orig.json

[{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"NEBULA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TYPHON]]","[[CYCLONE]]","[[DRTBOX]]","[[CANDYGRAM]]","[[EBSR]]"],"status":"unknown","tags":["[[phone]]"],"description":"A base station router, for intercepting mobile  telephone calls and data transmissions. Uses the [[TYPHON]] GUI.  Networkable and controllable via 802.3 and 802.11. The document (published on 2007) says the LTE capability is under development.","_id":"fYqQ6PwSdCL2oGzBN"},{"agency":"[[NSA]]","alias":["[[Remote Operation Center]]"],"category":"compartment","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/Office_of_Tailored_Access_Operations"," en.wikipedia.org - TAO "],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ROC","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[TAO]]"],"status":"unknown","tags":[],"description":"NSA [[TAO]] Remote Operation Center [[ROC]] is their  intelligence exploitation centers. It is supposed to be distributed  around the world, with suspected locations such as Dagger Complex,  Griesheim, Darmstadt, Germany, Fort Meade, Maryland. [[TAO]] has also  expanded to NSA Hawaii (Wahiawa, Oahu), NSA Georgia (Fort Gordon,  Georgia), NSA Texas (Medina Annex, San Antonio, Texas), and Buckley Air  Force Base, Denver.","_id":"aCmwBTcgRuDXKWSCr"},{"agency":"undefined","alias":["[[Forsvarets Radioanstalt]]","[[Sweden]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-se-fra-relationship.pdf","crpytome.org - NSA intelligence relationship with Sweden"]],"name":"FRA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"_id":"aybsJvsxiQvZNtpg9"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"GALAXY","relatedItemsParents":[],"relatedItemsChildren":["[[ENTOURAGE]]"],"relatedItems":[],"status":"unknown","tags":[],"description":"Find/fix/finish program of locating signal-emitting devices of targets","_id":"tCg4LSgGxsmwiDKuC"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"ISHTAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators of Japan","_id":"PxLHrMLZcKSqSaAwJ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"MOCCASIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[usb]]"],"description":"a version of [[COTTONMOUTH]] permanently attached to a USB keyboard.","_id":"aSDGnosL9EWxCidWx"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theguardian.com/commentisfree/2013/jun/21/gchq-mastery-internet-mastery-everyone","The Guardian - GCHQ revelations: mastery of the internet will mean mastery of everyone "],["http://www.theguardian.com/uk/2013/jun/21/gchq-mastering-the-internet","The Guardian - Mastering the internet: how GCHQ set out to spy on the world wide web"],["https://en.wikipedia.org/wiki/Mastering_the_Internet","en.wikipedia.org - Mastering_the_Internet"]],"name":"MTI","relatedItemsParents":["[[TEMPORA]]"],"relatedItemsChildren":[],"relatedItems":["[[GTE]]","[[TEMPORA]]","[[IMP]]","[[CCDP]]"],"status":"active","tags":[],"description":"Mass surveillance project led by the [[GCHQ]]. Capable  of vacuuming signals from up to 200 fibre-optic cables at all physical  points of entry into Great Britain","_id":"Qr8HQttQY2RaeCS3d"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/OAKSTAR","en.wikipedia.org - OAKSTAR"],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf","cryptome.org - SSO The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"OAKSTAR","relatedItemsParents":["[[UPSTREAM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"[[OAKSTAR]] is a secret internet surveillance program of  the National Security Agency (NSA) of the United States. It was  disclosed in 2013 as part of the leaks by former NSA contractor Edward  Snowden.","_id":"itfB9of6or29c4KnJ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"OLYMPIA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"_id":"Qw4tkjKvvdcMQ9QzE"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ONIONBREATH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GCHQ]]"],"status":"unknown","tags":["[[tor]]"],"description":"Relates to [[GCHQ]] efforts against Tor hidden services","_id":"7jjLrTsaW9FrXwYfP"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo","Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ"]],"name":"OPTIC NERVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[CAPTIVATEDAUDIENCE]]","[[GCHQ]]"],"status":"inactive","tags":["[[yahoo]]","[[webcam]]"],"description":"OPTIC NERVE was a web interface to display Yahoo! webcam images from a selected target. The program collected an image every 5 minutes. The program had a filter that deleted nudity images. 20% of the collected images were with people showing their private parts to another people. The document says it only collected images on Yahoo!.  In one six-month period in 2008 alone, the agency collected webcam  imagery – including substantial quantities of sexually explicit  communications – from more than 1.8 million Yahoo user accounts  globally.","_id":"XjKh5hw3stYatTMLq"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://leaksource.wordpress.com/2013/11/23/nsa-programs-treasure-map-near-real-time-interactive-map-of-internet-any-device-anywhere-all-the-time-packaged-goods-tracks-traceroutes-accessed-13-servers-in-unwitting-data-centers/","LeakSource  - (NSA Programs) Treasure Map: Near Real-Time Interactive Map of  Internet, Any Device, Anywhere, All the Time; Packaged Goods: Tracks  Traceroutes, Accessed 13 Servers in Unwitting Data Centers"],["http://cryptome.org/2013/11/nsa-treasuremap.htm","Cryptome - NSA Treasuremap"]],"name":"PACKAGEGOODS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TREASUREMAP]]"],"status":"unknown","tags":["[[germany]]","[[polan]]","[[denmark]]","[[south africa]]","[[taiwan]]","[[russia]]","[[china]]","[[singapore]]"],"description":"tracks the “traceroutes” through which data flows  around the Internet. Has access to 13 covered servers in unwitting data  centers around the globe. The data centers are located in (non  exhaustive) Germany, Poland, Denmark, South Africa and Taiwan as well as  Russia, China and Singapore.","_id":"e7F52hGsLS2wGDnbW"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[FISC]]","[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"database","links":[["http://www.nytimes.com/2009/06/17/us/17nsa.html","nytimes.com - E-Mail Surveillance Renews Concerns in Congress"],["https://en.wikipedia.org/wiki/Pinwale","PINWALE en.wikipedia.org"],["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow "],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"PINWALE","relatedItemsParents":["[[SCISSORS]]"],"relatedItemsChildren":[],"relatedItems":["[[SCISSORS]]","[[PRISM]]","[[XKEYSCORE]]","[[TRAFFICCHIEF]]"],"status":"unknown","tags":["[[email]]"],"description":"PINWALE is the code name for an NSA database of  archived foreign and domestic emails it has collected under its SIGINT  efforts. It is searchable by monitored NSA analysts. Its existence was  first revealed by an NSA analyst who was trained to use it during 2005.  However, according to ''Homeland Security Today'', Pinwale has in it  much more than email, it also contains other forms of Internet data, and  other forms of digital communications as well. Its software has  built-in protections against collecting from any of the Five Eyes  members. Unlike its successor [[XKEYSCORE]], targets for PINWALE have to  be approved beforehand by the United States Foreign Intelligence  Surveillance Court ([[FISC]]).","_id":"hCwZX8yeuyqcKvKAu"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"]],"name":"PROTOSS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FIREWALK]]"],"status":"unknown","tags":[],"description":"Possibly a bridge between the airgapped system and the Internet","_id":"Nj4chG3fMP7uCzHmX"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"QFD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Question Filled Dataset","_id":"bAKuvs5ncY3Jem2Mx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"QIM/JMSQ","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[WISTFULTOLL]]"],"status":"unknown","tags":[],"description":"","_id":"xGSr2ehLxx4oX3Q2p"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf"," cryptome.org - NSA QUANTUM tasking techniques"]],"name":"QUANTUMBOT","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"active","tags":["[[irc]]"],"description":"hijack IRC bot","_id":"ajyTHHeWXhvPFbXBb"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum"],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf","cryptome.org - NSA QUANTUM tasking techniques"]],"name":"QUANTUMCOOKIE","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"attack vector","tags":["[[browser]]"],"description":"force cookies onto target browsers","_id":"H4AAQokRAkPcMdCvB"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf","cryptome.org - NSA QUANTUM tasking techniques"],["https://www.schneier.com/blog/archives/2013/11/another_quantum.html "," schneier.com - Another QUANTUMINSERT Attack Example"]],"name":"QUANTUM INSERT","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"attack vector","tags":["[[mitm]]","[[malware]]","[[belgium]]","[[belgacom]]"],"description":"It appears to be a method with which the person being  targeted, without their knowledge, is redirected to websites that then  plant malware on their computers that can then manipulate them. Some of  the employees whose computers were infiltrated had \"good access\" to  important parts of Belgacom's infrastructure, and this seemed to please  the British spies, according to the slides.","_id":"qywjheDfnGC7evcLQ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]"],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de -To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum"],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID] by Bruce Schneier"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf"," cryptome.org - NSA QUANTUM tasking techniques"],["https://www.eff.org/document/20131230-spiegel-qfire"," eff.org - Slides about QUANTUM, QFIRE and TURBULENCE"],["http://www.spiegel.de/fotostrecke/photo-gallery-how-the-nsa-infiltrates-computers-fotostrecke-105339-2.html "," Spiegel - How the nsa infiltrates computers "]],"name":"QUANTUMTHEORY","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]","[[SEASONMOTH]]"],"status":"active","tags":["[[mitm]]"],"description":"Extremely powerful CNE/CND/CNA network effects are enabled by integrating passive and active systems:","_id":"zcfmC5McGSTLvyoAr"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"QUICKANTQFD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"[[GCHQ]] tor analytics/knowledgebase","_id":"EAgbcxnDM6ePh5EM9"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html"," LeMonde.fr - Espionnage de la NSA : la diplomatie française était sur écoute aux Etats-Unis"],["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1"," docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html"," schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"RADON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[ethernet]]"],"description":"Bi-directional host tap that can inject Ethernet  packets onto the same targets. Allows bi-directional exploitation of  Denies networks using standard on-net tools.","_id":"hD3CFzPgXntB2vpLg"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TS]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html "," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf "," cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"RAGEMASTER","relatedItemsParents":["[[TAWDRYYARD]]"],"relatedItemsChildren":[],"relatedItems":["[[NIGHTWATCH]]","[[GOTHAM]]","[[VIEWPLATE]]"],"status":"unknown","tags":["[[rf]]","[[video]]"],"description":"provides a target for RF flooding and allows for easier  collection of the [[VAGRANT]] video signal. The current RAGEMASTER unit  taps the red video line on the VGA cable. It was found that,  empirically, this provides the best video return and cleanest readout of  the monitor contents. When the RAGEMASTER is illuminated by a radar  unit, the illuminating signal is modulated with the red video  information. This information is re-radiated, where it is picked up at  the radar, demodulated, and passed onto the processing unit, such as a  [[LFS-2]] and an external monitor.","_id":"kWypCKphgFSaMWWSe"},{"agency":"[[NSA]]","alias":["[[RT]]"],"category":"program","compartments":[],"family":"collect","links":[["http://apps.washingtonpost.com/g/page/national/nsa-report-on-privacy-violations-in-the-first-quarter-of-2012/395/"," apps.washingtonpost.com - NSA report on privacy violations in the first quarter of 2012"],["http://www.washingtonian.com/blogs/dead_drop/surveillance-state/ragtime-codename-of-nsas-secret-domestic-intelligence-program-revealed-in-new-book.php"," washingtonian.com - Ragtime: Code name of NSA - Secret Domestic Intelligence Program"]],"name":"RAGTIME","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"RAGTIME is the code name of four secret surveillance  programs conducted by the NSA. These special programs are conducted  under the code name RAGTIME (also abbreviated as RT), and are divided  into several subcomponents (RAGTIME-A, RAGTIME-B, RAGTIME-C, and  RAGTIME-P). It's said that about 50 companies have provided data to this  domestic collection program.","_id":"nCw9Jkkr7FFz9WuCE"},{"agency":"undefined","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"REMATION-II","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"Joint NSA/GCHQ anti-Tor Workshop ca 2012","_id":"nngBypmpLQk5L97bM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"RONIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"Database of tor events","_id":"3CTrPmu6T2EoHSt5y"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SERUM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]"],"status":"unknown","tags":[],"description":"Spotted on [[IRATEMONK]] diagram","_id":"L3hC5jdxZztraRTBt"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SHARKFIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Sweeps up all-source communications intelligence at high speed and volumes, renamed [[RC-10]]","_id":"Ai8cbmxhgRnaR4sTS"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"target","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SKYWRITER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"Z2SQaCN7QsMDP357b"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SLICKERVICAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]"],"status":"unknown","tags":["[[malware]]"],"description":"A tool known to be used somewhere in the process of uploading malicious HD firmware","_id":"vchY2Md4gek7WuMSr"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"SMOKEYSINK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"b2jbiiT2JBfr7FbkJ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"SNICK","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]","[[geolocation]]","[[oman]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Oman","_id":"RRp4CbsFnL2LeFagc"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SOLIS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT On-Line Information System","_id":"5no8M7wD2iigK6SDD"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/","Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas"],["http://www.numerama.com/magazine/29421-informer-peut-il-tuer-wikileaks-prendra-le-risque-d-ici-mercredi.html","Informer peut-il tuer ? Wikileaks prendra le risque d'ici mercredi"],["http://www.numerama.com/magazine/29473-nsa-wikileaks-revele-le-nom-du-pays-dont-tous-les-appels-ont-ete-captes.html","NSA : Wikileaks révèle le nom du pays dont tous les appels ont été captés"]],"name":"SOMALGET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[bahamas]]","[[mexico]]","[[philippines]]","[[kenya]]","[[afghanistan]]"],"description":"The [[NSA appears to have used access legally obtained in cooperation with the  U.S. Drug Enforcement Administration to open a backdoor to the country’s  cellular telephone network, enabling it to covertly record and store  the “full-take audio” of every mobile call made to, from and within the  Bahamas and several other countries, including Mexico, the Philippines, Kenya and Afghanistan. [[MYSTIC]] provides the access, the metadata and the voice; SOMALGET provides the massive amounts of  storage needed to archive all those calls so that analysts can listen to  them at will after the fact.","_id":"RZXoDw8EwSbHnPtS8"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"SPRINGBISHOP","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[facebook]]","[[akamai]]","[[mitm]]","[[gothfather]]","[[jtrig]]"],"description":"This program collect images and profiles from [[facebook]] via a [[mitm]] between client and cdn servers. spotted on the Glenn Greenwald's No Place To Hide document.","_id":"EYPG26XzLscX8r5F5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SSG","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[WISTFULTOLL]]"],"status":"unknown","tags":[],"description":"Spotted on [[IRATEMONK]], [[WISTFULTOLL]] diagrams","_id":"2aq9JpPtMrDovW685"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"SULPHUR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]"],"status":"active","tags":["[[south korea]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"ufXqiZysAnkdFNADh"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SURPLUSHANGAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"ZGso9D7EeJXjGJWe2"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf"," cryptome.org - NSA's catalog"]],"name":"SUTURESAILOR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOWLERMONKEY]]"],"status":"unknown","tags":[],"description":"A particular device that includes a [[HOWLERMONKEY]] component","_id":"5sJ4r6xgosfYBe5ud"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TARGETPROFILER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUMNATION]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":[],"description":"A tool that lists which targets are vulnerable to exploits, and which.","_id":"rEMyJzkG5782CiMtw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"TARMAC","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"6tSgcHr8Mrf99BfBb"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"THESPIS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"c62AMPgkYNmHpujDA"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"TICKETWINDOW","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SPRINGRAY]]","[[ORANGECRUSH]]","[[BUFFALOGREEN]]","[[ORANGEBLOSSOM]]","[[OAKSTAR]]"],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"SrzfFg8Acg9GXiCQn"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TLN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Twisty Lobby Number. (not really well explained in doc)","_id":"z8phAK3ueLhHeuuf9"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"database","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"TOYGRIPPE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[METROTUBE]]"],"status":"unknown","tags":"","description":"spotted on [[TURBINE]]'s document about \"APEX VPN exploitation\".","_id":"ABrDjnN7Af7mkqk4L"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"TORUS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"E4xLtXNsv6RAuMeSQ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"TRINITY","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[MAESTRO II]]","[[FIREWALK]]","[[TAO]]"],"status":"unknown","tags":[],"description":"A microcomputer, designed to be part of a bug. Specs:  100Mhz ARM 9 Microcontroller, 4MB flash, 96MB SDRAM. Smaller than a  penny. Known to be a component of [[COTTONMOUTH-I]],  [[COTTONMOUTH-III]], [[FIREWALK]] and [[TAO]]","_id":"RCzCE777ftLQi4ZaG"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TUMULT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TURBULANCE]]","[[QUANTUM]]"],"status":"unknown","tags":[],"description":"associated with [[TURBULANCE]]. Somehow involved with [[QUANTUMTHEORY]]. Not precicely clear.","_id":"NR9SrH9oor9veNvtR"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TURBOPANDA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HALLUXWATER]]","[[HEADWATER]]"],"status":"unknown","tags":["[[router]]","[[huawei]]"],"description":"Cover term for joint CIA/NSA project to exploit Huawei network Huawei equipment","_id":"PD93tjbMJWvMg36Hi"},{"agency":"[[NSA]]","alias":["[[TIT]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TURBOPANDA Insertion Tool","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[router]]","[[huawei]]"],"description":"TURBOPANDA Insertion Tool (PIT) is a command and control system for exploited Huawei firewalls","_id":"e36xrPJ6ibThHTNCP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.eff.org/document/20131230-spiegel-qfire","eff.org - Slides about QUANTUM, QFIRE and TURBULENCE"]],"name":"TUTELAGE","relatedItemsParents":["[[TURBULENCE]]"],"relatedItemsChildren":[],"relatedItems":["[[TURBULENCE]]"],"status":"certainly active","tags":["[[nids]]"],"description":"Part of the [[TURBULENCE]] program. NSA's own defense system against hacking.","_id":"jrrw9rEHkpzn9xPC8"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.schneier.com/blog/archives/2014/01/tawdryyard_nsa.html|schneier.com - tawdryyard_nsa.html","https://www.schneier.com/blog/archives/2014/01/tawdryyard_nsa.html|schneier.com - tawdryyard_nsa.html"]],"name":"TWDRYYARD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TAWDRYYARD]]"],"status":"unknown","tags":[],"description":"Relationship with [[TAWDRYYARD]] explained by Bruce Schneier on his blog.","_id":"ewWkXQZRFenX5YAqm"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TWISTEDKILT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SWAP]]"],"status":"unknown","tags":["[[malware]]","[[hard drive]]"],"description":"a hard drive firmware updating program used to install malicious firmware of a victim hard drive","_id":"NAt6L2xALiS7THojo"},{"agency":"CSE","alias":["[[CSE]]"],"category":"five eyes","compartments":[],"family":"agence","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"UNIFORM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ALPHA]]","[[ECHO]]","[[INDIA]]","[[OSCAR]]"],"status":"active","tags":[],"description":"Exchange designator for Canada’s Communications Security Establishment (CSE).","_id":"f2E83dyw24KJhndat"},{"agency":"[[NSA]] [[CIA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["https://www.aclu.org/sites/default/files/assets/intercept-drones.pdf","Intercept drones"]],"name":"VICTORYDANCE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"inactive","tags":["[[wifi]]","[[yemen]]"],"description":"The VICTORYDANCE mission was a joint interagency effort between CIA and NSA. The mission lasted 6 months (during which 43 flights were flown) and mapped the Wi-Fi fingerprint of nearly every major town in Yemen","_id":"MWKK3mRYBrQkhuQbf"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"WAGONBED","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[CROSSBEAM]]","[[IRONCHEF]]","[[FLUXBABBIT]]","[[GODSURGE]]"],"status":"unknown","tags":["[[gsm]]"],"description":"a malicious hardware device that provides covert 2-way  RF communications on the I2C channel of HP Proliant 380DL G5 servers.  [[WAGONBED]] 2 can be mated with a Motorola G20 GSM module to form  [[CROSSBEAM]].","_id":"f63LovdmccH8AsfWv"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"WESTPORT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIFESAVER]]"],"status":"active","tags":["[[venezuela]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"nPGSCrrnCeQw6QX4R"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"WILLOWVIXEN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[email]]","[[backdoor]]"],"_id":"TPvrjBd7HioHXQWMG"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-se-fra-xkeyscore.pdf","USA - Sweden about Intelligences"]],"name":"WINTERLIGHT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[XKEYSCORE]]","[[TAO]]"],"status":"unknown","tags":["[[usa]]","[[sweden]]"],"description":"spotted on this document (see links) between USA and Sweden (FRA).","_id":"NRGKm7Yjd2yYJECMn"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"WRANGLER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Electronic intelligence intercept raw database","_id":"HjHZhqYwL2hsgXQJP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR"]],"name":"YACHTSHOP","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[MARINA]]","[[UPSTREAM]]"],"status":"unknown","tags":["[[dni]]"],"description":"Subprogram of [[OAKSTAR]] targeting Worldwide DNI  Metadata, Access through [[BLUEANCHOR]] partner, contributor to  [[MARINA]].","_id":"zhGYCCMK5EHT7JDk3"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ZESTYLEAK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FEEDTROUGH]]"],"status":"unknown","tags":["[[router]]","[[juniper]]"],"description":"a software exploit made by CES for Juniper Netscreen ns5xt, ns50, ns200, ns500, ISG 1000 firewalls","_id":"W8uECSEm6JwPCuqGv"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"A-PLUS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"BzbDEgHhAwZHfQdmd"},{"agency":"[[GCHQ]]","alias":["[[GCHQ]]"],"category":"five eyes","compartments":[],"family":"agence","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"ALPHA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ECHO]]","[[INDIA]]","[[OSCAR]]","[[UNIFORM]]"],"status":"active","tags":[],"description":"Exchange designator for UK's Government Communications Headquarters ([[GCHQ]]). Used during sharing of intercepted civilian communications.","_id":"HxQTHLqFfwBcF4dKh"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm","cryptome.org - NSA X-Keyscore Member of Cyberespionage Family"]],"name":"AGILEVIEW","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"NdfPkgZpZuEJ6qMja"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"],["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm","cryptome.org - NSA X-Keyscore Member of Cyberespionage Family"]],"name":"AGILITY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[OCEANARIUM]]","[[PINWALE]]","[[NUCLEON]]"],"status":"unknown","tags":["[[phone]]","[[gsm]]","[[voip]]"],"description":"stores intercepted voice communications","_id":"gtLo2WAh62sTmfnwo"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm","cryptome.org - NSA X-Keyscore Member of Cyberespionage Family"]],"name":"AIGHANDLER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[geolocation]]"],"description":"Geolocation analysis","_id":"m6eXr7Rq3agCHQP8G"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm","cryptome.org - NSA X-Keyscore Member of Cyberespionage Family"]],"name":"AIRGAP/COZEN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"fnvxQ4KLaFrfksq7u"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"ALAMITO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIFESAVER]]"],"status":"active","tags":["[[mexico]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"rGdeaKPDLjWb383dE"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ALTEREGOQFD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]"],"status":"unknown","tags":[],"description":"A “Question filled Dataset”","_id":"64paScqEjiisf6oKT"},{"agency":"[[NSA]] [[GCHQ]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"AMBASSADORS RECEPTION","relatedItemsParents":["[[JTIR]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document. Encrypt itself, delete all emails, encrypt all files, make screen shake, no more log on. Conduct a denial of service attack on the victim computer.","_id":"BTz8rkwDZB55mkEYo"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - PROJECT BULLRUN "]],"name":"AMBULANT","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"pjHuvZvPN9x5gcvLn"},{"agency":"[[NSA]]","alias":["[[ANCH]]"],"category":"program","compartments":[],"family":"database","links":[["https://muckrock.s3.amazonaws.com/foia_files/7-17-13_MR6022RES.pdf"," www.muckrock.com -7-17-13_MR6022RES.pdf"],["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"],["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"ANCHORY","relatedItemsParents":["[[MAUI]]"],"relatedItemsChildren":["[[BELLTOPPER]]","[[SOLIS]]"],"relatedItems":["[[MAUI]]","[[OCEANARIUM]]"],"status":"unknown","tags":[],"description":"NSA software system which provides web access to textual intelligence documents / Main repository of finished NSA SIGINT reports going back three years from agencies like [[NSA]], [[CIA]], [[DIA]], State and Foreign Broadcast Information Systems like [[Reuters]] News Service, Cryptologic Intelligence Reports.","_id":"b8famvqALDrpCFrxD"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html","spiegel.de - Inside TAO: Documents Reveal Top NSA Hacking Unit"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ANGRYNEIGHBOR","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":["[[CTX4000]]","[[CW]]","[[LOUDAUTO]]","[[PHOTOANGLO]]","[[SURLYSPAWN]]","[[TAWDRYYARD]]","[[NIGHTWATCH]]","[[VIEWPLATE]]"],"relatedItems":["[[CW]]","[[SURLYSPAWN]]","[[RAGEMASTER]]","[[DROPMIRE]]","[[LOUDAUTO]]"],"status":"active","tags":[],"description":"A family of bugs implemented as RF retro reflectors. These communicate with the use of an external radar wave generator such as [[CTX4000]] or [[PHOTOANGLO]]. The signals are then processed by a system such as [[VIEWPLATE]], (for the [[VAGRANT]] video signal). Known implementations: [[LOUDAUTO]] (ambient audio). [[DROPMIRE]] (printer/fax), [[RAGEMASTER]] (video), [[SURLYSPAWN]] (keyboard/mouse).","_id":"8pLrP9giEfysc4YjL"},{"agency":"[[NSA]]","alias":["[[ANTO LP PROTOSS GUI]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ANTOLPPROTOSSGUI","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PROTOSS]]","[[ANTO]]"],"status":"unknown","tags":[],"description":"ANTO LP PROTOSS GUI was spotted on [[IRONCHEF]] diagram.","_id":"fQHCjuB3yZRYPJRvx"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian"]],"name":"APERIODIC","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"xfheiiNcAFmiramrY"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"AQUADOR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Merchant ship tracking tool","_id":"sPemYkmmcrvjPBF3i"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"ARCA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"aCdw4RxMWTk3pB5TD"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ARKSTREAM","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[DEITYBOUNCE]]","[[SWAP]]"],"status":"unknown","tags":["[[bios]]"],"description":"malicious BIOS flashing program, known to be associated with [[DEITYBOUNCE]] and [[SWAP]].","_id":"XH5SrunFtm2TbxqZq"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ARTEMIS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ENTOURAGE]]"],"status":"unknown","tags":[],"description":"An undetermined program for Geospatial analysis","_id":"fhJAvqgNyKXya8b72"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[NOFORN]]"],"family":"collect","links":[["http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html","washingtonpost.com - NSA tracking cellphone locations worldwide, Snowden documents show"],["http://electrospaces.blogspot.fr/2014/01/slides-about-nsas-upstream-collection.html","electrospaces.blogspot.fr - Slides about NSA's Upstream collection"],["https://www.documentcloud.org/documents/813849-sso2.html#document/p1"," www.documentcloud.org - FAA reports by provider"]],"name":"ARTIFICE","relatedItemsParents":["[[STORMBREW]]"],"relatedItemsChildren":[],"relatedItems":["[[WOLFPOINT]]","[[STORMBREW]]"],"status":"active","tags":[],"description":"A [[SIGAD]] (SIGINT Activity Designator) known as [[STORMBREW]], for example, relies on two unnamed corporate partners described only as [[ARTIFICE]] and [[WOLFPOINT]]. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”","_id":"AkdHx9R7NBag3Lbbb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"ASPHALT","relatedItemsParents":["[[TARMAC]]"],"relatedItemsChildren":[],"relatedItems":["[[TARMAC]]"],"status":"unknown","tags":[],"description":"Proof-of-concept system based on collecting everything. Mentionned on [[TARMAC]] slide-show presentation and Glenn Greenwald's No Place To Hide document..","_id":"qrso57vCbK3o64WFi"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"ASSOCIATION","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Tactical SIGINT social network database","_id":"yieS4zvhvAcN4GKgb"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - nsa-bullrun-2-16-guardian-13-0905.pdf"]],"name":"AUNTIE","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"oKtJQNZbAJzq3hYdk"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm","cryptome.org -NSA X-Keyscore Member of Cyberespionage Family"]],"name":"AUTOSOURCE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"kJ6P8QqSMbYgSkYHY"},{"agency":"[[NSA]]","alias":["[[BOD]]"],"category":"compartment","compartments":[],"family":"ECI","links":[["http://www.spiegel.de/fotostrecke/nsa-dokumente-die-abteilung-tao-der-nsa-fotostrecke-105355-14.html","Der Spiegel - Geheimdokumente: Die Spezialabteilung [[TAO]] der NSA stellt sich vor"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"BACONRIDGE","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[TAO]]"],"status":"unknown","tags":[],"description":"Installation of [[TAO]] in St. Antonio, TX. 270 personnel, 210 workstations.","_id":"oemt4FBnHqiqk3NFE"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"BANANAGLEE","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[TAO]]","[[JETPLOW]]","[[SOUFFLETROUGH]]","[[FEEDTROUGH]]","[[GOURMETTROUGH]]"],"status":"unknown","tags":["[[cisco]]","[[router]]","[[juniper]]"],"description":"A software exploit made by Digital Network Technologies ([[DNT]]) for Juniper Netscreen ns5xt, ns50, ns200, ns500, ISG 1000, ssg140, ssg5, ssg20, SSG 320M, SSG 350M, SSG 520, SSG 550, SSG 520M, SSG 550M firewalls. Also works on Cisco PIX 500 series and ASA 5505, 5510, 5520, 5540, and 5550 series firewalls. Used for exfiltrating data from target networks.","_id":"LQPxRQajbHz6jqAqb"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"BANISTER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIVESAVER]]"],"status":"active","tags":["[[colombia]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"WpAbMxAPSh7ahKKJM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"BANYAN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"NSA tactical geospatial correlation database","_id":"XvoXaKp5LMpXvpRQ2"},{"agency":"[[NSA]]","alias":["[[BEACH HEAD]]"],"category":"attack vector","compartments":[],"family":"network","links":[["https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html","schneier.com - The NSA's New Risk Analysis"]],"name":"BEACHHEAD","relatedItemsParents":["[[FERRETCANNON]]"],"relatedItemsChildren":[],"relatedItems":["[[FERRETCANNON]]","[[FOXACID]]"],"status":"unknown","tags":[],"description":"Computer exploit delivered by the [[FERRETCANNON]] system.","_id":"u3YZtfpcHurbC7GSQ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["https://muckrock.s3.amazonaws.com/foia_files/7-17-13_MR6022RES.pdf","muckrock.com - 7-17-13_MR6022RES.pdf"]],"name":"BELLTOPPER","relatedItemsParents":["[[ANCHORY]]"],"relatedItemsChildren":[],"relatedItems":["[[SOLIS]]"],"status":"unknown","tags":[],"description":"NSA software system like [[ANCHORY]] but without dividing data into database groups. [[BELLTOPPER]] place data into one database.","_id":"jbZbAfajsi38NoAbw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["https://www.fas.org/irp/program/disseminate/binocular.htm","fas.org - BINOCULAR "]],"name":"BINOCULAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[cw]]"],"description":"[[BINOCULAR]] is an integrated NSA signals intelligence source data broadcast service system, integrating nine separate Ultra High Frequency (UHF) transmissions, transmitted through the Global Broadcast System satellite network.","_id":"Gv7JsEpCYS8kZSuhZ"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":["[[TOP SECRET]]"],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","theguardian.com - New NSA leaks show how US is bugging its European allies"],["http://www.bbc.co.uk/news/world-europe-24628947"," http://www.bbc.co.uk - US National Security Agency 'spied on French diplomats"],["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"]],"name":"BLACKFOOT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[VAGRANT]]","[[GENIE]]","[[DROPMIRE]]","[[WABASH]]","[[PBX]]"],"status":"active","tags":["[[france]]"],"description":"coverterm to the bugging of French mission to the United Nations in New York","_id":"5gWzXJAjoX6sT8fmi"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","www.schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"BLACKHEART","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"","tags":[],"description":"collection from FBI implant.","_id":"Hzpw2uQd3kFm38NLo"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://secure.huffingtonpost.com/zachary-graves/the-nsas-war-against-encr_b_3901328.html"," secure.huffingtonpost.com"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"BLACKPEARL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[dni]]","[[gsm]]","[[crypto]]"],"description":"This program was mentioned in context of Petrobras - the largest oil company of Brazil - story. BLACKPEARL extracts data from private networks.","_id":"CvqksaM9SRNmCdPsZ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[FISA]]","[[TOP SECRET]]","[[COMINT]]","[[NOFORN]]","[[FOUO]]"],"family":"collect","links":[["https://en.wikipedia.org/wiki/Blarney_%28code_name%29","en.wikipedia.org - Blarney"],["http://online.wsj.com/article/SB10001424127887324108204579022874091732470.html","wsj.com - New Details Show Broader NSA Surveillance Reach"],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf|","SSO - The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"BLARNEY","relatedItemsParents":["[[UPSTREAM]]"],"relatedItemsChildren":[],"relatedItems":["[[UPSTREAM]]","[[XKEYSCORE]]"],"status":"unknown","tags":[],"description":"BLARNEY is a communications surveillance program, started in 1978 and operated under FISA. The collection takes place at top-level telecommunications facilities within the United States, choke points through which most traffic will flow, including wireless. This type of surveillance is referred to as \"[[UPSTREAM]] collection\". Among the facilities associated with BLARNEY are AT&T's Room 641A in San Francisco, California, revealed in 2006 by Mark Klein, and another in New Jersey. Like its counterparts, BLARNEY was expanded after the September 11 attacks. Information collected from BLARNEY is shared with many agencies in the United States, including the CIA, NSA, FBI and DOJ, it is also shared with the Five Eyes and NATO. A number of private companies also have access.Key Targets are : Diplomatic establishment, counterterrorism, Foreign Government, Economic","_id":"ELDzG6yHkBi8goZiJ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"BLINDDATE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[STRAITBIZARRE]]","[[QUANTUM]]","[[QFIRE]]","[[TAO]]"],"status":"unknown","tags":[],"description":"Software included on [[SPARROW-II]] mini computers. Also seen in another context on [[QFIRE]] slide as part of a “[[TAO]] covert network.”.","_id":"hXCjiLAubYvNcshM5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR","en.wikipedia.org - OAKSTAR"]],"name":"BLUEANCHOR","relatedItemsParents":["[[YACHTSHOP]]"],"relatedItemsChildren":[],"relatedItems":["[[YACHTSHOP]]","[[UPSTREAM]]"],"status":"unknown","tags":[],"description":"Partner providing a network access point for the [[YACHTSHOP]] program.","_id":"w37ESNLwmL3fDH4f6"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR"]],"name":"BLUEZEPHYR","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]"],"status":"unknown","tags":[],"description":"subprogram of [[OAKSTAR]].","_id":"dMszgwJvrgYqMpSSb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[NOFORN]]","[[FOUO]]","[[FISA]]"],"family":"process","links":[["https://en.wikipedia.org/wiki/Boundless_Informant","en.wikipedia.org - Boundless Informant"],["http://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining","The Guardian - Boundless Informant: the NSA's secret tool to track global surveillance data"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"BOUNDLESSINFORMANT","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":["[[FASCIA]]"],"relatedItems":["[[PRISM]]","[[FASCIA]]"],"status":"active","tags":["[[dni]]","[[dnr]]","[[phone]]"],"description":"BOUNDLESSINFORMANT is a big data analysis and data visualization system used by the NSA to give managers summaries of the NSA's world wide data collection activities. According to a Top Secret heat map display also published by The Guardian and produced by the Boundless Informant program, almost 3 billion data elements from inside the United States were captured by the NSA over a 30-day period ending in March 2013.Data analyzed by BOUNDLESSINFORMANT includes electronic surveillance program records ([[dni]]) and telephone call metadata records ([[dnr]]) stored in an NSA data archive called [[GM-PLACE]]. It does not include FISA data, according to the FAQ memo. [[PRISM]] ([[US-984XN]]), which was revealed at the same time as BOUNDLESSINFORMANT, is one source of DNR data. According to the map, BOUNDLESSINFORMANT summarizes data records from 504 separate [[dnr]] and [[dnr]] collection sources (SIGADs). In the map, countries that are under surveillance are assigned a color from green, representing least coverage to red, most intensive.","_id":"2SHYTcgWzWtJqDKZu"},{"agency":"[[NSA]]","alias":["[[HEMLOCK]]"],"category":"mission","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","TheGuardian - New NSA leaks show how US is bugging its European allies"]],"name":"BRUNEAU","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GENIE]]","[[DROPMIRE]]","[[LIFESAVER]]","[[HEMLOCK]]"],"status":"unknown","tags":["[[italy]]"],"description":"Name of an operation to bug the italian UN mission, introducing spywares in foreign embassies.","_id":"qJ93r7DKp4ukZ3xAG"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"BSR","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[CANDYGRAM]]","[[LANDSHARK]]"],"status":"unknown","tags":["[[gsm]]","[[phone]]"],"description":"Base Station Router, use for intercepting GSM cell phone signals. Ships with laptop and accessories, networkable with other units via 802.11. Supports [[CANDYGRAM]] and [[LANDSHARK]] capabilities.","_id":"SAuTQj8QHpab5n5JE"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"BUFFALOGREEN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"xDshRHxFDbsYwdEFC"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["[http://www.theregister.co.uk/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/?page=2","TheRegistry"]],"name":"BULLDOZER","relatedItemsParents":["[[INTERDICTION]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[pci]]"],"description":"PCI bus malicious hardware, installed via [[INTERDICTION]], possibly connected to a Wi-Fi card or a subverted router and collect metadata and content from targeted systems.","_id":"XGZthqjNPXDvLCF5r"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"process","links":[["http://cryptome.org/2013/09/nsa-bullrun-brief-propublica-13-0905.pdf","cryptome.org - BULLRUN's briefing sheet"],["https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29","en.wikipedia.org - Bullrun (decryption program)"],["http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0","New York Times: Secret Documents Reveal N.S.A. Campaign Against Encryption"],["http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide","The Guardian : Project Bullrun – classification guide to the NSA's decryption program"],["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org - guardian"]],"name":"BULLRUN","relatedItemsParents":[],"relatedItemsChildren":["[[APERIODIC]]","[[AMBULANT]]","[[AUNTIE]]","[[PAINTEDEAGLE]]","[[PAWLEYS]]","[[PITCHFORD]]","[[PENDLETON]]","[[PICARESQUE]]","[[PIEDMONT]]"],"relatedItems":["[[APERIODIC]]","[[AMBULANT]]","[[AUNTIE]]","[[PAINTEDEAGLE]]","[[PAWLEYS]]","[[PITCHFORD]]","[[PENDLETON]]","[[PICARESQUE]]","[[PIEDMONT]]"],"status":"unknown","tags":[],"description":"BULLRUN is a clandestine, highly classified decryption program run by the NSA. The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed [[EDGEHILL]]. Access to the program is limited to a group of top personnel at the Five Eyes (FVEY), NSA and the signals intelligence agencies of Britain, Canada, Australia, and New Zealand. Signals that cannot be decrypted with current technology may be retained indefinitely while the agencies continue to attempt to decrypt them: \"Documents show that the N.S.A. has been waging a war against encryption using a battery of methods that include working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break.\" (The New York Times)","_id":"Nb7YBwBSzbHFxSb3n"},{"agency":"[[NSA]] [[NAVSECGRU]]","alias":["[[FLAGHOIST]]"],"category":"program","compartments":[],"family":"collect","links":[["http://www.fas.org/irp/program/collect/classic_bullseye.htm "," fas.org - AN/FRD-10 CLASSIC BULLSEYE"]],"name":"BULLSEYE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[radio]]"],"description":"\"The Naval Security Group worldwide CLASSIC BULLSEYE (now [[FLAGHOIST]]) network is part of the DOD Worldwide High Frequency Direction Finding System for strategic intelligence collection and emitter location. High-Frequency Direction-Finding intercepts and locates voice and message traffic transmitted on short-wave channels.\"","_id":"mQaM8pvgvbDqKqQJA"},{"agency":"[[NSA]]","alias":["[[BA]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"]],"name":"BYZANTINEANCHOR","relatedItemsParents":["[[BYZANTINEHADES]]"],"relatedItemsChildren":[],"relatedItems":["[[BYZANTINECANDOR]]"],"status":"unknown","tags":["[[china]]"],"description":"BA, a subset of [[BYZANTINEHADES]], refers to a group of associated computer network intrusions with an apparent nexus to China.je n  (Source : Cablegate)","_id":"584nbwLLGhGBd8gLG"},{"agency":"[[NSA]]","alias":["[[BC]]","[[email]]"],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"],["http://www.theguardian.com/world/2010/dec/04/wikileaks-cables-china-cyber-warfare "," theguardian.com - WikiLeaks cables reveal fears over Chinese cyber warfare"]],"name":"BYZANTINECANDOR","relatedItemsParents":["[[BYZANTINEHADES]]"],"relatedItemsChildren":[],"relatedItems":["[[BYZANTINEHADES]]","[[BYZANTINEANCHOR]]"],"status":"unknown","tags":["[[china]]"],"description":"Refers to a certain class of hacking by Chinese actors. BYZANTINECANDOR is a subset of [[BYZANTINEHADES]] relating to intrusion, including by means of social engineering involving delivering malicious payloads by email. (Source : Cablegate)","_id":"ZkwMKEudbYtPtbGka"},{"agency":"[[NSA]]","alias":["[[BH]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"]],"name":"BYZANTINEHADES","relatedItemsParents":[],"relatedItemsChildren":["[[BYZANTINEANCHOR]]","[[BYZANTINECANDOR]]"],"relatedItems":["[[BYZANTINECANDOR]]"],"status":"unknown","tags":["[[china]]"],"description":"“a cover term for a series of related computer network intrusions with a believed nexus to China, has affected U.S. and foreign governments as well as cleared defense contractors since at least 2003” Believed to be Chinese state-sponsored (the PLA in particular). Though the evidence is tenuous. (ca 2009). In general, victims of Chinese-affiliated hacking are legitimate businesses, including defense contractors. They have been successful in exfiltrating large volumes of confidential emails and other sensitive documents. (Source : Cablegate)","_id":"7K544cRQZtyfBPfwY"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"CADENCE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PRISM]]","[[GAMUT]]"],"status":"unknown","tags":[],"description":"Collection mission system for tasking","_id":"rvtbhpixnXhsmuvk3"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/2"," digitaltrends.com - TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too "],["http://securityledger.com/wp-content/uploads/2013/12/nsa-ant-candygram.jpg ","  securityledger.com - nsa-ant-candygram.jpg "]],"name":"CANDYGRAM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[DRTBOX]]","[[STINGRAY]]","[[NEBULA]]","[[CYCLONE]]","[[TYPHON]]"],"status":"unknown","tags":["[[gsm]]","[[sms]]","[[windows]]","[[os]]","[[gsm]]","[[phone]]"],"description":"Mimics GSM cell tower. The program works with a Windows XP laptop and a cell phone, that communicate with the unit via SMS messages. CANDYGRAM can target 200 phone numbers simultaneously.","_id":"vkMi3QpQJGBbCuBoG"},{"agency":"US Army","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://books.google.fr/books?id=SPcHq8wftrsC&pg=SA5-PA12&dq=%22CANNON+LIGHT%22+us+army&hl=en&sa=X&ei=VF3xUpmCEMmg0QXD14HQBA&redir_esc=y#v=onepage&q=%22CANNON%20LIGHT%22%20us%20army&f=false","books.google.fr - \"CANNON LIGHT\" us army"]],"name":"CANNONLIGHT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"US Army Counter Intelligence Database","_id":"X8jgwmdDXcTipsj3m"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"CARBOY","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":["[[JACKKNIFE]]","[[TIMBERLINE]]","[[CORALINE]]","[[SCS]]","[[MOONPENNY]]","[[GARLICK]]","[[LADYLOVE]]","[[SOUNDER]]","[[LEMONWOOD]]","[[SHOALBAY]]","[[SNICK]]","[[STELLAR]]","[[SCALPEL]]","[[IRONSAND]]"],"status":"active","tags":["[[phone]]","[[uk]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Bude (UK)","_id":"LZK2B59fE4YALs6Sp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[],"name":"CASPORT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"access identification tool used to control product dissemination","_id":"EjNmAqo9GSgu7rcWP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"CAPTIVATEDAUDIENCE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":[],"_id":"boSphXpm9kBF4mrQH"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/Communications_Capabilities_Development_Programme","Wikipedia - Communications Capabilities Development Programme"],["http://www.telegraph.co.uk/technology/internet/9090617/Phone-and-email-records-to-be-stored-in-new-spy-plan.html","The Telegraph - Phone and email records to be stored in new spy plan"]],"name":"CCDP","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IMP]]","[[TEMPORA]]","[[MTI]]","[[GTE]]"],"status":"unknown","tags":["[[facebook]]","[[twitter]]","[[email]]","[[phone]]","[[uk]]"],"description":"[[GCHQ]] Communications Capabilities Development Program. Formerly known as Interception Modernisation Programme (IMP). initiative to create a ubiquitous mass surveillance scheme for the United Kingdom. It would involve the logging of every telephone call, email and text message between every inhabitant of the UK and communications within social networking platforms such as Twitter and Facebook.","_id":"SYRZWNu7xQyMoSWaC"},{"agency":"[[NSA]]","alias":["[[CDR Diode]]"],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.youtube.com/watch?v=R8QFPf2RMCQ","LeakSourceNews - Jacob Appelbaum: NSA's FoxAcid/Quantum Programs at the european parliament - 10/15/2013"]],"name":"CDRDIODE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[WISTFULTOLL]]","[[STRAITBIZARRE]]","[[SEAGULLFARO]]","[[UNITEDRAKE]]"],"status":"unknown","tags":[],"description":"It is the name for a protecting device that enables the intercepted data to flow to NSA without enabling an attacker to use the same way to compromise NSA or travel further toward identification. The tentative explanation is that when some data come from the low side (insecure) toward the high side (secure) of the NSA infrastructure so that it can be read by analaysts at the NSA Remote Operation Center ([[ROC]]), then it needs to go through that CDRDIODE.","_id":"fymoxsMGmiHHEEtkj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html","washingtonpost.com- NSA tracking cellphone locations worldwide, Snowden documents show"],["http://www.wikileaks-forum.com/nsa/332/snowden-leak-chalkfun-fascia-and-nsa-targeted-device-location-verification/25826/","wikileaks-forum.com - CHALKFUN and FASCIA Documents- Snowden Leak: CHALKFUN - FASCIA and NSA Targeted Device Location Verification"],["http://apps.washingtonpost.com/g/page/national/nsa-report-on-privacy-violations-in-the-first-quarter-of-2012/395/","apps.washingtonpost.com - NSA report on privacy violations in the first quarter of 2012"]],"name":"CHALKFUN","relatedItemsParents":["[[FASCIA]]"],"relatedItemsChildren":[],"relatedItems":["[[FASCIA]]"],"status":"unknown","tags":[],"description":"Analytic tool, used to search the [[FASCIA]] database","_id":"Dg9ezszRmr3bx4kXt"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.linkedin.com/in/mastersontech "," linkedin.com - John Masterson, CDR, CSSRSr. DoD/Intel Recruiter at Independent Contractor "]],"name":"CHASEFALCON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Major program of the Global Access Operations (GAO)","_id":"86SpiGm7g2NPaRzZy"},{"agency":"[[NSA]]","alias":["[[NORMALRUN]]","[[FALLENORACLE]]"],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm "," cryptome.org - NSA X-Keyscore Member of Cyberespionage Family"]],"name":"CHEWSTICK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"ey9jzn5xmvyhQutMk"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg"," spiegel - Slide on DROPOUTJEEP"]],"name":"CHIMNEYPOOL","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":["[[DROPOUTJEEP]]"],"relatedItems":["[[DROPOUTJEEP]]"],"status":"unknown","tags":["[[malware]]"],"description":"Software based malware toolkit “Framework”, likely written in C/C++ (according to resumes posted online)","_id":"XJwDbZjnKv8miNoGj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theguardian.com/world/interactive/2013/sep/11/nsa-israel-intelligence-memorandum-understanding-document"," theguardian.com - NSA and Israeli intelligence: memorandum of understanding – full document"]],"name":"CHIPPEWA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"CHIPPEWA seems to be a communication network","_id":"2eSjF49o34o2EcHoq"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://electrospaces.blogspot.fr/2013/09/an-nsa-eavesdropping-case-study.html","electrospaces - An NSA eavesdropping case study "]],"name":"CIMBRI","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[MAINWAY]]"],"status":"unknown","tags":["[[metadata]]"],"description":"CIMBRI seems to be a metadata database","_id":"pQnfdixXu7Xssus2C"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/08/nsa-x-keyscore-family.htm "," NSA X-Keyscore Member of Cyberespionage Family"]],"name":"CINEPLEX","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"kDXwYbtP9F98iqheC"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[[" http://www.scmagazineuk.com/watching-the-watchmen/article/306005/"," www.scmagazineuk.com - Watching the Watchmen "]],"name":"COASTLINE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"reporting tool to receive and report on near real-time intelligence for forward deployed troops","_id":"KHNjDxkREtutdR59m"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR"],["http://electrospaces.blogspot.fr/2014/01/slides-about-nsas-upstream-collection.html","electrospaces.blogspot.fr - UPSTREAM collection"]],"name":"COBALTFALCON","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]"],"status":"unknown","tags":[],"description":"[[US-3354]], Subprogram of [[OAKSTAR]].","_id":"tuK4ZJPCPs6Lc8We4"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2: The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"COMMONDEER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SEASONEDMOTH]]","[[VALIDATOR]]"],"status":"unknown","tags":["[[malware]]"],"description":"A software based malware, used by the NSA.","_id":"oJjYaAw2aLN2jBsaP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"CONJECTURE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOWLERMONKEY]]"],"status":"unknown","tags":[],"description":"A RF communication protocol used by [[HOWLERMONKEY]] devices.","_id":"JAspZohYYouambQBs"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"],["http://theweek.com/article/index/245360/solving-the-mystery-of-prism","theweek.com -Solving the mystery of PRISM - The Week"]],"name":"CONTRAOCTAVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[OCTAVE]]"],"status":"unknown","tags":[],"description":"Collection mission tasking tool","_id":"z5ZGxxv7sqC3365Ng"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"process","links":[["http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/","washingtonpost.com - NSA slides explain the PRISM data-collection program"],["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow"]],"name":"CONVEYANCE","relatedItemsParents":["[[SCISSORS]]"],"relatedItemsChildren":["[[NUCLEON]]"],"relatedItems":["[[PRISM]]","[[NUCLEON]]","[[FALLOUT]]"],"status":"unknown","tags":[],"description":"[[CONVEYANCE]] is a final layer of filtering to reduce the intake of information about Americans, it provides filtering for [[PRISM]] and filtering the voice content processed by S3132. The CONVEYANCE's informations are stocked in [[NUCLEON]].","_id":"GZEH5YeYbPr9Lgyhw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/","nsa.gov1.info/dni/"]],"name":"CORALINE","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":["[[JACKKNIFE]]","[[TIMBERLINE]]","[[CORALINE]]","[[SCS]]","[[MOONPENNY]]","[[CARBOY]]","[[GARLICK]]","[[LADYLOVE]]","[[SOUNDER]]","[[LEMONWOOD]]","[[SHOALBAY]]","[[SNICK]]","[[STELLAR]]","[[SCALPEL]]","[[IRONSAND]]"],"status":"active","tags":["[[gsm]]","[[phone]]"],"description":"[[SIGINT]] for locating cellphone in Sabana Seca (PR)","_id":"TufA2tKN6DDiq5nS4"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"database","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"CORALREEF","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[METROTUBE]]","[[TURMOIL]]"],"status":"unknown","tags":"","description":"spotted on [[TURBINE]]'s document about \"APEX VPN exploitation\".","_id":"2HQLanGvXeqnzEDvp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"COTS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Commercial Off the Shelf. When a description of a bug says it is COTS-based, it means that the components are commercially available, giving the NSA deniability as to their true source. (Unless you just happen to be looking at the NSA's leaked product catalog. )","_id":"X2PMvDy5RJJJBcrwm"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]"],"family":"collect","links":[["http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html","washingtonpost.com - NSA tracking cellphone locations worldwide, Snowden documents show"],["http://www.theguardian.com/world/2013/dec/04/nsa-storing-cell-phone-records-daily-snowden "," the guardian.com - NSA storing cell phone records daily snowden"]],"name":"COTRAVELER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[gsm]]"],"description":"set of tools for finding unknown associates of intelligence targets by tracking movements based upon cell phone locations.","_id":"zBFeJiqkRgEBpxhXk"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de -  To Protect And Infect Part 2 - The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html","New York Times - N.S.A. Devises Radio Pathway Into Computers"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"COTTONMOUTH-I","relatedItemsParents":["[[CHIMNEYPOOL]]"],"relatedItemsChildren":[],"relatedItems":["[[CHIMNEYPOOL]]","[[STRAITBIZARRE]]"],"status":"unknown","tags":["[[usb]]"],"description":"COTTONMOUTH-I (CM-I) will provide air-gap bridging software persistence capability \"in-field\" reprogrammability, and covert communications with a host software implant over the USB. The RF link will enable command and data infiltration and exfiltration. CM-1 will also communicate with Data Network Technologies (DNT) software ([[STRAITBIZARRE]] through a covert channel implemented on the USB, using this communication channel to pass commands and data between hardware and software implants. CM-1 will be a [[GENIE]]-compliant based on [[CHIMNEYPOOL]]. CM-1 conceals digital components ([[TRINITY]]), USB 1.1 FS hub, switches, and [[HOWLERMONKEY]] (HM) RF Transceiver within the USB Séries-A cable connector. [[MOCCASIN]] is the version permanently connected to a USB keyboard. Another version can be made with an unmodified USB connector at the other end. CMH-I has the ability to communicate to other CM devices over the RF link using an over-the-air protocol called [[SPECULATION]].","_id":"rrvSaoBQC5zsZyZBj"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 - The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"COTTONMOUTH-II","relatedItemsParents":["[[CHIMNEYPOOL]]"],"relatedItemsChildren":[],"relatedItems":["[[CHIMNEYPOOL]]","[[STRAITBIZARRE]]"],"status":"unknown","tags":["[[usb]]"],"description":"COTTONMOUTH-II (CM-II) will provide air-gap bridging software persistence capability \"in-field\" reprogrammability, and covert communications with a host software implant over the USB. The RF link will enable command and data infiltration and exfiltration. CM-1 will also communicate with Data Network Technologies (DNT) software ([[STRAITBIZARRE]] through a covert channel implemented on the USB, using this communication channel to pass commands and data between hardware and software implants. CM-I will be a [[GENIE]]-compliant based on [[CHIMNEYPOOL]]. CM-1 conceals digital components ([[TRINITY]]), USB 2.0 HS hub, switches, (...?)","_id":"xnCwrxYr2uki8qync"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de -  To Protect And Infect Part 2 - The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"COTTONMOUTH-III","relatedItemsParents":["[[CHIMNEYPOOL]]"],"relatedItemsChildren":[],"relatedItems":["[[TRINITY]]","[[HOWLERMONKEY]]","[[SPECULATION]]","[[CHIMNEYPOOL]]","[[STRAITBIZARRE]]"],"status":"unknown","tags":["[[ethernet]]","[[usb]]"],"description":"COTTONMOUTH-III (CM-III) is a dual-stacked USB port/RJ45 ethernet jack combo, (the kind that are soldered directly onto a motherboard), providing a covert RF relay across airgapped systems. Like CM-I, and many other systems, it is written with the [[CHIMNEYPOOL]] framework, and communicates via [[STRAITBIZARRE]]. It can communicate with other CM devices with the SPECULATION Protocol. It also integrates [[TRINITY]], and the [[HOWLERMONKEY]] RF transceiver.","_id":"Lq6FGKwtfaC5BRwCj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"CREST","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Database that automatically translates foreign language intercepts in English","_id":"4AixQEozuAyLuqpCL"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://cryptome.org/2013/08/proton-clearwater-lexis-nexis.htm "," cryptome - PROTON, CLEARWATER and Lexis-Nexis "]],"name":"CRISSCROSS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"see [[PROTON]]","_id":"2FXWXTDvmp3FfnCBo"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Mobilfunk/S3223_CROSSBEAM.jpg"," spiegel.de - Slide on CROSSBEAM"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"CROSSBEAM","relatedItemsParents":["[[ROC]]"],"relatedItemsChildren":[],"relatedItems":["[[WAGONBED]]","[[CHIMNEYPOOL]]","[[ROCKYKNOB]]"],"status":"Active","tags":["[[gsm]]","[[phone]]"],"description":"the CROSSBEAM module consists of a standard ANT architecture embedded computer, a specialized phone component, a customized voice controller suite and and optional DSP ([[ROCKYKNOB]]) if using Data Over Voice to transmit data”. Communicates over GSM. Compatible with [[CHIMNEYPOOL]] framework. Appears to be a [[WAGONBED]] controller board mated with a Motorola G20 GSM module. CROSSBEAM is a reusable CHIMNEYPOOL-compliant GSM communications module capable of collecting and compressing voice, data. CROSSBEAM can receive GSM voice, record voice data, and transmit the received information via connected modules or 4 differents GSM data modes (GPRS, Circuit Switched Data, Data Over Voice and DTMF) back to a secure facility. THe CROSSBEAM module consists of a standard ANT architecture embedded computer, a specialized phone component, a customized software controller suite and an optional DSP (ROCKYKNOB) if using Data Over Voice to transmit data.","_id":"TAMGfkALbCRgWadZk"},{"agency":"[[NSA]]","alias":["[[ccn]]"],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"CRUMPET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRONCHEF]]"],"status":"unknown","tags":[],"description":"CRUMPET Covert network (CCN) is a sample drawing included Printers, servers, and computers. All allegedly airgapped. (But not actually, due to covertly installed hardware)","_id":"CsHgsDZT9L9tgSieH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html","LeMonde.fr - La diplomatie Française sur écoute aux États-unis"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"CRYPTOENABLED","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"collection derived from AO's efforts to enable crypto.","_id":"2Q8DYqAvtLaNETsqB"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"hardware","links":[["https://www.schneier.com/blog/archives/2014/01/ctx4000_nsa_exp.html","schneier.com - NSA Exploit of the Day"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de To Protect And Infect Part 2 - The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"CTX4000","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]","[[DROPMIRE]]","[[PHOTOANGLO]]"],"status":"inactive","tags":["[[cw]]"],"description":"The CTX4000 is a portable continuous wave (CW) radar unit. It can be used to illuminate a target system to recover different off net information. Primary uses include [[VAGRANT]] and [[DROPMIRE]] collection. The CTX4000 provides the means to collect signals that otherwise would not be collectable, or would be extremely difficult to collect and process.","_id":"xRjH85ijegZvTrMgw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"CULTWEAVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"bqSEFL9fu4EP8GzHR"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"CUSTOMS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Customs opportunities (not [[LIVESAVER]] )","_id":"7qbgS7ZtALLWc2orM"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"],["http://www.emfacts.com/2012/06/john-goldsmith-on-scientific-misconduct-and-the-lilienfeld-study-an-oldie-but-still-relevant-today/ "," emfacts.com - John Goldsmith on scientific misconduct and the Lilienfeld study (An oldie but still relevant today)"],["http://www.ehjournal.net/content/11/1/85"," ehjournal.net - Microwaves in the cold war: the Moscow embassy study and its interpretation. Review of a retrospective cohort study"],["http://emrstop.org/index.php?option=com_content&view=article&id=118:they-have-known-about-microwave-radiation-harm-for-decades&catid=31:emf-politics-a-research-analyses&Itemid=40"," ermstop.org - They have known about microwave radiation harm for decades"],["http://www.scribd.com/doc/13616226/The-Moscow-Embassy-incident"," scribd.com - The Moscow Embassy incident"],["http://www.wikileaks.org/plusd/cables/1976MOSCOW01437_b.html#efmAtaAwK"," wikileaks.org - MOSCOW SIGNAL - APPROACH TO GROMYKO"]],"name":"CW","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[ANGRYNEIGHBOR]]","[[RAGEMASTER]]","[[VAGRANT]]","[[PHOTOANGLO]]"],"status":"unknown","tags":["[[usb]]"],"description":"Continuous Wave aka [[CW]] is a continuous radio signal (like [[CTX4000]] or [[PHOTOANGLO]]) sent toward a target so that the reflected radio wave is modulated by the signal to intercept. It's the default interception mechanism of NSA for both voice, PS2 and USB keyboard keypresses, exfiltered data, network traffic and any kind of data the NSA is interested to extract from a target. It's a very advanced attack where a Radar sends a [[CW]] toward a target covertly equipped with a eavesdropping bug called a [[RETROREFLECTOR]] which will modulate the original [[CW]] signal and re-radiate this modulated [[CW]] so that it can be picked up by the emitting Radar. The benefit of such technique is that there is no need for the eavesdropping bug to generate radio signal, and therefore, no need for huge batteries or power. It also means that the bug can be turned on and off remotely, providing easy way to turn off the bug when a bug sweep detection team is trying to located it. The downside is that it's dangerous for health as the Radar signal between 1Ghz and 6Ghz can be harmful to human and cause illness and cancer, as it did numerous times in the past since the first time it was detected in the US Embassy in Moscow, Russia.","_id":"6sPHyNSSJSqFrowrH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"CYCLONE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TYPHON]]","[[CANDYGRAM]]","[[DRTBOX]]","[[NEBULA]]"],"status":"unknown","tags":["[[gsm]]","[[phone]]"],"description":"EGSM base station router, used for collection GSM cell phone signals. Shops with laptop and accessories for command and control, uses the same GUI as the [[TYPHON]]. Controllable via 802.11 wifi.","_id":"NjnjAPZncp9CrKpRR"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/new-documents-show-how-the-nsa-infers-relationships-based-on-mobile-location-data/ "," washingtonpost - New documents show how the NSA infers relationships based on mobile location data"],["http://apps.washingtonpost.com/g/page/world/how-the-nsa-tried-to-collect-less/518/"," washingtonpost -  SCISSORS: How the NSA collects less data"],["http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html "," spiegle.de - Codename 'Apalachee': How America Spies on Europe and the UN "],["http://www.matthewaid.com/post/73733098307/new-detailed-analysis-of-how-nsa-and-its-foreign"," matthewaid.com - New Detailed Analysis of How NSA and Its Foreign Partners Intercept Undersea Fiber Optic Cable Traffic"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"DANCINGOASIS","relatedItemsParents":["[[FASCIA]]"],"relatedItemsChildren":[],"relatedItems":["[[FASCIA]]","[[SCISSORS]]"],"status":"unknown","tags":[],"description":"[[SSO]] collection program, Location information. SIGAD pour [[FASCIA]]","_id":"tmBbNcteFdpKcuQbn"},{"agency":"[[NSA]]","alias":["[[DANDERSPRIT]]"],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"DANDERSPRITZ","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[DANDERSPRIT]]"],"status":"unknown","tags":[],"description":"Described as an “intermediate redirector node.” Another tool made by Digital Network Technologies (DNT). Spoofs IP and MAC address.","_id":"N3Eddyic7TwFxkEdh"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"DAREDEVIL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]","[[TAO]]"],"status":"unknown","tags":"","description":"Implant /Shooter, spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"FLTMqz696SWYGbng4"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"DARKQUEST","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"kYYa7jZppArBiz8n2"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"DARKTHUNDER","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]","[[TAO]]"],"status":"unknown","tags":[],"description":"A SIGAD used by [[TAO]], and thus [[QUANTUM]], [[FOXACID]].","_id":"Yzsy4DwKKbpNeo5E5"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html","schneier.com - DEITYBOUNCE: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-deitybounce.jpg?w=1208&h=1562","leaksource - ANT Product Data"],["https://www.schneier.com/blog/archives/2013/12/more_about_the.html","schneier.com - More about the NSA's Tailored Access Operations Unit"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/8|","TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"]],"name":"DEITYBOUNCE","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[ARKSTREAM]]","[[INTERDICTION]]"],"status":"unknown","tags":["[[usb]]","[[windows]]","[[bios]]","[[os]]"],"description":"DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7. Through remote access or [[INTERDICTION]], [[ARKSTREAM]] is used to reflash the BIOS on a target machine to implant DEITYBOUNCE and its payload (the implant installer).Can be installed by non-technical user with USB thumb drive. Once implanted, DEITYBOUNCE's frequency of execution (dropping the payload) is configurable and will occur when the target machine powers on.","_id":"4d7Yk24EHvRDzdzQE"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://www.documentcloud.org/documents/807030-ambassade.html#document/p1","LeMonde.fr - Snowden's docs"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"DEWSWEEPER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[usb]]"],"description":"USB (Universal Serial Bus) hardware host tap that provides [[COVERT]] link over US link into a target network. Operates w/RF relay subsystem to provide wireless Bridge into target network.","_id":"AZAnHvKLF6Ahuhpwp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"DIKTER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designator for Norway. See also ALPHA","_id":"WtSH6Kf4YbgsmDQyv"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/document/2014/03/20/hunt-sys-admins/","The Intercept - I Hunt Sys Admins"]],"name":"DISCOROUTE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"_id":"g9MihogezWRYLBmEv"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"database","links":[["http://www.channel4.com/news/intercept-text-messages-spy-nsa-gchq-british-phone","Channel 4 - UK and US spied on text messages of Brits"],["http://www.theguardian.com/world/interactive/2014/jan/16/nsa-dishfire-text-messages-documents","NSA Dishfire presentation on text message collection"],["http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep","The Guardian - NSA collects millions of text messages daily in 'untargeted' global sweep"],["https://www.schneier.com/blog/archives/2014/01/nsa_collects_hu.html","schneier.com - NSA Collects Hundreds of Millions of Text Messages Daily"]],"name":"DISHFIRE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PREFER]]","[[SPYDER]]"],"status":"active (according to NSA spokesperson quoted in both Channel 4 and The Guardian articles)","tags":["[[sms]]","[[metadata]]","[[phone]]"],"description":"DISHFIRE is an SMS repository, storing over 194 million text messages a day, according to the NSA. The database includes names, geocoordinates, missed calls, SIM card changes, roaming info, travel info, and financial info. The Dishfire collection is indiscriminate, collecting \"pretty much everything it can,\" according to an NSA presentation. An NSA program called Prefer then extracts \"useful information\" through message recomination and metadata extraction from stored content. GCHQ was also given full access to DISHFIRE, including UK citizens' data which GCHQ is not legally allowed to collect on its own.","_id":"FeEoDQMs5fcHqqHHn"},{"agency":"CIA","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/","theintercept.org - The NSA’s Secret Role in the U.S. Assassination Program"]],"name":"DISTANTFOCUS","relatedItemsParents":["[[UAV]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[uav]]","[[geolocation]]"],"description":"DISTANTFOCUS pod is a new system for tactical [[SIGINT]] and precision geolocation for UAV","_id":"wDEgQ5EQv6JXz92vj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"DIVERSITY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"jay56GicWAP2G53va"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"DOBIE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[VAGRANT]]"],"status":"active","tags":["[[south africa]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"rpBrLwnQtTjxPrCF6"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"DOCKETDICTATE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"WK8sP4Zwqhwx4pFyc"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm "," cryptome.org - NSA codenames"]],"name":"DOGCOLLAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[facebook]]"],"description":"A type of Question-Focussed Dataset based on the Facebook display name cookie","_id":"XKfLqbgZ3duTmEEuD"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"process","links":[["https://firstlook.org/theintercept/document/2014/03/12/menwith-hill-station-leverages-xkeyscore-quantum-yahoo-hotmail/","Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail"]],"name":"DRAGGABLEKITTEN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TAO]]","[[MHS]]","[[XKEYSCORE]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","_id":"3RrqEXPRCy5DZsvNE"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://arstechnica.com/security/2013/12/critics-nsa-agent-co-chairing-key-crypto-standards-body-should-be-removed/ "," ArsTechnica - Critics: NSA agent co-chairing key crypto standards body should be removed"],["http://motherboard.vice.com/blog/an-nsa-agent-is-co-chairing-a-project-to-encrypt-the-web "," Vice - An NSA Agent Is Co-Chairing a Project to Encrypt the Web"],["http://www.net-security.org/secworld.php?id=16178 "," Net-security.org - NSA employee will remain as co-chair on crypto standards group"]],"name":"DRAGONFLY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Password-authenticated key exchange (pake) protocol, suspected of containing an NSA backdoor. It has been proposed to Crypto Forum Research Group (CFRG), which helps the Internet Engineering Task Force (IETF) review the applicability and uses of cryptographic mechanisms, and give crypto advice to the organization's various Working Groups.","_id":"Q47edKPpmuWadgyoB"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/Dropmire "," en.wikipedia.org - Dropmire"],["[http://www.guardian.co.uk/world/2013/jun/30/nsa-leaks-us-bugging-european-allies "," The Guardian - New NSA leaks show how US is bugging its European allies"],["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1 "," lemonde.fr - docs"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html ","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"DROPMIRE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]","[[CTX4000]]","[[PHOTOANGLO]]","[[MAGOTHY]]"],"status":"active","tags":[],"description":"Passive collection of emanations using antenna. (Using bugging encrypted fax machine (The Guardian)) [[DROPMIRE]] aimed at surveillance of foreign embassies and diplomatic staff, including those of NATO allies. NSA leaks show how US is bugging its European allies. The report reveals that at least \"38 foreign embassies\" were under surveillance, some of which as far back as 2007.","_id":"AQnHdNrb5z2nhcB3S"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"software","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 - The militarization of the Internet, by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg"," www.spigel.de - Slide on DROPOUTJEEP"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"DROPOUTJEEP","relatedItemsParents":["[[STRAITBIZARRE]]","[[CHIMNEYPOOL]]"],"relatedItemsChildren":[],"relatedItems":["[[STRAITBIZARRE]]","[[CHIMNEYPOOL]]","[[TURBULENCE]]","[[FREEFLOW]]"],"status":"Active","tags":["[[sms]]","[[geolocation]]","[[phone]]"],"description":"DROPOUTJEEP is a [[STRAITBIZARRE]] based software implant for the Apple iPhone operating system and uses the [[CHIMNEYPOOL]] framework. DROPOUTJEEP is compliant with the [[FREEFLOW]] project, therefore it is supported in the [[TURBULENCE]] architecture. DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device, SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control, and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.","_id":"MRjpfHy3fHmbWqrup"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-phone-networks-under-surveillance_3499741_651865.html?xtmc=drtbox&xtcr=1 "," lemonde.fr - France in the NSA's crosshair : phone networks under surveillance"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf ","cryptome.org - NSA's catalog"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://electrospaces.blogspot.fr/2013/11/drtbox-and-drt-surveillance-systems.html "," electrospaces.blogspot.fr - DRTBOX and DRT surveillance systems"]],"name":"DRTBOX","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[CANDYGRAM]]","[[CYCLONE]]","[[Hx9]]","[[TYPHON]]","[[EBSR]]","[[NEBULA]]"],"status":"unknown","tags":["[[phone]]","[[france]]"],"description":"program for intercepting mobile communication networks. France in the NSA's crosshair : phone networks under surveillance. Subprograms:[[US-985D]]  - France, [[US-987LA]] and [[US-987LB]] - Germany.","_id":"Dhz2xoRw9HbrvZQZX"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","http://www.intrepidreport.com/archives/8588"]],"name":"DRUID","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"non-English speaking “Third Parties.” Such intelligence was classified with the designator DRUID and was shared with third parties, countries with NATO or defense treaty relationships with the United States, with SIGINT Exchange Designators of [[DIKTER]] (Norway), [[SETTEE]] (South Korea), [[DYNAMO]] (Denmark), [[RICHTER]] (Germany), and [[ISHTAR]] (Japan). Other intelligence was shared between First and Second Parties and “Fourth Parties” that were mainly neutral or special category partners.","_id":"thexSZALgXGFxthqq"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588 "," intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"DYNAMO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"[[SIGINT]] Exchange Designators of Denmark","_id":"JA7KYqvjDaitJskD5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"EBSR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TYPHON]]","[[CANDYGRAM]]","[[DRTBOX]]","[[CYCLONE Hx9]]","[[NEBULA]]"],"status":"unknown","tags":["[[gsm]]"],"description":"Low power 802.11/GPS/RF/handset base station router, it collects data from mobile networks. The NSA agent can see the data with a control laptop.","_id":"R3N9FkZuxNZre7ska"},{"agency":"DSD","alias":["[[DSD]]"],"category":"five eyes","compartments":[],"family":"agence","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"ECHO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ALPHA]]","[[INDIA]]","[[OSCAR]]","[[UNIFORM]]"],"status":"active","tags":[],"description":"Exchange designator for Australia’s Defense Signals Directorate (DSD).","_id":"D832gHsCGdGT4yuhG"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"ECI","links":[["https://www.eff.org/files/2013/11/15/20130905-guard-bullrun.pdf","eff.org - 20130905-guard-bullrun.pdf"],["]http://cryptome.org/doe-dir/doe-m-205-1-6.pdf"," crypthome.org -doe-m-205-1-6.pdf"]],"name":"ECI","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]","[[PAINTEDEAGLE]]"],"status":"unknown","tags":[],"description":"ECI (Extremely Compartimented Intelligence) is an undeterminded group of NSA partners","_id":"rQPdNGPSCiywc4bPJ"},{"agency":"[[NSA]]","alias":["[[EGGI]]"],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]","[[TS]]","[[SI]]"],"family":"network","links":[["http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document "," TheGuardian.com - 'Peeling back the layers of Tor with EgotisticalGiraffe' – read the document"],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html ","Schneier on Security : How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"EGOTISTICALGIRAFFE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[EGOTISTICALGOAT]]","[[ERRONEOUSINGENUITY]]"],"status":"inactive due to Firefox's updates","tags":[],"description":"EGOTISTICALGIRAFFE (EGGI) is a NSA program for exploiting the TOR network. / EGGI exploits a type confusion vulnerability in E4X, which is an XML extension for JavaScript. This vulnerability exists in Firefox 11.0 to 16.0.2, as well as Firefox 10.0 ESR -- the Firefox version used until recently in the Tor browser bundle. The vulnerability was then fixed by Mozilla. NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.","_id":"J6dEz3xxqHgqC8Y6P"},{"agency":"[[NSA]]","alias":["[[EGGO]]"],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]","[[TS]]","[[SI]]"],"family":"network","links":[["http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document "," TheGuardian.com - 'Peeling back the layers of Tor with EgotisticalGiraffe' – read the document"],["http://www.wikileaks-forum.com/nsa/332/secret-nsa-documents-show-campaign-against-tor-encrypted-network/23769/ "," Secret NSA documents show campaign against Tor encrypted network"],["http://cryptome.org/2014/01/nsa-codenames.htm "," cryptome.org - NSA codenames"]],"name":"EGOTISTICALGOAT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[EGOTISTICALGIRAFFE]]","[[ERRONEOUSINGENUITY]]"],"status":"unknown","tags":["[[tor]]"],"description":"EGOTISTICALGOAT (EGGO) is a NSA tool for exploiting the TOR network.","_id":"oheMPWBcgkPGTNLis"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"ELEGANTCHAOS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"Analysis of datas. spotted on the Glenn Greenwald's No Place To Hide document.","_id":"dkrFkopLs3MjriESY"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[COI]]"],"family":"process","links":[["http://cryptome.org/2013/09/nsa-bullrun-brief-propublica-13-0905.pdf|cryptome.org - nsa-bullrun-brief-propublica-13-0905.pdf","http://cryptome.org/2013/09/nsa-bullrun-brief-propublica-13-0905.pdf|cryptome.org - nsa-bullrun-brief-propublica-13-0905.pdf"]],"name":"ENDUE","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"A [[COI]] for sensitive decrypts of the [[BULLRUN]] program","_id":"aPd4bTHiE3qjnvScx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/09/nsa-bullrun-brief-propublica-13-0905.pdf|cryptome.org"," nsa-bullrun-brief-propublica-13-0905.pdf"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"ENTOURAGE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOLLOWPOINT]]"],"status":"unknown","tags":["[[wifi]]","[[ethernet]]","[[gsm]]"],"description":"Application for the [[HOLLOWPOINT]] platform, including band-specific antennas and a laptop for the command and control. Controllable via gibabit Ethernet Future plans (circa 2008) included WiFi, WiMAX and LTE.","_id":"7rCMNtJPmnzXxFKbc"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"]],"name":"EPICFAIL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"attacks against dumb Tor users (those don't protect their communications ?)","_id":"RDtBiDsMvMrJyAfeK"},{"agency":"[[NSA]]","alias":["[[ERIN]]"],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]","[[TS]]","[[SI]]"],"family":"software","links":[["http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document "," TheGuardian.com - 'Peeling back the layers of Tor with EgotisticalGiraffe' – read the document"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ERRONEOUSINGENUITY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[EGOTISTICALGIRAFFE]]","[[EGOTISTICALGOAT]]"],"status":"unknown","tags":["[[tor]]"],"description":"ERRONEOUSINGENUITY (ERIN) is a NSA tool for exploiting the TOR network.","_id":"zT7EbWPCw8RyoPyoS"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.spiegel.de/international/world/nsa-hacked-email-account-of-mexican-president-a-928817.html "," DerSpiegel - NSA Accessed Mexican President's Email"]],"name":"EVENINGEASEL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[phone]]","[[mexico]]"],"description":"Program for surveillance of phone and text communications from Mexico's cell phone network.","_id":"Ev5P2BLRM9yYPWqbb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theverge.com/2013/6/27/4470442/nsa-surveillance-programs-bulk-collection-of-internet-metadata "," TheVerge - NSA expanded bulk collection of internet data under newly uncovered surveillance programs"]],"name":"EVILOLIVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[metadata]]"],"description":"Collects internet traffic and metadata.","_id":"nbgMTDATMnuh8mAqk"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."]],"name":"EWALK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"hardware inject does packet injection on the target network","_id":"vZ2SBM3Fh4YtPHvmu"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"CNE (hacking) technique used against Tor users","_id":"56s9veTahJt94QsyF"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/aug/09/nsa-loophole-warrantless-searches-email-calls#zoomed-picture "," theguardian.com - NSA loophole allows warrantless search for US citizens' emails and phone calls"]],"name":"FACELIFT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SSO]]"],"status":"unknown","tags":["[[email]]"],"description":"Codeword related to NSA's [[SSO]] division","_id":"tKpYLeWaXcTeaGX9t"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/Fairview_%28surveillance_program%29"," en.wikipedia.org - Fairview (surveillance program) "],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf|","SSO - The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"FAIRVIEW","relatedItemsParents":["[[UPSTREAM]]"],"relatedItemsChildren":[],"relatedItems":["[[UPSTREAM]]","[[OAKSTAR]]"],"status":"unknown","tags":["[[phone]]"],"description":"FAIRVIEW (US-990) is a secret [[mass surveillance]]  programme run by the NSA, aimed at collecting phone, internet and e-mail  data in bulk from the computers and mobile telephones of foreign  countries' citizens. According to the revelations, the NSA had collected  2.3 billion separate pieces of data from Brazilian users in January  2013 alone.","_id":"kuNFGsXvWBXiRYFZ7"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"database","links":[["http://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","Slide of PRISM collection dataflow, on en.wikipedia.org"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"FALLOUT","relatedItemsParents":["[[SCISSORS]]"],"relatedItemsChildren":["[[MARINA]]","[[MAINWAY]]"],"relatedItems":["[[PRISM]]"],"status":"unknown","tags":["[[metadata]]"],"description":"spotted on [[PRISM]]'s slide","_id":"5uKbsS2zNRgsXnxBF"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"FASHIONCLEFT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HAMMERSTEIN]]","[[TURMOIL]]"],"status":"unknown","tags":"","description":"spotted on [[TURBINE]]'s document about \"APEX VPN exploitation\".","_id":"Dwnw2djRyiiwgJLiY"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[NOFORN]]"],"family":"database","links":[["http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html","washingtonpost.com - NSA tracking cellphone locations worldwide, Snowden documents show"],["http://www.theguardian.com/world/interactive/2013/jun/08/boundless-informant-nsa-full-text "," www.theguardian.com - Boundless Informant: NSA explainer – full document text"],["http://cryptome.org/2013/12/nsa-fascia.pdf","cryptome.org - FASCIA - Example of Current Volumes and limits"]],"name":"FASCIA","relatedItemsParents":["[[BOUNDLESSINFORMANT]]"],"relatedItemsChildren":["[[DANCINGOASIS]]","[[MARINA]]","[[CHALKFUN]]"],"relatedItems":["[[CHALKFUN]]","[[SCISSORS]]","[[BOUNDLESSINFORMANT]]"],"status":"unknown","tags":["[[geolocation]]"],"description":"FASCIA is the NSA's enormous database containing  trillions of device-location records that are collected from a variety  of sources.","_id":"oSZu56j7H9Gd7LaG9"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.schneier.com/blog/archives/2013/07/more_nsa_codena.html "," More NSA Code Names"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"FASTSCOPE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOMING PIGEON]]"],"status":"unknown","tags":[],"description":"","_id":"WR7SqLi3ndaTpxeHJ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html","Bruce Schneier - FEEDTROUGH: NSA Exploit of the Day"],[" http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg"," leaksource.files.wordpress.com - Slide on FEEDTROUGH"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FEEDTROUGH","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[BANANAGLEE]]","[[ZESTYLEAK]]"],"status":"unknown","tags":["[[router]]","[[juniper]]"],"description":"FEEDTROUGH is a persistence technique for two software  implants, DNT's [[BANANAGLEE]] and CES's [[ZESTYLEAK]] used against  Juniper Netscreen firewalls. FEEDTROUGH can be used to persist two  implants, [[ZESTYLEAK]] and/or [[BANANAGLEE]] across reboots and  software upgrades on known and covered OS's for the following Netscreen  firewalls, ns5xt, ns25, ns50, ns200, ns500 and ISG 1000. There is no  direct communication to or from FEEDTROUGH, but if present, the  [[BANANAGLEE]] implant can receive and transmit covert channel comms,  and for certain platforms, [[BANANAGLEE]] can also update FEEDTROUGH.  FEEDTROUGH however can only persist OS's included in its databases.  Therefore this is best employed with known OS's and if a new OS comes  out, then the customer would need to add this OS to the FEEDTROUGH  database for that particular firewall.","_id":"Bo6NGMxqHCLb25xKm"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FERRETCANNON","relatedItemsParents":["[[FOXACID]]"],"relatedItemsChildren":["[[BEACHHEAD]]"],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"unknown","tags":[],"description":"A system that injects malware, associated with [[FOXACID]].","_id":"CktLX4BpEwnZY6MvW"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"A Field-Effect Transistor (FET) is a type of transistor  commonly used for weak-signal amplification (for example, for  amplifying wireless signals).The device can amplify analog or digital  signals. It can also switch DC or function as an oscillator.","_id":"d9LaoCJ7DdfjkjqfY"},{"agency":"[[NSA]]","alias":["[[FIDI]]"],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FINKDIFFERENT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[EGOTISTICALGIRAFFE]]"],"status":"unknown but certainly inactive","tags":["[[browser]]","[[tor]]"],"description":"(FIDI) A Firefox exploit, successful against 10 ESR, but failed against tbb-firefox","_id":"JT6EdmfhwdfbdNogT"},{"agency":"[[NSA]]","alias":[],"category":"process","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."]],"name":"FIREWALK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOWLERMONKEY]]","[[DANDERSPRITZ]]","[[TRINITY]]","[[RADON]]"],"status":"unknown","tags":["[[ethernet]]"],"description":"FIREWALK is a bidirectional network implant, capable of  passively collecting Gigabit Ethernet traffic and injecting Ethernet  packets onto the same target network.” Integrates [[TRINITY]] and  [[HOWLERMONKEY]]. Provides direct or indirect covert RF link to Remote  Operations Center via a VPN. The version in the catalog requires  soldering to a motherboard. Note: unit physically appears nearly  identical to [[COTTONMOUTH-III]]. Perhaps a subclass of [[RADON]].","_id":"CoWrjFHibdQdaeF87"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://en.wikipedia.org/wiki/Fishbowl_%28secure_phone%29 "," en.wikipedia.org - "],["http://www.theverge.com/2012/3/2/2838729/nsa-project-fishbowl-secure-android-devices-network",".theverge.com - NSA talks Project Fishbowl: secure Android devices on a secure network"]],"name":"FISHBOWL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[os]]","[[android]]","[[phone]]"],"description":"FISHBOWL is a mobile phone architecture developed by the NSA to provide a secure Voice over IP (VoIP) capability using  commercial grade products that can be approved to communicate classified  information. It is the first phase of NSA's Enterprise Mobility  Architecture. The initial version was implemented using Google's Android  operating system, modified to ensure central control of the phone's  configuration at all times. To minimize the chance of compromise, the  phones use two layers of encryption protocols, IPsec and SRTP, and  employ NSA's Suite B encryption and authentication algorithms.","_id":"FKiw3kbDiqSQqdhDs"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"FLEMING","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[VAGRANT]]"],"status":"active","tags":["[[slovakia]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"ECduT9dojLYKBAj6y"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog/servers/index.html "," nsa.gov1.info - Ant catalog server"]],"name":"FLUXBABBIT","relatedItemsParents":["[[INTERDICTION]]"],"relatedItemsChildren":[],"relatedItems":["[[GODSURGE]]"],"status":"unknown","tags":["[[exploit]]"],"description":"Hardware based bug for Dell PowerEdge 1950 and 2950  servers using Xeon 5100 and 5300 processors. Installation requires  intercepting the server (via [[INTERDICTION]], while it is enroute to its destination,  disassembling it and installing the hardware. FLUXBABBIT hardware implant and provides software application  persistence on Dell PowerEdge servers by exploiting the JTAG debugging  interface of the server's processors","_id":"o927Kfh8q2s8z6FW5"},{"agency":"[[GCHQ]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html ","schneier.com - [Bruce Schneier] New NSA Leak Shows MITM Attacks Against Major Internet Services"]],"name":"FLYINGPIG","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[crypto]]","[[petrobras]]","[[brazil]]","[[tor]]"],"description":"GCHQ SSL/TLS exploitation knowledgebase and tool used for MITM attacks against Petrobras. \"FLYING PIG\" that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to the usage of the anonymity browser Tor (it has the option to query \"Tor events\") and also allows spies to collect information about specific SSL encryption certificates.","_id":"vDQHJFX2p8dhbBpSu"},{"agency":"[[NSA]]","alias":"","category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"FOGGYBOTTOM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":["[[email]]"],"description":"The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One  implant, codenamed   UNITEDRAKE, can be used with a variety of   “plug-ins” that enable the   agency to gain total control of an infected   computer.","_id":"mrNgSsE9hjsrvjemp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"target","links":[["[STORMBREW]], [[FAIRVIEW]], [[OAKSTAR]] and [[BLARNEY","]"],["[OAKSTAR]] [[QUANTUM]] [[STORMBREW]] [[FAIRVIEW]]  [[OAKSTAR]] [[BLARNEY","]] [[TURBULENCE]] [[TURMOIL]] [[TUMULT]]  [[XKEYSCORE]"],["https://www.aclu.org/files/natsec/nsa/20140130/%28TS%29%20NSA%20Quantum%20Tasking%20Techniques%20for%20the%20R&T%20Analyst.pdf","aclu.org - NSA Quantum Tasking Techniques for the R&T Analyst"],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - [Bruce Schneier] How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID"],["http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/","ArsTechnica - NSA repeatedly tries to unpeel TOR anonymity and spy on users, memos show"],["http://www.slate.com/blogs/future_tense/2013/10/04/tor_foxacid_flying_pig_nsa_attempts_to_sabotage_countersurveillance_tool.html","Slate.com - How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool"],["http://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fotostrecke-105358.html","Spiegel.de - NSA-Geheimdokumente: \"Vorwärtsverteidigung\" mit QFIRE"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FOXACID","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"FOXACID identifies TOR users on the Internet and then  executes an attack against their Firefox web browser.","_id":"NyuCt7dYK79fQZQ3p"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FOXSEARCH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"perhaps a database of all targets to be exploited with [[FOXACID]]","_id":"GYJw7uC3iTNny4cG9"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"FOXTRAIL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FOXACID]]","[[FOXSEARCH]]"],"status":"unknown","tags":[],"description":"perhaps a link with [[FOXACID]] or [[FOXSEARCH]] ?","_id":"bdHkWkrWNd3T2dWrC"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FREEFLOW","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[DROPOUTJEEP]]","[[FREEFLOW]]","[[TURBULANCE]]"],"status":"unknown","tags":[],"description":"“[[DROPOUTJEEP]] and [[TOTEGHOSTLY 2.0]] is compliant  with the [[FREEFLOW]] project, therefor it is supported in the  [[TURBULANCE]] architecture.","_id":"ipvvBqSzZP9xS9ucW"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FREEZEPOST","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"sn6EDPjP74ioe2xPp"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FRIEZERAMP","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"A communications protocol that certain infected devices  use to communicate with the NSA. It involves HTTPS link. see also:  [[TOTEGHOSTLY]]","_id":"TtrmiLHfY5G7rR9WL"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"FRONTO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"972vKXYeimJ4HFd52"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"FUNNELOUT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"mentioned in context of tor exploitation","_id":"TKWSghS5L5B28xBr3"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"GAMUT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"zeuJvGtkfNdoHt9C5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"]],"name":"GARLICK","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]"],"description":"[[SIGINT]] for locating cellphone in Bude (UK)","_id":"NdHCPu76kFyerzsJL"},{"agency":"[[NSA]]","alias":[],"category":"process","compartments":[],"family":"hardware","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"]],"name":"GECKO-II","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRONCHEF]]"],"status":"unknown","tags":["[[gsm]]"],"description":"[[IRONCHEF]] example included A hardware implant (MRRF  or GSM), IRONCHEF persistence backdoor, “Software implant [[UNITEDRAKE]]  Node”","_id":"6ErhNormRqMxEcgqt"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"GENESIS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[gsm]]"],"description":"GENESIS is a modified Motorola handset, a spectrum analyzer tool, collecting and locating signals. Informations are downloaded to a laptop via ethernet port.","_id":"WX8Wowk4MbsjPZxWo"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://leaksource.wordpress.com/2013/08/31/codename-genie-nsa-to-control-85000-implants-in-strategically-chosen-machines-around-the-world-by-year-end/","leaksource - Codename GENIE: NSA to Control 85,000 “Implants” in Strategically Chosen Machines Around the World by Year End"],["http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html","LeMonde.fr - la diplomatie française était sur écoute aux Etats-Unis"],["http://rt.com/usa/nsa-cyber-operations-classified-247/","rt.com - Snowden leaks: NSA conducted 231 offensive cyber-ops in 2011, hailed as 'active defense'"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"GENIE","relatedItemsParents":[],"relatedItemsChildren":["[[BLACKFOOT]]","[[WABASH]]","[[BRUNEAU]]","[[HEMLOCK]]"],"relatedItems":[],"status":"projected ?","tags":[],"description":"implants of spywares. Multi-stage operation: jumping the airgap etc.","_id":"e6ggdJ6toNd3WcdS3"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"GENTE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"BMtbumpmR8zvWnv96"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"GEOFUSION","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"related to Petrobras story","_id":"jLYmTnRMw7kwG44dw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2013/12/nsa-ghost-machine.pdf","Cryptome.org - nsa-ghost-machine"]],"name":"GHOSTMACHINE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"[[GHOSTMACHINE]] is the NSA's [[SSO]] (Special Source Operations) cloud analytics platform.","_id":"euKCoXhYLbuPAkQSm"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/","theintercept.org - The NSA’s Secret Role in the U.S. Assassination Program"]],"name":"GILGAMESH","relatedItemsParents":["[[UAV]]"],"relatedItemsChildren":["[[UAV]]"],"relatedItems":[],"status":"active","tags":["[[uav]]","[[gsm]]","[[drone]]","[[geolocation]]","[[phone]]"],"description":"The NSA geolocation system used by JSOC is known by the  code name GILGAMESH. Under the program, a specially constructed device  is attached  to the drone. As the drone circles, the device locates the  SIM card or  handset that the military believes is used by the target.  That, in turn, allows the military to track the cell phone to within 30   feet of its actual location, feeding the real-time data to teams of   drone operators who conduct missile strikes or facilitate night raids.","_id":"CYNcYyXBy2GewzF2P"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/ginsu_nsa_explo.html","www.schneier.com - GINSU: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-ginsu.jpg","leaksource.wordpress.com - TAO's Catalog Page with Graphic"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"GINSU","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[BULLDOZER]]"],"status":"unknown","tags":["[[windows]]","[[os]]","[[pci]]"],"description":"GINSU provides software application persistence for the  CNE implant, [[KONGUR]], on target systems with the PCI bus hardware  implant, [[BULLDOZER]]. This technique supports any desktop PC system  that contains at least one PCI connector (for [[BULLDOZER]]  installation) and Microsoft Windows 9x, 2000, 20003, XP, or Vista.  Through interdiction, [[BULLDOZER]] is installed in the target system as  a PCI bus hardware implant. After fielding, if [[KONGUR]]. is removed  from the system as a result of an operation system upgrade or reinstall,  GINSU can be set to trigger on the next reboot of the system to restore  the software implant.","_id":"Hdby9yvMPSSKo54xd"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org -NSA's catalog"],["http://www.theregister.co.uk/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/?page=2","TheRegister - How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks"]],"name":"GODSURGE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FLUXBABBIT]]"],"status":"unknown","tags":[],"description":"runs on the [[FLUXBABBIT]] hardware implant and  provides software application persistence on Dell PowerEdge servers by  exploiting the JTAG debugging interface of the server's processors.","_id":"jeXwJdoDnZXv5as4i"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/9","www.digitaltrends.com -TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"]],"name":"GOPHERSET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[gsm]]","[[usb]]","[[sms]]","[[phone]]"],"description":"Malware for GSM Phase 2+ SIM cards that use the SIM  Toolkit (STK). Exfiltrates phonebook, SMS, and call logs, via SMS, to a  predefined phone number. Installed either via a USB sim card reader, or  remotely (over the air provisioning)","_id":"4nTLBBAmBiCXJvexw"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/gourmettrough_n.html",".schneier.com - Bruce Schneier's Blog GOURMETTROUGH: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-gourmettrough.jpg","leaksource.files.wordpress.com - Slide on GOURMETTROUGH"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"GOURMETTROUGH","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[BANANAGLEE]]","[[TAO]]"],"status":"active","tags":["[[router]]","[[juniper]]"],"description":"GOURMETTROUGH is a user configurable implant for certain  Juniper firewalls. It persists DNT's [[BANANAGLEE]] implant across  reboots and OS upgrades. For some platforms, it supports a minimal  implant with beaconing for OS's unsupported by [[BANANAGLEE]]. For  supported platforms, DNT may configure without ANT involvement. Except  for limited platforms, they may also configure PBD for minimal implant  in the case where an OS unsupported by [[BANANAGLEE]] is booted.  GOURMETTROUGH is on the shelf and has been deployed on many target  platforms. It supports nsg5t, ns50, ns25, isg1000 (limited). Soon-  ssg140, ssg5, ssg20","_id":"PGBv4q5nZg5X639FZ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"GREATEXPECTATIONS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUICKANT]]"],"status":"unknown","tags":["[[tor]]"],"description":"NSA version of [[QUICKANT]] ([[GCHQ]] tor analytics/knowledgebase)","_id":"LTnjCn4TN3x3BqLw7"},{"agency":"[[NSA]]","alias":"","category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"GROK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":["[[malware]]"],"_id":"faiHjJQPPzvKhbeTJ"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/Global_Telecoms_Exploitation","Wikipedia - Global Telecoms Exploitation"],["http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa","The Guardian - GCHQ taps fibre-optic cables for secret access to world's communications"]],"name":"GTE","relatedItemsParents":["[[TEMPORA]]"],"relatedItemsChildren":[],"relatedItems":["[[MTI]]"],"status":"active","tags":[],"description":"Global Telecoms Exploitation is reportedly a secret  British telephonic mass surveillance programme run by [[GCHQ]], it's a  subprogram of [[TEMPORA]].","_id":"zrXnC5nmQppJQPm7u"},{"agency":"[[NSA]]","alias":"","category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"GUMFISH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":"","_id":"jKWzzhAqKcYh4gWqd"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"network","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"],["https://www.aclu.org/files/natsec/nsa/vpn-and-voip-exploitation-with-hammerchant-and.pdf","vpn-and-voip-exploitation-with-hammerchant"]],"name":"HAMMERCHANT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":"","_id":"27srDpQStD8vBZL2r"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"network","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"],["https://www.aclu.org/files/natsec/nsa/vpn-and-voip-exploitation-with-hammerchant-and.pdf","vpn-and-voip-exploitation-with-hammerchant"]],"name":"HAMMERSTEIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":"","_id":"CfFFuiLPZp2cn42zM"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]","[[FOUO]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/halluxwater_nsa.html","Bruce Schneier's Blog: HALLUXWATER: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-halluxwater.jpg","Slide on HALLUXWATER"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"HALLUXWATER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TURBOPANDA Insertion Tool]]"],"status":"active","tags":["[[router]]","[[huawei]]"],"description":"The [[HALLUXWATER]] Persistence Back Door implant is  installed on a target Huawei Eudemon firewall as a boot ROM upgrade.  When the target reboots, the PBD installer software will find the needed  patch points and install the back door in the inbound packet processing  routine.","_id":"zd2qoiRdop8KbQJGy"},{"agency":"[[NSA]]","alias":["[[HIT]]"],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-headwater.jpg","leaksource - TAO's Page Catalog with Graphics"]],"name":"HAMMERMILL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HEADWATER]]"],"status":"unknown","tags":["[[router]]","[[huawei]]"],"description":"HAMMERMILL Insertion Tool (HIT) is command and control  system, designed by DNT for exploited Huawei routers","_id":"7CfWugFmFYQEnaCn2"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"HAWKEYE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[phone]]"],"description":"one of the world’s largest databases, and the firm’s  312 terabyte HAWKEYE database, containing every domestic telephone  communication from 2001.","_id":"aEQnC7QmZ5BaEhdS9"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://nsa.imirhil.fr/documents/20131230-appelbaum-nsa_ant_catalog.pdf","nsa.imirhil.fr - appelbaum-nsa_ant_catalog"]],"name":"HC12","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[JUNIORMINT]]","[[TRINITY]]"],"status":"unknown","tags":[],"description":"an earlier micro-computer design the NSA used in bugs.","_id":"TpP4P9DiXZ48RP5sa"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/headwater_nsa_e.html","Bruce Schneier's Blog - HEADWATER: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-headwater.jpg","leaksource - TAO's Page Catalog with Graphics"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"HEADWATER","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[TAO]]","[[TURBOPANDA]]","[[HAMMERMILL]]"],"status":"unknown","tags":["[[router]]","[[huawei]]"],"description":"HEADWATER is a Persistent Backdoor (PDB) software  implant for selected Huawei routers. The implant will enable covert  functions to be remotely executed within the router via an Internet  connection.","_id":"p3d7w9cHqwdXgZ6mS"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"hardware","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","TheGuardian-New NSA leaks show how US is bugging its European allies"]],"name":"HEMLOCK","relatedItemsParents":["[[GENIE]]"],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]"],"status":"unknown","tags":["[[italy]]"],"description":"Name of an operation to bug the italian ambassy in  Washington, introducing spywares in foreign embassies.","_id":"6AFdTc9D7KRiqR2SP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html",".schneier.com - Code Names for NSA Exploit Tools"],["http://www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html","LeMonde.fr- Espionnage de la NSA : la diplomatie française était sur écoute aux Etats-Unis"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"HIGHLANDS","relatedItemsParents":["[[GENIE]]","[[BLACKFOOT]]","[[WABASH]]"],"relatedItemsChildren":[],"relatedItems":["[[KATEEL]]","[[POCOMOKE]]","[[MERCED]]","[[PERDIDO]]","[[MAGOTHY]]","[[BLACKFOOT]]","[[WABASH]]","[[NAVARRO]]","[[POWELL]]","[[KLONDIKE]]","[[NASHUA]]","[[OSAGE]]","[[OSWAYO]]","[[HEMLOCK]]","[[MULBERRY]]","[[FLEMING]]","[[DOBIE]]","[[NAVAJO]]","[[PANTHER]]"],"status":"unknown","tags":[],"description":"Collection from Implants","_id":"Ajhvenf8t8JChgP7P"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"HIGHTIDE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"see [[SKYWRITER]] ?","_id":"pwArquL5AzXb9PBmP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://nsa.imirhil.fr/documents/20131230-appelbaum-nsa_ant_catalog.pdf","nsa.imirhil.fr - appelbaum-nsa_ant_catalog"]],"name":"HOLLOWPOINT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ENTOURAGE]]","[[NEBULA]]","[[GALAXY]]"],"status":"unknown","tags":["[[gsm]]"],"description":"GSM/UTMS/CSMA2000/FRS signal platform. Operates In the  10MHz to 4GHz range. Includes receiver and antenna. Can both transmit  and receive.","_id":"F3L3jeCoTdqSwX2rJ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"HOMEBASE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Tactical tasking tool for digital network identification","_id":"55HDCFwGZugD79sSb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"HOMINGPIGEON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FASTSCOPE]]"],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"KF3uXDPeqoQFs5NwP"},{"agency":"[[NSA]]","alias":["[[CM]]"],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://www.dailytech.com/Businesses+Deny+Helping+NSA+Plant+Bugs+in+Americans+Gadgets/article34022.htm","dailytech.com - Businesses Deny Helping NSA Plant Bugs in Americans' Gadgets"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"HOWLERMONKEY","relatedItemsParents":[],"relatedItemsChildren":["[[FIREWALK]]"],"relatedItems":[],"status":"unknown","tags":["[[usb]]"],"description":"HOWLERMONKEY (CM) is a COTS-based transceiver. Covert short to medium range RF. Designed to be integrated with a larger device, like RJ45.  Communicates over [[SPECULATION]] and [[CONJECTURE]] protocols. Known  products that include HOWLERMONKEY are: [[COMMONMOUTH-1]]  [[COMMONMOUTH-2]] [[FIREWALK]] SUTURESAILOR]] [[YELLOWPIN]]","_id":"57uAakHyppx3q54r8"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|","cryptome.org - NSA's catalog"]],"name":"HUSHPUPPY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"[[GCHQ]] Tool, related to exploitation","_id":"9FpwRsE74LYnvn8d5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"ICREAST","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PROTON]]"],"status":"active","tags":["[[gsm]]","[[voip]]","[[metadata]]"],"description":"[[COMINT]] [[NOFORN]] program collecting metadata from cellular users spotted on the Glenn Greenwald's No Place To Hide document.","_id":"kAbSuxuzpa4EyKuJn"},{"agency":"[[NSA]]","alias":["[[I HUNT SYSADMINS]]"],"category":"mission","compartments":["[[TOP SERET]]","[[SI]]","[[TEL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://185.34.33.5/documents/i-hunt-sys-admins.pdf","I hunt sysadmins"]],"name":"IHUNTSYSADMINS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[DISCOROUTE]]"],"status":"active","tags":[],"description":"List of different methods used by NSA operators in order to get into some valuable computers by first target administrator of the network their belong to.","_id":"a6xthiN97qfcYnShA"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.telegraph.co.uk/technology/internet/9090617/Phone-and-email-records-to-be-stored-in-new-spy-plan.html","The Telegraph - Phone and email records to be stored in new spy plan"],["https://en.wikipedia.org/wiki/Interception_Modernisation_Programme","Wikipedia - Interception Modernisation Program"],["https://nsa.imirhil.fr/documents/csec-br-spy.pdf","nsa.imirhil.fr - csec-br-spy"]],"name":"IMP","relatedItemsParents":[],"relatedItemsChildren":["[[CCDP]]"],"relatedItems":["[[CCDP]]","[[TEMPORA]]"],"status":"inactive","tags":["[[email]]"],"description":"[[GCHQ]] Abandonned in 2009, the new name is Communications Capabilities Development Program ([[CCDP]]).","_id":"6SXCBGkmGTjYfY7mH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/MUSCULAR","MUSCULAR on en.wikipedia.fr"],["http://cryptome.org/2013/10/nsa-windstop-muscular-incenser.pdf "," cryptome.org - nsa-windstop-muscular-incenser.pdf"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""],["https://nsa.imirhil.fr/documents/nsa-cable-spy-types.pdf","nsa.imirhil.fr - nsa-cable-spy-types"],["https://nsa.imirhil.fr/documents/nsa-windstop-muscular-incenser.pdf","nsa.imirhil.fr - nsa-windstop-muscular-incenser"]],"name":"INCENSER","relatedItemsParents":["[[WINDSTOP]]"],"relatedItemsChildren":[],"relatedItems":["[[MUSCULAR]]"],"status":"unknown","tags":[],"description":"like [[MUSCULAR]], a subprogram of [[WINDSTOP]] who  collected over 14 billion records in the same period.","_id":"npwR8Rx7bpunsW8TK"},{"agency":"GCSB","alias":["[[GCSB]]"],"category":"five eyes","compartments":[],"family":"agence","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"INDIA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ALPHA]]","[[ECHO]]","[[OSCAR]]","[[UNIFORM]]"],"status":"active","tags":[],"description":"Exchange designator for New Zealand’s Government Communications Security Bureau (GCSB).","_id":"uuvSFdNyWYhE5RZ4L"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[NOFORN]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/"," nsa.gov1.info/dni/ - INDRA / FORNSAT"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"INDRA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"spotted on the \"NSA Worldwide SIGINT Defense Cryptologic Platform map\"","_id":"FXPYFpKsSZn3mFHRk"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://nsa.imirhil.fr/documents/no-place-to-hide.pdf","nsa.imirhil.fr - no-place-to-hide"]],"name":"INTERDICTION","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":["[[BULLDOZER]]"],"relatedItems":["[[ARKSTREAM]]","[[TAO]]","[[INTERDICTION]]"],"status":"unknown","tags":[],"description":"So-called \"off-net\" operations include tampering with  your hardware while it is being shipped. They call this process  [[INTERDICTION]].","_id":"NyPG56ii6da52g3o5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["https://www.fas.org/irp/program/disseminate/intelink.htm"," fas.org - Intelink"],["https://www.intelink.gov"," intelink.gov "],["http://ra.intelink.gov/eligibilitycriteria.pdf "," intelink.gov - intelink management directive"]],"name":"INTELINK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"The IntelLINK intelligence network links information in  the various classified databases of the US intelligence agencies (e.g.  FBI, CIA, DEA, NSA, USSS, NRO) to facilitate communication and the  sharing of documents and other resources.","_id":"vDg2YsqpmPH69c5uQ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]","[[FVEY]]"],"family":"collect","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html","IRATEMONK: NSA Exploit of the Day"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"IRATEMONK","relatedItemsParents":["[[INTERDICTION]]"],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]","[[STRAITBAZZARE]]","[[SLICKERVICAR]]"],"status":"unknown","tags":["[[windows]]","[[os]]","[[hard drive]]"],"description":"provides software application persistence on desktop  and laptop computers by implanting the hard drive firmware to gain  execution throught Master Boot Record (MBR) substitution. This technique  supports systems without RAID hardware that boot from a variety of  Western Digital, Seagate, Maxtor and Samsung hard drives on FAT, NTFS, EXT3 and UFS file systems. Through remote  access or [[INTERDICTION]], [[UNITEDRAKE]], or [[STRAITBAZZARE]] are used in conjunction with [[SLICKERVICAR]] to upload the hard drive  firmware onto the target machine to implant IRATEMONK and its payload  (the implant installer). Once implanted, IRATEMONK's frequency of  execution (dropping the payload) is configurable and will occur when the  target machine powers on.","_id":"e5XyWCiGWL2c6xnqd"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"hardware","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf|","cryptome.org -NSA's catalog"],["https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of_1.html","IRONCHEF: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-ironchef.jpg","IRONCHEF - ANT product data"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/11","TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"]],"name":"IRONCHEF","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[WAGONBED]]","[[TAO]]"],"status":"unknown","tags":["[[bios]]"],"description":"IRONCHEF provides access persistence to target systems  by exploiting the motherboard BIOS and utilizing System Management Mode  (SMM) to communicate with a hardware implant that provides two-way RF  communication.This technique supports the HP Proliant 380DL G5 server,  onto which a hardware implant has been installed that communicates over  the I2C Interface ([[WAGONBED]]). Through [[INTERDICTION]], IRONCHEF, a  software CNE implant and the hardware implant are installed onto the  system. If the software CNE implant is removed from the target machine,  IRONCHEF is used to access the machine, determine the reason for removal  of the software, and then reinstall the software from a listening post  to the target system.","_id":"GBQ7sufvRJomDgq8N"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"IRONSAND","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in New Zealand","_id":"MJxnRsf4EEhnmEEsH"},{"agency":"[[NSA]]","alias":[],"category":"process","compartments":[],"family":"network","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["http://electrospaces.blogspot.com/p/nicknames-and-codewords.html","electrospaces.blogspot.com - US Nicknames and Codewords"]],"name":"ISLANDTRANSPORT","relatedItemsParents":["[[QUANTUMTHEORY]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"Retired","tags":[],"description":"“Enterprise Message Service”, as part of the [[QUANTUMTHEORY]] system [[IVORY]].","_id":"967HtGBAYaN7j3iNw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"JACKKNIFE","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[fornsat]]","[[phone]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Yakima (USA)","_id":"mnqJXqP95ekKhLcZc"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/jetplow_nsa_exp.html","schneier.com - JETPLOW: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg"," leaksource.files.wordpress.com - Slide on JETPLOW"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"JETPLOW","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[BANANAGLEE]]","[[TAO]]"],"status":"active","tags":["[[cisco]]","[[router]]"],"description":"JETPLOW is a firmware persistence implant for Cisco PIX  Series and ASA (Adaptive Security Appliance) firewalls. It persists  DNT's [[BANANAGLEE]] software implant. JETPLOW also has a persistent  back-door capability.","_id":"bTSztoZZF4qDPScyH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.spiegel.de/fotostrecke/photo-gallery-nsa-documentation-of-spying-in-germany-fotostrecke-99672-4.html","spiegel.de - Photo Gallery: NSA Documentation of Spying in Germany"],["http://apps.washingtonpost.com/g/page/world/ghostmachine-the-nsas-cloud-analytics-platform/644/#document/p2/a135401l "," washingtonpost.com - GHOSTMACHINE: The NSA's cloud analytics platform"]],"name":"JUGGERNAUT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[phone]]"],"description":"Picks up all signals from mobile networks. The NSA's  signal-processing system for ingesting telephony information, including  SS7 signaling - a technical term for the method by which cell-phone  networks communicate with each other.","_id":"SfjpZfekYRGsCWBdv"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/4","www.digitaltrends.com -TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"JUNIORMINT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[MAESTRO II]]","[[TRINITY]]","[[SPARROW II]]","[[TAO]]"],"status":"unknown","tags":[],"description":"A generic, programmable miniature computer. For use in  concealed bugs. Specs: 400Mhz ARM 9 microcontroller, 32 MB Flash, 64 MB  SDRAM, 128MB DDR2 and an “XC4VLX25 10752 Slice” FPGA. Implant digital  core, either mini printed circuit board or ultra-mini Flip Chip Module,  contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories","_id":"dx82stzvLom5Dopvx"},{"agency":"[[NSA]] [[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"network","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the book of Glenn Greenwald \"No Place to Hide\""]],"name":"JTRIG","relatedItemsParents":[],"relatedItemsChildren":["[[AMBASSADORS RECEPTION]]"],"relatedItems":[],"status":"unknown","tags":[],"description":"A program for discrediting a target. The target is invited to go to a certain URL. Then, JTRIG has the ability to change some things. For example, JTRIG can change the photo on a social networking service. JTRIG emails/text the colleagues, neighbours, friends of the target.","_id":"9gveqcBATz8PTYH2P"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"KAMPUS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"vMGjqPKogZqgEviHA"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"KATEEL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIFESAVER]]","[[HIGHLANDS]]"],"status":"active","tags":["[[brazil]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"cSWy2WpZG9SKz9pEK"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"KEYRUT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"orjkG3W2fmqXnHYJp"},{"agency":"[[NSA]]","alias":["[[KLONDIKE]]"],"category":"mission","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","TheGuardian - New NSA leaks show how US is bugging its European allies"]],"name":"KLONDYKE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GENIE]]","[[POWELL]]","[[HIGHLANDS]]","[[LIFESAVER]]","[[PBX]]"],"status":"unknown","tags":["[[greece]]"],"description":"Name of an operation to bug the greek embassy in Washington.","_id":"XrzRyxCQC5a43GmqH"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://nsa.imirhil.fr/documents/20131230-appelbaum-nsa_ant_catalog.pdf","nsa.imirhil.fr - appelbaum-nsa_ant_catalog"]],"name":"KONGUR","relatedItemsParents":["[[GINSU]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLDOZER]]"],"status":"unknown","tags":[],"description":"malware payload, known to be deployed via KONGUR (?)  Software implant restorable by [[GINSU]] after OS upgrade or reinstall","_id":"F4A9PA2uTNwDh7kE5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"LADYLOVE","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Misawa (JP)","_id":"DQtmv48EpjmJta75N"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.eff.org/document/20131230-appelbaum-nsa-ant-catalog","www.eff.org - 20131230-Appelbaum-NSA ANT Catalog"]],"name":"LANDSHARK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[EBSR]]","[[CANDYGRAM]]"],"status":"unknown","tags":[],"description":"","_id":"D66ySFrYeY93aRP4L"},{"agency":"[[GCHQ]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"LEGION-JADE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FLYINGPIG]]","[[HUSHPUPPY]]","[[BYZANTINECANDOR]]","[[BYZANTINEHADES]]","[[BYZANTINEANCHOR]]"],"status":"unknown","tags":[],"description":"GCHQ cover term, somehow associated with [[FLYINGPIG]],  which is a tool used for exploitation. It is probable that this term is  also related to exploitation in some way.","_id":"MBbEfXLBaW7fpDDRn"},{"agency":"[[GCHQ]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"LEGION-RUBY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FLYINGPIG]]","[[HUSHPUPPY]]","[[BYZANTINECANDOR]]","[[BYZANTINEHADES]]","[[BYZANTINEANCHOR]]"],"status":"unknown","tags":[],"description":"GCHQ cover term, somehow associated with [[FLYINGPIG]],  which is a tool used for exploitation. It is probable that this term is  also related to exploitation in some way.","_id":"NBcEswhKTnSd3j9hT"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"]],"name":"LEMONWOOD","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]"],"description":"[[SIGINT]] for locating cellphone in Thailand","_id":"9zCrcFFqmo9oRjwk5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://nsa.imirhil.fr/documents/20131230-appelbaum-nsa_ant_catalog.pdf","nsa.imirhil.fr - appelbaum-nsa_ant_catalog"]],"name":"LFS-2","relatedItemsParents":["[[VAGRANT]]"],"relatedItemsChildren":[],"relatedItems":["[[PHOTOANGLO]]","[[NIGHTWATCH]]","[[VAGRANT]]"],"status":"unknown","tags":[],"description":"A processing system for [[VAGRANT]] signals returned by  the [[PHOTOANGLO]] system. Requires an external monitor to display the  signal.","_id":"P4dL3PfnzLQQ3ugrz"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://nsa.imirhil.fr/documents/nsa-scissors.pdf","nsa.imirhil.fr - nsa-scissors"],["https://nsa.imirhil.fr/documents/nsa-smartphones.pdf","nsa.imirhil.fr - nsa-smartphones"]],"name":"LHR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"[[LONGHAUL]] (?) Relay","_id":"cH6GEQq74hrohQemG"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org -NSA's catalog"],["https://nsa.imirhil.fr/documents/no-place-to-hide.pdf","nsa.imirhil.fr - no-place-to-hide"]],"name":"LIFESAVER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[BRUNEAU]]","[[KATEEL]]","[[POCOMOKE]]","[[BANISTER]]","[[PERDIDO]]","[[POWELL]]","[[KLONDIKE]]","[[NASHUA]]","[[OSAGE]]","[[ALAMITO]]","[[YUKON]]","[[WESTPORT]]"],"status":"unknown","tags":[],"description":"Imaging of the Hard Drive.","_id":"j8XjN4xfemdZr3WHF"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://online.wsj.com/article/SB10001424127887324108204579022874091732470.html?mod=WSJEurope_hpp_LEFTTopStories "," wsj.com - New Details Show Broader NSA Surveillance Reach"]],"name":"LITHIUM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Facility to filter and gather data at a major (foreign?) telecommunications company","_id":"qeQa6Mk4P5rdxNG3r"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"LONGHAUL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"uk6MJxpsqQzBXCRet"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.spiegel.de/fotostrecke/photo-gallery-nsa-documentation-of-spying-in-germany-fotostrecke-99672-4.html","spiegel.de - Photo Gallery: NSA Documentation of Spying in Germany"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"LOPERS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[phone]]"],"description":"[[LOPERS]] is a software application for Public Switched Telephone Networks.","_id":"Nnwe7RawpsnKenv7v"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"hardware","links":[["https://www.schneier.com/blog/archives/2014/01/loudauto_nsa_ex.html","schneier.com - NSA Exploit of the Day"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://nsa.imirhil.fr/documents/20131230-appelbaum-nsa_ant_catalog.pdf","nsa.imirhil.fr - appelbaum-nsa_ant_catalog"]],"name":"LOUDAUTO","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[ANGRYNEIGHBOR]]","[[VARGANT]]","[[CTX4000]]","[[PHOTOANGLO]]","[[DROPMIRE]]"],"status":"unknown","tags":[],"description":"Audio-based RF retro-reflector. Provides room audio  from targeted space using radar and basic post-processing. LOUDAUTO's  current design maximizes the gain of the microphone. This makes it  extremely useful for picking up room audio. It can pick up speech at a  standard, office volume from over 20' away. (NOTE: Concealments may  reduce this distance.) It uses very little power (~15 uA at 3.0 VDC), so  little, in fact, that battery self-discharge is more of an issue for  serviceable lifetime than the power draw from this unit. The simplicity  of the design allows the form factor to be tailored for specific  operation requirements. All components at COTS and so are  non-attributable to NSA.","_id":"nHmqqzZvYokniptzb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/STORMBREW","STORMBREW on en.wikipedia.org"],["http://electrospaces.blogspot.fr/2014/01/slides-about-nsas-upstream-collection.html","electrospaces.blogspot.fr - UPSTREAM"]],"name":"MADCAPOCELOT","relatedItemsParents":["[[STORMBREW]]"],"relatedItemsChildren":[],"relatedItems":["[[STORMBREW]]","[[PINWALE]]","[[MARINA]]","[[XKEYSCORE]]"],"status":"unknown","tags":["[[dni]]","[[Russia]]","[[EU]]"],"description":"Subprogram of [[STORMBREW]] ([[UPSTREAM]]) - DNI and  metadata through [[XKEYSCORE]], [[PINWALE]] and [[MARINA]].","_id":"HDZMrkw5tLGnem8g4"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://nsa.gov1.info/dni/nsa-ant-catalog/computers/index.html#MAESTRO-II","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"MAESTRO-II","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[JUNIORMINT]]","[[TRINITY]]","[[TAO]]"],"status":"unknown","tags":[],"description":"A generic, programmable miniature computer. For use in  concealed bugs. Specs: 66Mhz ARM 7 microcontroller, 4 MB Flash, 8 MB  SDRAM an “XC2V500 500k gates” FPGA. Roughly the same size as a dime.","_id":"haxfQdupH3PZXtKQR"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"MAGOTHY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[MINERALIZ]]","[[DROPMIRE]]"],"status":"active","tags":["[[EU]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"qPJa4fK9LXLYykuMC"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["https://en.wikipedia.org/wiki/Main_Core"," en.wikipedia.org"]],"name":"MAINCORE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PROMIS]]","[[PRISM]]"],"status":"active","tags":[],"description":"Main core is a database which contains informations  about millions of Americans citizens, including NSA intercepts of bank  and credit card transactions and the results of surveillance efforts,  coming from others agencies as such as FBI and CIA, and collected and  stored without warrants or court ordersThe Main Core database is  believed to have originated with the Federal Emergency Management Agency  (FEMA) in 1982, following Ronald Reagan's Continuity of Operations plan  outlined in the National Security Directive (NSD) 69 / National  Security Decision Directive (NSDD) 55, entitled \"Enduring National  Leadership,\" implemented on September 14, 1982.","_id":"c46H67bRXJJuYWCur"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://en.wikipedia.org/wiki/MAINWAY","en.wikipedia.org - MAINWAY"],["http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm","USA Today - NSA has massive database of Americans' phone calls"],["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow"],["http://cryptome.org/2013/09/nsa-syanpse.htm","cryptome.org - the SYANPSE data model"],["https://www.aclu.org/sites/default/files/assets/stellarwind-classification-guide.pdf","Stellarwind classification guide on ACLU website"],["https://www.aclu.org/sites/default/files/assets/content_acquisition_optimization.pdf","Content Acquisition Optimization on ACLU website"]],"name":"MAINWAY","relatedItemsParents":["[[FALLOUT]]"],"relatedItemsChildren":[],"relatedItems":["[[FALLOUT]]","[[PRISM]]","[[MARINA]]"],"status":"unknown","tags":["[[phone]]","[[metadata]]"],"description":"MAINWAY is a database maintained by the NSA containing  metadata for hundreds of billions of telephone calls made through the  four largest telephone carriers in the United States: AT&T and  Verizon.  It is estimated that the database contains over 1.9 trillion  call-detail records. The records include detailed call information  (caller, receiver, date/time of call, length of call, etc.) for use in  traffic analysis and social network analysis, but do not include audio  information or transcripts of the content of the phone calls. Similar  programs exist or are planned in other countries, including Sweden  (Titan traffic database) and Great Britain (Interception Modernisation  Programme)","_id":"TrAGkbadvudfyqq7R"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]"],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"MAGNETIC","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[NASHUA]]","[[MULBERRY]]"],"status":"unknown","tags":[],"description":"sensor collection of magnetic emanations. Tempest style attack.","_id":"R33SoMiykFow7DBWk"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"database","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow"],["https://en.wikipedia.org/wiki/MARINA","en.wikipedia.org - MARINA"],["http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents","theguardian.com - \"NSA stores metadata of millions of web users for up to a year, secret files show\""],["http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html","spiegel.de - NSA-Dokumente: So übernimmt der Geheimdienst fremde Rechner"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No Place To Hide Documents by Greenwald"]],"name":"MARINA","relatedItemsParents":["[[FALLOUT]]","[[XKEYSCORE ]]"],"relatedItemsChildren":[],"relatedItems":["[[PRISM]]","[[FALLOUT]]","[[PINWALE]]","[[MAINWAY]]"],"status":"unknown","tags":["[[email]]","[[dni]]","[[webcam]]","[[metadata]]","[[VoIP]]"],"_id":"dHLw55A3e84YnQQmv"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"],["https://www.documentcloud.org/documents/740163-anchory.html#document/p1","techdirt.com - Freedom of information act"]],"name":"MAUI","relatedItemsParents":[],"relatedItemsChildren":["[[ANCHORY]]"],"relatedItems":["[[ANCHORY]]","[[OCEANARIUM]]"],"status":"unknown","tags":["[[phone]]"],"description":"Multimedia Acces user interface, central repository of phone number database called ANCHORY/MAUI (MAUI provides a web based interface to ANCHORY).","_id":"r7oFYJCAftEPrg6s5"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"MERCED","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]"],"status":"active","tags":["[[bulgaria]]"],"description":"Close Access SIGAD spotted on the Glenn Greenwald's No Place To Hide document.","_id":"SpDgXdht7LxuoNnNp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"],["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"MESSIAH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[WHAMI]]"],"status":"unknown","tags":[],"description":"Electronic intelligence processing and analytical database - Exchange of data for human operators is handled by automated  message handling systems.","_id":"MrPNGJ4djvDneSq53"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"process","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"METROTUBE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[PRESSUREWAVE]]","[[TOYGRIPPE]]"],"status":"unknown","tags":"","description":"spotted on [[TURBINE]]'s document about \"APEX VPN exploitation\" and analytic.","_id":"pcmgRYui7nbwxNBzC"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"METTLESOME","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"JajztJxqMGR64hbbf"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"MIDDLEMAN","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"TAO covert network, i.e. a network that secretly connects airgapped computers to the internet.","_id":"Dysmqn58dXqmNMzNj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[NOFORN]]"],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"MINERALIZE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[MAGOTHY]]","[[MULBERRY]]"],"status":"unknown","tags":[],"description":"collection from LAN Implant.","_id":"JcW5gye4jPsPjbXJW"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]"],"family":"network","links":[["http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/","washingtonpost.com - NSA report on the Tor encrypted network"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://mailman.stanford.edu/pipermail/liberationtech/2013-October/011741.html","stanford.edu - 49-page analysis of Tor is superficial - Andy Isaacson"],["http://freehaven.net/anonbib/#congestion-longpaths","freehaven.net - A practical congestion attack on Tor using long paths - Usenix Security 2009 paper"]],"name":"MJOLNIR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]","[[mitm]]"],"description":"A custom Tor client library meant to be indistinguishable from the original Tor client, but which allows an unlimited number of servers within the Tor circuit. This was to allow for DoS attacks on the Tor network. It was also hypothesized that MJOLNIR would be able to be used for MITM attacks by forging certificates. The library was created and tested by persons during a 2006 CES summer program who set up an internal Tor network to analyze traffic. Mjolnir was the “Hammer of Thor”.","_id":"mgoJ2ceGgqeFteaBZ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TOP SECRET]]","[[COMINT]]"],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/3","digitaltrends.com - TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"],["http://www.theregister.co.uk/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/?page=2","TheRegister - How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks"]],"name":"MONKEYCALENDAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GOPHERSET]]"],"status":"unknown","tags":["[[gsm]]","[[geolocation]]","[[phone]]","[[malware]]"],"description":"software implant for GSM subscriber identify module (SIM) cards. This implant pulls individual user's calls and geolocation information form a target handset and exfiltrates it to a user-defined phone number via SMS.","_id":"74HjysXW6WHfFQG95"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR","en.wikipedia.org - OAKSTAR"]],"name":"MONKEYROCKET","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]"],"status":"unknown","tags":["[[gsm]]","[[dni]]"],"description":"Sub-program of [[OAKSTAR]]. Counterterrorism in the  Middle East, Europe, and Asia DNI metadata and content","_id":"8g2DF3p3EcMXjs7dj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection","theguardian.com - How the NSA is still harvesting your online data"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"MOONLIGHTPATH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"[[MOONLIGHTPATH]] is a Special Sources Operations  ([[SSO]]) program, maintained by the NSA, it's a collection program to  query metadatas, started in September, 2013","_id":"x6z6Yk2ff4KRudfTJ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/","nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"MOONPENNY","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[geolocation]]","[[phone]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Harrogate (UK)","_id":"rn8gcJkt2cH2iXu2i"},{"agency":"[[US Air Force]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf]"," No Place To Hide Documents by Greenwald"]],"name":"MSOC","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[WORDGOPHER]]"],"status":"active","tags":["[[japan]]"],"description":"Misawa Cryptologic Operation Center or Misawa Security Operation Center based in Misawa (Japan).  Base ruled by the air force intelligence service","_id":"rrSW59AekdDFgZ8cD"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"MULBERRY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[MINERALIZ]]","[[HIGHLANDS]]","[[MAGNETIC]]","[[VAGRANT]]"],"status":"active","tags":["[[japan]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"eWrMxzhXix6HBoyLe"},{"agency":"[[GCHQ]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2013/10/gchq-mullenize.pdf","Cryptome.org - op MULLENIZE and beyond"]],"name":"MULLENIZE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Working together, CT and CNE have devised a method to  carry out large scale ‘staining’ as a means to identify individual  machines linked to that IP address. Carried out as Op MULLENIZE, this  operation is beginning to yield positive results, particularly in  xxxxxxx. User Agent Staining is","_id":"MgaZ4jTh4Te8yDZq4"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":["[[NOFORN]]","[[REL TO USA]]","[[REL TO GBR]]","[[SI]]","[[NOFORN]]"],"family":"collect","links":[["https://en.wikipedia.org/wiki/MUSCULAR","en.wikipedia.org - MUSCULAR"],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf|","cryptome.org - SSO The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html","washingtonpost.com - NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say"]],"name":"MUSCULAR","relatedItemsParents":["[[WINDSTOP]]"],"relatedItemsChildren":["[[TURMOIL]]"],"relatedItems":["[[WINDSTOP]]","[[INCENSER]]","[[TURMOIL]]","[[XKEYSCORE]]"],"status":"active","tags":["[[yahoo]]","[[google]]"],"description":"MUSCULAR (DS-200B), located in the United Kingdom, is  the name of a surveillance programme jointly operated by GCHQ and the  NSA. GCHQ (primary operator of the program) and the NSA have secretly  broken into the main communications links that connect Yahoo and Google  data centers around the world. Substantive information about the program  was made public at the end of October, 2013. MUSCULAR is one of at  least four other similar programs that rely on a trusted 2nd party,  programs which together are known as [[WINDSTOP]]. In a 30-day period  from December 2012 to January 2013, MUSCULAR was responsible for  collecting 181 million records. It was however dwarfed by another [[WINDSTOP]] program known (insofar) only by its code [[DS-300]] and codename [[INCENSER]], which collected over 14 billion records in the same period.","_id":"RFdLe5Qbwfu7fjtsF"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"MUSKET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"W4TMwwiFs6rW2mKAE"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"MUSKETEER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"o67SDvNrFTKjQG3Sk"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"MUTANTBROTH","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]"],"status":"unknown","tags":[],"description":"[[GCHQ]]'s tool for identifying targets from data returned by [[QUANTUM]] products","_id":"f7Ye25qFXiZpwsQfu"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html","NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls"],["https://www.schneier.com/blog/archives/2014/03/mystic_the_nsas.html "," MYSTIC: The NSA's Telephone Call Collection Program"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""],["https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/","Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas"]],"name":"MYSTIC","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SSO]]","[[NUCLEON]]","[[RETRO]]"],"status":"active","tags":"","description":"the NSA had developed the capability to record and store an entire nation’s phone traffic for 30 days. The Post reported that the  capacity was a feature of MYSTIC, which it described as a “voice interception program”. the NSA was actively using MYSTIC to gather cell-phone metadata in Bahamas, Mexico, Kenya, the Philippines one  other country. MYSTIC provides the access; [[SOMALGET]] provides the massive amounts of  storage needed to archive all those calls so that analysts can listen to  them at will after the fact. MYSTIC targets calls and other data  transmitted on GSM networks. In the  Philippines, MYSTIC collects “GSM, SMS and Call  Detail Records (a.k.a. metadata)” via access provided by a “[[DSD]] asset in a Philippine  provider site.”. The operation in Kenya is “sponsored” by the [[CIA]], and collects “GSM metadata with the  potential for content at a later date.” The Mexican operation is  likewise sponsored by the [[CIA]]. In the Bahamas, the NSA intercepts GSM data that is  transmitted over what is known as the “A link” (between the base station subsystem, where  phones in the field communicate with cell towers, and the network  subsystem, which routes calls and text messages to the appropriate  destination).","_id":"z6yZnkCipr3YjpNd7"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"NASHUA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[MAGNETIC]]","[[VAGRANT]]","[[LIFESAVER]]"],"status":"active","tags":["[[india]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"yfG6gKHTXNiMtkbMZ"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"NAVAJO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[VAGRANT]]"],"status":"active","tags":["[[vietnam]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"7fmMQLNFttfbD39t3"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"NAVARRO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[VAGRANT]]"],"status":"active","tags":["[[georgia]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"WfQLHNdoLJktRcvCP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"NCSC","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"JbcYDmAMbKPRkAWwP"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"NECTAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"6dtjgHm9NhmMTYMXp"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"NEWTONSCRADLE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"[[GCHQ]]-run Tor nodes","_id":"HJtNMqTLBSDpGp9FN"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]","[[FOUO]]"],"family":"network","links":[["https://www.schneier.com/blog/archives/2014/01/nightstand_nsa.html","schneier.com - NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-nightstand.jpg","leaksource.wordpress.com - TAO Catalog Page with Graphic"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"]],"name":"NIGHTSTAND","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[TAO]]"],"status":"unknown","tags":["[[exploit]]","[[internet explorer]]","[[wifi]]"],"description":"An active 802.11 wireless exploitation and injection  tool for payload /exploit delivery into otherwise denied target space.  NIGHTSTAND is typically used in operations where wired access to the  target is not possible. Standalone tool currently running on an x86  laptop loaded with Linux Fedora Core 3. Exploitable targets include  Win2k, WinXP, WinXPSP1, WinXPSP2 running internet explorer versions  5.0-6.0. NIGHTSTAND packet injection can target one client or multiple  targets on a wireless network. Attack is undetectable by the user. Use  of external amplifiers and antennas in both experimental operational  scenarios have resulted in successful NIGHTSTAND attacks from as far  away as eight miles under ideal environmental conditions. Presumably,  the NSA can use this \"injection tool\" in all the same ways it uses  [[QUANTUM]]. For example, it can redirect users to [[FOXACID]] servers  in order to attack their computers.","_id":"7XuNHeiFBFAGr3S35"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TS]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"process","links":[["https://www.schneier.com/blog/archives/2014/01/nightwatch_nsa.html","schneier.com - NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-nightwatch.jpg","leaksource.wordpress.com - TAO Catalog Page with Graphics"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"NIGHTWATCH","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[VIEWPLATE]]","[[TAO]]","[[VAGRANT]]"],"status":"inactive","tags":[],"description":"Specialized system for processing, reconstructing and  displaying video signals collected by [[VAGRANT]]. And returned to a  [[CTX4000]] or a [[PHOTOANGLO]] system. According to [[TAO]] Catalog, it  should be obsolete, replaced by [[VIEWPLATE]].","_id":"WPpY3Q9J6aGzT7qA7"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.washingtonpost.com/investigations/us-surveillance-architecture-includes-collection-of-revealing-internet-phone-metadata/2013/06/15/e9bf004a-d511-11e2-b05f-3ea3f0e7bb5a_story_1.html","washingtonpost.com - U.S. surveillance architecture includes collection of revealing Internet, phone metadata"],["https://en.wikipedia.org/wiki/PRISM","en.wikipedia.org - Slide of PRISM collection dataflow"],["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"NUCLEON","relatedItemsParents":["[[CONVEYANCE]]"],"relatedItemsChildren":[],"relatedItems":["[[PRISM]]","[[CONVEYANCE]]","[[AGILITY]]","[[PINWALE]]"],"status":"active","tags":["[[phone]]"],"description":"[[NUCLEON]] seems to be one of the database maintained  by the NSA which store interceted telephone calls and spoken words or  text message from a phone or a smartphone. At this time it isn't  possible to know if this program is only a storage or a database or a  big data tool.","_id":"xxBqJM39p2no5pk3G"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"OCEAN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"optical collection system for Raster-Based computer screens","_id":"Ws6q27sYrCFWJMZWM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"OCEANARIUM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ANCHORY]]","[[AGILITY]]","[[PINWALE]]","[[NUCLEON]]"],"status":"unknown","tags":[],"description":"database for SIGINT from NSA and intelligence sharing partners around the world","_id":"jjabXTWna4Y8ZqKMx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://commons.wikimedia.org/wiki/File:US-3140_MADCAPOCELOT_-_crop.jpg","commons.wikimedia.org - US-3140 MADCAPOCELOT - crop.jpg"]],"name":"OCELOT","relatedItemsParents":["[[STORMBREW]]"],"relatedItemsChildren":[],"relatedItems":["[[STORMBREW]]","[[XKEYSCORE]]","[[PINWALE]]","[[MARINA]]"],"status":"unknown","tags":["[[dni]]","[[russia]]","[[UE]]"],"description":"Actual name: [[MADCAPOCELOT]], a sub-program of  [[STORMBREW]] for collection of internet metadata about Russia and  European counterterrorism. [[MADCAPOCELOT]] uses [[DNI]] from  [[XKEYSCORE]], [[PINWALE]] and [[MARINA]]","_id":"f29ftZw99D55D9s3W"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"OCTAVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"collection mission tasking tool","_id":"ToZX6qB9jSeHscrXT"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"OCTSKYWARD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"BCaBiccvTMxDbY4Dm"},{"agency":"undefined","alias":[],"category":"program","compartments":[],"family":"target","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"OILSTOCK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Air Force/Navy tool to track ships in real time","_id":"miPMHyL8XdiE9usPN"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"]],"name":"OLYMPUS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VALIDATOR]]","[[SOMBERKNAVE]]","[[VALIDATOR]]","[[UNITEDRAKE]]"],"status":"unknown","tags":["[[windows]]","[[os]]"],"description":"OLYMPUS is an exploitation system that uses a software  implant on a Microsoft Windows based target PC to gain complete access  to the targeted PC. The target, when connected to the Internet, will  contact a Listening Post (LP) located at an NSA/USSS facilities, which  is online 24/7, and get ist commands automatically. There commands  include directory listings, retrieving files, performing netmaps, etc.  The results of the commands are then returned to the LP, where the data  is collected and forwarded to CES and analysis and production elements.","_id":"thRMY9xk2TS5vXKWn"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"]],"name":"OLYMPUSFIRE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[windows]]","[[os]]"],"description":"An exploitation system, that uses malware to completely  control a target Windows PC. Maintained by a NSA-run Listening Post.","_id":"4pEPumxJtx2xM4qrR"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"OMNIGAT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GINSU]]"],"status":"unknown","tags":[],"description":"Field network component","_id":"nsnpdw22SvrxxaLcE"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"ONEROOF","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Main tactical SIGINT database, with raw and unfiltered intercepts","_id":"B6cRBbQfidGHFaZ8B"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR","en.wikipedia.org - OAKSTAR"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"ORANGEBLOSSOM","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]","[[ORANGECRUSH]]"],"status":"unknown","tags":["[[dnr]]"],"description":"Sub-program of [[OAKSTAR]] for collection from an international transit switch. Incorpored in [[ORANGECRUSH]] for the [[OAKSTAR]] part and its DNR capability.","_id":"YKNB9HYChAT4FS7nS"},{"agency":"[[NSA]]","alias":["[[buffalogreen]]"],"category":"program","compartments":[],"family":"collect","links":[["https://archive.org/details/NSA-Slides-O-Globo-Brazil","\"US-3230-ORANGECRUSH.jpg\" "],["https://en.wikipedia.org/wiki/OAKSTAR","en.wikipedia.org - OAKSTAR"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"ORANGECRUSH","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]","[[PRIMECANE]]"],"status":"unknown","tags":["[[dns]]","[[dni]]","[[poland]]"],"description":"Subprogram of [[OAKSTAR]]. Foreign access point through  [[PRIMECANE]], and 3rd party partner collect data on Voice, fax, DNI, DNR,  and metadata. ORANGECRUSH is only known to the Poles as BUFFALOGREEN. Forwarding metadata from third-parts site in Poland.","_id":"R6YykZezQeWvbhoQy"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"OSAGE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIFESAVER]]","[[VAGRANT]]"],"status":"active","tags":["[[india]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"hjyurrAgRLzTYx62s"},{"agency":"[[NSA]]","alias":["[[NSA]]"],"category":"five eyes","compartments":[],"family":"agence","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"],["http://en.wikipedia.org/wiki/National_Security_Agency","National Security Agency"]],"name":"OSCAR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ALPHA]]","[[ECHO]]","[[INDIA]]","[[UNIFORM]]"],"status":"active","tags":[],"description":"Exchange designator for the United States' National Security Agency (NSA).","_id":"pSzxf3w7BtvsxyASx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"OSMJCM-II","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"spotted in [[COTTONMOUTH-II]]","_id":"D2MkqBysezoPgfeyi"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"OSN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"Pxdy2fcGMpYx4BWzA"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"OSWAYO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]","[[HIGHLANDS]]"],"status":"active","tags":["[[india]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"FcZufqHTnd7rCAzB7"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html","Schneier.com - The NSA's New Risk Analysis"]],"name":"PACKETWRENCH","relatedItemsParents":["[[FERRETCANNON]]"],"relatedItemsChildren":[],"relatedItems":["[[FERRETCANNON]]","[[FOXACID ]]"],"status":"unknown","tags":[],"description":"","_id":"pS9jgBpsAHRNs8Avx"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["https://en.wikipedia.org/wiki/Global_surveillance_by_category "," wikipedia - Global surveillance by category"]],"name":"PAINTEDEAGLE","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"4sFSEWkoPdoDM9seK"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"PANTHER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]"],"status":"active","tags":["[[vietnam]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"LkJnLQAA4ByYGpZfm"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-tao-intro.pdf ","cryptome.org - Photo Gallery: NSA's TAO Unit Introduces Itself "]],"name":"PARCHDUSK","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[SHARPFOCUS]]","[[OLYMPUS]]","[[FOXACID]]"],"status":"inactive","tags":["[[iraq]]","[[afghanistan]]"],"description":"PARCHDUSK is a spying program used in 2007 and 2008 in Iraq and Afghanistan. Productions Operation of NSA's TAO division.","_id":"GpRpcqR95AfdM4pN7"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - nsa-bullrun-2-16-guardian-13-0905.pdf"],["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"PATHFINDER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"[[PATHFINDER]] is a [[SIGINT]] analysis tool made by the  Science Applications International Corporation (SAIC), a new US company  headquartered in (McLean, Virginia) that provides government services  and information technology support.","_id":"ZCxuJ7z7KG5a22pfs"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - nsa-bullrun-2-16-guardian-13-0905.pdf"]],"name":"PAWLEYS","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"5TS4moJx22hNdG4Rc"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"PBX","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[WABASH]]","[[KLONDIKE]]"],"status":"active","tags":[],"description":"Public branch exchange switch","_id":"kMekFgd2baL3EwMAa"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html"," schneier.com - The NSA's New Risk Analysis"]],"name":"PEDDLECHEAP","relatedItemsParents":["[[FERRETCANNON]]"],"relatedItemsChildren":[],"relatedItems":["[[FERRETCANNON]]","[[FOXACID]]"],"status":"unknown","tags":[],"description":"subprogram of [[FERRETCANNON]] and [[FOXACID]].","_id":"3QTck2oCq4rgG3jZC"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - nsa-bullrun-2-16-guardian-13-0905.pdf"]],"name":"PENDLETON","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"KgZSnRqszRBAPzPZa"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","TheGuardian - New NSA leaks show how US is bugging its European allies"]],"name":"PERDIDO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GENIE]]","[[DROPMIRE]]","[[HIGHLANDS]]","[[LIFESAVER]]"],"status":"unknown","tags":["[[EU]]"],"description":"Name of an operation to bug the EU mission in United Nations, introducing spywares in foreign embassies.","_id":"3p8FQs9oM4iiqwRFY"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[REL TO USA]]","[[FVEY]]"],"family":"hardware","links":[["https://www.schneier.com/blog/archives/2014/01/photoanglo_nsa.html "," schneier.com - PHOTOANGLO: NSA Exploit of the Day"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"PHOTOANGLO","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[ANGRYNEIGHBOR]]","[[VAGRANT]]","[[DROPMIRE]]","[[LOADAUTO]]","[[NIGHTWATCH]]","[[VIEWPLATE]]"],"status":"active","tags":["[[cw]]"],"description":"Replaces [[CTX4000]], a continuous radar Wave  generator, for the [[ANGRYNEIGHBOR]] family of retro-reflector bugs,  including [[VAGRANT]], [[DROPMIRE]] and [[LOADAUTO]]. The signals are  then sent to a processing system such as [[NIGHTWATCH]] or [[VIEWPLATE]]  (which process and display the signals from the [[VAGRANT]]  monitor-cable bug). The [[LFS-2]] is listed as another type of  processing system. A joint NSA/GCHQ project.","_id":"ovxE6JbbhFZ6Y5pEc"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org/guardian - nsa-bullrun-2-16-guardian-13-0905.pdf"]],"name":"PICARESQUE","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"rHgXQMa4PHGS5bDAZ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"PICASSO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[gsm]]","[[phone]]"],"description":"GSM handset, carried by a witting operator for bugging  calls and location information within its range. Includes a panic button  for the operator. Data exfil done with a regular phone via SMS.","_id":"WE84roYbug9mcet2h"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org - guardian"]],"name":"PIEDMONT","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"wF4haaPi9RCDr4Nga"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":["[[ECI]]","[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"ECI","links":[["http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf","cryptome.org - guardian"]],"name":"PITCHFORD","relatedItemsParents":["[[BULLRUN]]"],"relatedItemsChildren":[],"relatedItems":["[[BULLRUN]]"],"status":"unknown","tags":[],"description":"An undetermined, highly confidential compartiment mentioned in the [[BULLRUN]] documents.","_id":"EJkqkSG94qpgaJyyv"},{"agency":"undefined","alias":["[[POCOMOKE]]"],"category":"mission","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","Cryptome.org - NSA's codenames"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"POKOMOKE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]","[[HIGHLANDS]]","[[LIFESAVER]]"],"status":"active","tags":["[[brazil]]"],"description":"Brazil's United Nations  Mission in New-York","_id":"RgLhdkNZkpJAacacG"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","TheGuardian - New NSA leaks show how US is bugging its European allies"]],"name":"POWELL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[GENIE]]","[[KLONDYKE]]","[[LIFESAVER]]","[[HIGHLANDS]]"],"status":"unknown","tags":["[[greece]]"],"description":"Name of an operation to bug the greek UN mission, introducing spywares in foreign embassies.","_id":"8XPDKJyYT5Npa4b5L"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"PPM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Pulse Position Modulate","_id":"qQmicmzTHWr4scfoW"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep","TheGuardian - NSA collects millions of text messages daily in 'untargeted' global sweep"],["https://www.schneier.com/blog/archives/2014/01/nsa_collects_hu.html","schneier.com - NSA Collects Hundreds of Millions of Text Messages Daily"]],"name":"PREFER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[metadata]]"],"description":"The NSA's program to perform automatic analysis on the text-message data and metadata.","_id":"XrFzx29KHMpDABKkQ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"database","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"PRESSUREWAVE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[METROTUBE]]","[[TURMOIL]]"],"status":"unknown","tags":"","description":"spotted on [[TURBINE]]'s document about \"APEX VPN exploitation\".","_id":"NxrQs5bnhLp2ETEqz"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["https://en.wikipedia.org/wiki/File:Prism-slide-6.jpg"," en.wikipedia.org - Slide of PRISM"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"PRINTAURA","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":["[[TRAFFICTHIEF]]"],"relatedItems":[],"status":"active (like [[PRISM]])","tags":[],"description":"part of the [[PRISM]] program. Software which would automatically gather a list of tasked PRISM selectors every weeks to provide to the FBI or CIA. PRINTAURA  volunteered to gather the detailed data related to each selector from multiple locations and assemble it in usable form.","_id":"sYYZX7H464vqM4Ljx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"process","links":[["http://en.wikipedia.org/wiki/PRISM_(surveillance_program)","en.wikipedia.org - Prism"],["http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet"," theverge.com - Everything you need to know about PRISM A cheat sheet for the NSA's unprecedented surveillance programs"],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf","SSO - The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"PRISM","relatedItemsParents":["[[NSA]]"],"relatedItemsChildren":["[[BOUNDLESSINFORMANT]]","[[CARBOY]]"],"relatedItems":["[[TRAFFICTHIEF]]","[[MARINA]]","[[MAINWAY]]","[[FALLOUT]]","[[PINWALE]]","[[CONVEYANCE]]","[[NUCLEON]]","[[UPSTREAM]]"],"status":"active","tags":["[[microsoft]]","[[yahoo]]","[[google]]","[[facebook]]","[[paltalk]]","[[youtube]]","[[skype]]","[[aol]]","[[apple]]","[[email]]","[[video]]","[[picture]]","[[voip]]","[[webcam]]"],"description":"PRISM is a clandestine mass electronic surveillance  data mining program known to have been operated by the United States  National Security Agency (NSA) since 09/11/2007. PRISM is a government code name for a data-collection effort. The PRISM program collects stored Internet communications based on demands made to Internet companies such as Google Inc. or Apple Inc. under Section 702 of the FISA Amendments  Act of 2008 to turn over any data that match court-approved search  terms. The NSA can use these PRISM requests to target communications that were encrypted when they traveled across the Internet backbone, to  focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle, among other things. The program is operated under the supervision of the U.S. Foreign  Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the  Foreign Intelligence Surveillance Act (FISA). Documents indicate that  PRISM is \"the number one source of raw intelligence used for NSA  analytic reports\", and it accounts for 91% of the NSA's Internet traffic  acquired under FISA section 702 authority. The leaked information came  to light one day after the revelation that the FISA Court had been  ordering a subsidiary of telecommunications company Verizon  Communications to turn over to the NSA logs tracking all of its  customers' telephone calls on an ongoing daily basis.","_id":"NwwYvLjf2SkBG75Aw"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"PROTEIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"3gYGcLtCrKQDgvu9H"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"PROTON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[metadata]]"],"description":"SIGINT database for time-sensitive targets/counterintelligence.Fields in the database : Called & calling numbers, date, time & duration of call.  149 billion of call Events, for date range 2000-2006.","_id":"ftqzaw9wTxaTR4wkA"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"PYLON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"Fq8G2HLsa4mvxYy4S"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2"],["http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm"," dailytech.com - Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years"],["http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/","wikileaks-forum.com - Forward-based Defense with QFIRE June 3 , 2011"],["https://www.eff.org/document/20131230-spiegel-qfire","Slides about QUANTUM, QFIRE and TURBULENCE"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"QFIRE","relatedItemsParents":["[[TURMOIL]]","[[TURBINE]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]","[[TURMOIL]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":["[[router]]","[[router]]"],"description":"System used for infecting computers. Involves both  [[TURMOIL]], [[TURBINE]], and additional infrastructure. Co-opted  routers, according to Jacob Appelbaum, these may in cases be unwitting  home or business routers, that have been “pwned”. The Goal seems to be  to reduce latency, and therefor increase the success rate of  [[QUANTUMINSERT]]/[[FOXACID]] attacks. Eliminate trans-Atlantic/Pacific  latency. Consolidated low-latency [[QUANTUMTHEORY]], capability under  development for forward-based defense.","_id":"3AWsZpKEcyrZKxfAd"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum"],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID "],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf"," cryptome.org NSA QUANTUM tasking techniques"],["http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/","ArsTechnica - NSA repeatedly tries to unpeel Tor anonymity and spy on users, memos show"],["http://www.slate.com/blogs/future_tense/2013/10/04/tor_foxacid_flying_pig_nsa_attempts_to_sabotage_countersurveillance_tool.html","Slate.com - How the NSA Is Trying to Sabotage a U.S. Government-Funded Countersurveillance Tool"],["http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html","Spiegel.de - Britain's GCHQ Hacked Belgian Telecoms Firm"],["http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?smid=tw-share&_r=1","nytimes.com - N.S.A. Devises Radio Pathway Into Computers"],["https://www.aclu.org/files/natsec/nsa/20140130/%28TS%29%20NSA%20Quantum%20Tasking%20Techniques%20for%20the%20R&T%20Analyst.pdf "," ACLU - NSA Quantum Taskin Techniques for the R&T Analyst"]],"name":"QUANTUM","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[tor]]","[[mitm]]"],"description":"To trick targets into visiting a [[FOXACID]] server,  the NSA relies on its secret partnerships with US telecoms companies. As  part of the [[TURMOIL]] system, the NSA places secret servers,  codenamed [[QUANTUM]], at key places on the Internet backbone for a  man-in-the-middle (or a man-in-the-side). The NSA uses these fast  [[QUANTUM]] servers to execute a packet injection attack, which  surreptitiously redirects the target to the [[FOXACID]] server.","_id":"6k6psmXbXsoFv2Ad6"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMBISCUIT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"Redirection based on keywork. Most HTML values","_id":"H2zCbJbtDaonCKSgN"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMBOT2","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"Combination of Q-BOT/Q-BISCUIT for web based. Command and controlled botnets","_id":"GxoYmdw6nKScG5oaj"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"],["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"QUANTUMDNS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"Activity from October 2010","tags":"","description":"Fake Facebook server targeting specific individuals.","_id":"KjyAujR7JFSfQ5YmN"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMSPIM","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"Instant Messaging (MSN chat, XMPP), spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"xMu28PwTuQLyBzCGR"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMSQUEEL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUMTHEORY]]","[[QUANTUM]]"],"status":"unknown","tags":"","description":"Injection into MySQL persistent database connections, spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"vWNYwNAZBcusuYxLH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf ","2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMSQUIRREL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"Truly covert infrastructure, be any IP in the world, spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"bmMkNFKqDyFvjf6ow"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"QUANTUMDEFENSE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUMTHEORY]]","[[QUANTUM]]"],"status":"unknown","tags":"","description":"spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"vfdmiPztvuuoxCHqo"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf","cryptome.org - NSA QUANTUM tasking techniques"]],"name":"QUANTUMCOPPER","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"active","tags":[],"description":"a.k.a the great firewall of earth (like the Great Firewall of China)","_id":"dRdPvoYKKayxqTTrN"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf"," cryptome.org - NSA QUANTUM tasking techniques"]],"name":"QUANTUMNATION","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":["[[COMMONDEER]]"],"relatedItems":["[[QUANTUM]]","[[FOXACID]]","[[VALIDATOR]]","[[COMMONDEER]]","[[TAO]]"],"status":"active","tags":[],"description":"QUANTUMNATION can be used with [[TAO]]. QUANTUMNATION is a man-on-the-side capability which can be used for 1 month unless there's a request to extend his life. NSA uses it first to have initial access to the target computer.","_id":"6p8kkTGswervMhWPd"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html","schneier.com - How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID"],["http://cryptome.org/2013/12/nsa-quantum-tasking.pdf"," cryptome.org - NSA QUANTUM tasking techniques"]],"name":"QUANTUMSKY","relatedItemsParents":["[[QUANTUM]]"],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[FOXACID]]"],"status":"active","tags":[],"description":"","_id":"mbJXMNh2soFBdmmfS"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"RAM-M","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"Yww8WzNhcKZarNCBw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html"," Der Spiegel - Codename 'Apalachee': How America Spies on Europe and the UN"]],"name":"RAMPART","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"RAMPART is a [[NSA]] operational branches that  intercept heads of state and their closest aides. Known divisions are  RAMPART-A, RAMPART-I and RAMPART-T, which focuses on foreign  governments.","_id":"zST3NLmdjdRaD99LJ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"RC-10","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"new name of the [[SHARKFIN]] program,  high-capacity/high-speed vacuum cleaner, sweeps up all-source  communications intelligence (COMINT) from a variety of communication  methods and systems.","_id":"33ish3cWSWHfSmNaz"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"REQUETTE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VAGRANT]]"],"status":"active","tags":["[[taiwan]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"sLPA3bm7MW5DJihy2"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html","NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls"]],"name":"RETRO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":"","_id":"CEwD88SuCpRumFaqx"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"RETROREFLECTOR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"a term for a special kind of mirror that always sends a  signal directly back on the path it comes from, regardless of the  angle.","_id":"gpRo3K64AJdYzv7Zr"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"RETURNSPRING","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[WISTFULTOLL]]"],"status":"unknown","tags":[],"description":"Spotted on [[IRATEMONK]], [[WISTFULTOLL]] diagrams","_id":"eYKBWryQccQHHxQMA"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"RICHTER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[germany]]"],"description":"SIGINT Exchange Designators of Germany","_id":"FJMfCnf6EFSNHN7js"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"ROCKYKNOB","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[CROSSBEAM]]"],"status":"unknown","tags":[],"description":"Optional Digital Signal Processing (DSP) Module for [[CROSSBEAM]].","_id":"86peWMroJr92f7uKn"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"RORIPA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"Jq5viojjefePSMdYk"},{"agency":"[[GCHQ]]","alias":["[[ROYAL CONCIERGE]]"],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]"],"family":"collect","links":[["http://cryptome.org/2013/11/gchq-royal-concierge.jpg","crpytome.org on ROYAL CONCIERGE"]],"name":"ROYALCONCIERGE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[email]]"],"description":"identifies potential diplomatic Hotel reservations.  Automated bulk contact chaining between Reservation email adresses and  \"gov.xx\" addresses. Possible extentions: \"favourite\" hotels,  counter-intelligence/foreign relations support, [[XKEYSCORE]]  fingerprinting, car hire...","_id":"F8w5iTdANHsG4roR5"},{"agency":"","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]"],"family":"collect","links":[],"name":"S2C42","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"","tags":["[[brazil]]"],"description":"A program for spying on Brazilian President Dilma Rousseff and her key advisers. The results are text messages from her and her key advisers.","_id":"q84PjBymDSqJPEzhL"},{"agency":"[[NSA]]","alias":["[[protocols]]","[[crypto]]","[[vpn]]"],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"SALVAGERABBIT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[UNITEDRAKE]]"],"status":"unknown","tags":["[[malware]]"],"description":"The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One  implant, codenamed [[UNITEDRAKE]], can be used with a variety of   “plug-ins” that enable the agency to gain total control of an  infected computer. An implant plug-in named SALVAGERABBIT, used to exfiltrates data from removable flash drives that connect to an infected computer.","_id":"5gWc7MkGDFQ8tcBhw"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf ","2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"SARATOGA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"p8DHBYKoLwi47YpYz"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SARDINE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"pdpSaFvETaNstpoEv"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"]],"name":"SCALPEL","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]","[[geolocation]]","[[gsm]]","[[kenya]]"],"description":"[[SIGINT]] for locating cellphone in Nairobi","_id":"v5hFXRzJkgPGEb5Bp"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"hardware","links":[["https://www.schneier.com/blog/archives/2014/01/schoolmontana_n.html"," schneier.com - SCHOOLMONTANA: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-schoolmontana.jpg"," Slide on SCHOOLMONTANA"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SCHOOLMONTANA","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[SIERRAMONTANA]]","[[STUCCOMONTANA]]","[[VALIDATOR]]","[[TAO]]"],"status":"active","tags":["[[router]]","[[juniper]]","[[bios]]","[[dnt]]"],"description":"SCHOOLMONTANA provides persistence for DNT implants.  The DNT implant will survive an upgrade or replacement of the operating  system -- including physically replacing the router's compact flash  card. Currently, the intended DNT Implant to persist is [[VALIDATOR]],  which must be run as a user process on the target operating system. The  vector of attack is the modification of the target's BIOS. The  modification will add the necessary software to the BIOS and modify its  software to execute the SCHOOLMONTANA implant at the end of its native  System Management Mode (SMM) handler.","_id":"6uYCQLcugWZkfoCkn"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[ORCON]]","[[NOFORN]]"],"family":"process","links":[["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow "]],"name":"SCISSORS","relatedItemsParents":["[[PRINTAURA]]"],"relatedItemsChildren":["[[FALLOUT]]","[[CONVEYANCE]]","[[PINWALE]]"],"relatedItems":[],"status":"unknown","tags":[],"description":"subprogram of [[PRISM]] and [[PRINTAURA]].","_id":"eJNt5LHLqFkSaNjiB"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"]],"name":"SCS","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[gsm]]","[[geolocation]]","[[brazil]]"],"description":"[[SIGINT]] for locating cellphone in Brasilia (BR)","_id":"SR6HkzGHXfSDSHt3A"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SEABOOT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT Exchange Designators with Third or Fourth Parties.","_id":"6rnq5oGG4tA3NN5S3"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SEAGULLFARO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[WISTFULTOLL]]","[[UNITEDRAKE]]"],"status":"unknown","tags":[],"description":"High-side server shown in [[UNITEDRAKE]] internet cafe  monitoring graphic. Spotted on [[IRATEMONK]], [[WISTFULTOLL]] diagrams.","_id":"sKtzpw9AD6d8QuMNm"},{"agency":"[[NSA]]","alias":["[[SMOTH]]"],"category":"attack vector","compartments":[],"family":"software","links":[["https://www.aclu.org/files/natsec/nsa/20140130/%28TS%29%20NSA%20Quantum%20Tasking%20Techniques%20for%20the%20R&T%20Analyst.pdf","aclu.org - NSA Quantum Tasking Techniques for the R&T Analyst"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://www.theregister.co.uk/Print/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/"," theregister.co.uk"]],"name":"SEASONEDMOTH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[VALIDATOR]]","[[COMMONDEER]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":["[[malware]]"],"description":"A class of malware that is programmed to automatically  die with in 30 days. (unless instructed to extend its life). During this  period of 30 days, harvest all activity by the target","_id":"vBaGmD3Ycmed9xCif"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[NOFORN]]"],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/ "," How the NSA Plans to Infect ‘Millions’ of Computers with Malware - theguardian.com"]],"name":"SECONDDATE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TAO]]"],"status":"unknown","tags":"","_id":"3qd3TAfETY2qdDmjH"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"target","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SEMESTER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"SIGINT targeting and reporting systems called","_id":"X5yChtMcmbeafSCtM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.nsa.gov/public_info/_files/cryptologs/cryptolog_136.pdf"," nsa.gov - cryptolog"]],"name":"SENTINEL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SYBASE]]"],"status":"unknown","tags":[],"description":"SENTINEL is a NSA security filter for [[SYBASE]]  databases which provides multi-level security down to the row level.","_id":"z6R2iNQKkHfHtPv7Y"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.intrepidreport.com/archives/8588","intrepidreport.com - Senate delivers fatal end-of-term blow to Constitution"]],"name":"SETTEE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[korea]]"],"description":"SIGINT Exchange Designators of South Korea","_id":"2oYx6pbLNzdjXLPzM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"SHAREDVISION","relatedItemsParents":["[[TARMAC]]"],"relatedItemsChildren":[],"relatedItems":["[[TARMAC]]"],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"4nu6GLMPWpjwfq3kR"},{"agency":"[[NSA]]","alias":["[[SF2]]"],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.spiegel.de/fotostrecke/photo-gallery-nsa-s-tao-unit-introduces-itself-fotostrecke-105372-4.html","spiegel.de - Photo Gallery: NSA's TAO Unit Introduces Itself"]],"name":"SHARPFOCUS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[OLYMPUS]]","[[PARCHDUSK]]","[[FOXACID]]"],"status":"unknown","tags":["[[iraq]]","[[afghanistan]]"],"description":"SHARPFOCUS is a spying program used in 2007 and 2008 in Iraq and Afghanistan. Productions Operation of NSA's TAO division.","_id":"FrEWvs3E7jvAwTTsY"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection","theguardian.com - How the NSA is still harvesting your online data"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","No Place To Hide Documents by Greenwald"]],"name":"SHELLTRUMPET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TRAFFICHIEF]]","[[DANCINGOASIS]]","[[OAKSTAR]]"],"status":"unknown","tags":[],"description":"SHELLTRUMPET is a NSA metadata processing program which show the NSA's metadata collection scale.","_id":"KaR764PRT72cuXSqX"},{"agency":"CIA","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/","theintercept.org - The NSA’s Secret Role in the U.S. Assassination Program"]],"name":"SHENANIGANS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[gsm]]","[[wifi]]","[[phone]]","[[wifi]]"],"description":"In addition to the [[GILGAMESH]] system used by [[JSOC]],  the CIA uses a similar NSA platform known as SHENANIGANS. The operation  utilizes a pod on aircraft that vacuums up massive amounts of data from  any wireless routers, computers, smartphones or other electronic  devices that are within range.","_id":"iv42JByQvYy4mYzEG"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR "]],"name":"SHIFTINGSHADOW","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[UPSTREAM]]"],"status":"unknown","tags":["[[geolocation]]","[[gsm]]","[[dnr]]","[[geolocation]]","[[afghanistan]]"],"description":"Subprogram of [[OAKSTAR]], targeting DNR metadata and  voice; \"Timing Advances\" and geolocation, on Afghanistan communications:  MTN Afghanistan, Roshan GSM Network, AWCC","_id":"FYAHqFgwxNbTwvSmp"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"]],"name":"SHOALBAY","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[geolocation]]","[[phone]]","[[australia]]"],"description":"[[SIGINT]] for locating cellphone in Darwin (AU)","_id":"y4AM54nbBtACpTMW3"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SHORTSHEET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[tor]]"],"description":"CNE (hacking) technique used against Tor users","_id":"Jt6yeyMZWpGFCKTq5"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.schneier.com/blog/archives/2014/01/sierramontana_n.html","schneier.com - SIERRAMONTANA: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-sierramontana.jpg","leaksource.wordpress.com - SIERRAMONTANA TAO's catalog page"]],"name":"SIERRAMONTANA","relatedItemsParents":["[[STUCCOMONTANA]]"],"relatedItemsChildren":[],"relatedItems":["[[SCHOOLMONTANA]]","[[STUCCOMONTANA]]","[[VALIDATOR]]","[[TAO]]","[[FOXACID]]"],"status":"(ETA 30 November 2008)","tags":["[[router]]","[[juniper]]","[[bios]]","[[dnt]]"],"description":"SIERRAMONTANA provides persistence for DNT implants.  The DNT implant will survive an upgrade or replacement of the operating  system -- including physically replacing the router's compact flash  card.","_id":"rqrYQspvGiJy75STQ"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR"],["http://en.wikipedia.org/wiki/File:SilverZephyr.jpg"," en.wikipedia.org - SilverZephyr.jpg"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"SILVERZEPHYR","relatedItemsParents":["[[OAKSTAR]]"],"relatedItemsChildren":[],"relatedItems":["[[OAKSTAR]]","[[STEELKNIGHT]]","[[UPSTREAM]]"],"status":"unknown","tags":["[[router]]","[[dns]]","[[dni]]","[[dnr]]","[[metadata]]","[[latin america]]"],"description":"Subprogram of [[OAKSTAR]], Network access point through  [[STEELKNIGHT]] partner: targeting South, Central and Latin America DNR  (metadata, voice, fax), DNI (content, metadata)","_id":"JhBL327g7X52iBEoc"},{"agency":"undefined","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SNEAKERNET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]"],"status":"unknown","tags":[],"description":"Not a codename, a term for the “network communication  protocol” involving someone physically carrying storage media between  machines.","_id":"S49DmcCHAfABQgEaf"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"software","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/12"," TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"],["https://www.schneier.com/blog/archives/2014/02/somberknave_nsa.html","SOMBERKNAVE: NSA Exploit of the Day"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"SOMBERKNAVE","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[OLYMPUS]]","[[VALIDATOR]]"],"status":"unknown","tags":["[[wifi]]","[[malware]]","[[windows]]","[[os]]"],"description":"[[SOMBERKNAVE]] software based malware, intended to bridge airgaps by using an unused 802.11 wireless interface. For Windows XP. Allows other malware  to “call home” In particular, the [[VALIDATOR]] and [[OLYMPUS]] trojans.trojans.","_id":"QGWHCiRMPAL2NW5Nt"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/01/souffletrough_n.html"," schneier.com - SOUFFLETROUGH: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-souffletrough.jpg"," leaksource - TAO Catalog's Page with Graphics"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SOUFFLETROUGH","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":[],"relatedItems":["[[BANANAGLEE]]","[[TAO]]"],"status":"active","tags":["[[router]]","[[juniper]]","[[bios]]"],"description":"SOUFFLETROUGH is a BIOS persistence implant for Juniper  SSG 500 and SSG 300 firewalls. It persists DNT's [[BANANAGLEE]]  software implant. [[BANANAGLEE]] also has an advanced persistent  back-door capability. SOUFFLETROUGH is a BIOS persistence implant for  Juniper SSG 500 and SSG 300 series firewalls (320M, 350M, 520, 550,  520M, 550M). It persists DNT's [[BANANAGLEE]] software implant and  modifies the Juniper firewall's operating system (ScreenOS) at boot  time. If [[BANANAGLEE]] support is not available for the booting  operating system, it can install a Persistent Backdoor (PBD) designed to  work with [[BANANAGLEE]]'s communications structure, so that full  access can be reacquired at a later time. It takes advantage of Intel's  System Management Mode for enhanced reliability and covertness. The PDB  is also able to beacon home, and is fully configurable. A typical  SOUFFLETROUGH deployment on a target firewall with an exfiltration path  to the Remote Operations Center (ROC) is shown above. SOUFFLETROUGH is  remotely upgradeable and is also remotely installable provided  [[BANANAGLEE]] is already on the firewall of interest.","_id":"X4Bpg4zapvEFwiuMc"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"SOUNDER","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[gsm]]","[[geolocation]]","[[cyprus]]"],"description":"[[SIGINT]] for locating cellphone in Cyprus","_id":"ebRRYWm9DibPWyELn"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"SOUTHWINDS","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"jGrkBCkQ4ekd9YhcD"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[FOUO]]"],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://www.schneier.com/blog/archives/2014/01/sparrow_ii_nsa.html","schneier.com - SPARROW II: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-sparrow-ii.jpg","leaksource.wordpress.com - TAO's Catalog Page with Graphic"]],"name":"SPARROW-II","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":["[[BLINDDATE]]"],"relatedItems":["[[TRINITY]]","[[JUNIORMINT]]","[[TAO]]"],"status":"unknown","tags":["[[wifi]]","[[gps]]","[[pci]]"],"description":"An embedded computer system running [[BLINDDATE]]  tools. SPARROW-II is a fully functional WLAN collection system with  integrated Mini PCI slots for added functionality such as GPS and  multiple Wireless Network Interface Cards. Application [[SW]]:  [[BLINDDATE]]","_id":"QWYKQ3FwhKgQ4JH5t"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"SPECULATION","relatedItemsParents":["[[HOWLERMONKEY]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[rf]]"],"description":"RF communication protocol, used by [[HOWLERMONKEY]]  devices, Including [[COTTONMOUTH-I]] [[COTTONMOUTH-III]], [[FIREWALK]].","_id":"pc8TsivQrE6jhZfse"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/27/nsa-online-metadata-collection"," The Guardian"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"SPINNERET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[metadata]]"],"description":"Metadata collection's program","_id":"8jHJRYrniuZMbTKEg"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"SPRINGRAY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TICKETWINDOW]]"],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"h69zWw7eyxamYwQBc"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://leaksource.info/2014/01/27/squeaky-dolphin-gchq-pilot-program-collects-data-from-social-media-sites-in-real-time-via-cable-taps/ ","  Squeaky Dolphin: GCHQ Pilot Program Collects Data from Social Media Sites in Real-Time via Cable Taps - leaksource.info"]],"name":"SQUEAKYDOLPHIN","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[facebook]]","[[youtube]]","[[blogger]]","[[twitter]]"],"_id":"TQ2YLs9C4CpmdgBTR"},{"agency":"[[NSA]]","alias":["[[Special Site Operation]]"],"category":"compartment","compartments":[],"family":"collect","links":[["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf|","SSO - The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"]],"name":"SSO","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUMINSERT]]"],"status":"unknown","tags":["[[mots]]"],"description":"Special Site Operation, a physical place from where NSA  executes attacks such as [[QUANTUMINSERT]]. Typically an US Embassy  with either one or several of these: antennas, network connections,  radio patch antennas, etc...","_id":"rqDsQnY5zXLSSHdwb"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"STEELFLAUTA","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"","tags":[],"description":"[[SSO]] Corporate/ [[TAO]] (Tailored Access Operations) Shaping","_id":"aqqePBXJ5behmXZLy"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/OAKSTAR"," en.wikipedia.org - OAKSTAR"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"STEELKNIGHT","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SILVERZEPHIR]]","[[UPSTREAM]]"],"status":"unknown","tags":[],"description":"NSA's corporate partners","_id":"tR7wH3aqCkECrmBRs"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"target","links":[["http://nsa.gov1.info/dni/ "," nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"STELLAR","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]","[[geolocation]]","[[autralia]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Geraldton (AU)","_id":"Q2icdswyLEKjG2YeQ"},{"agency":"[[NSA]]","alias":["[[STLW]]"],"category":"program","compartments":[],"family":"collect","links":[["[EVILOLIVE","]"],["http://en.wikipedia.org/wiki/Stellar_Wind_(code_name)"," en.wikipedia.org - Stellar Wind (code name)"]],"name":"STELLARWIND","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[BLARNEY]]"],"status":"inactive","tags":["[[email]]","[[phone]]"],"description":"[[STELLARWIND]] is the code name of a Sensitive  Compartmented Information security compartment for information collected  under the President's Surveillance Program (PSP). This was a program by  the United States National Security Agency (NSA) during the presidency  of George W. Bush and revealed by Thomas Tamm to the The New York Times  in 2008. The operation was approved by President George W. Bush shortly  after the September 11 attacks in 2001. STELLARWIND was succeeded during  the presidency of Barack Obama by four major lines of intelligence  collection in the territorial United States together capable of spanning  the full range of modern telecommunications. The program's activities  involved data mining of a large database of the communications of  American citizens, including email communications, phone conversations,  financial transactions, and Internet activity.","_id":"8ax9dqCsotpgyCSS5"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/STORMBREW"," en.wikipedia.org - STORMBREW"],["http://cryptome.org/2013/12/nsa-cable-spy-types.pdf|","SSO - The cryptologic provider of Intelligence from Global High-Capacity Telecommunications Systems"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"STORMBREW","relatedItemsParents":["[[UPSTREAM]]"],"relatedItemsChildren":["[[MADCAPOCELOT]]","[[ARTIFICE]]"],"relatedItems":["[[MADCAPOCELOT]]","[[STORMBREW]]","[[PINWALE]]","[[MARINA]]","[[UPSTREAM]]","[[XKEYSCORE]]"],"status":"unknown","tags":["[[router]]","[[fiber]]"],"description":"[[STORMBREW]] is an umbrella program involving  surveillance of telecommunications. It falls under the category of  \"[[UPSTREAM]] collection,\" meaning that data is pulled directly from  fiber-optic cables and top-level communications infrastructure. There is  also a SIGAD of the same name, which is described as a \"key corporate  partner.\" A map shows that the collection is done entirely within the  United States. This corporate partner has servers in Washington,  California, Texas, Florida, and in or around New York, Virginia, and  Pennsylvania. [[UPSTREAM]] collection programs allow access to very high  volumes of data, and most of the pre-selection is done by the providers  themselves, before the data is passed on to the NSA.","_id":"Moo2KaSLF4LcLtMAt"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"STRAITBIZARRE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Software made By Digital Network Technologies (DNT) for  controlling and receiving data from “implants”. Also involved somewhere  in the process of uploading malicious HD firmware (works with a tool  called [[SLICKERVICAR]] to accomplish this)","_id":"LFimmz3m6ZzqcBLuN"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm"," cryptome.org - NSA codenames"]],"name":"STRIKEZONE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HOWLERMONKEY]]"],"status":"unknown","tags":[],"description":"“[[HOWLERMONKEY]] is a COTS- based transceiver designed  to be compatible with [[CONJECTURE]]/[[SPECULATION]] networks and  [[STRIKEZONE]] devices running a [[HOWLERMONKEY]] personality.","_id":"2vQ9b3x6u8ZfXER5z"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"STRONGMITE","relatedItemsParents":["[[ROC]]"],"relatedItemsChildren":[],"relatedItems":["[[IRONCHEF]]","[[TAO]]"],"status":"unknown","tags":[],"description":"somewhere on the [[ROC]] side of operations...","_id":"oEPuL8m3byqRPhw2J"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"software","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum"],["https://www.schneier.com/blog/archives/2014/01/stuccomontana_n.html","schneier.com - NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-sierramontana.jpg","leaksource.wordpress.com - TAO Catalog Page with Graphics"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf"," cryptome.org - NSA's catalog"]],"name":"STUCCOMONTANA","relatedItemsParents":["[[TAO]]"],"relatedItemsChildren":["[[VALIDATOR]]","[[SIERRAMONTANA]]"],"relatedItems":[],"status":"unknown","tags":["[[router]]","[[juniper]]","[[bios]]"],"description":"provides persistence for [[DNT]] implants. The [[DNT]]  implant will survive an upgrade or replacement of the operating system -  including physically replacing the router's compact flash card.  Currently, the intended DNT Implant to persist is [[VALIDATOR]], which  must be run as a user process on the target operating system. The vector  of attack is the modification of the target's BIOS. The modification  will add the necessary software to the BIOS and modify its software to  execute the [[SIERRAMONTANA]] implant at the end of its native System  Management Mode (SMM) handler. [[STUCCOMONTANA]]  must support all modern versions of JUNOS, which is a version of  FreeBSD customized by Juniper. Upon system boot, the [[JUNOS]] operating  system is modified in memory to run the implant, and provide persistent  kernel modifications to support implant execution. [[STUCCOMONTANA]] is the cover term for the persistence technique to deploy a DNT implant to Juniper T-Series routers.","_id":"5nPTitqnwcBYcXS4N"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://en.wikipedia.org/wiki/Stuxnet"," en.wikipedia.org - Stuxnet"]],"name":"STUXNET","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[usb]]","[[malwarel]]"],"description":"A jointly US/Isreali written piece of malware intended  to infect, and physically destroy five Iranian organizations, with the  probable target widely suspected to be uranium enrichment infrastructure  in Iran . (which it did) Also spilled on to non-targeted SCADA systems,  causing “collateral damage”. Using 0-day exploits, it infected Personal  Computers near the targeted Installation: then it waited several months  to infect a USB-key which will be connected on the internal-network of  the target. After that, a payload dedicated to Siemens Systems is  enabled","_id":"hg2RAdT8YeceWCSgP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TS]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"collect","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," media.ccc.de - To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf"," cryptome.org - NSA's catalog"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/7","TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"SURLYSPAWN","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[ANGRYNEIGHBOR]]","[[TAO]]"],"status":"unknown","tags":["[[usb]]"],"description":"SURLYSPAWN has the capability to gather keystrokes without  requiring any software running on the targeted system. It also only  requires that the targeted system be touched once. The retro-reflector  is compatible with both USB ans PS/2 keyboards. The simplicity of the  design allows the form factor to be tailored for specific operational  requirements.","_id":"9FJuTh6NCrcGd6afk"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf "," 2010 sigint development conferences - nsa-gchq-quantumtheory.pdf"]],"name":"SURPLUSHANGER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[QUANTUM]]","[[QUANTUMTHEORY]]"],"status":"unknown","tags":"","description":"High -> Low diodes, spotted on [[QUANTUMTHEORY]]'s presentation.","_id":"yGxBDKf3CiXQQoWxd"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["http://www.theatlantic.com/technology/archive/2013/08/an-educated-guess-about-how-the-nsa-is-structured/278697/","theatlantic.com - An Educated Guess About How the NSA Is Structured"]],"name":"SURREY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"Main NSA requirements database, where targets and selectors are \"validated\" by NSA managers","_id":"94uJPPz9vQy8fw2Ym"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL]]"],"family":"software","links":[["https://www.schneier.com/blog/archives/2014/02/swap_nsa_exploi.html","SWAP: NSA Exploit of the Day"],["http://www.prepperpodcast.com/phone-calls-listening/20131231025312_9-nsa-swap/","prepperpodcast.com - It’s not just your phone calls – it’s YOU they are listening to"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"]],"name":"SWAP","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[ARKSTREAM]]","[[TWISTEDKILT]]","[[TUNINGFORK]]","[[INTERDICTION]]"],"status":"unknown","tags":["[[bios]]","[[windows]]","[[os]]"],"description":"SWAP provides software application persistence by  exploiting the  motherboard BIOS and the hard drive's Host Protected  Area to gain  periodic execution before the Operating System loads. This  technique supports single or multi-processor systems running Windows,  Linux, FreeBSD, or Solaris with the following  file systems: FAT32,  NTFS, EXT2, EXT3, or UFS1.0. Through remote access or [[INTERDICTION]],  [[ARKSTREAM]] is used to reflash the BIOS and TWISTEDKILT to write the  Host Protected  Area on the hard drive on a target machine in order to  implant SWAP and  its payload (the implant installer). Once implanted,  SWAP's frequency of  execution (dropping the playload) is configurable  and will occur when  the target machine powers on.","_id":"oQKNsuwPomyBhoJZY"},{"agency":"[[NSA]]","alias":["[[TK]]"],"category":"program","compartments":[],"family":"collect","links":[["http://electrospaces.blogspot.fr/2013/09/the-us-classification-system.html","electrospaces - Top Level Telecommunications"]],"name":"TALENTKEYHOLE","relatedItemsParents":[],"relatedItemsChildren":["[[CHESS]]","[[RUFF]]","[[ZARF]]"],"relatedItems":["[[CHESS]]","[[RUFF]]","[[ZARF]]"],"status":"old?","tags":[],"description":"Control system for space-based collection  platforms. This control system is for products of overhead collection  systems, such as satellites and reconnaissance aircraft, and contains  compartments, which are identified by a classified codeword. The  original TALENT compartment was created in the mid-1950s for the U-2. In  1960, it was broadened to cover all national aerial reconnaissance and  the KEYHOLE compartment was created for satellite intelligence.","_id":"GwaXvhruuNmerkefc"},{"agency":"[[NSA]]","alias":["[[Tailored Access Operations]]"],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html","spiegel.de -  Inside TAO: Documents Reveal Top NSA Hacking Unit"],["https://www.schneier.com/blog/archives/2013/12/more_about_the.html","schneier.com - More about the NSA's Tailored Access Operations Unit"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TAO","relatedItemsParents":["[[NSA]]"],"relatedItemsChildren":[],"relatedItems":["[[ROC]]","[[ANGRYNEIGHBOR]]"],"status":"unknown","tags":[],"description":"The NSA's TAO (Tailored Access Operations) hacking unit  is considered to be the intelligence agency's top secret weapon. It  maintains its own covert network, infiltrates computers around the world  and even intercepts shipping deliveries to plant back doors in  electronics ordered by those it is targeting. [...] During the middle  part of the last decade, the special unit succeeded in gaining access to  258 targets in 89 countries -- nearly everywhere in the world. In 2010,  it conducted 279 operations worldwide.","_id":"g8Rhk795cy6ocaNzZ"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[TS]]","[[SI]]","[[REL TO USA]]","[[FVEY]]"],"family":"hardware","links":[["https://www.schneier.com/blog/archives/2014/01/tawdryyard_nsa.html","schneier.com - TAWDRYYARD: NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-tawdryyard.jpg","leaksource.wordpress.com - TAO's Catalog Page with Graphic"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de -To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["https://commons.wikimedia.org/wiki/File:NSA_TAWDRYYARD.jpg","wikimedia.org - NSA TAWDRYYARD"]],"name":"TAWDRYYARD","relatedItemsParents":["[[ANGRYNEIGHBOUR]]"],"relatedItemsChildren":["[[RAGEMASTER]]"],"relatedItems":[],"status":"End processing still in development","tags":[],"description":"Beacon RF retro-reflector. Provides return when  illuminated with radar to provide rough positional location. TAWDRYYARD  is used as a beacon, typically to assist in locating and identifying  deployed [[RAGEMASTER]] units. Current design allows it to be detected  and located quite easily within a 50' radius of the radar system being  used to illuminate it. TAWDRYYARD draws as 8 mu;A at 2.5V (20mu;W)  allowing a standard lithium coin cell to power it for months or years.  The simplicity of the design allows the form factor to be tailored for  specific operational requirements. Future capabilities being considered  are return of GPS coordinates and a unique target identifier and  automatic processing to scan a target area for presence of TAWDRYYARDs.  All components are COTS and so are non-attributable to NSA.","_id":"L273JrzQhM3MYhaTf"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://en.wikipedia.org/wiki/Tempora","Wikipedia - Tempora"],["http://lexpansion.lexpress.fr/high-tech/operation-tempora-comment-les-britanniques-depassent-les-americains-pour-espionner-internet_390971.html","L'Express - \"Operation Tempora\": comment les Britanniques dépassent les Américains pour espionner Internet"],["http://abonnes.lemonde.fr/europe/article/2013/06/26/berlin-demande-a-londres-des-explications-sur-son-programme-d-espionnage-tempora_3436728_3214.html","Le Monde - Berlin demande à Londres des explications sur son programme d'espionnage \"Tempora\" "]],"name":"TEMPORA","relatedItemsParents":[],"relatedItemsChildren":["[[MTI]]","[[Global Telecoms Exploitation]]"],"relatedItems":["[[MTI]]","[[Global Telecoms Exploitation]]","[[CCDP]]"],"status":"active","tags":["[[facebook]]","[[email]]","[[phone]]"],"description":"Clandestine security electronic surveillance program  trialled in 2008, established in 2011 and operated by the [[GCHQ]]. Data  is extracted from over 200 fibre-optic cables and processed; full data  is preserved for three days while metadata is kept for 30 days. No  distinction is made in the gathering of the data between innocent people  or targeted suspects. Includes recordings of telephone calls, the  content of email messages, Facebook entries and the personal internet  history of users.","_id":"8EhJZaawAWG24nfiq"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/ThinThread","en.wikipedia.org - ThinThread"]],"name":"THINTREAD","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TRAILBLAZER]]"],"status":"inactive","tags":[],"description":"THINTREAD is the name of a project that the NSA pursued  during the 1990s. The program involved wiretapping and sophisticated  analysis of the resulting data, but according to the article, the  program was discontinued three weeks before the September 11, 2001  attacks due to the changes in priorities and the consolidation of U.S.  intelligence authority. The \"change in priority\" consisted of the  decision made by the director of NSA General Michael V. Hayden to go  with a concept called [[TRAILBLAZER]], despite the fact that THINTREAD  was a working prototype that protected the privacy of U.S. citizens.","_id":"TYqaBrbjC3X3iX25d"},{"agency":"[[NSA]]","alias":["[[THIEVING MAGPIE]]"],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]","[[STRAP1]]"],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"THIEVINGMAGPIE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SOUTHWINDS]]"],"status":"active","tags":["[[blackberry]]","[[gsm]]","[[gprs]]","[[skype]]","[[email]]","[[facebook]]","[[plane]]"],"description":"Using on-board GSM/GPRS services to tracks targets. Able to identify Blackberry PIN and associated email adresses on GPRS events, tasked content into datastores, unselected to [[XKEYSCORE]]. They can confirm  that targets selectors are on board, if the target use data, they can also recover email address's, facebook's IDs, Skype addresses... A specific aircraft can be tracked approximately every 2 minutes whilst in flight.","_id":"FiSGYogdbyreMyQTM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[TOP SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]","[[FVEY]]"],"family":"collect","links":[["http://nsa.gov1.info/dni/","nsa.gov1.info/dni/"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"TIMBERLINE","relatedItemsParents":["[[PRISM]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[phone]]","[[geolocation]]","[[usa]]"],"description":"[[SIGINT]] ([[FORNSAT]]) for locating cellphone in Sugar Grove (USA)","_id":"54E4txoHRWJ7gMm8o"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/4","digitaltrends.com - TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"]],"name":"TOTECHASER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TOTEGHOSTLY]]"],"status":"unknown","tags":["[[gsm]]","[[gps]]","[[sms]]","[[os]]","[[geolocation]]","[[phone]]","[[windows]]"],"description":"Software-based malware for Thuraya 2520  satellite-cellular handsets running Windows CE. Designed to exfiltrate  GPS and GSM geolocation data, as well as the call log and contact list,  and other data via covert SMS messages. SMS messages are also the means  by which the attacker controls the phone. Implementation requires  modifying the phone itself, not yet deployed as of Oct 2008.","_id":"9bWSqrE62PZ2MxKJ3"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TOTEGHOSTLY","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[STRAITBIZARRE]]","[[CHIMNEYPOOL]]","[[FREEFLOW]]","[[GENIE]]","[[FRIEZERAMP]]","[[TOTECHASER]]"],"status":"unknown","tags":["[[malware]]","[[windows]]","[[sms]]","[[os]]","[[geolocation]]"],"description":"Malware for Windows Mobile -based handsets. Written  using DNT's [[CHIMNEYPOOL]] framework, and controlled via  [[STRAITBIZARRE]]. Used to infiltrate and exfiltrate files, SMS, contact  lists, geolocation via SMS or GPRS data connection. From or to the  victim device The attacker has the ability to control the camera and  microphone, and also send other commands to the device. The encrypted  protocol it uses to communicate is referred to as [[FRIEZERAMP]].","_id":"KrStaEM79KDhSRZx7"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"database","links":[["https://en.wikipedia.org/wiki/File:Prism-slide-7.jpg","en.wikipedia.org - Slide of PRISM collection dataflow"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"TRAFFICTHIEF","relatedItemsParents":["[[PRINTAURA]]","[[TURBULENCE]]"],"relatedItemsChildren":[],"relatedItems":["[[XKEYSCORE]]","[[PRINTAURA]]","[[PRISM]]","[[PINWALE]]","[[MARINA]]"],"status":"unknown","tags":["[[metadata]]","[[email]]","[[phone]]"],"description":"According to an [[XKEYSCORE]] presentation, TRAFFICTHIEF is a database of \"Meta-data from a subset of tasked  strong-selectors\", a example of a strong selector is an email address.  In other words, it would be a database of the metadata associated with  names, phone numbers, email addresses, etc., that the intelligence  services are specifically targeting.","_id":"6vTFvHHGTGtgmhf5e"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://en.wikipedia.org/wiki/Trailblazer_Project","en.wikipedia.org - Trailblazer Project"]],"name":"TRAILBLAZER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"inactive","tags":["[[phone]]","[[email]]"],"description":"TRAILBLAZER was a United States NSA program intended to  develop a capability to analyze data carried on communications networks like the Internet. It was intended to track entities using  communication methods such as cell phones and email. It ran over  budget, failed to accomplish critical goals, and was cancelled.","_id":"sdNEGjQkWcK4ZoxpA"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://leaksource.wordpress.com/2013/11/23/nsa-programs-treasure-map-near-real-time-interactive-map-of-internet-any-device-anywhere-all-the-time-packaged-goods-tracks-traceroutes-accessed-13-servers-in-unwitting-data-centers/","LeakSource  - (NSA Programs) Treasure Map: Near Real-Time Interactive Map of  Internet, Any Device, Anywhere, All the Time; Packaged Goods: Tracks  Traceroutes, Accessed 13 Servers in Unwitting Data Centers"],["http://cryptome.org/2013/11/nsa-treasuremap.htm","cryptome.org - NSA TreasureMap"],["http://nation.time.com/2013/11/23/new-document-shows-nsa-wanted-more-more-more-power/","The Time - New Document Shows NSA Wanted More, More, More Power"],["http://www.nytimes.com/2013/11/23/us/politics/nsa-report-outlined-goals-for-more-power.html?_r=0","The New York Times - N.S.A. Report Outlined Goals for More Power"]],"name":"TREASUREMAP","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[Packaged Goods]]","[[SIGINT]]"],"status":"active","tags":["[[geolocation]]","[[wifi]]"],"description":"a near real-time, interactive map of the global  Internet. It is a massive Internet mapping, analysis and exploration  engine. It collects Wi-Fi network and geolocation data, and between 30  million and 50 million unique Internet provider addresses. The program  can map “any device, anywhere, all the time.” Intelligence officials say  \"it only maps foreign and Defense Department networks\".","_id":"ooCDgC6vBH6Cb28Bc"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"TUNINGFORK","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[SWAP]]","[[DIETYBOUNCE]]","[[IRATEMONK]]"],"status":"unknown","tags":["[[bios]]","[[windows]]","[[os]]","[[linux]]","[[freebsd]]","[[solaris]]"],"description":"spotted on [[DIETYBOUNCE]], [[IRATEMONK]], and SWAP  diagrams A combination of a malicious BIOS modification and a malicious  Hard Disk firmware modification (in the host protected area) used to  maintain software based malware on the victim computer. Appears to work  on a variety of systems running Windows, Linux, FreeBSD or Solaris. The  file system may be FAT32, NTFS, EXT2, EXT3, or UFS 1.0.","_id":"Zbzyu6BxtK4WgXza5"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm","dailytech.com - Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years"],["http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/","wikileaks-forum.com - Forward - based Defense with QFIRE"],["http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security","The Guardian - nsa-gchq-encryption-codes-security"],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog"],["https://www.eff.org/document/20131230-spiegel-qfire","eff.org - Slides about QUANTUM, QFIRE and TURBULENCE"]],"name":"TURBINE","relatedItemsParents":["[[TURBULENCE]]"],"relatedItemsChildren":[],"relatedItems":["[[TRAILBLAZER]]","[[TURMOIL]]"],"status":"unknown","tags":[],"description":"Deep Packet Injection, works with [[TURMOIL]]. System  used for infecting computers. TURBINE provides centralized automated  command/control of a large network of active implants","_id":"ffzd7wbbHe6NKb9sn"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"network","links":[["http://en.wikipedia.org/wiki/Turbulence_(NSA)","en.wikipedia.org - Turbulence (NSA)"],["http://www.netrootsmass.net/2008/09/253-turbulence-an-nsadhs-intrusive-cyber-surveillance-program/","netrootsmass.net - Turbulence, an NSA/DHS intrusive cyber surveillance program"],["http://cryptome.org/2012/08/nsa-turbulence.pdf","cryptome.org - NSA document released under FOIA"],["http://articles.baltimoresun.com/2007-02-11/news/0702110034_1_turbulence-cyberspace-nsa/2","The Baltimore Sun - Costly NSA initiative has a shaky takeoff"],["https://www.eff.org/document/20131230-spiegel-qfire","eff.org - Slides about QUANTUM, QFIRE and TURBULENCE"]],"name":"TURBULENCE","relatedItemsParents":[],"relatedItemsChildren":["[[TURMOIL]]","[[TURBINE]]","[[TUTELAGE]]","[[TRAFFICTHIEF]]","[[DROPOUTJEEP]]"],"relatedItems":[],"status":"unknown","tags":["[[malware]]"],"description":"TURBULENCE is a project started circa 2005. It was  developed in small, inexpensive \"test\" pieces rather than one grand plan  like its failed predecessor, the [[TRAILBLAZER]]. It also includes  offensive cyber-warfare capabilities, like injecting malware into remote  computers. The United States Congress criticized the project in 2007 for having similar bureaucratic problems as the [[TRAILBLAZER]] Project.  TURBULENCE includes nine core programs, with intriguing names such as [[TURMOIL]], [[TUTELAGE]] and [[TRAFFICTHIEF]]","_id":"2sziNkx9ssyrtzEgM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum."],["http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Years/article34010.htm","Dailtytech.com - Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years"],["http://www.wikileaks-forum.com/nsa/332/snowden-leak-nsa-qfire-16-slides/26507/","wikileaks-forum.com - Snowden Leak - NSA QFIRE 16 Slides"],["http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security","The Guardian - nsa-gchq-encryption-codes-security"],["https://www.eff.org/document/20131230-spiegel-qfire","eff.org - Slides about QUANTUM, QFIRE and TURBULENCE"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"TURMOIL","relatedItemsParents":["[[MUSCULAR]]","[[TURBULENCE]]"],"relatedItemsChildren":[],"relatedItems":["[[QFIRE]]","[[MUSCULAR]]"],"status":"unknown","tags":["[[dpi]]"],"description":"TURMOIL is involved in the process of decrypting  communications by using Deep Packet Inspection ( DPI - Passive dragnet  surveillance sensors). High-speed passive collection systems intercept  foreign target satellite, microwave, and cable communications as they  transit the globe.","_id":"aDKhb9JLoLiuB3edP"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["https://leaksource.wordpress.com/2013/12/15/ghostmachine-nsas-cloud-analytics-platform/","LeakSource - GHOSTMACHINE: NSA Cloud Analytics Platform"],["http://cryptome.org/2013/12/nsa-ghost-machine.pdf","cryptome.org - nsa ghost machine"]],"name":"TUSKATTIRE","relatedItemsParents":[],"relatedItemsChildren":["[[CERF]]","[[POPTOP]]","[[DRT]]","[[SIGDASYS]]","[[AST128]]","[[JUGGERNAUT]]","[[SEADIVER]]"],"relatedItems":["[[CERF]]","[[POPTOP]]","[[DRT]]","[[SIGDASYS]]","[[AST128]]","[[JUGGERNAUT]]","[[SEADIVER]]"],"status":"unknown","tags":["[[dnr]]"],"description":"This is the NSA’s system for cleaning and processing  call-related data (DNR or Dialed Number Recognition).","_id":"ss8afazCc9Htc72e2"},{"agency":"[[NSA]]","alias":["[[TYPHON HX]]"],"category":"program","compartments":["[[S]]","[[SI]]","[[FVEY]]"],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's codenames (.ods)"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"TYPHON HX","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[CYCLONE Hx9]]","[[CANDYGRAM]]","[[DRTBOX]]","[[NEBULA]]"],"status":"unknown","tags":["[[gsm]]","[[phone]]","[[sms]]"],"description":"TYPHON HX is a GSM base station router. Used to collect call logs from targeted phones. Administrated with a OMAP laptop via SMS,  but is otherwise a standalone unit. There is no apparent ability to  network these together, though other units, running the same software  can do so (CYCLONE Hx9).","_id":"FYHyZwyE3JJ9CRnnT"},{"agency":"[[CIA]]","alias":["[[SkyRaper]]","[[Predator]]","[[Reaper]]"],"category":"attack vector","compartments":[],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/","theintercept.org - The NSA’s Secret Role in the U.S. Assassination Program"]],"name":"UAV","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":["[[uav]]","[[geolocation]]","[[drone]]","[[phone]]"],"description":"Unmanned aerial vehicle. A drone. The NSA is using  complex analysis of electronic surveillance, rather than human   intelligence, as the primary method to locate targets for lethal drone   strikes – an unreliable tactic that results in the deaths of innocent  or  unidentified people. In one tactic, the NSA “geolocates” the SIM  card or handset of a suspected terrorist’s mobile phone, enabling the  CIA and U.S. military to conduct night raids and drone strikes to kill  or capture the individual in possession of the device.","_id":"ntKknyGJLavjL3wkD"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"network","links":[["https://www.schneier.com/blog/archives/2013/10/the_nsas_new_ri.html","Schneier.com - The NSA's New Risk Analysis"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"UNITEDRAKE","relatedItemsParents":["[[FERRETCANNON]]"],"relatedItemsChildren":["[[CAPTIVATEDAUDIENCE]]"],"relatedItems":["[[IRATEMONK]]","[[FERRETCANNON]]","[[FOXACID]]"],"status":"unknown","tags":["[[trojan]]","[[firmware]]"],"description":"A program similar to [[STRAITBIZARRE]], used for  uploading malicious HDD firmware, works with [[SLICKERVICAR]]. Known  components include a GUI, a database, and a server, and a manned  listening post. It includes a trojan of the same name. Digital Network  Technologies (DNT), a private company, actively maintains the listening  posts for [[UNITEDRAKE]], as well as design and deploy malware.","_id":"oCnLa458W4ihi86za"},{"agency":"[[NSA]]","alias":["[[Room 641A]]"],"category":"program","compartments":[],"family":"collect","links":[["http://www.wired.com/science/discoveries/news/2006/05/70908","Wired.com - AT&T Whistle-Blower's Evidence"],["http://en.wikipedia.org/wiki/UPSTREAM","en.wikipedia.org - Room 641A"],["http://electrospaces.blogspot.fr/2014/01/slides-about-nsas-upstream-collection.html"," electrospaces.blogspot.fr"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf","Documents from the Glenn Greenwald's book \"No Place to Hide\""]],"name":"UPSTREAM","relatedItemsParents":["[[NSA]]"],"relatedItemsChildren":["[[FAIRVIEW]]","[[BLARNEY]]","[[STORMBREW]]","[[OAKSTAR]]","[[PRISM]]"],"relatedItems":[],"status":"unknown","tags":[],"description":"The UPSTREAM program is a telecommunication interception  facility operated by [[AT&T]] for the NSA that commenced operations  in 2003 and was exposed in 2006. Room 641A is located in the SBC  Communications building at 611 Folsom Street, San Francisco, three  floors of which were occupied by AT&T before SBC purchased AT&T.  The room was referred to in internal AT&T documents as the SG3  [Study Group 3] Secure Room. It is fed by fiber optic lines from beam  splitters installed in fiber optic trunks carrying Internet backbone  traffic and, as analyzed by J. Scott Marcus, a former CTO for GTE and a  former adviser to the FCC, has access to all Internet traffic that  passes through the building, and therefore \"the capability to enable  surveillance and analysis of internet content on a massive scale,  including both overseas and purely domestic traffic.\" Former director of  the NSA's World Geopolitical and Military Analysis Reporting Group,  William Binney, has estimated that 10 to 20 such facilities have been  installed throughout the United States. [[TEMPORA]] is the [[GCHQ]]'s UPSTREAM.","_id":"qj6iftMfmbxfeRG9T"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"],["https://www.schneier.com/blog/archives/2013/10/code_names_for.html","schneier.com - Code Names for NSA Exploit Tools"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"VAGRANT","relatedItemsParents":["[[BLACKFOOT]]"],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[rf]]","[[brazil]]","[[france]]","[[india]]"],"description":"collection of computer Screens. The monitor cables are  rigged with an RF retro reflector, ([[RAGEMASTER]]). [[VAGRANT]]  collection therefor requires a continuous RF generator such as  [[CTX4000]] or [[PHOTOANGLO]], and a system to process and display the  returned video signal such as [[NIGHTWATCH]], [[GOTHAM]], [[LS-2]] (with  an external monitor), or [[VIEWPLATE]]. Known to be deployed in the  field , as of September 2010 at the following embassies: Brazil's UN  Mission in NY ([[POKOMOKE]]), France's UN Mission in NY ([[BLACKFOOT]]),  India's Embassy and annex in DC, and India's UN Mission in New York.  India's embassies were slated to be detasked, at the time of the  document. Context of documents seems to suggest, but does not  definitively prove that the coverterm VAGRANT only applies to the signal  itself.","_id":"9QmWx6xqQbWqfQqrD"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2] The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html","Spiegel.de - NSA-Dokumente: So knackt der Geheimdienst Internetkonten"]],"name":"VALIDATOR","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[FOXACID]]","[[SCHOOLMONTANA]]","[[SIERRAMONTANA]]","[[STUCCOMONTANA]]","[[SOMBERKNAVE]]","[[OLYMPUS]]","[[UNITEDRAKE]]"],"status":"unknown","tags":["[[router]]","[[juniper]]","[[bios]]","[[windows]]","[[os]]","[[apple]]"],"description":"A software based malware item designed to run on  certain Juniper routers (J, M, and T Series) running the JUNOS operating  system. It must be maintained by means of a malicious BIOS  modification. A typical use case involves the exfiltration of data from  the victimized system. A separate document describes VALIDATOR as a  backdoor used against Windows systems (win 98-2003). In this instance,  it will identify the system, and if it is truly a target, invite a more  sophisticated trojan in, such as [[UNITEDRAKE]] or [[OLYMPUS]]. This  trojan has been used to de-anonymize tor users. A third version of  VALIDATOR works for Apple iOS devices. The [[QUANTUMNATION]] states that  the success rate against iOS devices is 100%.","_id":"95rs6xWqqMvz25wKX"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"process","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA's codenames (.ods)"],["https://www.schneier.com/blog/archives/2014/01/nightwatch_nsa.html","schneier.com - NSA Exploit of the Day"],["http://leaksource.files.wordpress.com/2013/12/nsa-ant-nightwatch.jpg","leaksource.wordpress.com - TAO Catalog Page with Graphics"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"VIEWPLATE","relatedItemsParents":["[[ANGRYNEIGHBOR]]"],"relatedItemsChildren":[],"relatedItems":["[[NIGHTWATCH]]","[[PHOTOANGLO]]"],"status":"unknown","tags":[],"description":"Replacement for the [[NIGHTWATCH]] system. If it's the  same, it's a specialized system for processing, reconstructing and  displaying video signals collected by [[VAGRANT]]. And returned to a  [[CTX4000]] or a [[PHOTOANGLO]] system","_id":"3MDEu2w8wnHTPzZKs"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":["[[TOP SECRET]]"],"family":"collect","links":[["http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies","The Guardian"],["www.lemonde.fr/international/article/2013/10/22/la-diplomatie-francaise-sur-ecoute-aux-etats-unis_3500717_3210.html","LeMonde.fr - La diplomatie francaise sur écoute aux etats-unis"],["https://www.documentcloud.org/documents/807030-ambassade.html#document/p1","docs by lemonde.fr"]],"name":"WABASH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[HIGHLANDS]]","[[PBX]]","[[GENIE]]","[[DROMIRE]]"],"status":"active","tags":["[[france]]"],"description":"coverterm givent to the bugging of French embassy in Washington DC","_id":"Bf7GCaWWot3yjKPmM"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":["[[S]]","[[SI]]"],"family":"target","links":[["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html"," cryptome.org - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["http://cryptome.org/2013/12/nsa-catalog-appelbaum.pdf","cryptome.org - NSA's catalog (.pdf)"],["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.digitaltrends.com/web/nsa-malware-code-names/#/6|","TURBOPANDA, RAGEMASTER, and 13 other NSA codenames that prove spies laugh, too"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"WATERWITCH","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[TYPHON]]"],"status":"unknown","tags":["[[gsm]]","[[geolocation]]"],"description":"Low-power handheld device geolocating target handsets, used  in conjunction with [[TYPHON]] or similar systems to provide more  precise location information.","_id":"CBTdfjowiP8tQet2k"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"WEALTHYCLUSTER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"KCpzr5htDNWdbRDjz"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[],"name":"WEBCANDID","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":[],"description":"","_id":"4PndKexwznZ2NjeS7"},{"agency":"[[GCHQ]]","alias":[],"category":"program","compartments":["[[SECRET]]","[[SI]]","[[REL TO USA]]","[[REL TO UK]]"],"family":"collect","links":[["https://en.wikipedia.org/wiki/MUSCULAR"," en.wikipedia.org -MUSCULAR "],["http://cryptome.org/2013/12/nsa-windstop.pdf","Cryptome.org - WINDSTOP"]],"name":"WINDSTOP","relatedItemsParents":["[[MUSCULAR]]"],"relatedItemsChildren":["[[INCENSER]]","[[MUSCULAR]]"],"relatedItems":["[[XKEYSCORE]]","[[TURMOIL]]","[[WEALTHYCLUSTER]]"],"status":"active","tags":["[[dnr]]","[[dni]]"],"description":"collect of data, like [[dni]] and [[dnr]], most volume  by [[DS-300]] ([[INCENSER]]) and [[DS-200B]] ([[MUSCULAR]])","_id":"Xq9i9AJK5Fywas9BD"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"]],"name":"WHITETAMALE","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"unknown","tags":["[[mexico]]"],"description":"Operation against the Mexican Public Security Secretariat","_id":"6uJgT8NDZiwXnmHC2"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":[],"family":"software","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://www.theregister.co.uk/2013/12/31/nsa_weapons_catalogue_promises_pwnage_at_the_speed_of_light/?page=2","TheRegister - How the NSA hacks PCs, phones, routers, hard disks 'at speed of light': Spy tech catalog leaks"],["https://www.schneier.com/blog/archives/2014/02/wistfultoll_nsa.html","WISTFULTOLL: NSA Exploit of the Day"],["http://nsa.gov1.info/dni/nsa-ant-catalog","nsa.gov1.info/dni/nsa-ant-catalog"]],"name":"WISTFULTOLL","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[IRATEMONK]]","[[STRAITBIZARRE]]","[[SEAGULLFARO]]","[[UNITEDRAKE]]","[[RETURNSPRING]]"],"status":"unknown","tags":["[[usb]]","[[windows]]","[[os]]"],"description":"A plugin for [[UNITEDRAKE]] and [[STRAITBIZARRE]] that  extracts WMI and registry information from the victim machine. Also  available as a stand-alone executable. Can be installed either remotely,  or by USB thumb drive. In the latter case, exfiltrated data will be  stored on that same thumb drive. Works on Windows 2000, XP, and 2003.","_id":"CPMh6KbvFekwkoPgR"},{"agency":"[[NSA]]","alias":[],"category":"compartment","compartments":[],"family":"collect","links":[["http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html","Washingtonpost.com - NSA tracking cellphone locations worldwide, Snowden documents show"]],"name":"WOLFPOINT","relatedItemsParents":["[[STORMBREW]]"],"relatedItemsChildren":[],"relatedItems":["[[ARTIFICE]]","[[STORMBREW]]"],"status":"unknown","tags":[],"description":"A [[SIGAD]] known as [[STORMBREW]], for example, relies  on two unnamed corporate partners described only as [[ARTIFICE]] and  [[WOLFPOINT]]. According to an NSA site inventory, the companies  administer the NSA’s “physical systems,” or interception equipment, and  “NSA asks nicely for tasking/updates.”","_id":"bLk5q5xqS7mWMZyH6"},{"agency":"[[NSA]]","alias":[],"category":"program","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"WORDGOPHER","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":[],"status":"active","tags":[],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"A44CgrqRwABYiJm3N"},{"agency":"[[NSA]] [[GCHQ]]","alias":["[[XKS]]"],"category":"program","compartments":["[[TOP SECRET]]","[[COMINT]]","[[REL TO USA]]","[[FVEY]]","[[REL TO AUS]]","[[REL TO CAN]]","[[REL TO GBR]]","[[REL TO NZL]]"],"family":"process","links":[["https://www.schneier.com/blog/archives/2013/08/xkeyscore.html","schneier.com - XKeyscore"],["http://en.wikipedia.org/wiki/XKeyscore","en.wikipedia.org - XKeyscore"],["http://www.nsa.gov/public_info/press_room/2013/30_July_2013.shtml","nsa.gov -Press Statement on 30 July 2013 from the NSA"],["http://www.washingtonpost.com/world/national-security/governments-secret-order-to-verizon-to-be-unveiled-at-senate-hearing/2013/07/31/233fdd3a-f9cf-11e2-a369-d1954abcb7e3_story.htmlWashingtonpost.com - "," washingtonpost.com -Phone Records Program Released"],["http://theweek.com/article/index/247684/whats-xkeyscore","theweek.com - What's XKEYSCORE?"],["http://www.guardian.co.uk/world/2013/jun/27/nsa-online-metadata-collection","guardian.co.uk - NSA online - metadata collection"],["http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation","http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation"],["http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/","arstechnica.com - NSA's Internet Taps Can Find Systems to Hack, Track VPNs and Word Docs"],["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"XKEYSCORE","relatedItemsParents":["[[NSA]]"],"relatedItemsChildren":["[[THIEVING MAGPIE]]"],"relatedItems":["[[MARINA]]","[[TAO]]","[[FORNSAT]]","[[SSO]]","[[F6]]","[[FISA]]"],"status":"unknown","tags":["[[protocols]]","[[vpn]]","[[phone]]","[[gsm]]"],"description":"XKEYSCORE is a formerly secret computer system used by  the NSA for searching and analyzing Internet data about foreign  nationals across the world. The program is run jointly with other  agencies including Australia's [[DSD]], and New Zealand's [[GCSB]].  XKEYSCORE is an NSA data-retrieval system which consists of a series of  user interfaces, backend databases, servers and software that selects  certain types of metadata that the NSA has already collected using other  methods. see  all traffic from a given IP address to a specific website","_id":"TdJMfuHNxTNAAZzo6"},{"agency":"[[NSA]]","alias":[],"category":"attack vector","compartments":["[[FVEY]]","[[REL TO USA]]","[[COMINT]]"],"family":"hardware","links":[["http://cryptome.org/2014/01/nsa-codenames.htm","cryptome.org - NSA codenames"],["http://media.ccc.de/browse/congress/2013/30C3_-_5713_-_en_-_saal_2_-_201312301130_-_to_protect_and_infect_part_2_-_jacob.html","media.ccc.de - To Protect And Infect Part 2 The militarization of the Internet by Jacob Appelbaum."],["https://www.eff.org/files/2014/01/06/20131230-appelbaum-nsa_ant_catalog.pdf ","eff.org - Appelbaum NSA ANT Catalog"]],"name":"YELLOWPIN","relatedItemsParents":["[[HOWLERMONKEY]]"],"relatedItemsChildren":[],"relatedItems":["[[HOWLERMONKEY]]"],"status":"unknown","tags":[],"description":"a particular device that includes a [[HOWLERMONKEY]] component","_id":"GuaFCLGAXWMrm7Acp"},{"agency":"[[NSA]]","alias":[],"category":"mission","compartments":[],"family":"collect","links":[["http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf"," No place to hide, by Glenn Greenwald"]],"name":"YUKON","relatedItemsParents":[],"relatedItemsChildren":[],"relatedItems":["[[LIFESAVER]]"],"status":"active","tags":["[[venezuela]]"],"description":"spotted on the Glenn Greenwald's No Place To Hide document.","_id":"gcNjPpZAJqet4WF23"}]