Ed Snowden – Intelligence, Leaker


Edward Joseph “Ed” Snowden is an American computer professional who leaked classified information from the National Security Agency, starting in June 2013.

Read more
William Binney – Intelligence, Leaker

William-BinneyWilliam Edward Binney is a former highly placed intelligence official with the United States National Security Agency turned whistleblower who resigned on October 31, 2001, after more than 30 years with the agency.

Read more
Thomas Drake – Intelligence, Leaker


Thomas Andrews Drake is a former senior executive of the U.S. National Security Agency, a decorated United States Air Force and United States Navy veteran, and a whistleblower.

Read more
The FBI Can Bypass Encryption: Cyber Security Is a Magic Act


Encryption has gained the attention of actors on both sides of the mass surveillance debate. For example in a speech at the Brookings Institution FBI Director James Comey complained that strong encryption was causing U.S. security services to “go dark.” Comey described encrypted data as follows:

“It’s the equivalent of a closet that can’t be opened, a safe deposit box that can’t be opened, a safe that can’t ever be cracked.”

Got that? Comey essentially says that encryption is a sure bet. Likewise during an interview with James Bamford whistleblower Ed Snowden confidently announced that:

“We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes… By basically adopting changes like making encryption a universal standard—where all communications are encrypted bydefault—we can end mass surveillance not just in the United States but around the world.”

If you glanced over the above excerpts and took them at face value you’d probably come away thinking that all you needed to protect your civil liberties is the latest encryption widget. Right? Wow, let me get my check book out! Paging Mr. Omidyar…

Not so fast bucko. There’s an important caveat, some fine print that Ed himself spelled out when he initially contacted film director Laura Poitras. In particular Snowden qualified that:

“If the device you store the private key and enter your passphrase on has been hacked, it is trivial to decrypt our communications.”

This corollary underscores the reality that, despite the high profile sales pitch that’s being repeated endlessly, strong encryption alone isn’t enough. Hi-techsubversion is a trump card as the Heartbleed bug graphically illustrated. In light of the NSA’s mass subversion programs it would be naïve to think that there aren’t other critical bugs like Heartbleed, subtle intentional flaws, out in the wild being leveraged by spies.

The FBI’s Tell

James Comey’s performance at Brookings was an impressive public relations stunt. Yet recent history is chock full of instances where the FBI employed malware like Magic Lantern and CIPAV to foil encryption and identify people using encryption-based anonymity software like Tor. If it’s expedient the FBI will go so far as to impersonate a media outlet to fool suspects into infecting their own machines. It would seem that crooks aren’t the only attackers who wield social engineering techniques.

In fact the FBI has gotten so adept at hacking computers, utilizing what are referred to internally as Network Investigative Techniques, that the FBI wants to change the law to reflect this. The Guardian reports on how the FBI is asking the U.S. Advisory Committee on Rules and Criminal Procedure to move the legal goal posts, so to speak:

“The amendment [proposed by the FBI] inserts a clause that would allow a judge to issue warrants to gain ‘remote access’ to computers ‘located within or outside that district’ (emphasis added) in cases in which the ‘district where the media or information is located has been concealed through technological means’. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.”

In other words the FBI wants to be able to hack into a computer when its exact location is shrouded by anonymity software. Once they compromise the targeted machine it’s pretty straightforward to install a software implant (i.e. malware) and exfiltrate whatever user data they want, including encryption passwords.

If encryption is really the impediment that director Comey makes it out to be then why is the FBI so keen to amend the rules in a manner which implies that they can sidestep it? In the parlance of poker this is a “tell.”


As a developer who has built malicious software designed to undermine security tools I can attest that there is a whole burgeoning industry which prays on naïve illusions of security. Companies like Hacking Team have found a lucrative niche offering products to the highest bidder that compromise security and… a drumroll please… defeat encryption.

There’s a moral to this story. Cryptome’s own curmudgeon, John Young, prudently observes:

“Protections of promises of encryption, proxy use, Tor-likeanonymity and ‘military- grade’ comsec technology are magic acts –ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.”

When someone promises you turnkey anonymity and failsafe protection from spies, make like that guy on The Walking Dead and reach for your crossbow. Mass surveillance is a vivid expression of raw power and control. Hence what ails society is fundamentally a political problem with economic and technical facets, such that safeguarding civil liberties on the Internet will take a lot more than just the right app.

by Bill Blunden via Cryptompe.org

October 31, 2014

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.

Read more
The NSA Helped Israel Blackmail Palestinians

Scores of former members of Israeli military intelligence’s very secret and quite elite Unit 8200 have publicly refused to collect information that is “used for political persecution” or “driving parts of Palestinian society against itself.”Courteous allies at the NSA, we now know, helped make that spying possible.

The news comes courtesy of the NSA’s chief unauthorized biographer, James Bamford, whose three-day Moscow bull session with traitorous notoriety prostitute, Edward Joseph Snowden, was the cover story in last month’s issue ofWIRED.

Writing Tuesday in the New York Times, Bamford disclosed this alarming new anecdote from his Snowden debrief:

Among his most shocking discoveries, he told me, was the fact that the NSA was routinely passing along the private communications of Americans to a large and very secretive Israeli military organization known as Unit 8200. This transfer of intercepts, he said, included the contents of the communications as well as metadata such as who was calling whom.

Typically, when such sensitive information is transferred to another country, it would first be “minimized,” meaning that names and other personally identifiable information would be removed. But when sharing with Israel, the NSA evidently did not ensure that the data was modified in this way.

Mr. Snowden stressed that the transfer of intercepts to Israel contained the communications—email as well as phone calls—of countless Arab- and Palestinian-Americans whose relatives in Israel and the Palestinian territories could become targets based on the communications. “I think that’s amazing,” he told me. “It’s one of the biggest abuses we’ve seen.”

As of last week, exactly 43 ex-members of Unit 8200—many young and active reservists who could theoretically be called again to serve Israel at a moment’s notice—passionately agree.

In an act of protest that had been planned well in advance of this summer’s brutal bombing campaign in Gaza (which you may have heard killed 2,100 Palestinians and turned Gaza City into the lunar ruins of an ancient alien race), the young members of Unit 8200 drafted a long letter publicly refusing to participate in any further intelligence gathering activities against the Palestinians.

“The Palestinian population under military rule is completely exposed to espionage and surveillance by Israeli intelligence. It is used for political persecution and to create divisions within Palestinian society by recruiting collaborators,” the letter says. Adding, “In many cases, intelligence prevents defendants from receiving a fair trial in military courts, as the evidence against them is not revealed.”

“Contrary to Israeli citizens or citizens of other countries,” whose rights are protected under law, the letter points out, “there’s no oversight on methods of intelligence or tracking and the use of intelligence information against the Palestinians, regardless if they are connected to violence or not.”

London-based newspaper The Guardian interviewed several of the unit’s conscientious objectors under the condition of anonymitywhich was requested not out of fear of persecution, but out of the desire to comply with Israeli law. (Only the copies of the letter sent to their unit commander used the objectors’ full names.)

The individual accounts made by the former military intelligence agents,published by the Guardian and Israel’s Yediot Aharonot newspaper, are numerous and depressingly perverse.

Among the personal statements, agents disclosed that the majority of Unit 8200’s operations in Palestine targeted “innocent people unconnected to any military activity.” The unit was instructed to keep any personal information potentially embarrassing or damaging to a Palestinian’s life, including sexual preferences, extramarital affairs, financial trouble, family illnesses, or anything else that could be “used to extort/blackmail the person and turn them into a collaborator.” The private “sex talk” intercepted by Palestinians (in what’s becoming a gross trend for these surveillance scandals) were allegedly passed around by certain members of the unit for titters/yucks.

One member, referred to as “D” by the Guardian, formerly a 29-year-old captain who served in the unit for eight years, told the paper that part of his decision to protest came from the dawning realization that his actions were really no different than those of any totalitarian government’s secret police.

“It was when I realized that what I was doing was the same job that the intelligence services of every undemocratic regime are doing,” he said.

There have been many precursors, both historically and more recently, to this secretive alliance between Israeli and U.S. intelligence agencies. Back in Mad Men times, the CIA’s director of counter-intelligence, legendary super-spook James Angleton, practically contracted all of the CIA’s North African operations to the Mossad along with a generous aid package, and has often been said to have helped found their agency in 1951. During the more recent disclosures regarding the NSA’s (basically illegal) surveillance program STELLAR WIND, agency whistleblowers revealed that two Israeli companies, Verint and Narus, were contracted to manage the actual bugging of America’s telecommunications network.

Apart from the Mossad’s long, aggressive history of spying on the United States, the arrangement also provoked concerns due to corruption within one of the firms; Verint’s founder and former chairman Kobi Alexander was added to the FBI “most wanted list” in 2006 regarding various forms of stock fraud and fought against extradition for many years. Some former agency employees have also reported that a mid-level NSA employee friendly with Israeli intelligence unilaterally decided to hand over advanced analytical and data mining software that the agency had developed internally for its own international eavesdropping operations. (According to a piece by James Bamford in WIRED, that software is now also in the hands of many private Israeli companies.)

In all that context, it’s true that this recent news isn’t exactly surprising or shockingthe kind of lame, bullshit “take” pundits and anonymous commenters always love trotting out to congratulate themselves for their knowledgeable cynicism. (Seriously: Good for you guys.)

What it still isobviously and regardless of this contextis abhorrent and genuinely scandalous for a country, like Israel, that loves positioning itself as a bastion of democracy in the autocratic Middle East.

Perhaps, we should start looking for some fresh perspectives on how best to resolve this ongoing humanitarian crisis.

[photo of an Israeli Defense Force Situation Room—really actually already redacted like that—via the IDF Spokesman’s Office by way of Haaretz; June 2014 photo of an Israeli soldier carrying a computer tower seized during the search for three Israeli teenagers believed to be kidnapped by Palestinian militants, by Hazem Bader/AFP/Getty Images]

via Gawker

To contact the author, email [email protected], pgp public key.

Read more
The NSA Was Going to Fine Yahoo $250K a Day If It Didn’t Join PRISM

yahoo-nsa-prism-fineWhen we first learned about NSA metadata collection, we wondered how readily the biggest tech companies acquiesced to the government. Today we start to find out. This is the story of how Yahoo was coerced into PRISM, as told by court documents cited by the Washington Post today.

According to the documents, corroborated by a blog post made public today by Yahoo—the U.S. government first approached the company in 2007 asking for user metadata. The request was unprecedented: The U.S. government was no longer interested in obtaining a court review before requesting metadata on an individual target. The order simply asked for data on targets located outside of the U.S. at the time, be they foreign or U.S. citizens.

Yahoo challenged the government requests several times, citing the limits of the U.S. Constitution, but was denied in the Foreign Intelligence Court of Review, the “secret courts” that oversee surveillance requests regarding national security. The repeated denials, plus the threat of losing $250,000 a day, forced Yahoo to comply with the NSA’s PRISM program.

For its part, the U.S. government used Yahoo as an example to coerce other American tech giants, sharing the rulings against Yahoo with companies like Google, Facebook, and Apple.

This information comes to light today, as roughly 1,500 pages of documents pertaining to Yahoo’s failed legal battle were released by Federal Judge William C. Bryson, who presides over the Foreign Intelligence Surveillance Court of Review. Yahoo requested the unsealing of the documents, and the company’s Ron Bell says in this blog post that Yahoo is working to make these never-before-released documents available on Tumblr.

Now that the courts are unsealing documents surrounding PRISM and other national surveillance programs, it’s possible that we’ll hear about other tech companies and whether they resisted the NSA’s requests for sweeping data dumps. Judging by what we’ve learned today, Yahoo tried to stick up for its users’ privacy—until it couldn’t afford to. [The Washington Post]

Read more
Snowden Saga Decrypted: NSA Leaker or Distraction Double Agent?


Max Maverick breaks down everything we know, don’t know, and should be asking about this mainstream media ‘circus’ that has become of the Snowden NSA Leak Disclosure.

Major Players – Hidden Hands

Past NSA Leaks & Leakers

Advanced Technologies Covered-Up

Artificial Intelligence Disclosure

Snowden Leak Pros & Cons

The Attack on the Internet Itself

What can be done about it?
NSA Codenames & Intentions

Bruce SchneierThe NSA: Capabilities and Countermeasures

Speaker: Bruce Schneier
Edward Snowden has given us an unprecedented window into the NSA’s surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, I will describe the sorts of surveillance the NSA does and how it does it. The emphasis is on the technical capabilities of the NSA, not the politics of their actions. This includes how it conducts Internet surveillance on the backbone, but is primarily focused on their offensive capabilities: packet injection attacks from the Internet backbone, exploits against endpoint computers and implants to exfiltrate information, fingerprinting computers through cookies and other means, and so on.

I will then talk about what sorts of countermeasures are likely to frustrate the NSA. Basically, these are techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: encryption, target hardening, dispersal, and so on.

Read more
DEA Gets Unchecked Access To Call Records; Taught To Lie About Where They Got Them

nsa_eyeShortly after the Snowden leaks began exposing the NSA’s massive collection efforts, the New York Times uncovered the DEA’s direct access to AT&T telecom switches (via non-government employee “analysts” working for AT&T), from which it and other law enforcement agencies were able to gather phone call and location data.

Unlike the NSA’s bulk records programs (which are limited to holding five years worth of data), the Hemisphere database stretches back to 1987 and advertises instant access to “10 years of records.” And unlike the NSA’s program, there’s not even the slightest bit of oversight. All law enforcement needs to run a search of the Hemisphere database is an administrative subpoena — a piece of paper roughly equivalent to calling up Hemisphere analysts and asking them to run a few numbers. Administrative subpoenas are only subject to the oversight of the agency issuing them.

It’s highly unlikely these administrative subpoenas are stored (where they could be accessed as public records) considering the constant emphasis placed on parallel construction in the documents obtained by Dustin Slaughter of MuckRock — documents it took the DEA ten months to turn over.

Unlike the documents obtained by the New York Times (possibly inadvertently), these do contain a few redactions, including some apparent success stories compiled at the end of the presentation. But like the earlier documents, the documents show that the DEA and law enforcement have unchecked access to a database that agents and officers are never allowed to talk about — not even inside a courtroom.

It is expected that all Hemisphere requests will be paralleled with a subpoena for CDRs from the official carrier for evidentiary purposes.

It’s spelled out more explicitly on a later slide, listed under “Official Reporting.”

DO NOT mention Hemisphere in any official reports or court documents.

Judging from the request date, it would appear that this version of the Hemisphere presentation possibly precedes the New York Times’ version. However, this one does not name the cooperating telco, although that appears to be a deliberate choice of the person writing the presentation, rather than due to redaction. At one point the document declares Hemisphere can access records “regardless of carrier,” but later clarifies that it will only gather info that crosses certain telecom switches — most likely AT&T’s. Additional subpoenas will be needed to gather info from other carriers, as well as to obtain subscriber information linked to searched numbers. This small limitation plays right into the DEA’s insistence that HemispheDEAre be “walled off” from defendants, court systems and the public.

If exigent circumstances make parallel construction difficult, Hemisphere analysts (non-government liaisons within the telco) will “continue to work with the investigator throughout the entire prosecution process in order to ensure the integrity of
Hemisphere and the case at hand.” Analysts are allowed to advise investigators on report writing, presentations to prosecutors and issues occurring during the trial phase. The word “integrity” seems out of place when it describes non-government employees assisting government agencies in hiding the origin of evidence from other government agencies.

Cross-referencing what’s been redacted in this one with the unredacted document published earlier, it appears as though the DEA is trying to (belatedly) hide the fact that its Hemisphere can also search IMSI and IMEI data (for wireless connections). Although this document states (after a long redaction) that Hemisphere does not collect subscriber information, that’s only partially true. As of July 2012, subscriber information for AT&T customers can be obtained from the database. This information may have been redacted or it may be that this presentation pre-dates this added ability.

What this shows is that the DEA has access to loads of information and a policy of “parallel construction in all things.” Tons of other government agencies, including the NSA, FBI and CIA are funneling information to the DEA and instructing it to hide the origin. The DEA then demands law enforcement agencies around the nation to do the same thing. This stacks the deck against defendants, who are “walled off” from the chain of evidence, preventing them from challenging sources, methods or the integrity of the evidence itself.


via TechDirt.com

Read more
NSA and FBI Duck Dive Dodge Accountabilty, Absolute Figures on Search

NSA says it has no idea how much US info it collects, but FBI searches for it so much it can’t count how many times.


NSAgoogleThe blowback against the National Security Agency has long focused on the unpopular Patriot Act surveillance program that allows the NSA to vacuum up billions of US phone records each year. But after a rush of attention this week, some much deserved focus is back on the surveillance state’s other seemingly limitless program: the warrantless searches made possible by Section 702 of the Fisa Amendments Act, which allows the NSA to do all sorts of spying on Americans and people around the world – all for reasons that, in most cases, have nothing to do with terrorism.

The long awaited draft report from the independent Privacy and Civil Liberties Board (PCLOB) on this subject was finally released Tuesday night, and it gives Americans a fairly detailed look unclassified at how the NSA spies through its notorious Prism program – and how it snoops “upstream” (a euphemism for the agency’s direct access to entire internet streams at telecoms like AT&T). The board issued a scathing report on the Patriot Act surveillance months ago, but oddly they went the opposite route this time around.

While many of the details are interesting, the board’s new report recommends no systematic changes to the several disturbing privacy issues covered therein. The Electronic Frontier Foundation (my former employer) issued a scathing PCLOB review late Tuesday night, calling the report “legally flawed and factually incomplete” and saying it ignored the “essential privacy problem … that the government has access to or is acquiring nearly all communications that travel over the Internet.”

As usual, it’s the Edward Snowden revelations that give context to all the snooping – and provide the impetus to keep pushing for real reform. Some 36 hours before the latest PCLOB report was made public, the Washington Post’s Ellen Nakashima and Barton Gellman disclosed previously unreleased Snowden documents showing that true scope of “702”-style information sweeps:

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information from individuals ‘concerning’ all but four countries on Earth.

As the Post reports, the Foreign Intelligence Surveillance Court’s interpretation of the the Fisa Amendments Act is so broad, it “could allow for surveillance of academics, journalists and human-rights researchers.”

Fisa Amendments Act surveillance also includes scanning the emails of Americans never even accused of a crime. It’s the Snowden revelations that originally led the New York Times to report last year any conversation you’ve ever had with someone outside the country may be fair game under the act, as the NSA “is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country who mention information about foreigners under surveillance.”

Perhaps in an attempt to pre-empt the PCLOB report, Director of National Intelligence James Clapper finally just released what he promised Sen Ron Wyden months ago: the number of warrantless searches by the US government on American communications in its vast databases of information collected under the Fisa Amendments Act. This is the second giant problem with 702 surveillance. Wyden refers to these as “backdoor” searches since they’re performed using data supposedly collected for “foreign intelligence” purposes – even though they still suck up huge amounts of purely US information. And it’s exactly the type of search the House overwhelmingly voted to ban in its surprise vote two weeks ago.

The NSA conducted “backdoor” searches 198 times in 2013 (and another 9,500 for internet metadata on Americans). Curiously, the CIA conducts far more warrantless searches of American information in the NSA databases than the NSA itself – almost 10 times more. But the FBI was the worst culprit, querying data on Americans so many times it couldn’t even count. The DNI left it at this: “the FBI believes the number of queries is substantial.”

The FBI has always been the NSA’s silent partner in all its surveillance and has long been suspected of doing the dirty work on Americans’ data after it’s been collected by NSA.

Wyden, who has for years repeatedly pushed for this information to be released to the public, responded:

When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected.

The PCLOB also went on to reveal in its report that the FBI can search the vast Prism database for crimes that have nothing to do with terrorism, or even national security. Oh, and how many US persons have had their data collected through Prism and other 702 programs? That government has no idea.

Unfortunately, the PCLOB chickened out of making any real reform proposals, leading Politico’s Josh Gerstein to point out that the Republican-controlled House already endorsed more aggressive reforms than the civil liberties board. More bizarrely, one of the holdouts on the panel for calling for real reform is supposed to be a civil liberties advocate. The Center for Democracy and Technology’s vice president, James Dempsey, had the chance to side with two other, more liberal members on the five-person panel to recommend the FBI get court approval before rummaging through the NSA’s vast databases, but shamefully he didn’t.

Now, as the Senate takes up a weakened House bill along with the House’s strengthened backdoor-proof amendment, it’s time to put focus back on sweeping reform. And while the PCLOB may not have said much in the way of recommendations, now Congress will have to. To help, a coalition of groups (including my current employer, Freedom of the Press Foundation) have graded each and every representative in Washington on the NSA issue. The debate certainly isn’t going away – it’s just a question of whether the public will put enough pressure on Congress to change.

via Trevor Timm at TheGuardian.com


Read more
Raw List of NSA Nicknames and Codewords


Below is a listing of nicknames and codewords related to US Signals Intelligence (SIGINT) and Communications Security (COMSEC). Most of them are from the NSA, some are from other government or military agencies. Some of them also have an abbreviation which is shown in brackets.

NICKNAMES are generally unclassified. NSA uses single word nicknames, outside NSA they usually consist of two separate words, with the first word selected from alphabetical blocks that are assigned to different agencies by the Joint Staff. Usually, nicknames are printed using all capital letters.

CODEWORDS are always classified and always consist of a single word. Active codewords, or their three-letter abbreviations, which identify a classification compartment always need to be shown in the classification or banner line. Normally, codewords are printed using all capital letters.

Due to very strict secrecy, it’s not always clear whether we see a nickname or a codeword, but terms mentioned in public sources like job descriptions are of course unclassified nicknames.

Please keep in mind that a listing like this will always be work in progress (this list has been copied on some other websites and forums, but only this one is being updated frequently!).

See also the lists of Abbreviations and Acronyms and GCHQ Nicknames and Codewords


ACIDWASH – Covert access point for a mobile phone network in Afghanistan

ACORN – Retired SIGINT product codeword

ACCORDIAN – Type 1 Cryptographic algorithm used in a number of crypto products

AETHER – ONI tool “to correlate seemingly disparate entities and relationships, to identify networks of interest, and to detect patterns”

AGILITY – NSA internet information tool or database

AGILEVIEW – NSA internet information tool or database

AIRGAP – Database which deals with priority DoD missions

AIRHANDLER – NSA-G operations center for producing intelligence from Afghanistan

AIRSTEED – Cell phone tracking program of the Global Access Operations (GAO)


ALAMITO – The mission of Mexico at the United Nations in New York

ALPHA – Retired SIGINT Exchange Designator for Great Britain

ALTEREGO – A type of Question-Focused Dataset based on E.164

AMBERJACK – SIGINT/EW collection and exploitation system

AMBLE – Retired SIGINT product codeword

AMBULANT (AMB) – SI-ECI compartment related to the BULLRUN program

ANCHORY – NSA software system which provides web access to textual intelligence documents

ANGRYNEIGHBOR – Family of radar retro-reflector tools used by NSA’s TAO division

APALATCHEE – The EU mission in New York

APERIODIC – SI-ECI compartment related to the BULLRUN program

APEX – IP packet reconstruction tool(?)

APPLE1 – Upstream collection site

APSTARS – NSA tool that provides “semantic integration of data from multiple sources in support of intelligence processing”

ARKSTREAM – Implant used to reflash BIOS, installed by remote access or intercepted shipping

ARTIFICE – SSO corporate partner (foreign?)

AUTOSOURCE – NSA tool or database

AQUACADE – A class of SIGINT spy satellites (formerly RHYOLITE)

AQUADOR – Merchant ship tracking tool

ARCA – SIGINT Exchange Designator for ?

ARGON – Satellite mapping program

ARTIFICE – SSO corporate partner under the STORMBREW program

ASPHALT – Project to increase the volume of satellite intercepts at Menwith Hill Station

ASPHALT-PLUS – See above

ASSOCIATION – NSA analytical tool or database

ATALANTA – EU anti-piracy operation

ATLAS – CSEC database

AUNTIE – SI-ECI compartment related to the BULLRUN program

AUTO ASSOCIATION – Second party database



BANANAGLEE – Software implant that allows remote Jetplow firmware installation

BANISTER – The Columbian trade bureau in New York

BANYAN – NSA tactical geospatial correlation database

BASECOAT – Program targeting the mobile phone network on the Bahamas

BASTE – Retired SIGINT product codeword

- Type 1 Block cipher algorithm, used with many crypto products

BEACHHEAD – Computer exploit delivered by the FERRETCANON system



BELLVIEW – SIGINT reporting tool

- List of personnel cleared for access to highly sensitive information or operations

BINOCULAR – Former NSA intelligence dissemination tool

BIRCHWOOD – Upstream collection site

BLACKBOOK – ODNI tool for large-scale semantic data analysis

BLACKFOOT – The French mission at the United Nations in New York

BLACKHEART – Collection through FBI implants

BLACKMAGIC – NSA database or tool

BLACKPEARL – NSA database of survey/case notations(?)

BLACKWATCH – NSA reporting tool

- Program for intercepting phone and internet traffic at switches in the US (since 1978)

BLINDDATE – Hacking tools for WLAN collection, plus GPS

BLUEANCHOR – Partner providing a network access point for the YACHTSHOP program

BLUEFISH (BLFH) – Compartment of the KLONDIKE control system


BOOTY – Retired SIGINT product codeword

- DNI and DNR metadata visualization tool

BOURBON – Joint NSA and GCHQ program for breaking Soviet encryption codes (1946-?)


BROKENTIGO – Tool for computer network operations

BROADSIDE – Covert listening post in the US embassy in Moscow


BRUNEAU – Operation against the Italian embassy in Washington DC using LIFESAVER techniques

BRUTUS – Tool or program related to MARINA

BUFFALOGREEN – The name ORANGECRUSH was known to Polish partners

BULLDOZER – PCI bus hardware implant on intercepted shipping

- An NSA COI for decryption of network communications

BULLSEYE – NSG High-Frequency Direction-Finding (HF-DF) network (now called CROSSHAIR)

(BYE) – Retired SCI control system for overhead collection systems (1961-2005)

BYZANTINE – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare

BYZANTINE ANCHOR (BA) – A group of Chinese hackers which compromised multiple US government and defense contractor systems since 2003

BYZANTINE CANDOR (BC) – A group of Chinese hackers which compromised a US-based ISP and at least one US government agency

BYZANTINE FOOTHOLD (BF) – A group of Chinese hackers who attacked various international companies and internet services providers

BYZANTINE HADES (BH) – A concerted effort against Chinese hackers who attacked the Pentagon and military contractors. Probably renamed to the LEGION-series


CADENCE – NSA database with tasking dictionaries

CAJABLOSSOM – Automated system for analysing and profiling internet browsing histories

CALYPSO – Remote SATCOM collection facility

CANDYGRAM – Laptop mimicking GSM cell tower, sends out SMS whenever registered target enters its area, for tracking and ID of targets

- Class of COMINT spy satellites (1968-1977)

CANOE – Retired SIGINT product codeword

CANNON LIGHT – Counterintelligence database of the US Army

CAPRICORN – (former?) database for voice data

CAPTIVATEDAUDIENCE – Computer implant plug-in to take over a targeted computer’s microphone and record conversations taking place near the device

CARBOY – Second Party satellite intercept station at Bude, England

CARBOY II – Units of ECHELON which break down satellite links into telephone and telegraph channels

CARILLON – NSA high performance computing center, since 1976 made up of IBM 360s and later four IBM 3033s

CASport – NSA user authorization service

- Computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community

CENTER ICE – Data center for the exchange of intelligence regarding Afghanistan among the members of the 14-Eyes/SSEUR

CENTERMASS – NSA tool or database

CERF CALL MOSES1 – Contact Event Record Format – for certain telephony metadata

CHALKFUN – Analytic tool, used to search the FASCIA database

CHASEFALCON – Major program of the Global Access Operations (GAO)

CHEER – Retired SIGINT product codeword

CHESS – Compartment of TALENT KEYHOLE for the U-2 spy plane

CHEWSTICK – NSA tool or database

CHIMNEYPOOL – Framework or specification of GENIE-compliance for hardware/software implants

CHIPPEWA – Some communications network, involving Israel

CHUTE – Retired SIGINT product codeword

CIMBRI – Probably a metadata database

CINEPLEX – NSA tool or database

CLASSIC BULLSEYE – Worldwide ocean SIGINT surveillance system (1960’s-?)

CLEVERDEVICE – Upstream collection site

CLOUD – NSA database

COASTLINE – NSA tool or database


COBRA FOCUS – NSA-G operations center for producing intelligence from Iraq

COGNOS – NSA tool or database

CORDOBA – Type 2 Cryptographic algorithm used in a number of crypto chips

COMBAT SENT – Reconaissance operation

COMMONDEER – Computer exploit for looking whether a computer has security software

COMMONVIEW – NSA database or tool

CONFIRM – NSA database for personell access

CONJECTURE – Network compatible with HOWLERMONKEY

CONTRAOCTAVE – NSA telephony tasking database Used to determine ‘foreigness’

CONVEYANCE – Voice content ingest processor

COPILOT – System that automatically scans digital data for things like language, phone and creditcard numbers and attachments

COPSE – Retired SIGINT product codeword

CORALINE – NSA satellite intercept station at Sabena Seca at Puerto Rico (closed)

CORALREEF – Database for VPN crypto attack data

- A series of photographic surveillance satellites (1959-1972)

CO-TRAVELER – Set of tools for finding unknown associates of intelligence targets by tracking movements based upon cell phone locations

COTTONMOUTH (CM) – Computer implant devices used by NSA’s TAO division

COTTONMOUTH-I (CM-I) – USB hardware implant providing wireless bridge into target network and loading of exploit software onto target PCs, formerly DEWSWEEPER

COTTONMOUTH-II (CM-II) – USB hardware host tap provides covert link over USP into target’s network co-located with long haul relay; dual-stacked USB connector, consists of CM-I digital hardware plus long haul relay concealed in chassis; hub with switches is concealed in a dual stacked USB connector and hard-wired to provide intra-chassis link.

COTTONMOUTH-III (CM-III) – Radio Frequency link for commands to software implants and data infiltration/exfiltration, short range inter-chassis link within RJ45 Dual Stacked USB connector

COURIERSKILL – NSA Collection mission system

COWBOY – The DICTIONARY computer used at the Yakima station of ECHELON

CRANKSHAFT – Codename for Osama bin Laden

CREAM – Retired SIGINT product codeword

CREDIBLE – Transport of intelligence materials to partner agencies

CREST – Database that automatically translates foreign language intercepts in English

CRISSCROSS – Database of telecommunications selectors

CROSSBEAM – GSM module mating commercial Motorola cell with WagonBed controller board for collecting voice data content via GPRS (web), circuit-switched data, data over voice, and DTMF to secure facility, implanted cell tower switch

CROSSHAIR – NSG High-Frequency Direction-Finding (HF-DF) network (formerly BULLSEYE)

CROSSBONES – Analytic tool

CRUMPET – Covert network with printer, server and desktop nodes

CULTWEAVE – Smaller size SIGINT database

CYBERTRANS – A common interface to a number of underlying machine translation systems

CYCLONE Hx9 – Base station router, network in a box using Typhon interface


DAFF – Codeword for products of satellite imagery

DAMEON – Remote SATCOM collection facility

DANCINGOASIS (DGO) – SSO program collecting data from fiber optic cables between Europe and the Far East (since 2011)

DANDERSPRITZ – Software tool that spoofs IP and MAC addresses, intermediate redirector node

DANGERMOUSE – Tactical SIGINT collecting system for like cell phone calls

DARDANUS – Remote SATCOM collection facility

DAREDEVIL – Shooter/implant as part of the QUANTUM system

DARKTHUNDER – SSO Corporate/TAO Shaping program

DARKQUEST – Automated FORNSAT survey system

DAUNT – Retired SIGINT product codeword

DECKPIN – NSA crisis cell activated during emergencies

DEEPDIVE – An XKEYSCORE related method

DEITYBOUNCE – Provides implanted software persistence on Dell PowerEdge RAID servers via motherboard BIOS using Intel’s System Management Mode for periodic execution, installed via ArkStream to reflash the BIOS

DELTA – Former SCI control system for intercepts from Soviet military operations

DENIM – Retired SIGINT product codeword

DESPERADO – NSA software tool to prepare reports

DEWSWEEPER – Technique to tap USB hardware hosts

DIKTER – SIGINT Exchange Designator for Norway

DINAR – Retired compartment for intercepts from foreign embassies in Washington

DIONYSUS – Remote SATCOM collection facility

DIRESCALLOP – Method to circumvent commercial products that prevent malicious software from making changes to a computer system

DISCOROUTE – A tool for targeting passively collected telnet sessions

- NSA database for text messages (SMS)

DISTANTFOCUS – A pod for tactical SIGINT and precision geolocation (since 2005)

DIVERSITY – SIGINT Exchange Designator for ?

DOBIE – The South African consulate and mission at the UN in New York

DOCKETDICTATE – Something related to NSA’s TAO division

DOGCOLLAR – A type of Question-Focussed Dataset based on the Facebook display name cookie

DOGHUT – Upstream collection site

DOUBLEARROW – One of NSA’s voice processing databases?


DREADNOUGHT – NSA operation focused on Ayatollah Khamenei

- Passive collection of emanations (e.g. from printers or faxes) by using a radio frequency antenna

DROPOUTJEEP – STRAITBIZARRE-based software implant for iPhone, initially close access but later remotely

- System for processing data from mobile communication networks

DRUID – SIGINT Exchange Designator for third party countries

- A US military numeral cipher/authentication system

DRYTORTUGAS – Analytic tool

DYNAMO – SIGINT Exchange Designator for Denmark


EAGLE – Upstream collection site

- A SIGINT collection network run by Australia, Canada, New Zealand, the United Kingdom, and the United States

ECHO – SIGINT Exchange Designator for Australia

ECRU (EU) – Compartment of the ENDSEAL control system

EDEN – Upstream collection site

EGOTISTICALGIRAFFE (EGGI) – NSA program for exploiting the TOR network

EGOTISTICALGOAT (EGGO) – NSA tool for exploiting the TOR network

EIDER – Retired SIGINT product codeword

EINSTEIN – Cell phone network intercepting equipment used by SCS units

- Intrusion detection system for US government network gateways (deployed in 2004)

EINSTEIN 2 – Second version of the EINSTEIN program for detecting malicious network activity

EINSTEIN 3 – Third version of the EINSTEIN program that will monitor government computer traffic on private sector sites too

ELEGANTCHAOS – Large scale FORNSAT data analysis system

EMBRACEFLINT – Tool for computer network operations

ENDSEAL (EL) – SCI control system

ENDUE – A COI for sensitive decrypts of the BULLRUN program

ENTOURAGE – Directional finder for line of bearing for GSM, UMTS, CDMA, FRS signals, works with NEBULA active interrogator within GALAXY program

EPICSHELTER – Sophisticated data backup system designed by Edward Snowden

ERRONEOUSINGENUITY (ERIN) – NSA tool for exploiting the TOR network

EVENINGEASEL – Program for surveillance of phone and text communications from Mexico’s cell phone network

EVILOLIVE – Iinternet geolocation tool

EVOLVED MUTANT BROTH – Second party database

EYESPY – System that scans data for logos of companies, political parties and other organizations, as well for pictures with faces for facial recognition


FACELIFT – Codeword related to NSA’s Special Source Operations division

- NSA corporate partner with access to international cables, routers, and switches (since 1985)

FAIRVIEWCOTS – System for processing telephony metadata collected under the FAIRVIEW program

FALLENORACLE – NSA tool or database

FALLOUT – DNI metadata ingest processor/database

- DNR metadata ingest processor/database

FASCINATOR – Series of Type 1 encryption modules for Motorola digital-capable voice radios

FASHIONCLEFT (FC) – Wrapper used to exfiltrate data of VPN and VoIP communications

FASTBAT – Telephony related database?

FASTFOLLOWER – Tool to identify foreign agents who might tail American case officers overseas by correlating cellphone signals

FASTSCOPE – NSA database

FEEDTROUGH – Software implant for unauthorized access to Juniper firewall models N5XT, NS25, NS50, NS200, NS500, ISG1000

FERRETCANON – Subsystem of the FOXACID system

FINKDIFFERENT (FIDI) – Tool used for exploiting TOR networks

FIRE ANT – Open Source visualisation tool

- NSA key generation scheme, used for exchanging EKMS public keys

FIRETRUCK – SIGINT tool or database

FIREWALK -Bidirectional network implant, passive gigabit ethernet traffic collector and active ethernet packet injector within RJ45 Dual Stacked USB connector, digital core used with HOWLERMONKEY, formerly RADON

- NSA program for securing commercial smartphones

FLARE – Retired SIGINT product codeword

FLATLIQUID – TAO operation against the office of the Mexican president

FLEMING – The embassy of Slovakia in Washington DC

FLINTLOCK – The DICTIONARY computer used at the Waihopai station of ECHELON

FLUXBABBITT – Hardware implant for Dell PowerEdge RAID servers using Xeon processors

FOGGYBOTTOM – Computer implant plug-in that records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts

FOREMAN – Tactical SIGINT database? Used to determine ‘foreigness’

FOURSCORE – (former?) database for fax and internet data

FOXACID (FA?) – System of secret internet servers used to attack target computers

FOXSEARCH – Tool for monitoring a QUANTUM target which involves FOXACID servers

FOXTRAIL – NSA tool or database

FRIARTUCK – VPN Events tool or database (CSEC?)

FREEFLOW-compliant – Supported by TURBULENCE architecture

FREEZEPOST – Something related to NSA’s TAO division

FRONTO – Retired SIGINT Exchange Designator for ?

FROSTBURG – Connection Machine 5 (CM-5) supercomputer, used by NSA from 1991-1997

FROTH – Retired SIGINT product codeword

FRUGALSHOT – FOXACID servers for receiving callbacks from computers infected with NSA spying software


GALACTICHALO – Remote SATCOM collection facility

GALAXY – Find/fix/finish program of locating signal-emitting devices of targets

GAMMA (G) – Compartment for highly sensitive communication intercepts

GAMUT – NSA collection tasking tool or database

GARLIC – The NSA satellite intercept station at Bad Aibling (Germany)

GATEKEEPER – NSA user account management system

GAVEL – Retired SIGINT product codeword

GECKO II – System consisting of hardware implant MR RF or GSM, UNITEDRAKE software implant, IRONCHEF persistence back door

GEMINI – Remote SATCOM collection facility

GENESIS – Modified GSM handset for covert network surveys, recording of RF spectrum use, and handset geolocation based on software defined radio

GENIE – Overall close-access program, collection by Sigads US-3136 and US-3137

GHOSTMACHINE – NSA’s Special Source Operations cloud analytics platform

GINSU – Provides software persistence for the CNE implant KONGUR having PCI bus hardware implant BULLDOZER on MS desktop PCs

GILGAMESH – Predator-based NSA geolocation system used by JSOC

GISTQEUE (GQ) – NSA software or database

GJALLER – NSA tool or database

GLINT – Retired SIGINT product codeword

GLOBALBROKER – NSA tool or database


GODLIKELESION – Modernization program for NSA’s European Technical Center (ETC) in Wiesbaden in 2011

GODSURGE – Runs on FLUXBABBITT circuit board to provide software persistence by exploiting JTAG debugging interface of server processors, requires interdiction and removal of motherboard of JTAG scan chain reconnection

GOPHERSET – Software implant on GMS SIM phase 2+ Toolkit cards that exfiltrates contact list, SMS and call log from handset via SMS to user-defined phone; malware loaded using USB smartcard reader or over-the-air.

GOSSAMER – SIGINT/EW collection and exploitation system

GOTHAM – Processor for external monitor recreating target monitor from red video

GOURMETTROUGH – Configurable implant for Juniper NetScreen firewalls including SSG type, minimal beaconing

GOUT – Subcompartment of GAMMA for intercepts of South Vietnamese government communications

GOVPORT – US government user authentication service

GRAB – SIGINT satellite program

GREY FOX – The 2003 covername of the Mission Support Activity (MSA) of JSOC

GREYSTONE (GST) – CIA’s highly secret rendition and interrogation programs

GROK – Computer implant plug-in used to log keystrokes

GUMFISH – Computer implant plug-in to take over a computer’s webcam and snap photographs

GUPY – Subcompartment of GAMMA for intercepts from Soviet leadership car phones (1960’s-70’s)


HALLUXWATER – Software implant as boot ROM upgrade for Huawei Eudemon firewalls, finds patch points in inbound packet processing, used in O2, Vodafone and Deutsche Telekom

HAMMERCHANT – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software

HAMMERMILL – Insertion Tool controls HEADWATER boot ROM backdoor

HAMMERSTEIN – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software

HAPPYFOOT – Program that intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks

HARD ASSOCIATION – Second party database

- An IBM supercomputer used by NSA from 1962-1976

HAVE BLUE – Development program of the F-117A Stealth fighter-bomber

HAVE QUICK (HQ) – Frequency-hopping system protecting military UHF radio traffic

HEADWATER – Permanent backdoor in boot ROM for Huawei routers stable to firmware updates, installed over internet, capture and examination of all IP packets passing through host router, controlled by Hammermill Insertion Tool

HEMLOCK – Operation against the Italian embassy in Washington DC using HIGHLANDS techniques

HERCULES – CIA terrorism database

HERETIC – NSA tool or database

HEREYSTITCH – Collaboration program between NSA units T1222 and SSG

HERMOS – Joint venture between the German BND and another country with access for NSA (2012)

HERON – Retired SIGINT product codeword

HIGHCASTLE – Tactical database?

HIGHLANDS – Technique for collection from computer implants

HIGHTIDE – NSA tool or database

HOBGOBLIN – NSA tool or database

HOLLOWPOINT – Software defined radio platform

HOMEBASE – Database which allows analysts to coordinate tasking with DNI mission priorities

HOMEMAKER – Upstream collection site

HOMINGPIGEON – Program to intercept communications from airplane passengers


HOWLERMONKEY (HM) – Generic radio frequency (RF) transceiver tool used for various applications

HUFF – System like FOXACID?

HYSON – Retired SIGINT product codeword


ICEBERG – Major NSA backbone project

ICREACH – Tool that uses telephony metadata

IDITAROD (IDIT) – Compartment of the KLONDIKE control system

INCENSER – A joint NSA-GCHQ high-volume cable tapping operation, part of the WINDSTOP program

INDIA – SIGINT Exchange Designator for New Zealand (retired)

- Satellite intercept station near Khon Khaen, Thailand (1979-ca. 2000)

INTREPID SPEAR – The 2009 covername of the Mission Support Activity (MSA) of JSOC

- Series of ELINT and COMINT spy satellites (since 2009)

IRATEMONK – Hard drive firmware providing software persistence for desktops and laptops via Master Boot Record substitution, for Seagate Maxtor Samsung file systems FAR NRFS EXT3 UFS, payload is implant installer, shown at internet cafe

IRONAVENGER – NSA hacking operation against an ally and an adversary (2010)

IRONCHEF – Provides access persistence back door exploiting BIOS and SMM to communicate with a 2-way RF hardware implant

IRONSAND – Second Party satellite intercept station in New Zealand

ISHTAR – SIGINT Exchange Designator for Japan (retired)

ISLANDTRANSPORT – Internal messaging service, as part of the QUANTUM system

IVORY – Retired SIGINT product codeword

IVY BELLS – NSA, CIA and Navy operation to place wire taps on Soviet underwater communication cables


JACKKNIFE – The NSA satellite intercept station at Yakima (US)

JACKPOT – Internal NSA process improvement program (early 1990s – early 2000s)

JETPLOW – Persistent firmware back door for Cisco PIX and ASA firewall and routers, modifies OS at boot time


JOSEKI-1 – Classified Suite A algorithm

JOURNEYMAN – Major NSA backbone project

JUGGERNAUT – Ingest system for processing signals from (mobile?) phone networks

- Class of SIGINT reconnaissance satellites (1971-1983)

JUNIORMINT – Implant digital core, either mini printed circuit board or ultra-mini Flip Chip Module, contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories


KAMPUS – SIGINT Exchange Designator for ? (retired)

KANDIK (KAND) – Compartment of the KLONDIKE control system

KARMA POLICE – Second party database

KATEEL – The Brazilian embassy in Washington

KEA – Asymmetric-key Type 2 algorithm used in products like Fortezza, Fortezza Plus

KEELSON – Internet metadata processing system

KEYCARD – Database for VPN key exchange IP packet addresses

KEYRUT – SIGINT Exchange Designator for ? (retired)

KILTING – ELINT database

KIMBO – Retired SIGINT product codeword

KLIEGLIGHT (KL) – Tactical SIGINT reports

KLONDIKE (KDK) – Control system for sensitive geospatial intelligence

KLONDIKE – The embassy of Greece in Washington DC

KNIGHTHAWK – Probably a military SIGINT tool

- Method for summarizing very large textual data sets

KONGUR – Software implant restorable by GINSU after OS upgrade or reinstall

KRONE – Retired SIGINT product codeword


(LAC) – Retired NSA dissemination control marking

LADYLOVE – The NSA satellite intercept station at Misawa, Japan (since 1982)

LANYARD – Reconaissance satellite program

LARUM – Retired SIGINT product codeword

LEGION AMBER – Chinese hacking operation against a major US software company

LEGION JADE – A group of Chinese hackers

LEGION RUBY – A group of Chinese hackers

LEGION YANKEE – Chinese hacking operation against the Pentagon and defense contractors (2011)

LEMONWOOD – NSA satellite intercept station in Thailand

LEXHOUND – Tool for targeting social networking?

LIBERTY – First word of nicknames for collection and analysis programs used by JSOC and other sensitive DOD activities

LIBERTY BLUE – Modified RC-12 Guardrail surveillance airplane used by JSOC’s Mission Support Activity (MSA)

LIFESAVER – Technique which images the hard drive of computers

LIONSHARE – Internal NSA process improvement program (2003-2008)

LITHIUM – Facility to filter and gather data at a major (foreign?) telecommunications company under the BLARNEY program

LODESTONE – NSA’s CRAY-1 supercomputer

LOGGERHEAD – Device to collect contents of analog cell phone calls (made by Harris Corp.)

LOMA – SCI control system for Foreign Instrumentation and Signature Intelligence

LOPERS – Software application for Public Switched Telephone Networks or some kind of hardware

LOUDAUTO – An ANGRYNEIGHBOR radar retro-reflector, microphone captures room audio by pulse position modulation of square wave



MADCAPOCELOT – Sub-program of STORMBREW for collection of internet metadata about Russia and European terrorism

MAESTRO-II – Mini digital core implant, standard TAO implant architecture

MAGIC – Codeword for decrypted high-level diplomatic Nazi messages

- A keystroke logging software developed by the FBI

MAGNES – Remote SATCOM collection facility

MAGNETIC – Technique of sensor collection of magnetic emanations

- Series of SIGINT spy satellites (since 1985)

MAGOTHY – The embassy of the European Union in Washington DC

MAILORDER – Data transfer tool (SFTP-based?)

- Federal database of personal and financial data of suspicious US citizens

- NSA database of bulk phone metadata

MANASSAS – Former NSA counter-encryption program, succeeded by BULLRUN

- NSA database of bulk internet metadata

MARKHAM – NSA data system?

MARTES – NSA software tool to prepare reports

MASTERLINK – NSA tasking source

MASTERSHAKE – NSA tool or database

MATRIX – Some kind of data processing system

MAYTAG – Upstream collection site

MEDLEY – Classified Suite A algorithm

MENTOR – Class of SIGINT spy satellites (since 1995)

MERCED – The Bulgarian embassy in Washington DC

MERCURY – Soviet cipher machine partially exploited by NSA in the 1960’s

MERCURY – Remote SATCOM collection facility

MESSIAH – NSA automated message handling system

METAWAVE – Warehouse of unselected internet metadata

METROTUBE – Analytic tool for VPN data

METTLESOME – NSA Collection mission system

MIDAS – Satellite program

MIDDLEMAN – TAO covert network

MILKBONE – Question-Focused Dataset used for text message collection

- A sister project to Project SHAMROCK (1967-1973)

MINERALIZE – Technique for collection through LAN implants

MIRANDA – Some kind of number related to NSA targets

MIRROR – Interface to the ROADBED system

MOCCASIN – A hardware implant, permanently connected to a USB keyboard

MONKEYCALENDAR – Software implant on GMS SIM cards that exfiltrates user geolocation data

MONKEYROCKET – Sub-program of OAKSTAR for collecting internet metadata and content through a foreign access point

MOONLIGHTPATH (EGL?) – SSO collection facility

MOONPENNY – The NSA satellite intercept station at Harrogate (Great Britain)

MORAY – Compartment for the least sensitive COMINT material, retired in 1999

MORPHEUS – Program of the Global Access Operations (GAO)

MOTHMONSTER – NSA tool for exploiting the TOR network

MOVEONYX – Tool related to CASPORT

MULBERRY – The mission of Japan at the United Nations in New York

(JPM?) – Joint NSA-GCHQ operation to tap the cables linking Google and Yahoo data clouds to the internet Part of WINDSTOP

MUSKET – Retired SIGINT Exchange Designator for ?

MUSKETEER – NSA’s Special Signal Collection unit

- SSO unilateral voice interception program

- Presidential Global Communications System


NASHUA – The mission of India at the United Nations in New York

NAVAJO – The mission of Vietnam at the United Nations in New York

NAVARRO – The embassy of Georgia in Washington DC

NEBULA – Base station router similar to CYCLONE Hx9

NECTAR – SIGINT Exchange Designator for ? (retired)

NELEUS – Remote SATCOM collection facility

NEMESIS – SIGINT satellite

- Operation to kill or capture Osama bin Laden (2011)

NETBOTZ – Remote monitoring tool

NEWSDEALER – NSA’s internal intelligence news network

NIAGARAFILES – Data transfer tool (SFTP-based?)

NIGHTSTAND – 802.11 wireless packet injection tool that runs on standalone x86 laptop running Linux Fedora Core 3 and exploits windows platforms running Internet Explorer, from 8 miles away

NIGHTWATCH – Portable computer in shielded case for recreating target monitor from progressive-scan non-interlaced VAGRANT signals

NINJANIC – Something related to TURMOIL

NITESURF – NSA tool or database

NITRO – Remote SATCOM collection facility

NOCON – NSA dissemination marking or COI

NONBOOK (NK) – Compartment of the ENDSEAL control system

NORMALRUN – NSA tool or database

NUCLEON – Database for contents of phone calls

NYMROD – Automated name recognition system


- Umbrella program to filter and gather information at major telecommunications companies (since 2004)

OCEAN – Optical collection system for raster-based computer screens

OCEANARIUM – Database for SIGINT from NSA and intelligence sharing partners around the world

OCEANFRONT – Part of the communications network for ECHELON

OCEAN SHIELD – NATO anti-piracy operation

OCEANSURF – Engineering hub of the Global Access Operations (GAO)


OCTAVE – NSA tool for telephone network tasking (succeeded by the UTT?)

OCTSKYWARD – Collection of GSM data from flying aircraft

OILSTOCK – A system for analyzing air warning and surveillance data

- CSEC tool for discovering and identifying telephone and computer connections

OLYMPIC – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare

OLYMPIC GAMES – Joint US and Israel operation against the Iranian nuclear program (aka Stuxnet)

OLYMPUS – Software component of VALIDATOR/SOMBERKNAVE used to communicate via wireless LAN 802.11 hardware

OMNIGAT – Field network component

ONEROOF – Main tactical SIGINT database, with raw and unfiltered intercepts

- Newer units of the LACROSSE reconaissance satellites

ORANGEBLOSSOM – Sub-program of OAKSTAR for collection from an international transit switch (sigad: US-3251)

ORANGECRUSH – Sub-program of OAKSTAR for collecting metadata, voice, fax, phone and internet content through a foreign access point

ORION – SIGINT satellite

ORLANDOCARD – NSA operation thtat attracted visits from 77,413 foreign computers and planted spyware on more than 1,000 by using a ‘honeypot’ computer

OSAGE – The embassy of India in Washington DC

OSCAR – SIGINT Exchange Designator for the USA

OSWAYO – The embassy annex of India in Washington DC

- The Lockheed A-12 program (better known as SR-71)


PACKAGEDGOODS – Program which tracks the ‘traceroutes’ through which data flows around the Internet

PACKETSCOPE – Internet cable tapping system

PACKETSWING – NSA tool or database

PACKETWRENCH – Computer exploit delivered by the FERRETCANON system

PADSTONE – Type 1 Cryptographic algorithm used in several crypto products

PAINTEDEAGLE – SI-ECI compartment related to the BULLRUN program

PALANTERRA – A family of spatially and analytically enabled Web-based interfaces used by the NGA

PANGRAM (PM) – Alleged SCI control system

PANTHER – The embassy of Vietnam in Washington DC

PARCHDUSK (PD) – Productions Operation of NSA’s TAO division

PARTNERMALL PROGRAM (PMP) – A single collaboration environment, to be succeeded by the Global Collaboration Environment (GCE)


PATHFINDER – SIGINT analysis tool (developed by SAIC)

PATHWAY – NSA’s former main computer communications network

- Call chaining analysis tool (developed by i2)

PAWLEYS – SI-ECI compartment related to the BULLRUN program

PEARL – Retired SIGINT product codeword

PEDDLECHEAP – Computer exploit delivered by the FERRETCANON system

PENDLETON – SI-ECI compartment related to the BULLRUN program

PEPPERBOX – Tool or database for targeting Requests (CSEC?)

PERDIDO – The mission of the European Union at the United Nations in New York

PERFECTMOON – An out-sites covering system

PHOTOANGLO – A continuous wave generator and receiver. The bugs on the other end are ANGRYNEIGHBOR class

PIEDMONT – SI-ECI compartment related to the BULLRUN program

PICARESQUE (PIQ) – SI-ECI compartment related to the BULLRUN program

PICASSO – Modified GSM handset that collects user data plus room audio

PINUP – Retired SIGINT product codeword

- Database for recorded signals intercepts/internet content

PITCHFORD – SI-ECI compartment related to the BULLRUN program

PIVOT – Retired SIGINT product codeword

PIXIE – Retired SIGINT product codeword

PLATFORM – Computer system linking the ECHELON intercept sites

PLUS – NSA SIGINT production feedback program

POCOMOKE – The Brazilian Permanent Mission to the UN in New York

POISON NUT – CES VPN attack orchestrator

POLARBREEZE – NSA technique to tap into nearby computers

POPPY – SIGINT satellite program

POPTOP – Collection system for telephony data

POWELL – The Greek mission at the United Nations in New York

PREFER – System for identifying and extracting text messages (SMS) from the DISHFIRE database

PRESSUREPORT – Software interface related to PRESSUREWAVE

PRESSUREWAVE – NSA cloud database for VPN and VoIP content and metadata

PRIMECANE – American high-tech company cooperating in providing a network access point for the ORANGECRUSH program

- Program for collecting foreign internet data from US internet companies

PROFORMA – Intelligence derived from computer-based data

- Mobile tactical SIGINT collection system

PROTEIN – SIGINT Exchange Designator for ?

PROTON – SIGINT database for time-sensitive targets/counterintelligence

PROTOSS – Local computer handling radio frequency signals from implants

PURPLE – Codename for a Japanese diplomatic cryptosystem during WWII

- US military OPSEC program (since 1966)

PUTTY – NSA tool or database

PUZZLECUBE – NSA tool or database

PYLON – SIGINT Exchange Designator for ?


QUADRANT – A crypto implementation code


- A consolidated QUANTUMTHEORY platform to reduce latencies by co-locating passive sensors with local decisioning and traffic injection (under development in 2011)

- Secret servers placed by NSA at key places on the internet backbone; part of the TURMOIL program

QUANTUMBISCUIT – Enhancement of QUANTUMINSERT for targets which are behind large proxies

QUANTUMBOT – Method for taking control of idle IRC bots and botnets)

QUANTUMBOT2 – Combination of Q-BOT and Q-BISCUIT for webbased botnets

QUANTUMCOOKIE – Method to force cookies onto target computers

QUANTUMCOPPER – Method for corrupting file uploads and downloads

QUANTUMDNS – DNS injection/redirection based off of A record queries

QUANTUMHAND – Man-on-the-side technique using a fake Facebook server

QUANTUMINSERT (QI) – Man-on-the-side technique that redirects target internet traffic to a FOXACID server for exploitation

QUANTUMMUSH – Targeted spam exploitation method

QUANTUMNATION – Umbrella for COMMONDEER and VALIDATOR computer exploits

QUANTUMPHANTOM – Hijacks any IP address to use as covert infrastructure

QUANTUMSKY – Malware used to block targets from accessing certain websites through RST packet spoofing

QUANTUMSMACKDOWN – Method for using packet injection to block attacks against DoD computers

QUANTUMSPIN – Exploitation method for instant messaging

QUANTUMSQUEEL – Method for injecting MySQL persistant database connections

QUANTUMSQUIRREL – Using any IP address as a covert infrastructure

QUANTUMTHEORY (QT) – Computer hacking toolbox used by NSA’s TAO division, which dynamically injects packets into target’s network session

QUANTUM LEAP – CIA tool to “find non-obvious linkages, new connections, and new information” from within a dataset

QUARTERPOUNDER – Upstream collection site

- Relay satellite for reconaissance satellites

QUEENSLAND – Upstream collection site



RADON – Host tap that can inject Ethernet packets

RAGEMASTER – Part of ANGRYNEIGHBOR radar retro-reflectors, for red video graphics array cable in ferrite bead RFI chokers between video card and monitor, target for RF flooding and collection of VAGRANT video signal

(RGT) – ECI compartment for call and e-mail content collected under FISA authority

RAILHEAD – NCTC database project

RAISIN – NSA database or tool

RAMPART – NSA operational branches that intercept heads of state and their closest aides. Known divisions are RAMPART-A, RAMPART-I and RAMPART-T. Also mentioned as a suite of programs for assuring system functionality

RAVEN – SIGINT satellite

REACTOR – Tool or program related to MARINA?

REBA – Major NSA backbone project



REMATION – Joint NSA-GCHQ counter-TOR workshop

RENOIR – NSA telephone network visualization tool

REQUETTE – A Taiwanese TECO in New York

RESERVE (RSV) – Control system for the National Reconnaissance Office (NRO)

RESERVEVISION – Remote monitoring tool

RESOLUTETITAN – Internet cable access program?


RETROSPECTIVE – 30-day retrospective retrieval tool for SCALAWAG

RETURNSPRING – High-side server shown in UNITEDRAKE internet cafe monitoring graphic

RHINEHEART – NSA tool or database

- Class of SIGINT spy satellites (in 1975 changed to AQUACADE)

RICHTER – SIGINT Exchange Designator for Germany


RIVET JOINT – Reconaissance operation

ROADBED – Probably a military SIGINT database

ROCKYKNOB – Optional DSP when using Data Over Voice transmission in CROSSBEAM

RONIN – NSA tool for detecting TOR-node IP-addresses

RORIPA – SIGINT Exchange Designator for ?

ROYALNET – Internet exploitation tool

RUFF – Compartment of TALENT KEYHOLE for IMINT satellites

RUMBUCKET – Analytic tool

RUTLEY – Network of SIGINT satellites launched in 1994 and 1995


SABRE – Retired SIGINT product codeword


SALVAGERABBIT – Computer implant plug-in that exfiltrates data from removable flash drives that connect to an infected computer

SAMOS – Reconnaissance satellite program

SAPPY – Retired SIGINT product codeword

SARATOGA – SSO access facility (since 2011)

SARDINE – SIGINT Exchange Designator for Sweden

- Narrow band voice encryption for radio and telephone communication

SAVIN – Retired SIGINT product codeword

SCALAWAG – Collection facility under the MYSTIC program

SCALLION – Upstream collection site

SCAPEL – Second Party satellite intercept station in Nairobi, Kenia

SCHOOLMONTANA – Software implant for Juniper J-series routers used to direct traffic between server, desktop computers, corporate network and internet

SCIMITAR – A tool to create contact graphs?

SCISSORS – System used for separating different types of data and protocols

SCORPIOFORE – SIGINT reporting tool

SEABOOT – SIGINT Exchange Designator for ?

SEADIVER – Collection system for telephony data

SEAGULLFARO – High-side server shown in UNITEDRAKE internet cafe monitoring graphic

SEARCHLITE – Tactical SIGINT collecting system for like cell phone calls

SEASONEDMOTH (SMOTH) – Stage0 computer implant which dies after 30 days, deployed by the QUANTUMNATION method

SECONDDATE – Method to influence real-time communications between client and server in order to redirect web-browsers to FOXACID malware servers

SECUREINSIGHT – A software framework to support high-volume analytics

SEMESTER – NSA SIGINT reporting tool

- Transportable suite of ISR equipment (since 1991)

- Radome on top of the U2 to relay SIGINT data to ground stations

SENTINEL – NSA database security filter

SERENADE – SSO corporate partner (foreign?)

SERUM – Bank of servers within ROC managing approvals and ticket system

SETTEE – SIGINT Exchange Designator for ?

- Operation for intercepting telegraphic data going in or out the US (1945-1975)

SHAREDVISION – Mission program at Menwith Hill satellite station

SHARKFIN – Sweeps up all-source communications intelligence at high speed and volumes

SHARPFOCUS (SF2) – Productions Operation of NSA’s TAO division

SHELLTRUMPET – NSA metadata processing program (since December 2007)

SHENANIGANS – Aircraft-based NSA geolocation system used by CIA

SHIFTINGSHADOW – Sub-program of OAKSTAR for collecting telephone metadata and voice content from Afghanistan through a foreign access point

SHILLELAGH – Classified Suite A algorithm

SHORTSHEET – NSA tool for Computer Network Exploitation

SHOTGIANT – NSA operation for hacking and monitoring the Huawei network (since 2009)

SIERRAMONTANA – Software implant for Juniper M-series routers used by enterprises and service providers


SIGSALY – The first secure voice system from World War II

SILKWORTH – A software program used for the ECHELON system

SILLYBUNNY – Some kind of webbrowser tag which can be used as selector

SILVER – Soviet cipher machine partially exploited by NSA in the 1960’s


SILVERZEPHYR (SZ) – Sub-program of OAKSTAR for collecting phone and internet metadata and content from Latin and South America through an international transit switch

SIRE – A software program used for the ECHELON system(?)

- Type 2 Block cipher algorithms used in various crypto products

SKOPE – SIGINT analytical toolkit

SKYSCRAPER – Interface to the ROADBED system

SKYWRITER – NSA tool to prepare (internet) intelligence reports

SLICKERVICAR – Used with UNITEDRAKE or STRAITBIZARRE to upload hard drive firmware to implant IRATEMONK

SLINGSHOT – End Product Reports (CSEC?)

SMOKEYSINK – SSO access facility (since 2011?)

SNICK – 2nd Party satellite intercept station in Oman

SNORT – Repository of computer network attack techniques/coding

SOAPOPERA – (former?) database for voice, end product and SRI information

SOMBERKNAVE – Windows XP wireless software implant providing covert internet connectivity, routing TCP traffic via an unused 802.11 network device allowing OLYMPUS or VALIDATOR to call home from air-gapped computer



SOUFFLETROUGH – Software implant in BIOS Juniper SSG300 and SSG500 devices, permanent backdoor, modifies ScreenOS at boot, utilizes Intel’s System Management Mode

SOUNDER – Second Party satellite intercept station at Cyprus

SPARKLEPONY – Tool or program related to MARINA

SPARROW II – Airborne wireless network detector running BLINDDATE tools via 802.11

SPECTRE – SCI control system for intelligence on terrorist activities

SPECULATION – Protocol for over-the-air communication between COTTONMOUTH computer implant devices, compatible with HOWLERMONKEY

SPHINX – Counterintelligence database of the Defense Intelligence Agency

SPINNERET (SPN) – SSO collection facility

SPLITGLASS – NSA analytical database

SPLUNK – Tool used for SIGINT Development

SPOKE – Compartment for less sensitive COMINT material, retired in 1999


SPORTCOAST – Upstream collection site

SPRIG – Retired SIGINT product codeword

SPRINGRAY – Some kind of internal notification system

SPYDER – Analytic tool for selected content of text messages from the DISHFIRE database

STARBURST – The initial code word for the STELLARWIND compartment

STARLIGHT – Analyst tool

STARPROC – User lead that can be uses as a selector

STARSEARCH – Target Knowledge tool or database (CSEC?)

STATEROOM – Covert SIGINT collection sites based in US diplomatic facilities

STEELFLAUTA – SSO Corporate/TAO Shaping program

STEELKNIGHT – (foreign?) partner providing a network access point for the SILVERZEPHYR program

STEELWINTER – A supercomputer acquired by the Norwegian military intelligence agency

STELLAR – Second Party satellite intercept station at Geraldton, Australia

STELLARWIND (STLW) – SCI compartment for the President’s Surveillance Program information

STEPHANIE – Covert listening post in the Canadian embassy in Moscow (est. 1972)

STINGRAY – Device for tracking the location of cell phones (made by Harris Corp.) STONEGHOST – DIA network for information exchange with UK, Canada, Australia and New Zealand (TS/SCI)

STORMBREW – Program for collection from an international transit switches and cables (since 2001)

STRAIGHTBIZARRE – Software implant used to communicate through covert channels

STRATOS – Tool or databse for GPRS Events (CSEC?)

STRAWHAT – NSA datalinks between field sites and processing centers (1969-?)

STRIKEZONE – Device running HOWLERMONKEY personality

STRONGMITE – Computer at remote operations center used for long range communications

STRUM – (see abbreviations)

STUCCOMONTANA – Software implant for Juniper T-Series routers used in large fixed-line, mobile, video, and cloud networks, otherwise just like SCHOOLMONTANA

STUMPCURSOR – Foreign computer accessing program of the NSA’s Tailored Access Operations

SUBSTRATUM – Upstream collection site

SUEDE – Retired SIGINT product codeword

SULPHUR – The mission of South Korea at the United Nations in New York

SUNSCREEN – Tool or database

SURFBOARD – NSA tool or database

SURLEYSPAWN – Data RF retro-reflector, gathers keystrokes FSK frequency shift keyed radar retro-reflector, USB or IBM keyboards

SURPLUSHANGAR – High to low diode, part of the QUANTUM system

SURREY – Main NSA requirements database, where tasking instructions are stored and validated, used by the FORNSAT, SSO and TAO divisions

SUTURESAILOR – Printed circuit board digital core used with HOWLERMONKEY

SWAMP – NSA data system?

SWAP – Implanted software persistence by exploiting motherboard BIOS and hard drive Host Protected Area for execution before OS loads, operative on windows linux, freeBSD Solaris

- NSA data model for analyzing target connections



TALENT KEYHOLE (TK) – Control system for space-based collection platforms

TALK QUICK – An interim secure voice system created to satisfy urgent requirements imposed by conditions to Southeast Asia. Function was absorbed by AUTOSEVOCOM

TAPERLAY – Covername for Global Numbering Data Base (GNDB), used for looking up the registered location of a mobile device

TARMAC – Improvement program at Menwith Hill satellite station

TAROTCARD – NSA tool or database

TAWDRYYARD – Beacon radio frequency radar retro-reflector used to positionally locate deployed RAGEMASTER units

TEMPEST – Investigations and studies of compromising electronic emanations

- GCHQ program for intercepting internet and telephone traffic

THESPIS – SIGINT Exchange Designator for ?

THINTREAD – NSA program for wiretapping and sophisticated analysis of the resulting data

THUMB – Retired SIGINT product codeword

THUNDERCLOUD – Collaboration program between NSA units T1222 and SSG

TIAMAT – Joint venture between the German BND and another country with access for NSA

TICKETWINDOW – System that makes SSO collection available to 2nd Party partners

TIDALSURGE – Router Configurations tool (CSEC?)

TIDEWAY – Part of the communications network for ECHELON

TIMBERLINE – The NSA satellite intercept station at Sugar Grove (US)

TINMAN – Database related to air warning and surveillance

TITAN POINTE – Upstream collection site

- Presumably Chinese attacks on American computer systems (since 2003)


TOPAZ – Satellite program

TOTECHASER – Software implant in flash ROM windows CE for Thuraya 2520 satellite/GSM/web/email/MMS/GPS

TOTEGHOSTLY – Modular implant for windows mobile OS based on SB using CP framework, Freeflow-compliant so supported by TURBULENCE architecture

TOWERPOWER – NSA tool or database


TOYGRIPPE – NSA’s CES database for VPN metadata

TRACFIN – NSA database for financial data like credit card purchases

TRAFFICTHIEF – Part of the TURBULENCE and the PRISM programs

TRAILBLAZER – NSA Program to analyze data carried on communications networks

TRAILMAPPER – NSA tool or database

TRANSX – NSA database

TREACLEBETA – TAO hacking against the Pakistani terrorist group Lashkar-e-Taiba

TREASUREMAP – NSA internet traffic visualization tool

TREASURETROVE – Analytic tool

TRIBUTARY – NSA provided voice threat warning network

TRIGGERFISH – Device to collect the content of digital cell phone calls (made by Harris Corp.)

TRINE – Predecessor of the UMBRA compartment for COMINT

TRINITY – Implant digital core concealed in COTTONMOUTH-I, providing ARM9 microcontroller, FPGA Flash and SDRAM memories

TRITON – Tool or database for TOR Nodes (CSEC?)

- Series of ELINT reconnaissance satellites (1994-2008)

TRYST – Covert listening post in the British embassy in Moscow

TUBE – Database for selected internet content?

TUMULT – Part of the TURBULENCE program

TUNINGFORK – Sustained collection linked to SEAGULLFARO, previously NSA database or tool for protocol exploitation

TURBINE – Active SIGINT: centralized automated command/control system for managing a large network of active computer implants for intelligence gathering (since 2010)

TURBOPANDA – The Turbopanda Insertion Tool allows read/write to memory, execute an address or packet; joint NSA/CIA project on Huawei network equipment

TURBULENCE (TU) – Integrate NSA architecture with several layers and sub-programs to detect threats in cyberspace (since 2005)

TURMOIL – Passive SIGINT sensors: high speed collection of foreign target satellite, microwave and cable communications, part of the TURBULENCE program Maybe for selecting common internet encryption technologies to exploit.


TUSKATTIRE – Ingest system for cleaning and processing DNR (telephony) data

TUTELAGE – Active defense system to monitor network traffic in order to detect malicious code and network attacks, part of the TURBULENCE program

TWEED – Retired SIGINT product codeword

TWISTEDKILT – Writes to Host Protected area on hard drive to implant Swap and its implant installer payload

TWISTEDPATH – NSA tool or database

TYPHON HX – GSM base station router network in box for tactical Sigint geolocating and capturing user


ULTRA – Decrypted high-level military Nazi messages, like from the Enigma machine

UMBRA – Retired compartment for the most sensitive COMINT material

UNIFORM – SIGINT Exchange Designator for Canada

UNITEDRAKE – Computer exploit delivered by the FERRETCANON system

USHER – Retired SIGINT product codeword


VAGRANT – Radar retro-reflector technique on video cable to reproduce open computer screens

VALIDATOR – Computer exploit delivered by the FERRETCANON system for looking whether a computer has security software, runs as user process on target OS, modified for SCHOOLMONTANA, initiates a call home, passes to SOMBERKNAVE, downloads OLYMPUS and communicates with remote operation center

- Decrypted intercepts of messages from Soviet intelligence agencies

VERDANT (VER) – Alleged SCI control system

VESUVIUS – Prototype quantum computer, situated in NSA’s Utah Data Center

VICTORYDANCE – Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen

VIEWPLATE – Processor for external monitor recreating target monitor from red video

VINTAGE HARVEST – Probably a military SIGINT tool


VOICESAIL – Intelligence database

- Class of SIGINT spy satellites (1978-1989)

VOXGLO – Multiple award contract providing cyber security and enterprise computing, software development, and systems integration support


WABASH – The embassy of France in Washington DC

WAGONBED – Hardware GSM controller board implant on CrossBeam or HP Proliant G5 server that communicates over I2C interface

WALBURN – High-speed link encryption, used in various encryption products

WARPDRIVE – Joint venture between the German BND and another country with access for NSA (2013)

WATERWITCH – Hand-held tool for geolocating targeted handsets to last mile

WAVELEGAL – Authorization service that logs data queries

WEALTHYCLUSTER – Program to hunt down tips on terrorists in cyberspace (2002- )

WEASEL – Type 1 Cryptographic algorithm used in SafeXcel-3340

WEBCANDID – NSA tool or database

WESTPORT – The mission of Venezuela at the United Nations in New York

WILLOWVIXEN – Method to deploy malware by sending out spam emails that trick targets into clicking a malicious link

WISTFULTOLL – Plug-in for UNITEDRAKE and STRAITBIZARRE used to harvest target forensics via Windows Management Instrumentation and Registry extractions, can be done through USB thumb drive

WHIPGENIE (WPG) – ECI compartment for details about the STELLARWIND program

WHITEBOX – Program for intercepting the public switched telephone network?


WHITETAMALE – Operation for collecting e-mails from Mexico’s Public Security Secretariat

WINDCHASER – Tool or program related to MARINA

WINDSORBLUE – Supercomputer program at IBM

WINDSTOP – Joint NSA-GCHQ unilateral high-volume cable tapping program

WINTERLIGHT – A QUANTUM computer hacking program in which Sweden takes part

WIRESHARK – Database with malicious network signatures

WITCH – Retired SIGINT product codeword


WOLFPOINT – SSO corporate partner under the STORMBREW program

WORDGOPHER – Platform to enable demodulation of low-rate communication carriers

WRANGLER – Database or system which focuses on Electronic Intelligence


- Program for finding key words in foreign language documents

XKEYSCORE (XKS) – Program for analysing SIGINT traffic


YACHTSHOP – Sub-program of OAKSTAR for collecting internet metadata

YELLOWPIN – Printed circuit board digital core used with HOWLERMONKEY

YELLOWSTONE – NSA analytical database

YUKON – The embassy of Venezuela in Washington DC


ZAP – (former?) database for texts

ZARF – Compartment of TALENT KEYHOLE for ELINT satellites, retired in 1999

ZESTYLEAK – Software implant that allows remote JETPLOW firmware installation, used by NSA’s CES unit

- See also this list of NSA codewords from 2002

Links and Sources

- List of NSA Code Names Revealed

- About What the NSA’s Massive Org Chart (Probably) Looks Like

- About Code Names for U.S. Military Projects and Operations

- National Reconnaissance Office: Review and Redaction Guide (pdf)

- About How Codes Names Are Assigned

- Wikipedia article about the Secret Service codename

- List of crypto machine designators

- Wikipedia article about the CIA cryptonym

- Article about Security Clearances and Classifications

- Listing in German: Marjorie-Wiki: SIGDEV

- William M. Arkin, Code Names, Deciphering U.S. Military Plans, Programs, adn Operations in the 9/11 World, Steerforth Press, 2005.

via Electrospaces.Blogspot.com

Read more
New flight 370 details: All signs point to backdoor westwardly landing approach onto secret island base

All evidence shows that a massive cover-up surrounding flight 370 has taken place, likely implementing U.S. military factions


INDIAN OCEAN (INTELLIHUB) — It’s now been 30-days since Malaysian Airlines flight 370 went missing after departing from the Kuala Lumpur International Airport (KLIA) on route to China and search and rescue teams have still found no trace of the Boeing 777 aircraft or any of its 239 passengers, after being fed botched search area data by Malaysian officials.

In fact, it has been reported that family members of the missing believe that the Malaysian government is involved in a massive cover-up of what really took place on Mar. 8, after the aircraft’s transponder was manually overridden via human intervention. Moreover, Malaysian authorities have suspiciously failed to release the plane’s cargo hold manifest and actual cockpit voice recordings which have been repeatedly requested by various family members, investigators and search and rescue teams to aid in the search for the missing plane.

Now according to Sara Bajc the girlfriend of Phillip Wood, a missing passenger aboard flight 370, there is a general consensus amongst flight 370′s family members, based in Malaysia, that possibly a U.S. militarized faction may have intercepted and commandeered the airliner. In fact, Bajc even stated that there is some witness to two fighter jets accompanying MH370 after the flight went dark, evading radar.

“I am sure that the military in Malaysia knew that plane was there and has tracked that plane in some way. Now whether they were in control of it or not we don’t know. Many people are saying that the United States is involved […] but the general thinking across the families here and even non-families […] believe this was a military operation of some sort.”, said Bajc, demonstrating her true inner feelings.

So what do we know?

Based on radar data supplied from several other countries and early on reports, we know that MH370, under intelligent human control, turned-back to the west at about 1:21am on the morning of Mar 8., just after the planes transponder was shut off. It was then reported by Intellihub News that the plane then took a zig-zag course heading Northwest toward the Straights of Malacca and the Andaman Islands where it was later intercepted on radar by a Malaysian and military installation. However, the Malaysian military, press and government quickly covered up the leaked report. Then 10-days later officials in Thailand released their radar data willingly, which matched the leaked original leaked Malaysian military radar blips putting MH370 just North of Malaysia before turning to the South. Interestingly, Thai officials claim that no one ever asked for their radar data, that’s why they willingly submitted it 10-days after MH370 went missing.

New information obtained by CNN Sunday, tells us that “flight 370 may have been flown on purpose along a route designed to avoid radar detection”, signifying a highly contrived and likely militarized plan to commandeer the aircraft, its cargo, and 239 passengers. Shockingly this information dovetails with a report by Shepard Ambellas titled YouTube investigator: ‘Flight 370 landed at Diego Garcia military base, plane and passengers then put in a Faraday style hangar’ which was released on Mar. 24, detailing how flight 370 was spotted by locals flying low over the Maldives Islands between 6:15am and 6:40am on the morning of Mar. 8, the day flight 370 went missing. This sighting was also independently confirmed by American investigator John Halloway, after interviewing an eyewitness living on the island of Kudahuvadhoo, via telephone, who saw the massive white jumbo-jet bearing a red and blue stripe down its side. The eyewitness testimony also revealed that the plane was flying “Northwest to Southeast”, which would have set the plane up for a backdoor westwardly approach to U.S. military base Diego Garcia avoiding all sightings from any straggler base personnel on the remote island in the Indian Ocean.

Moreover, investigators also determined that out of 5 simulations that were loaded into the captain’s home flight simulator, one was of Diego Garcia. The police confiscated the flight simulator from the pilot’s house in Shah Alam and reassembled it at the police headquarters where experts are currently conducting checks.

“The simulation programmes are based on runways at the Male International Airport in Maldives, an airport owned by the United States (Diego Garcia), and three other runways in India and Sri Lanka, all have runway lengths of 1,000 metres. We are not discounting the possibility that the plane landed on a runway that might not be heavily monitored, in addition to the theories that the plane landed on sea, in the hills, or in an open space,” an unnamed source told Berita Harian.

Intentional diversions and distractions

Since the disappearance of flight MH370, loved ones of missing passengers have been on an emotional roller coaster ride as the mainstream media and the governments involved with the search continue to create diversions and spread false information.  Two weeks ago, the Malaysian government claimed to have found wreckage of the missing aircraft.  Their information came from a satellite search crew, but was not verified.  Based on this flimsy evidence, the Malaysian government was quick to announce that the wreckage had been found and that everyone on board the plane had been killed.  This information was callously passed on to the loved ones of missing passengers through a standard text message from the government.

Malaysian officials claimed that the mystery had been solved and seemed to be celebrating the terrible news that the plane was found in pieces.  However, the announcement of the crash was made prematurely and soon after it was discovered that the large masses detected in the ocean were just large swaths containing junk and trash, but no airplane.

After weeks of false alarms and wild goose chases the Malaysian government said that the plane may never be found, but the vast majority of the passengers family members refuse to believe the official story.

As of now, 30-days into it, the current goose chase is locating the black box “ping” that has allegedly being detected somewhere in the Indian Ocean.

The head of the multinational search for the missing flight recently told CBS News that two electronic pulses were picked up by a Chinese ship, which could be the missing planes black box. However, it was later admitted that the reports in question were published before they were verified, expanding the endless rabbit hole of propaganda for onlookers to get lost in.  While reports of the black box pings have yet to be verified, they continue to get constant mainstream media coverage.

The contents of flight 370

As of now the motive for such an elaborate crime is not yet fully known.

What we do know is that 20 employees from the multi-billion dollar Austin Texas-based tech firm Freescale Semiconductor along with one IBM executive were aboard the flight.

Adding to the mystery, the Lord Jacob Rothschild (Blackstone Group) controlled Freescale Semiconductor Ltd. has kept the flow of any information regarding their employees at a minimum.

The Voice of Russia reported on Mar. 31 in an article titled MH370 kept hidden at top-secret US military base – media reports:

Interestingly, that leading innovative company [Freescale Semiconductor Ltd.] has been oddly unwilling to provide information on the missing people. Only the nationalities of the employees were made public: 12 of them were from Malaysia and eight from China. However, Freescale has persistently declined to release their identities. “Out of respect for the families’ privacy during this difficult time, we will not be releasing the names of the employees who were on board the flight at this time,” Freescale spokeswoman Jacey Zuniga said.

Nevertheless, Mitch Haws, Freescale’s vice president, described them as “people with a lot of experience and technical background,” adding that “they were very important.” According to Reuters, the vanished employees were engineers or specialists involved in projects to streamline and cut costs at key manufacturing facilities in China and Malaysia.

While it had been reported previously that 4 of the Freescale Semiconductor employees aboard flight 370 were patent holders, their names did not appear on the official flight manifest released by the Malaysian government, adding even a deeper element for independent investigators.

(Photo: Wikimedia Commons)

via IntelliHub

Read more
Malaysian Airline Mystery Decrypted

Not many ‘Answers’.. just all the right QUESTIONS



-A Distraction Decrypted-


NSA Tracking Capabilities – Everything means Everything
Diego Garcia – USA’s Secret Military Base
The Clone Plane in Tel Aviv
Freescale Semiconductor – Classified Technology
China vs USA Black Ops?

The Military Drills!  Cope Tiger / Cobra Gold

Man in the Middle Attack?  Hit? Kidnapping?
The Phillip Wood Picture Message – Legit Exif data?
Fake Girlfriend of Phillip Wood in Media!?

The Rothschild Connection
Jacob Rothschild -- Malaysia Airlines MH-370

Read more
Max is Back – Decrypted Matrix 3.0 – Launch Broadcast



Max is Back – Decrypted Matrix 3.0

Thanks for your patience, and support. Introduction to the new format, upcoming topics & more!

Snowden Leaks – NSA Sideshow? Hacking industry boomtown

AI Drones – When will the beast think for itself? Micro Swarms!

Manufactured Terrorism Off the Charts – False Flags further expose

Healthcare System Takeover + GMO Freight Train!

Medical Marijuana Movement Unstoppable? (health benefits no longer ignored)

Police State Brutality – and Getting Away with Murder

Trans Pacific Partnership – OMG WTF GLOBALIZATION

FAILED WAR ATTEMPTS: Iran, Syra, Ukraine?

Cabal Sinking their own ship? Does Humanity have a chance?

+Final Thoughts J, Krishnamurti , George Carlin

Read more
Bribe or ‘Tax’? NSA gives 10milion to RSA for Backdoor Access

Hmm. Hold up. So if we go by this Wikipedia entry..

“Founded as an independent company in 1982, RSA Security, Inc. was acquired by EMC Corporation in 2006 for US$ 2.1 billion and operates as a division within EMC.[5]

People need to understand, this means RSA took around 2% of what they’d make in one year. FOR A BACK-DOOR OMG. Does this not sound more like a tax, than a payment (never mind a bribe!)? How much would you care about an extra 2% per year? Exactly. Thats all I got. Someone else needs to close that gap.     -Max

RSA-NSA-Backdoor-TaxWhat’s an encryption backdoor cost? When you’re the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA’s encryption tokens werediscovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA’s BSafe software told Reuters that the company had received the money in exchange for making the NSA’s cryptographic formula as the default for encrypted key generation in BSafe.

“Now we know that RSA was bribed,” said security expert Bruce Schneier, who has been involved in the Snowden document analysis. “I sure as hell wouldn’t trust them. And then they made the statement that they put customer security first,” he said.

RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would’ve allowed the government to spy on people.

It has also had its algorithms hacked before, as has RSA-connected VeriSign.

The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.

“You think they only bribed one company in the history of their operations? What’s at play here is that we don’t know who’s involved,” he said.

Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. “You have no idea who else was bribed, so you don’t know who else you can trust,” Schneier said.

RSA did not return a request for comment, and did not comment for the Reuters story.

via CNet


Read more
An NSA Coworker Remembers The Real Edward Snowden: ‘A Genius Among Geniuses’


Perhaps Edward Snowden’s hoodie should have raised suspicions.

The black sweatshirt sold by the civil libertarian Electronic Frontier Foundation featured a parody of the National Security Agency’s logo, with the traditional key in an eagle’s claws replaced by a collection of AT&T cables, and eavesdropping headphones covering the menacing bird’s ears. Snowden wore it regularly to stay warm in the air-conditioned underground NSA Hawaii Kunia facility known as “the tunnel.”

His coworkers assumed it was meant ironically. And a geek as gifted as Snowden could get away with a few irregularities.

Months after Snowden leaked tens of thousands of the NSA’s most highly classified documents to the media, the former intelligence contractor has stayed out of the limelight, rarely granting interviews or sharing personal details. A 60 Minutes episode Sunday night, meanwhile, aired NSA’s officials descriptions of Snowden as a malicious hacker who cheated on an NSA entrance exam and whose work computers had to be destroyed after his departure for fear he had infected them with malware.

But an NSA staffer who contacted me last month and asked not to be identified–and whose claims we checked with Snowden himself via his ACLU lawyer Ben Wizner—offered me a very different, firsthand portrait of how Snowden was seen by his colleagues in the agency’s Hawaii office: A principled and ultra-competent, if somewhat eccentric employee, and one who earned the access used to pull off his leak by impressing superiors with sheer talent.

The anonymous NSA staffer’s priority in contacting me, in fact, was to refute stories that have surfaced as the NSA and the media attempt to explain how a contractor was able to obtain and leak the tens of thousands of highly classified documents that have become the biggest public disclosure of NSA secrets in history. According to the source, Snowden didn’t dupe coworkers into handing over their passwords, as one report has claimed. Nor did Snowden fabricate SSH keys to gain unauthorized access, he or she says.

Instead, there’s little mystery as to how Snowden gained his access: It was given to him.

“That kid was a genius among geniuses,” says the NSA staffer. “NSA is full of smart people, but anybody who sat in a meeting with Ed will tell you he was in a class of his own…I’ve never seen anything like it.”

When I reached out to the NSA’s public affairs office, a spokesperson declined to comment, citing the agency’s ongoing investigation into Snowden’s leaks.

But over the course of my communications with the NSA staffer, Snowden’s former colleague offered details that shed light on both how Snowden was able to obtain the NSA’s most secret files, as well as the elusive 30-year old’s character:

  • Before coming to NSA Hawaii, Snowden had impressed NSA officials by developing a backup system that the NSA had widely implemented in its codebreaking operations.
  • He also frequently reported security vulnerabilities in NSA software. Many of the bugs were never patched.
  • Snowden had been brought to Hawaii as a cybersecurity expert working for Dell’s services division but due to a problem with the contract was reassigned to become an administrator for the Microsoft intranet management system known as Sharepoint. Impressed with his technical abilities, Snowden’s managers decided that he was the most qualified candidate to build a new web front-end for one of its projects, despite his contractor status. As his coworker tells it, he was given full administrator privileges, with virtually unlimited access to NSA data. “Big mistake in hindsight,” says Snowden’s former colleague. “But if you had a guy who could do things nobody else could, and the only problem was that his badge was green instead of blue, what would you do?”
  • As further evidence that Snowden didn’t hijack his colleagues’ accounts for his leak, the NSA staffer points to an occasion when Snowden was given a manager’s password so that he could cover for him while he was on vacation. Even then, investigators found no evidence Snowden had misused that staffer’s privileges, and the source says nothing he could have uniquely accessed from the account has shown up in news reports.
  • Snowden’s superiors were so impressed with his skills that he was at one point offered a position on the elite team of NSA hackers known as Tailored Access Operations. He unexpectedly turned it down and instead joined Booz Allen to work at NSA’s Threat Operation Center.
  • Another hint of his whistleblower conscience, aside from the telltale hoodie: Snowden kept a copy of the constitution on his desk to cite when arguing against NSA activities he thought might violate it.
  • The source tells me Snowden also once nearly lost his job standing up for a coworker who was being disciplined by a superior.
  • Snowden often left small, gifts anonymously at colleagues’ desks.
  • He frequently walked NSA’s halls carrying a Rubik’s cube–the same object he held to identify himself on a Hong Kong street to the journalists who first met with him to publish his leaks.
  • Snowden’s former colleague says that he or she has slowly come to understand Snowden’s decision to leak the NSA’s files. “I was shocked and betrayed when I first learned the news, but as more time passes I’m inclined to believe he really is trying to do the right thing and it’s not out of character for him. I don’t agree with his methods, but I understand why he did it,” he or she says. “I won’t call him a hero, but he’s sure as hell no traitor.”

via Forbes.com

Read more
President Appoints Top Spy Who Lied to Congress to Lead Review of Surveillance Programs

100809-D-7203C-007.JPGA fox raids a chicken coop, killing all the chickens. With feathers sticking out of the sides of his mouth, stinking of blood, he swears he didn’t do it. He wasn’t even there! Days later, in response to sustained cries of protest from the animals, the farmer commissions an investigation to determine who was responsible for the grisly scene. To the shock and horror of the farm animals, he appoints the fox to lead the investigation. The fox issues a statement pledging to regain the public trust.

The government is the farmer, we are the farm animals, and James Clapper is the fox.

Director of National Intelligence James Clapper, the all-powerful spy infamous for lying to congress about the Section 215 bulk metadata program, will establish a “review group to examine intelligence collection,” the government tells us. This incredible turn of events comes, as Marcy Wheeler points out, only 72 hours after President Obama promised a thorough review of intelligence programs conducted by “outside,” “independent” actors.

James Clapper is about as inside as it gets. As Jameel Jaffer observed on Twitter, appointing Clapper to oversee a review of intelligence programs is akin to assigning the author of the Bush administration torture memos, John Yoo, “to lead [an] independent inquiry into the CIA torture program.”

That’s bad enough. But it gets worse.

When the government announced the Clapper ‘review,’ it offered us this quote from the perjurer himself, describing what his ‘review group’ sets out to do:

The review group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust.

Read that sentence very carefully. Completely absent from the passage is any reference to the legality, democratic compatibility, or constitutionality of the surveillance programs.

Not only is the fox set to investigate the incident at the hen house. He has told us up front that the programs’ impact on civil liberties is not even up for discussion. Instead, the review will assess whether US surveillance programs are thorough enough, and whether they’ll continue ‘advanc[ing] our foreign policy’ interests amidst ‘the risk of unauthorized disclosure.’ (This, I imagine, is code for: How can we keep these programs secret so as not to thoroughly piss off our allies?)

Instead of looking at the ways in which his spy programs kill democracy and obliterate any possibility for political freedom, Clapper admits at the outset that his ‘review group’ will seek to determine whether and how the intelligence agencies can keep a tighter lid on their global surveillance operations.

And then there’s the horrifying kicker. The review group will seek to ‘account for’ one last ‘policy consideration,’ he says: ‘our need to maintain the public trust.’

The public trust! James Clapper!

At least Clapper isn’t totally unaware of what’s going on around him; it’s true that the public does not trust the intelligence apparatus. But while public trust in government is important, more important than trust is a transparent and accountable architecture that deserves to be trusted. Clapper’s announcement of his intention to figure out how to regain the public trust in the absence of even one mention of reforming the spy programs to conform with constitutional or democratic principles is positively chilling. It is an acknowledgement that our government is more interested in appearances than it is in actual accountability. And it suggests that the primary lesson the establishment has learned in the past few months has been that it should do a better job lying to the public — not that it should roll back the monstrous surveillance state.

This statement about ‘the public trust’ makes clear that the administration views the fallout from the Snowden leaks, and American and global outrage over NSA surveillance and government mendacity, as just another public relations war. That’s too bad, because the leaks have in fact ignited a war over the soul of this country, raising absolutely critical questions about the possibility for democracy in the 21st century.

Clapper is set to deliver his interim findings to the President within two months, and will publish a report with recommendations by mid-December. When those recommendations become public, don’t forget who put them together, and what his intentions were from the outset: not to examine the programs’ constitutionality, but rather to figure out how to spin, entrench, and prolong them.

Remember the fox.

via PrivacySOS.com

UPDATE: In a bizarre about-face, the Obama administration is now fiercely denying that Clapper will control the “review group.” Maybe this Huffington Post page pushed them over the edge:


Read more
World of Spycraft: NSA and CIA Spied in Online Games

This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian.

Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.

Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.

The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.

Takeaways: How Spy Agencies Operate In Virtual Worlds

gathering-intelligence-NSA-WOWGATHERING INTELLIGENCE: U.S. and British intelligence agencies — including the Central Intelligence Agency, Defense intelligence agency and Britain’s Government Communications Headquarters — have operated in virtual worlds and gaming communities to snoop and try to recruit informants. For example, according to Snowden documents, the U.S. has conducted spy operations in Second Life (pictured), where players create human avatars to socialize, buy and sell goods and explore exotic virtual destinations. (Second Life image via Linden Lab)
Slideshow: 1 of 5

Online games might seem innocuous, a top-secret 2008 NSA document warned, but they had the potential to be a “target-rich communication network” allowing intelligence suspects “a way to hide in plain sight.” Virtual games “are an opportunity!,” another 2008 NSA document declared.

But for all their enthusiasm — so many CIA, FBI and Pentagon spies were hunting around in Second Life, the document noted, that a “deconfliction” group was needed to avoid collisions — the intelligence agencies may have inflated the threat.

The documents do not cite any counterterrorism successes from the effort, and former American intelligence officials, current and former gaming company employees and outside experts said in interviews that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations.

(Transcript: What are intelligence agencies doing in virtual worlds?)

Games “are built and operated by companies looking to make money, so the players’ identity and activity is tracked,” said Peter W. Singer of the Brookings Institution, an author of “Cybersecurity and Cyberwar: What Everyone Needs to Know.” “For terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.”

The surveillance, which also included Microsoft’s Xbox Live, could raise privacy concerns. It is not clear exactly how the agencies got access to gamers’ data or communications, how many players may have been monitored or whether Americans’ communications or activities were captured.

One American company, the maker of World of Warcraft, said that neither the NSA nor its British counterpart, the Government Communications Headquarters, had gotten permission to gather intelligence in its game. Many players are Americans, who can be targeted for surveillance only with approval from the nation’s secret intelligence court. The spy agencies, though, face far fewer restrictions on collecting certain data or communications overseas.

“We are unaware of any surveillance taking place,” said a spokesman for Blizzard Entertainment, based in Irvine, Calif., which makes World of Warcraft. “If it was, it would have been done without our knowledge or permission.”

A spokeswoman for Microsoft declined to comment. Philip Rosedale, the founder of Second Life and a former chief executive officer of Linden Lab, the game’s maker, declined to comment on the spying revelations. Current Linden executives did not respond to requests for comment.

A Government Communications Headquarters spokesman would neither confirm nor deny any involvement by that agency in gaming surveillance, but said that its work is conducted under “a strict legal and policy framework” with rigorous oversight. An NSA spokeswoman declined to comment.

Intelligence and law enforcement officials became interested in games after some became enormously popular, drawing tens of millions of people worldwide, from preteens to retirees. The games rely on lifelike graphics, virtual currencies and the ability to speak to other players in real time. Some gamers merge the virtual and real worlds by spending long hours playing and making close online friends.

In World of Warcraft, players share the same fantasy universe — walking around and killing computer-controlled monsters or the avatars of other players, including elves, animals or creatures known as orcs. In Second Life, players create customized human avatars that can resemble themselves or take on other personas — supermodels and bodybuilders are popular — who can socialize, buy and sell virtual goods, and go places like beaches, cities, art galleries and strip clubs. In Microsoft’s Xbox Live service, subscribers connect online in games that can involve activities like playing soccer or shooting at each other in space.

According to American officials and documents that Mr. Snowden provided to The Guardian, which shared them with The New York Times and ProPublica, spy agencies grew worried that terrorist groups might take to the virtual worlds to establish safe communications channels.

In 2007, as the NSA and other intelligence agencies were beginning to explore virtual games, NSA officials met with the chief technology officer for the manufacturer of Second Life, the San Francisco-based Linden Lab. The executive, Cory Ondrejka, was a former Navy officer who had worked at the NSA with a top-secret security clearance.

He visited the agency’s headquarters at Fort Meade, Md., in May 2007 to speak to staff members over a brown bag lunch, according to an internal agency announcement. “Second Life has proven that virtual worlds of social networking are a reality: come hear Cory tell you why!” said the announcement. It added that virtual worlds gave the government the opportunity “to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.”

Ondrejka, now the director of mobile engineering at Facebook, said through a representative that the NSA presentation was similar to others he gave in that period, and declined to comment further.

Even with spies already monitoring games, the NSA thought it needed to step up the effort.

“The Sigint Enterprise needs to begin taking action now to plan for collection, processing, presentation and analysis of these communications,” said one April 2008 NSA document, referring to “signals intelligence.” The document added, “With a few exceptions, NSA can’t even recognize the traffic,” meaning that the agency could not distinguish gaming data from other Internet traffic.

By the end of 2008, according to one document, the British spy agency, known as GCHQ, had set up its “first operational deployment into Second Life” and had helped the police in London in cracking down on a crime ring that had moved into virtual worlds to sell stolen credit card information. The British spies running the effort, which was code-named “Operation Galician,” were aided by an informer using a digital avatar “who helpfully volunteered information on the target group’s latest activities.”

Though the games might appear to be unregulated digital bazaars, the companies running them reserve the right to police the communications of players and store the chat dialogues in servers that can be searched later. The transactions conducted with the virtual money common in the games, used in World of Warcraft to buy weapons and potions to slay monsters, are also monitored by the companies to prevent illicit financial dealings.

In the 2008 NSA document, titled “Exploiting Terrorist Use of Games & Virtual Environments,” the agency said that “terrorist target selectors” — which could be a computer’s Internet Protocol address or an email account — “have been found associated with Xbox Live, Second Life, World of Warcraft” and other games. But that document does not present evidence that terrorists were participating in the games.

Still, the intelligence agencies found other benefits in infiltrating these online worlds. According to the minutes of a January 2009 meeting, GCHQ’s “network gaming exploitation team” had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players — potential targets for recruitment as agents.

At Menwith Hill, a Royal Air Force base in the Yorkshire countryside that the NSA has long used as an outpost to intercept global communications, American and British intelligence operatives started an effort in 2008 to begin collecting data from World of Warcraft.

One NSA document said that the World of Warcraft monitoring “continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.” In other words, targets of interest appeared to be playing the fantasy game, though the document does not indicate that they were doing so for any nefarious purposes. A British document from later that year said that GCHQ had “successfully been able to get the discussions between different game players on Xbox Live.”

By 2009, the collection was extensive. One document says that while GCHQ was testing its ability to spy on Second Life in real time, British intelligence officers vacuumed up three days’ worth of Second Life chat, instant message and financial transaction data, totaling 176,677 lines of data, which included the content of the communications.

For their part, players have openly worried that the NSA might be watching them.

In one World of Warcraft discussion thread, begun just days after the first Snowden revelations appeared in the news media in June, a human death knight with the user name “Crrassus” asked whether the NSA might be reading game chat logs.

“If they ever read these forums,” wrote a goblin priest with the user name “Diaya,” “they would realize they were wasting” their time.

Even before the American government began spying in virtual worlds, the Pentagon had identified the potential intelligence value of video games. The Pentagon’s Special Operations Command in 2006 and 2007 worked with several foreign companies — including an obscure digital media business based in Prague — to build games that could be downloaded to mobile phones., according to people involved in the effort. They said the games, which were not identified as creations of the Pentagon, were then used as vehicles for intelligence agencies to collect information about the users.

The SAIC headquarters in McLean, Va., and the company’s island in Second Life. (The Meridian Group, SAIC)

Eager to cash in on the government’s growing interest in virtual worlds, several large private contractors have spent years pitching their services to American intelligence agencies. In one 66-page document from 2007, part of the cache released by Mr. Snowden, the contracting giant SAIC promoted its ability to support “intelligence collection in the game space,” and warned that online games could be used by militant groups to recruit followers and could provide “terrorist organizations with a powerful platform to reach core target audiences.”

It is unclear whether SAIC received a contract based on this proposal, but one former SAIC employee said that the company at one point had a lucrative contract with the CIA for work that included monitoring the Internet for militant activity. An SAIC spokeswoman declined to comment.

In spring 2009, academics and defense contractors gathered at the Marriott at Washington Dulles International Airport to present proposals for a government study about how players’ behavior in a game like World of Warcraft might be linked to their real-world identities. “We were told it was highly likely that persons of interest were using virtual spaces to communicate or coordinate,” said Dmitri Williams, a professor at the University of Southern California who received grant money as part of the program.

After the conference, both SAIC and Lockheed Martin won contracts worth several million dollars, administered by an office within the intelligence community that finances research projects.

It is not clear how useful such research might be. A group at the Palo Alto Research Center, for example, produced a government-funded study of World of Warcraft that found “younger players and male players preferring competitive, hack-and-slash activities, and older and female players preferring noncombat activities,” such as exploring the virtual world. A group from the nonprofit SRI International, meanwhile, found that players under age 18 often used all capital letters both in chat messages and in their avatar names.

Those involved in the project were told little by their government patrons. According to Nick Yee, a Palo Alto researcher who worked on the effort, “We were specifically asked not to speculate on the government’s motivations and goals.”

Andrew W. Lehren contributed reporting.

Transcript: What are intelligence agencies doing in virtual worlds? ProPublica reporter Justin Elliott, New York Times reporter Mark Mazzetti and The Guardian’s James Ball discussed #SpyGames with our readers. Like this story? Get more great ProPublica journalism by signing up for our email newsletter.

via ProPublica

Read more

Local police departments are now receiving a FBI document painting “9/11 truthers” as potential terrorists.

Michael Jackson 1 Day Before Death: A ‘Group of People’ Want to ‘Get Rid of Me’, DoD Whistleblower Confirms

Ben Fulford Updates, Project Camelot Updates

Grid ShutDown Reminder! Recent Warnings of ‘Castestrophic’ Event Corroborated?


***Navy Yard Shooting – False Flag Indicators List Begins***


Aaron Alexis taking Anti-Psychotic / Anti-Depressant ??

Aaron Alexis had filed police report about microwave technology (ELF) being used against him

Aaron Alexis Carved ‘My ELF Weapon’ on the Stock of his Shotgun

Insiders Claim Onsite SWAT Officers at Navy Yard were given ‘Stand Down’ Orders

Possible leak of ‘story’ online before event happened..?


**NSA Updates**

Torvalds On Being Asked to Insert a U.S. Government Back Door Into Linux Kernel

How Tech Companies Could Foil the NSA Gag-Order – Use A Dead Man’s Switch

DOJ to Journalist: ‘Unless you Kill your Story, We’re Giving the Answers to Your Questions to Another Reporter’


**High Tech Exploitation**

NASA and DHS developing a heartbeat detector for use in search and rescue

Apple Fingerprint Scanning – Hackathon begins

Golden-Eye Energy Beam being developed by Nato Scientists

DropBox Documents Opening Automatically – Hacker Sniffs Out Strange Connections


1st Hour

2nd Hour

Read more
Whitehouse ‘Panel’ Is Dead Before It Even Starts – Lacks Tech And Telco Execs


As part of his promises regarding better oversight of the National Security Agency, President Obama called for expert external opinion on where the lines of privacy should be drawn:

Fourth, we’re forming a high-level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in the haystack of global telecommunications. And meanwhile, technology has given governments — including our own — unprecedented capability to monitor communications. – President Obama.

And yet, no. Obama’s panel is not a set of outsiders in the slightest. As some have pointed out in recent days, the group is instead a slurry of insiders, former insiders, and a previous colleague of the president’s.

Member Michael Morell is from the CIA, Richard Clarke is former national security, Cass Sunstein is ex-Obama White House, Peter Swire was part of the Clinton administration, and Geoffrey Stone is also University Chicago stock, same as the president.

Stone, at a minimum, is part of the ACLU, and thus might have a bit of a backbone on the privacy side of things. But the group is surprisingly un-outsidery, and hardly undogmatic. This has not gone unnoticed. However, something that fewer have noticed is that the group contains no technology or telecom folk.

This is almost comical, as we are arguing over digital and telephonic surveillance. PRISM, tapping of fiber-optic cables, storing the nation’s phone records, and forcing telcos to send huge swatches of the Internet to the NSA, and yet not a single voice from the industries impacted will take part.

In the age of cynicism, this must be a high point.

The group is in fact a good mix of people from the establishment who have perspectives on security, but it is utterly incomplete. To exclude from the conversation companies that are directly impacted by the NSA — bullied is probably a better word — is to silence possible dissent. And that is the opposite of open, or fair.

Not that in this discussion there has been much proffered openness of fairness, but when the president assembles a panel of “outsiders” to examine current policy, one could hope for a bit of each. In the assembled group, those in favor of curtailing the NSA’s surveillance activities couldn’t win a voice vote. That’s not so good, really.

If we are going to legally force tech and telco firms to hand over private information of regular folks, they deserve a hand in the discussion. Unless, naturally, the meetings are a sham in the hopes of quieting public outrage and dissent. In that case, a few former insiders can be tossed together for a chat that will mean little and accomplish less. Which appears to be the case.

At each stage of the NSA revelation saga, the government has obfuscuated or offered little. This is another example of the latter.

via TechCrunch

Read more
CENSORED: Nothing Better to Do – The NSA Goes After Parody T-Shirts

Throughout history, one of the ways in which the human spirit has overcome or dealt with the brutish forces of authoritarian regimes has been through the use of humor. As such, it is no surprise that clever Americans from sea to shining sea have figured out ways to mock the NSA while also making a dollar or two. One of these folks is Dan McCall, founder of politically themed T-shirt company Liberty Maniacs. Several days after the spy scandal erupted, Dan created a shirt that read NSA: The only part of the government that actually listens. See below:


Pretty hilarious right? Well, the NSA didn’t find it particularly funny and, in fact, according to the Daily Dot this is what happened:

“Within an hour or two,” as McCall told the Daily Dot, Zazzle emailed him to say the shirt had been removed from the Zazzle site. (Zazzle didn’t respond to the Daily Dot’s request for comment, nor did the NSA.

Zazzle’s first email, which McCall forwarded to the Daily Dot, said in part:

Unfortunately, it appears that your product, The NSA, contains content that is in conflict with one or more of our acceptable content guidelines.

We will be removing this product from the Zazzle Marketplace shortly. …

Result: Not Approved

Policy Notes: Design contains an image or text that may infringe on intellectual property rights. We have been contacted by the intellectual property right holder and we will be removing your product from Zazzle’s Marketplace due to infringement claims.


McCall, who says he’d worked with Zazzle for five years, asked for an explanation, but when the company responded June 11, the distributor didn’t share much more:

Unfortunately, it appears that your product, ” the nsa”, does not meet Zazzle Acceptable Content Guidelines. Specifically, your product contained content which infringes upon the intellectual property rights of National Security Agency.

We have been contacted by legal representatives from the National Security Agency, and at their request, have removed the product from the Zazzle Marketplace.

The NSA: Protecting Americans from terrorists, nuclear war and funny t-shirts since 1952.

via DailyDot

Read more