAGEMASTER ===
 
""Short Description""  : provides a target for RF flooding and allows for easier collection of the [[VAGRANT]] video signal. The current RAGEMASTER unit taps the red video line on the VGA cable. It was found that, empirically, this provides the best video return and cleanest readout of the monitor contents. When the RAGEMASTER is illuminated by a radar unit, the illuminating signal is modulated with the red video information. This information is re-radiated, where it is picked up at the radar, demodulated, and passed onto the processing unit, such as a [[LFS-2]] and an external monitor.
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" : [[NIGHTWATCH]] [[GOTHAM]] [[VIEWPLATE]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
 
 
=== RAGTIME  ===
 
""Short Description"" :[[RAGTIME]] (RT) is the code name of four secret surveillance programs conducted by the [[National Security Agency]] (NSA) of the United States. These special programs are conducted under the code name RAGTIME (also abbreviated as RT), and are divided into several subcomponents (RAGTIME-A, RAGTIME-B, RAGTIME-C, and RAGTIME-P). It's said that about 50 companies have provided data to this domestic collection program.
 
* RAGTIME-A : counterterrorism
 
* RAGTIME-B :
 
* RAGTIME-C : counterproliferation actvities (like WMD, nuclear, biological, chemical).
 
* RAGTIME-P (P -> Patriot act ?) : warantless wiretapping
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://apps.washingtonpost.com/g/page/national/nsa-report-on-privacy-violations-in-the-first-quarter-of-2012/395/|NSA report on privacy violations in the first quarter of 2012]
 
* [http://www.washingtonian.com/blogs/dead_drop/surveillance-state/ragtime-codename-of-nsas-secret-domestic-intelligence-program-revealed-in-new-book.php|Ragtime: Code name of NSA - Secret Domestic Intelligence Program
 
 
 
=== RAMPART  ===
 
""Short Description"" :  RAMPART ( or RAMPART-T) is a [[NSA]] operational branches that intercept heads of state and their closest aides. Known divisions are RAMPART-A, RAMPART-I and RAMPART-T, which focuses on foreign governments.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html|Der Spiegel]
 
 
 
=== ROC ===
 
""Short Description"" :NSA [[TAO]] Remote Operation Center [[ROC]] is their intelligence exploitation centers. It is supposed to be distributed around the world, with suspected locations such as Dagger Complex, Griesheim, Darmstadt, Germany; San Antonio, Texas, USA; etc.
 
According to Wikipedia in :
 
 
 
TAO's headquarters are termed the Remote Operations Center (ROC) and are based at Fort Meade, Maryland. TAO has also expanded to NSA Hawaii (Wahiawa, Oahu), NSA Georgia (Fort Gordon, Georgia), NSA Texas (Medina Annex, San Antonio, Texas), and Buckley Air Force Base, Denver.
 
""Category"" : compartment
 
""Family"" :
 
""Related items"" : [[TAO]]
 
""Status"" :
 
""Links"" :
 
* [https://en.wikipedia.org/wiki/Office_of_Tailored_Access_Operations|TAO] on wikipedia.org
 
 
 
== S ==
 
 
 
=== SENTINEL ===
 
""Short Description"" :Sentinel is a [[National Security Agency]] (NSA) security filter for [[SYBASE]] databases which provides multi-level security down to the row level.
 
""Category"" : program
 
""Family"": database
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.nsa.gov/public_info/_files/cryptologs/cryptolog_136.pdf|nsa.gov]
 
* [<ref>[http://www.nsa.gov/public_info/_files/cryptologs/cryptolog_136.pdf|nsa.gov [[NSA]]]
 
=== SHELLTRUMPET ===
 
""Short Description"" :[[SHELLTRUMPET]] is a NSA metadata processing program which show the NSA's metadata collection scale.
 
""Category"" : program
 
""Family"" : process
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection|theguardian.com]
 
 
 
=== SHIFTINGSHADOW ===
 
""Short Description"" :Subprogram of [[OAKSTAR]], aka [[.US-3217]] (PDDG:MU)
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[OAKSTAR]]
 
""Status"" :
 
 
 
=== SILVERZEPHYR ===
 
""Short Description"" :Subprogram of [[OAKSTAR]], aka [[US-3257]] (PDDG:SK), DNR (metadata, voice, fax), DNI (content, metadata)
 
""Category"" : program
 
""Family"" :
 
""Related items"" :[[OAKSTAR]] [[STEELKNIGHT]]
 
""Status"" :
 
 
 
=== SOMBERKNAVE ===
 
""Short Description""  : [[SOMBERKNAVE]] is a software implant tha surreptitiously routes TCP traffic from a designated process to secondary network via un unused embedded 802.11 network devices. If an Internet-connected wireless access point is present, [[SOMBERKNAVE]] can be used to allow [[OLYMPUS]] or [[VALIDATOR]] to "call home"" via 802.11 form an air-gapped target computer. If the 802.11 interface is in use by the target, he will not attempt to transmit.
 
""Category"" : attack vector
 
""Family"" : software
 
""Related items"" :  [[OLYMPUS]] [[VALIDATOR]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
 
 
 
 
=== SSO ===
 
""Short Description"" :Special Site Operation : a physical place from where NSA executes attacks such as [[QUANTUMINSERT]]. Typically an US Embassy with either one or several of these: antennas, network connections, radio patch antennas, etc...
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[QUANTUMINSERT]]
 
""Status"" :
 
 
 
=== STEELFLAUTA ===
 
 
 
""Short Description""  : SSO Corporate/ TAO (Tailored Access Operations) Shaping
 
""Category"" :
 
""Family"" :
 
""Related items"" :
 
""Status""
 
 
 
=== STELLARWIND (STLW) ===
 
""Short Description"" : [[STELLARWIND]]  is the code name of a Sensitive Compartmented Information security compartment for information collected under the President's Surveillance Program (PSP). This was a program by the United States National Security Agency (NSA) during the presidency of George W. Bush and revealed by Thomas Tamm to the The New York Times in 2008. The operation was approved by President George W. Bush shortly after the September 11 attacks in 2001. STELLARWIND was succeeded during the presidency of Barack Obama by four major lines of intelligence collection in the territorial United States together capable of spanning the full range of modern telecommunications. The program's activities involved data mining of a large database of the communications of American citizens, including e-mail communications, phone conversations, financial transactions, and Internet activity.
 
""Category"" : program
 
""Family"" :  collect
 
""Related items"" : [[BLARNEY]]
 
""Status"" : Stopped end 2011, see [[EVILOLIVE|]].
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/Stellar_Wind_(code_name)|en.wikipedia.org]
 
 
 
=== STORMBREW ===
 
""Short Description"" :[[STORMBREW]] (aka [[US-983]] (PDDG:FL) is an umbrella program involving surveillance of telecommunications. It falls under the category of "[[UPSTREAM]] collection," meaning that data is pulled directly from fiber-optic cables and top-level communications infrastructure. There is also a SIGAD of the same name, which is described as a "key corporate partner." A map shows that the collection is done entirely within the United States. This corporate partner has servers in Washington, California, Texas, Florida, and in or around New York, Virginia, and Pennsylvania. [[UPSTREAM]] collection programs allow access to very high volumes of data, and most of the pre-selection is done by the providers themselves, before the data is passed on to the NSA.
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[MADCAPOCELOT]], [[STORMBREW]], [[PINWALE]], [[MARINA]] [[UPSTREAM]] [[XKEYSCORE]]
 
""Status"" :
 
""Links"":
 
* [http://en.wikipedia.org/wiki/STORMBREW|en.wikipedia.org]
 
 
 
=== STUCCOMONTANA ===
 
""Short Description"" : provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system - including physically replacing the router's compact flash card.
 
""Category"" : attack vector
 
""Family"" : 
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== SURLYSPAWN ===
 
""Short Description"" :has the capability to gather keystrokes without requiring any software running on the targeted system. It also only requires that the targeted system be touched once. The retro-reflector is compatible with both USB ans PS/2 keyboards. The simplicity of the design allows the form factor to be tailored for specific operational requirements.
 
""Category"" : program
 
""Family"" :  collect
 
""Related items"" : [[ANGRYNEIGHBOR]], [[TAO]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
== T ==
 
 
 
=== TAWDRYYARD ===
 
""Short Description""  : TAWDRYYARD is used as a beacon, typically to assist in locating and identifying deployed [[RAGEMASTER]] units. Current designs allows it to be detected and located quite easily within a 5°' radius of the radar system being used to illuminate it. It allows a standard lithium coin cell to power it for months or years. The simplicity of the design allows to form factor to be tailored for specific operational requirements. Future capabilities being considered are returnof GPS coordinates and a unique target identifier and automatic processing to scan a target area for presence of TAWDRYYARDs. All components are COTS and so are non-attributable to NSA.
 
""Category"" : program
 
""Family"" : target
 
""Related items"" : [[RAGEMASTER]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
=== THINTREAD ===
 
""Short Description"" : THINTREAD is the name of a project that the NSA pursued during the 1990s. The program involved wiretapping and sophisticated analysis of the resulting data, but according to the article, the program was discontinued three weeks before the September 11, 2001 attacks due to the changes in priorities and the consolidation of U.S. intelligence authority. The "change in priority" consisted of the decision made by the director of NSA General Michael V. Hayden to go with a concept called [[TRAILBLAZER]], despite the fact that THINTREAD was a working prototype that protected the privacy of U.S. citizens.
 
ThinThread was dismissed and replaced by the [[TRAILBLAZER]] Project
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[TRAILBLAZER]]
 
""Status"" : inactive
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/ThinThread|en.wikipedia.org]
 
 
 
=== TRAFFICTHIEF ===
 
""Short Description"" : According to an [[XKEYSCORE]] presentation, TRAFFICTHIEF is a database of "Meta-data from a subset of tasked strong-selectors" According to the [[XKEYSCORE]] presentation, a example of a strong selector is an email address. In other words, it would be a database of the metadata associated with names, phone numbers, email addresses, etc., that the intelligence services are specifically targeting.
 
""Category"" : program
 
""Family"" : database
 
""Related items"" : [[XKEYSCORE]]
 
""Status"" :
 
""Links"" :
 
 
 
 
 
=== TRAILBLAZER ===
 
""Short Description"" : TRAILBLAZER was a United States NSA program intended to develop a capability to analyze data carried on communications networks like the Internet. It was intended to track entities using communication methods such as cell phones and e-mail. It ran over budget, failed to accomplish critical goals, and was cancelled.
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :inactive
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/Trailblazer_Project|en.wikipedia.org]
 
 
 
 
 
=== TURBINE ===
 
""Short Description""  : Deep Packet Injection, works with [[TURMOIL]].
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" : [[TRAILBLAZER]] [QFIRE]]  [[TURMOIL]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm|Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years]
 
* [http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/|wikileaks-forum.com]
 
* [http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security|The Guardian: nsa-gchq-encryption-codes-security]
 
 
 
=== TURBULENCE ===
 
""Short Description"" : TURBULENCE is a project started circa 2005. It was developed in small, inexpensive "test" pieces rather than one grand plan like its failed predecessor, the [[TRAILBLAZER]]. It also includes offensive cyber-warfare capabilities, like injecting malware into remote computers. The United States Congress criticized the project in 2007 for having similar bureaucratic problems as the [[TRAILBLAZER]] Project.
 
""Category"" :program
 
""Family"" : attack
 
""Related items"" : [TRAILBLAZER]]
 
""Status"" :
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/Turbulence_(NSA)|en.wikipedia.org]
 
 
 
=== TURMOIL ===
 
""Short Description"" : TURMOIL is involved in the process of decrypting communications by using Deep Packet Inspection ( Passive dragnet surveillance sensors).
 
""Category"" : program
 
""Family"" : collect target
 
""Related items"" :[[QFIRE]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm|Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years]
 
* [http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/|wikileaks-forum.com]
 
* [http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security|The Guardian: nsa-gchq-encryption-codes-security]
 
 
 
=== TUTELAGE ===
 
""Short Description"" :Part of the [[Turbulence (NSA)|TURBULENCE]] program
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[TURBULENCE]]
 
""Status"" :
 
 
 
=== TYPHON ===
 
""Short Description"" :Tactical SIGINT elements use this equipment to find, fix and finish targeted handset users. Target GSM handset registers with BSR unit. Operators are able to geolocate registred handsets. Capturing the user.
 
""Category"" : program
 
""Family"" :
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
 
 
== U ==
 
 
 
=== UNITEDRAKE ===
 
""Short Description""  : A program similar to [[STRAITBIZARRE]], used for uploading malicious HDD firmware, works with [[SLICKERVICAR]]. Known components include a GUI, a database, and a server, and a manned listening post.  It includes a trojan of the same name. Digital Network Technologies (DNT), a private company,  actively maintains the listening posts for [[UNITEDRAKE]], as well as design and deploy malware.
 
""Category"" : attack vector
 
""Family"" : network
 
""Related items"" : [[IRATEMONK]] [[FERRETCANNON]] [[FOXACID]]
 
""Status"" :
 
""Links"" :
 
* [https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html|The NSA's New Risk Analysis]
 
 
 
=== UPSTREAM ===
 
""Short Description"" :The UPSTREAM program, or "Room 641A", is a telecommunication interception facility operated by [[AT&T]] for the NSA that commenced operations in 2003 and was exposed in 2006. Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three floors of which were occupied by AT&T before SBC purchased AT&T. The room was referred to in internal AT&T documents as the SG3 [Study Group 3] Secure Room. It is fed by fiber optic lines from beam splitters installed in fiber optic trunks carrying Internet backbone traffic and, as analyzed by J. Scott Marcus, a former CTO for GTE and a former adviser to the FCC, has access to all Internet traffic that passes through the building, and therefore "the capability to enable surveillance and analysis of internet content on a massive scale, including both overseas and purely domestic traffic." Former director of the NSA's World Geopolitical and Military Analysis Reporting Group, William Binney, has estimated that 10 to 20 such facilities have been installed throughout the United States.
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://www.wired.com/science/discoveries/news/2006/05/70908|Whistle-Blower's Evidence]
 
* [http://en.wikipedia.org/wiki/UPSTREAM|Room 641A] on wikipedia.org
 
 
 
 
 
 
 
== V ==
 
 
 
=== VAGRANT ===
 
""Short Description"" : Collection of computer Screens. The monitor cables are rigged with an RF retro reflector, [[(RAGEMASTER]]). [[VAGRANT]] collection therefor requires a continuous RF generator such as [[CTX4000]] or [[PHOTOANGLO]], and a system to process and display the returned video signal such as [[NIGHTWATCH]], [[GOTHAM]], [[LS-2]] (with an external monitor), or [[VIEWPLATE]]. Known to be deployed in the field , as of September 2010 at the following embassies: Brazil's UN Mission in NY ([[POKOMOKE]]), France's UN Mission in NY ([[BLACKFOOT]]), India's Embassy and annex in DC, and India's UN Mission in New York.  India's embassies were slated to be detasked, at the time of the document. Context of documents seems to suggest, but does not definitively prove that the coverterm VAGRANT only applies to the signal itself.       
 
""Category"" : program
 
""Family"" : collect
 
""Related items"" : [[CTX4000]] [[CW]] [[DROPMIRE]] [[RAGEMASTER]] [[PHOTOANGLO]] [[NIGHTWATCH]] [[GOTHAM]], [[LS-2]] [[VIEWPLATE]]
 
""Status"" :
 
""Links"" :
 
* [https://www.documentcloud.org/documents/807030-ambassade.html#document/p1|docs by lemonde.fr]
 
* [https://www.schneier.com/blog/archives/2013/10/code_names_for.html|Code Names for NSA Exploit Tools]
 
 
 
 
 
=== VALIDATOR ===
 
""Short Description"" : A software based malware item designed to run on certain Juniper routers (J, M, and T Series) running the JUNOS operating system. It must be maintained by means of a malicious BIOS modification. A typical use case involves the exfiltration of data from the victimized system. A separate document describes VALIDATOR as a backdoor used against Windows systems (win 98-2003). In this instance, it will identify the system, and if it is truly a target, invite a more sophisticated trojan in, such as [[UNITEDRAKE]] or [[OLYMPUS]]. This trojan has been used to de-anonymize tor users. A third version of VALIDATOR works for Apple iOS devices. The [[QUANTUMNATION]] states that the success rate against iOS devices is 100%.
 
""Category"" : attack vector
 
""Family"" : software
 
""Related items"" : [[FOXACID]] [[SCHOOLMONTANA]] [[SIERRAMONTANA]] [[STUCCOMONTANA]] [[SOMBERKNAVE]] [[OLYMPUS]] [[UNITEDRAKE]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2014/01/nsa-codenames.htm|NSA's codenames] by Cryptome.org
 
* [http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html|More in Der Spiegel]
 
 
 
=== VIEWPLATE ===
 
""Short  Description"" : Replacement for the [[NIGHTWATCH]] system.
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[NIGHTWATCH]] [[PHOTOANGLO]]
 
""Status"" :
 
""Links"" :
 
* [http://cryptome.org/2014/01/nsa-codenames.htm|NSA's codenames] by Cryptome.org
 
 
 
== W ==
 
 
 
=== WAGONBED ===
 
""Short  Description"" :  a malicious hardware device that provides covert 2-way RF communications on the I2C channel of HP Proliant 380DL G5 servers. [[WAGONBED]] 2 can be mated with a Motorola G20 GSM module to form [[CROSSBEAM]].
 
""Category"" :attack vector
 
""Family"" : hardware
 
""Related items"" : [[CROSSBEAM]] [[IRONCHEF]] [[FLUXBABBIT]] [[GODSURGE]]
 
""Status"" :
 
""Links"" :
 
* [http://cryptome.org/2014/01/nsa-codenames.htm|NSA's codenames] by Cryptome.org
 
 
 
=== WATERWITCH ===
 
""Short Description"" : Handheld device for homing in on target handsets, used in conjunction with [[TYPHON]] or similar systems to provide more precise location information.       
 
""Category"" : program
 
""Family"" : target
 
""Related items"" : [[TYPHON]]
 
""Status"" :
 
""Links"" :
 
* [http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html|To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum.
 
* [http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|NSA's catalog]
 
* [http://cryptome.org/2014/01/nsa-codenames.htm|NSA's codenames]
 
 
 
=== WISTFULTOLL ===
 
""Short Description"" :  A plugin for [[UNITEDRAKE]] and [[STRAITBIZARRE]]  that extracts WMI and registry information from the victim machine. Also available as a stand-alone executable. Can be installed either remotely, or by USB thumb drive. In the latter case, exfiltrated data will be stored on that same thumb drive. 
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[IRATEMONK]] [[STRAITBIZARRE]] [[SEAGULLFARO]] [[UNITEDRAKE]] [[RETURNSPRING]]
 
""Status"" :
 
http://cryptome.org/2014/01/nsa-codenames.htm
 
 
 
== X ==
 
 
 
=== XKEYSCORE (XKS) ===
 
""Short Description"" :XKeyscore (XKS) is a formerly secret computer system used by the United States National Security Agency for searching and analyzing Internet data about foreign nationals across the world. The program is run jointly with other agencies including Australia's Defence Signals Directorate, and New Zealand's Government Communications Security Bureau. XKeyscore is an NSA data-retrieval system which consists of a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has already collected using other methods.
 
According to the published slides, these come from three different sources:
 
* [[FORNSAT]] - which means "foreign satellite collection", and refers to intercepts from satellites (ECHELON) that process data used by other countries
 
* Overhead - American satellites
 
* Special Source Operations ([[SSO]] -Division of the NSA that cooperates with American mobile phone operators
 
* Tailored Access Operations ([[TAO]] - Division of the NSA that deals with hacking and cyberwarfare
 
* [[F6]] - Joint operation of the CIA and NSA (Special Collection Service) that carries out clandestine operations including espionage on foreign diplomats and leaders
 
* [[FISA]] - All types of surveillance approved by the Foreign Intelligence Surveillance Court
 
* 3rd party - Foreign partners of the NSA such as Belgium, Denmark, France, Germany, Italy, Japan, the Netherlands, Norway, Sweden, etc
 
""Category"" : program
 
""Family"" : process
 
""Related items"" :
 
""Status"" :
 
""Links"" :
 
* [http://en.wikipedia.org/wiki/XKeyscore|en.wikipedia.org]
 
* [http://www.washingtonpost.com/world/national-security/governments-secret-order-to-verizon-to-be-unveiled-at-senate-hearing/2013/07/31/233fdd3a-f9cf-11e2-a369-d1954abcb7e3_story.html|Phone Records Program Released]
 
* [http://www.washingtonpost.com/blogs/worldviews/wp/2013/08/01/is-xkeyscore-still-active-defense-contractor-posted-a-job-listing-for-it-2-weeks-ago|Is XKeyscore Still Active? Defense  Contractor Posted a Job Listing for It 2 weeks Ago]
 
* [http://theweek.com/article/index/247684/whats-xkeyscore|What's XKEYSCORE?]
 
* [http://www.guardian.co.uk/world/2013/jun/27/nsa-online-metadata-collection|NSA online - metadata collection (The Guardian)]
 
* [http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/|NSA's Internet Taps Can Find Systems to Hack, Track VPNs and Word Docs]
 
 
 
== Y ==
 
 
 
=== YACHTSHOP ===
 
""Short Description"" :Subprogram of [[OAKSTAR]], aka [[US-3247]] (PDDG:PJ)
 
""Category"" : program
 
""Family"" :
 
""Related items"" : [[OAKSTAR]] [[MARINA]]
 
""Status"" :
 
 
 
=== YELLOWPIN ===
 
""Short Description"" : a particular device that includes a [[HOWLERMONKEY]] component
 
""Category"" :
 
""Family"" :
 
""Related items"" : [[HOWLERMONKEY]]
 
""Status"" :
 
""Links"" :
 
* [http://cryptome.org/2014/01/nsa-codenames.ods|NSA's codenames]
 
 
 
== Z ==
 
 
 
=== ZESTYLEAK ===
 
""Short Description"" : a software exploit made by CES for Juniper Netscreen ns5xt, ns50, ns200, ns500, ISG 1000 firewalls       
 
""Category"" : attack vector
 
""Family"" : software
 
""Related items"" : [ [FEEDTROUGH]]
 
""Status"" :
 
""Links"" :
 
* [http://cryptome.org/2014/01/nsa-codenames.ods|NSA's codenames]
 

Revision as of 20:14, 17 April 2014