May 19, 2014 | Abuses of Power, Black Technology, Leaks
Below is a listing of nicknames and codewords related to US Signals Intelligence (SIGINT) and Communications Security (COMSEC). Most of them are from the NSA, some are from other government or military agencies. Some of them also have an abbreviation which is shown in brackets.
NICKNAMES are generally unclassified. NSA uses single word nicknames, outside NSA they usually consist of two separate words, with the first word selected from alphabetical blocks that are assigned to different agencies by the Joint Staff. Usually, nicknames are printed using all capital letters.
CODEWORDS are always classified and always consist of a single word. Active codewords, or their three-letter abbreviations, which identify a classification compartment always need to be shown in the classification or banner line. Normally, codewords are printed using all capital letters.
Due to very strict secrecy, it’s not always clear whether we see a nickname or a codeword, but terms mentioned in public sources like job descriptions are of course unclassified nicknames.
Please keep in mind that a listing like this will always be work in progress (this list has been copied on some other websites and forums, but only this one is being updated frequently!).
See also the lists of Abbreviations and Acronyms and GCHQ Nicknames and Codewords
A
ACIDWASH – Covert access point for a mobile phone network in Afghanistan
ACORN – Retired SIGINT product codeword
ACCORDIAN – Type 1 Cryptographic algorithm used in a number of crypto products
AETHER – ONI tool “to correlate seemingly disparate entities and relationships, to identify networks of interest, and to detect patterns”
AGILITY – NSA internet information tool or database
AGILEVIEW – NSA internet information tool or database
AIRGAP – Database which deals with priority DoD missions
AIRHANDLER – NSA-G operations center for producing intelligence from Afghanistan
AIRSTEED – Cell phone tracking program of the Global Access Operations (GAO)
AIRWOLF – ?
ALAMITO – The mission of Mexico at the United Nations in New York
ALPHA – Retired SIGINT Exchange Designator for Great Britain
ALTEREGO – A type of Question-Focused Dataset based on E.164
AMBERJACK – SIGINT/EW collection and exploitation system
AMBLE – Retired SIGINT product codeword
AMBULANT (AMB) – SI-ECI compartment related to the BULLRUN program
ANCHORY – NSA software system which provides web access to textual intelligence documents
ANGRYNEIGHBOR – Family of radar retro-reflector tools used by NSA’s TAO division
APALATCHEE – The EU mission in New York
APERIODIC – SI-ECI compartment related to the BULLRUN program
APEX – IP packet reconstruction tool(?)
APPLE1 – Upstream collection site
APSTARS – NSA tool that provides “semantic integration of data from multiple sources in support of intelligence processing”
ARKSTREAM – Implant used to reflash BIOS, installed by remote access or intercepted shipping
ARTIFICE – SSO corporate partner (foreign?)
AUTOSOURCE – NSA tool or database
AQUACADE – A class of SIGINT spy satellites (formerly RHYOLITE)
AQUADOR – Merchant ship tracking tool
ARCA – SIGINT Exchange Designator for ?
ARGON – Satellite mapping program
ARTIFICE – SSO corporate partner under the STORMBREW program
ASPHALT – Project to increase the volume of satellite intercepts at Menwith Hill Station
ASPHALT-PLUS – See above
ASSOCIATION – NSA analytical tool or database
ATALANTA – EU anti-piracy operation
ATLAS – CSEC database
AUNTIE – SI-ECI compartment related to the BULLRUN program
AUTO ASSOCIATION – Second party database
B
BAMBOOSPRING – ?
BANANAGLEE – Software implant that allows remote Jetplow firmware installation
BANISTER – The Columbian trade bureau in New York
BANYAN – NSA tactical geospatial correlation database
BASECOAT – Program targeting the mobile phone network on the Bahamas
BASTE – Retired SIGINT product codeword
– Type 1 Block cipher algorithm, used with many crypto products
BEACHHEAD – Computer exploit delivered by the FERRETCANON system
BEAMER – ?
BELLTOPPER – NSA database
BELLVIEW – SIGINT reporting tool
– List of personnel cleared for access to highly sensitive information or operations
BINOCULAR – Former NSA intelligence dissemination tool
BIRCHWOOD – Upstream collection site
BLACKBOOK – ODNI tool for large-scale semantic data analysis
BLACKFOOT – The French mission at the United Nations in New York
BLACKHEART – Collection through FBI implants
BLACKMAGIC – NSA database or tool
BLACKPEARL – NSA database of survey/case notations(?)
BLACKWATCH – NSA reporting tool
– Program for intercepting phone and internet traffic at switches in the US (since 1978)
BLINDDATE – Hacking tools for WLAN collection, plus GPS
BLUEANCHOR – Partner providing a network access point for the YACHTSHOP program
BLUEFISH (BLFH) – Compartment of the KLONDIKE control system
BLUEZEPHYR – Sub-program of OAKSTAR
BOOTY – Retired SIGINT product codeword
– DNI and DNR metadata visualization tool
BOURBON – Joint NSA and GCHQ program for breaking Soviet encryption codes (1946-?)
BROKENRECORD – NSA tool
BROKENTIGO – Tool for computer network operations
BROADSIDE – Covert listening post in the US embassy in Moscow
BROOMSTICK – ?
BRUNEAU – Operation against the Italian embassy in Washington DC using LIFESAVER techniques
BRUTUS – Tool or program related to MARINA
BUFFALOGREEN – The name ORANGECRUSH was known to Polish partners
BULLDOZER – PCI bus hardware implant on intercepted shipping
– An NSA COI for decryption of network communications
BULLSEYE – NSG High-Frequency Direction-Finding (HF-DF) network (now called CROSSHAIR)
(BYE) – Retired SCI control system for overhead collection systems (1961-2005)
BYZANTINE – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare
BYZANTINE ANCHOR (BA) – A group of Chinese hackers which compromised multiple US government and defense contractor systems since 2003
BYZANTINE CANDOR (BC) – A group of Chinese hackers which compromised a US-based ISP and at least one US government agency
BYZANTINE FOOTHOLD (BF) – A group of Chinese hackers who attacked various international companies and internet services providers
BYZANTINE HADES (BH) – A concerted effort against Chinese hackers who attacked the Pentagon and military contractors. Probably renamed to the LEGION-series
C
CADENCE – NSA database with tasking dictionaries
CAJABLOSSOM – Automated system for analysing and profiling internet browsing histories
CALYPSO – Remote SATCOM collection facility
CANDYGRAM – Laptop mimicking GSM cell tower, sends out SMS whenever registered target enters its area, for tracking and ID of targets
– Class of COMINT spy satellites (1968-1977)
CANOE – Retired SIGINT product codeword
CANNON LIGHT – Counterintelligence database of the US Army
CAPRICORN – (former?) database for voice data
CAPTIVATEDAUDIENCE – Computer implant plug-in to take over a targeted computer’s microphone and record conversations taking place near the device
CARBOY – Second Party satellite intercept station at Bude, England
CARBOY II – Units of ECHELON which break down satellite links into telephone and telegraph channels
CARILLON – NSA high performance computing center, since 1976 made up of IBM 360s and later four IBM 3033s
CASport – NSA user authorization service
– Computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community
CENTER ICE – Data center for the exchange of intelligence regarding Afghanistan among the members of the 14-Eyes/SSEUR
CENTERMASS – NSA tool or database
CERF CALL MOSES1 – Contact Event Record Format – for certain telephony metadata
CHALKFUN – Analytic tool, used to search the FASCIA database
CHASEFALCON – Major program of the Global Access Operations (GAO)
CHEER – Retired SIGINT product codeword
CHESS – Compartment of TALENT KEYHOLE for the U-2 spy plane
CHEWSTICK – NSA tool or database
CHIMNEYPOOL – Framework or specification of GENIE-compliance for hardware/software implants
CHIPPEWA – Some communications network, involving Israel
CHUTE – Retired SIGINT product codeword
CIMBRI – Probably a metadata database
CINEPLEX – NSA tool or database
CLASSIC BULLSEYE – Worldwide ocean SIGINT surveillance system (1960’s-?)
CLEVERDEVICE – Upstream collection site
CLOUD – NSA database
COASTLINE – NSA tool or database
COBALTFALCON – Sub-program of OAKSTAR
COBRA FOCUS – NSA-G operations center for producing intelligence from Iraq
COGNOS – NSA tool or database
CORDOBA – Type 2 Cryptographic algorithm used in a number of crypto chips
COMBAT SENT – Reconaissance operation
COMMONDEER – Computer exploit for looking whether a computer has security software
COMMONVIEW – NSA database or tool
CONFIRM – NSA database for personell access
CONJECTURE – Network compatible with HOWLERMONKEY
CONTRAOCTAVE – NSA telephony tasking database Used to determine ‘foreigness’
CONVEYANCE – Voice content ingest processor
COPILOT – System that automatically scans digital data for things like language, phone and creditcard numbers and attachments
COPSE – Retired SIGINT product codeword
CORALINE – NSA satellite intercept station at Sabena Seca at Puerto Rico (closed)
CORALREEF – Database for VPN crypto attack data
– A series of photographic surveillance satellites (1959-1972)
CO-TRAVELER – Set of tools for finding unknown associates of intelligence targets by tracking movements based upon cell phone locations
COTTONMOUTH (CM) – Computer implant devices used by NSA’s TAO division
COTTONMOUTH-I (CM-I) – USB hardware implant providing wireless bridge into target network and loading of exploit software onto target PCs, formerly DEWSWEEPER
COTTONMOUTH-II (CM-II) – USB hardware host tap provides covert link over USP into target’s network co-located with long haul relay; dual-stacked USB connector, consists of CM-I digital hardware plus long haul relay concealed in chassis; hub with switches is concealed in a dual stacked USB connector and hard-wired to provide intra-chassis link.
COTTONMOUTH-III (CM-III) – Radio Frequency link for commands to software implants and data infiltration/exfiltration, short range inter-chassis link within RJ45 Dual Stacked USB connector
COURIERSKILL – NSA Collection mission system
COWBOY – The DICTIONARY computer used at the Yakima station of ECHELON
CRANKSHAFT – Codename for Osama bin Laden
CREAM – Retired SIGINT product codeword
CREDIBLE – Transport of intelligence materials to partner agencies
CREST – Database that automatically translates foreign language intercepts in English
CRISSCROSS – Database of telecommunications selectors
CROSSBEAM – GSM module mating commercial Motorola cell with WagonBed controller board for collecting voice data content via GPRS (web), circuit-switched data, data over voice, and DTMF to secure facility, implanted cell tower switch
CROSSHAIR – NSG High-Frequency Direction-Finding (HF-DF) network (formerly BULLSEYE)
CROSSBONES – Analytic tool
CRUMPET – Covert network with printer, server and desktop nodes
CULTWEAVE – Smaller size SIGINT database
CYBERTRANS – A common interface to a number of underlying machine translation systems
CYCLONE Hx9 – Base station router, network in a box using Typhon interface
D
DAFF – Codeword for products of satellite imagery
DAMEON – Remote SATCOM collection facility
DANCINGOASIS (DGO) – SSO program collecting data from fiber optic cables between Europe and the Far East (since 2011)
DANDERSPRITZ – Software tool that spoofs IP and MAC addresses, intermediate redirector node
DANGERMOUSE – Tactical SIGINT collecting system for like cell phone calls
DARDANUS – Remote SATCOM collection facility
DAREDEVIL – Shooter/implant as part of the QUANTUM system
DARKTHUNDER – SSO Corporate/TAO Shaping program
DARKQUEST – Automated FORNSAT survey system
DAUNT – Retired SIGINT product codeword
DECKPIN – NSA crisis cell activated during emergencies
DEEPDIVE – An XKEYSCORE related method
DEITYBOUNCE – Provides implanted software persistence on Dell PowerEdge RAID servers via motherboard BIOS using Intel’s System Management Mode for periodic execution, installed via ArkStream to reflash the BIOS
DELTA – Former SCI control system for intercepts from Soviet military operations
DENIM – Retired SIGINT product codeword
DESPERADO – NSA software tool to prepare reports
DEWSWEEPER – Technique to tap USB hardware hosts
DIKTER – SIGINT Exchange Designator for Norway
DINAR – Retired compartment for intercepts from foreign embassies in Washington
DIONYSUS – Remote SATCOM collection facility
DIRESCALLOP – Method to circumvent commercial products that prevent malicious software from making changes to a computer system
DISCOROUTE – A tool for targeting passively collected telnet sessions
– NSA database for text messages (SMS)
DISTANTFOCUS – A pod for tactical SIGINT and precision geolocation (since 2005)
DIVERSITY – SIGINT Exchange Designator for ?
DOBIE – The South African consulate and mission at the UN in New York
DOCKETDICTATE – Something related to NSA’s TAO division
DOGCOLLAR – A type of Question-Focussed Dataset based on the Facebook display name cookie
DOGHUT – Upstream collection site
DOUBLEARROW – One of NSA’s voice processing databases?
DRAGGABLEKITTEN – An XKEYSCORE Map/Reduce analytic
DREADNOUGHT – NSA operation focused on Ayatollah Khamenei
– Passive collection of emanations (e.g. from printers or faxes) by using a radio frequency antenna
DROPOUTJEEP – STRAITBIZARRE-based software implant for iPhone, initially close access but later remotely
– System for processing data from mobile communication networks
DRUID – SIGINT Exchange Designator for third party countries
– A US military numeral cipher/authentication system
DRYTORTUGAS – Analytic tool
DYNAMO – SIGINT Exchange Designator for Denmark
E
EAGLE – Upstream collection site
– A SIGINT collection network run by Australia, Canada, New Zealand, the United Kingdom, and the United States
ECHO – SIGINT Exchange Designator for Australia
ECRU (EU) – Compartment of the ENDSEAL control system
EDEN – Upstream collection site
EGOTISTICALGIRAFFE (EGGI) – NSA program for exploiting the TOR network
EGOTISTICALGOAT (EGGO) – NSA tool for exploiting the TOR network
EIDER – Retired SIGINT product codeword
EINSTEIN – Cell phone network intercepting equipment used by SCS units
– Intrusion detection system for US government network gateways (deployed in 2004)
EINSTEIN 2 – Second version of the EINSTEIN program for detecting malicious network activity
EINSTEIN 3 – Third version of the EINSTEIN program that will monitor government computer traffic on private sector sites too
ELEGANTCHAOS – Large scale FORNSAT data analysis system
EMBRACEFLINT – Tool for computer network operations
ENDSEAL (EL) – SCI control system
ENDUE – A COI for sensitive decrypts of the BULLRUN program
ENTOURAGE – Directional finder for line of bearing for GSM, UMTS, CDMA, FRS signals, works with NEBULA active interrogator within GALAXY program
EPICSHELTER – Sophisticated data backup system designed by Edward Snowden
ERRONEOUSINGENUITY (ERIN) – NSA tool for exploiting the TOR network
EVENINGEASEL – Program for surveillance of phone and text communications from Mexico’s cell phone network
EVILOLIVE – Iinternet geolocation tool
EVOLVED MUTANT BROTH – Second party database
EYESPY – System that scans data for logos of companies, political parties and other organizations, as well for pictures with faces for facial recognition
F
FACELIFT – Codeword related to NSA’s Special Source Operations division
– NSA corporate partner with access to international cables, routers, and switches (since 1985)
FAIRVIEWCOTS – System for processing telephony metadata collected under the FAIRVIEW program
FALLENORACLE – NSA tool or database
FALLOUT – DNI metadata ingest processor/database
– DNR metadata ingest processor/database
FASCINATOR – Series of Type 1 encryption modules for Motorola digital-capable voice radios
FASHIONCLEFT (FC) – Wrapper used to exfiltrate data of VPN and VoIP communications
FASTBAT – Telephony related database?
FASTFOLLOWER – Tool to identify foreign agents who might tail American case officers overseas by correlating cellphone signals
FASTSCOPE – NSA database
FEEDTROUGH – Software implant for unauthorized access to Juniper firewall models N5XT, NS25, NS50, NS200, NS500, ISG1000
FERRETCANON – Subsystem of the FOXACID system
FINKDIFFERENT (FIDI) – Tool used for exploiting TOR networks
FIRE ANT – Open Source visualisation tool
– NSA key generation scheme, used for exchanging EKMS public keys
FIRETRUCK – SIGINT tool or database
FIREWALK -Bidirectional network implant, passive gigabit ethernet traffic collector and active ethernet packet injector within RJ45 Dual Stacked USB connector, digital core used with HOWLERMONKEY, formerly RADON
– NSA program for securing commercial smartphones
FLARE – Retired SIGINT product codeword
FLATLIQUID – TAO operation against the office of the Mexican president
FLEMING – The embassy of Slovakia in Washington DC
FLINTLOCK – The DICTIONARY computer used at the Waihopai station of ECHELON
FLUXBABBITT – Hardware implant for Dell PowerEdge RAID servers using Xeon processors
FOGGYBOTTOM – Computer implant plug-in that records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts
FOREMAN – Tactical SIGINT database? Used to determine ‘foreigness’
FOURSCORE – (former?) database for fax and internet data
FOXACID (FA?) – System of secret internet servers used to attack target computers
FOXSEARCH – Tool for monitoring a QUANTUM target which involves FOXACID servers
FOXTRAIL – NSA tool or database
FRIARTUCK – VPN Events tool or database (CSEC?)
FREEFLOW-compliant – Supported by TURBULENCE architecture
FREEZEPOST – Something related to NSA’s TAO division
FRONTO – Retired SIGINT Exchange Designator for ?
FROSTBURG – Connection Machine 5 (CM-5) supercomputer, used by NSA from 1991-1997
FROTH – Retired SIGINT product codeword
FRUGALSHOT – FOXACID servers for receiving callbacks from computers infected with NSA spying software
G
GALACTICHALO – Remote SATCOM collection facility
GALAXY – Find/fix/finish program of locating signal-emitting devices of targets
GAMMA (G) – Compartment for highly sensitive communication intercepts
GAMUT – NSA collection tasking tool or database
GARLIC – The NSA satellite intercept station at Bad Aibling (Germany)
GATEKEEPER – NSA user account management system
GAVEL – Retired SIGINT product codeword
GECKO II – System consisting of hardware implant MR RF or GSM, UNITEDRAKE software implant, IRONCHEF persistence back door
GEMINI – Remote SATCOM collection facility
GENESIS – Modified GSM handset for covert network surveys, recording of RF spectrum use, and handset geolocation based on software defined radio
GENIE – Overall close-access program, collection by Sigads US-3136 and US-3137
GHOSTMACHINE – NSA’s Special Source Operations cloud analytics platform
GINSU – Provides software persistence for the CNE implant KONGUR having PCI bus hardware implant BULLDOZER on MS desktop PCs
GILGAMESH – Predator-based NSA geolocation system used by JSOC
GISTQEUE (GQ) – NSA software or database
GJALLER – NSA tool or database
GLINT – Retired SIGINT product codeword
GLOBALBROKER – NSA tool or database
GM-PLACE – Database for the BOUNDLESSINFORMANT tool
GODLIKELESION – Modernization program for NSA’s European Technical Center (ETC) in Wiesbaden in 2011
GODSURGE – Runs on FLUXBABBITT circuit board to provide software persistence by exploiting JTAG debugging interface of server processors, requires interdiction and removal of motherboard of JTAG scan chain reconnection
GOPHERSET – Software implant on GMS SIM phase 2+ Toolkit cards that exfiltrates contact list, SMS and call log from handset via SMS to user-defined phone; malware loaded using USB smartcard reader or over-the-air.
GOSSAMER – SIGINT/EW collection and exploitation system
GOTHAM – Processor for external monitor recreating target monitor from red video
GOURMETTROUGH – Configurable implant for Juniper NetScreen firewalls including SSG type, minimal beaconing
GOUT – Subcompartment of GAMMA for intercepts of South Vietnamese government communications
GOVPORT – US government user authentication service
GRAB – SIGINT satellite program
GREY FOX – The 2003 covername of the Mission Support Activity (MSA) of JSOC
GREYSTONE (GST) – CIA’s highly secret rendition and interrogation programs
GROK – Computer implant plug-in used to log keystrokes
GUMFISH – Computer implant plug-in to take over a computer’s webcam and snap photographs
GUPY – Subcompartment of GAMMA for intercepts from Soviet leadership car phones (1960’s-70’s)
H
HALLUXWATER – Software implant as boot ROM upgrade for Huawei Eudemon firewalls, finds patch points in inbound packet processing, used in O2, Vodafone and Deutsche Telekom
HAMMERCHANT – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
HAMMERMILL – Insertion Tool controls HEADWATER boot ROM backdoor
HAMMERSTEIN – Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
HAPPYFOOT – Program that intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks
HARD ASSOCIATION – Second party database
– An IBM supercomputer used by NSA from 1962-1976
HAVE BLUE – Development program of the F-117A Stealth fighter-bomber
HAVE QUICK (HQ) – Frequency-hopping system protecting military UHF radio traffic
HEADWATER – Permanent backdoor in boot ROM for Huawei routers stable to firmware updates, installed over internet, capture and examination of all IP packets passing through host router, controlled by Hammermill Insertion Tool
HEMLOCK – Operation against the Italian embassy in Washington DC using HIGHLANDS techniques
HERCULES – CIA terrorism database
HERETIC – NSA tool or database
HEREYSTITCH – Collaboration program between NSA units T1222 and SSG
HERMOS – Joint venture between the German BND and another country with access for NSA (2012)
HERON – Retired SIGINT product codeword
HIGHCASTLE – Tactical database?
HIGHLANDS – Technique for collection from computer implants
HIGHTIDE – NSA tool or database
HOBGOBLIN – NSA tool or database
HOLLOWPOINT – Software defined radio platform
HOMEBASE – Database which allows analysts to coordinate tasking with DNI mission priorities
HOMEMAKER – Upstream collection site
HOMINGPIGEON – Program to intercept communications from airplane passengers
HOTZONE – ?
HOWLERMONKEY (HM) – Generic radio frequency (RF) transceiver tool used for various applications
HUFF – System like FOXACID?
HYSON – Retired SIGINT product codeword
I
ICEBERG – Major NSA backbone project
ICREACH – Tool that uses telephony metadata
IDITAROD (IDIT) – Compartment of the KLONDIKE control system
INCENSER – A joint NSA-GCHQ high-volume cable tapping operation, part of the WINDSTOP program
INDIA – SIGINT Exchange Designator for New Zealand (retired)
– Satellite intercept station near Khon Khaen, Thailand (1979-ca. 2000)
INTREPID SPEAR – The 2009 covername of the Mission Support Activity (MSA) of JSOC
– Series of ELINT and COMINT spy satellites (since 2009)
IRATEMONK – Hard drive firmware providing software persistence for desktops and laptops via Master Boot Record substitution, for Seagate Maxtor Samsung file systems FAR NRFS EXT3 UFS, payload is implant installer, shown at internet cafe
IRONAVENGER – NSA hacking operation against an ally and an adversary (2010)
IRONCHEF – Provides access persistence back door exploiting BIOS and SMM to communicate with a 2-way RF hardware implant
IRONSAND – Second Party satellite intercept station in New Zealand
ISHTAR – SIGINT Exchange Designator for Japan (retired)
ISLANDTRANSPORT – Internal messaging service, as part of the QUANTUM system
IVORY – Retired SIGINT product codeword
IVY BELLS – NSA, CIA and Navy operation to place wire taps on Soviet underwater communication cables
J
JACKKNIFE – The NSA satellite intercept station at Yakima (US)
JACKPOT – Internal NSA process improvement program (early 1990s – early 2000s)
JETPLOW – Persistent firmware back door for Cisco PIX and ASA firewall and routers, modifies OS at boot time
JOLLYROGER – NSA database
JOSEKI-1 – Classified Suite A algorithm
JOURNEYMAN – Major NSA backbone project
JUGGERNAUT – Ingest system for processing signals from (mobile?) phone networks
– Class of SIGINT reconnaissance satellites (1971-1983)
JUNIORMINT – Implant digital core, either mini printed circuit board or ultra-mini Flip Chip Module, contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories
K
KAMPUS – SIGINT Exchange Designator for ? (retired)
KANDIK (KAND) – Compartment of the KLONDIKE control system
KARMA POLICE – Second party database
KATEEL – The Brazilian embassy in Washington
KEA – Asymmetric-key Type 2 algorithm used in products like Fortezza, Fortezza Plus
KEELSON – Internet metadata processing system
KEYCARD – Database for VPN key exchange IP packet addresses
KEYRUT – SIGINT Exchange Designator for ? (retired)
KILTING – ELINT database
KIMBO – Retired SIGINT product codeword
KLIEGLIGHT (KL) – Tactical SIGINT reports
KLONDIKE (KDK) – Control system for sensitive geospatial intelligence
KLONDIKE – The embassy of Greece in Washington DC
KNIGHTHAWK – Probably a military SIGINT tool
– Method for summarizing very large textual data sets
KONGUR – Software implant restorable by GINSU after OS upgrade or reinstall
KRONE – Retired SIGINT product codeword
L
(LAC) – Retired NSA dissemination control marking
LADYLOVE – The NSA satellite intercept station at Misawa, Japan (since 1982)
LANYARD – Reconaissance satellite program
LARUM – Retired SIGINT product codeword
LEGION AMBER – Chinese hacking operation against a major US software company
LEGION JADE – A group of Chinese hackers
LEGION RUBY – A group of Chinese hackers
LEGION YANKEE – Chinese hacking operation against the Pentagon and defense contractors (2011)
LEMONWOOD – NSA satellite intercept station in Thailand
LEXHOUND – Tool for targeting social networking?
LIBERTY – First word of nicknames for collection and analysis programs used by JSOC and other sensitive DOD activities
LIBERTY BLUE – Modified RC-12 Guardrail surveillance airplane used by JSOC’s Mission Support Activity (MSA)
LIFESAVER – Technique which images the hard drive of computers
LIONSHARE – Internal NSA process improvement program (2003-2008)
LITHIUM – Facility to filter and gather data at a major (foreign?) telecommunications company under the BLARNEY program
LODESTONE – NSA’s CRAY-1 supercomputer
LOGGERHEAD – Device to collect contents of analog cell phone calls (made by Harris Corp.)
LOMA – SCI control system for Foreign Instrumentation and Signature Intelligence
LOPERS – Software application for Public Switched Telephone Networks or some kind of hardware
LOUDAUTO – An ANGRYNEIGHBOR radar retro-reflector, microphone captures room audio by pulse position modulation of square wave
M
MACHINESHOP – ?
MADCAPOCELOT – Sub-program of STORMBREW for collection of internet metadata about Russia and European terrorism
MAESTRO-II – Mini digital core implant, standard TAO implant architecture
MAGIC – Codeword for decrypted high-level diplomatic Nazi messages
– A keystroke logging software developed by the FBI
MAGNES – Remote SATCOM collection facility
MAGNETIC – Technique of sensor collection of magnetic emanations
– Series of SIGINT spy satellites (since 1985)
MAGOTHY – The embassy of the European Union in Washington DC
MAILORDER – Data transfer tool (SFTP-based?)
– Federal database of personal and financial data of suspicious US citizens
– NSA database of bulk phone metadata
MANASSAS – Former NSA counter-encryption program, succeeded by BULLRUN
– NSA database of bulk internet metadata
MARKHAM – NSA data system?
MARTES – NSA software tool to prepare reports
MASTERLINK – NSA tasking source
MASTERSHAKE – NSA tool or database
MATRIX – Some kind of data processing system
MAYTAG – Upstream collection site
MEDLEY – Classified Suite A algorithm
MENTOR – Class of SIGINT spy satellites (since 1995)
MERCED – The Bulgarian embassy in Washington DC
MERCURY – Soviet cipher machine partially exploited by NSA in the 1960’s
MERCURY – Remote SATCOM collection facility
MESSIAH – NSA automated message handling system
METAWAVE – Warehouse of unselected internet metadata
METROTUBE – Analytic tool for VPN data
METTLESOME – NSA Collection mission system
MIDAS – Satellite program
MIDDLEMAN – TAO covert network
MILKBONE – Question-Focused Dataset used for text message collection
– A sister project to Project SHAMROCK (1967-1973)
MINERALIZE – Technique for collection through LAN implants
MIRANDA – Some kind of number related to NSA targets
MIRROR – Interface to the ROADBED system
MOCCASIN – A hardware implant, permanently connected to a USB keyboard
MONKEYCALENDAR – Software implant on GMS SIM cards that exfiltrates user geolocation data
MONKEYROCKET – Sub-program of OAKSTAR for collecting internet metadata and content through a foreign access point
MOONLIGHTPATH (EGL?) – SSO collection facility
MOONPENNY – The NSA satellite intercept station at Harrogate (Great Britain)
MORAY – Compartment for the least sensitive COMINT material, retired in 1999
MORPHEUS – Program of the Global Access Operations (GAO)
MOTHMONSTER – NSA tool for exploiting the TOR network
MOVEONYX – Tool related to CASPORT
MULBERRY – The mission of Japan at the United Nations in New York
(JPM?) – Joint NSA-GCHQ operation to tap the cables linking Google and Yahoo data clouds to the internet Part of WINDSTOP
MUSKET – Retired SIGINT Exchange Designator for ?
MUSKETEER – NSA’s Special Signal Collection unit
– SSO unilateral voice interception program
– Presidential Global Communications System
N
NASHUA – The mission of India at the United Nations in New York
NAVAJO – The mission of Vietnam at the United Nations in New York
NAVARRO – The embassy of Georgia in Washington DC
NEBULA – Base station router similar to CYCLONE Hx9
NECTAR – SIGINT Exchange Designator for ? (retired)
NELEUS – Remote SATCOM collection facility
NEMESIS – SIGINT satellite
– Operation to kill or capture Osama bin Laden (2011)
NETBOTZ – Remote monitoring tool
NEWSDEALER – NSA’s internal intelligence news network
NIAGARAFILES – Data transfer tool (SFTP-based?)
NIGHTSTAND – 802.11 wireless packet injection tool that runs on standalone x86 laptop running Linux Fedora Core 3 and exploits windows platforms running Internet Explorer, from 8 miles away
NIGHTWATCH – Portable computer in shielded case for recreating target monitor from progressive-scan non-interlaced VAGRANT signals
NINJANIC – Something related to TURMOIL
NITESURF – NSA tool or database
NITRO – Remote SATCOM collection facility
NOCON – NSA dissemination marking or COI
NONBOOK (NK) – Compartment of the ENDSEAL control system
NORMALRUN – NSA tool or database
NUCLEON – Database for contents of phone calls
NYMROD – Automated name recognition system
O
– Umbrella program to filter and gather information at major telecommunications companies (since 2004)
OCEAN – Optical collection system for raster-based computer screens
OCEANARIUM – Database for SIGINT from NSA and intelligence sharing partners around the world
OCEANFRONT – Part of the communications network for ECHELON
OCEAN SHIELD – NATO anti-piracy operation
OCEANSURF – Engineering hub of the Global Access Operations (GAO)
OCELOT – Actual name: MADCAPOCELOT
OCTAVE – NSA tool for telephone network tasking (succeeded by the UTT?)
OCTSKYWARD – Collection of GSM data from flying aircraft
OILSTOCK – A system for analyzing air warning and surveillance data
– CSEC tool for discovering and identifying telephone and computer connections
OLYMPIC – First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare
OLYMPIC GAMES – Joint US and Israel operation against the Iranian nuclear program (aka Stuxnet)
OLYMPUS – Software component of VALIDATOR/SOMBERKNAVE used to communicate via wireless LAN 802.11 hardware
OMNIGAT – Field network component
ONEROOF – Main tactical SIGINT database, with raw and unfiltered intercepts
– Newer units of the LACROSSE reconaissance satellites
ORANGEBLOSSOM – Sub-program of OAKSTAR for collection from an international transit switch (sigad: US-3251)
ORANGECRUSH – Sub-program of OAKSTAR for collecting metadata, voice, fax, phone and internet content through a foreign access point
ORION – SIGINT satellite
ORLANDOCARD – NSA operation thtat attracted visits from 77,413 foreign computers and planted spyware on more than 1,000 by using a ‘honeypot’ computer
OSAGE – The embassy of India in Washington DC
OSCAR – SIGINT Exchange Designator for the USA
OSWAYO – The embassy annex of India in Washington DC
– The Lockheed A-12 program (better known as SR-71)
P
PACKAGEDGOODS – Program which tracks the ‘traceroutes’ through which data flows around the Internet
PACKETSCOPE – Internet cable tapping system
PACKETSWING – NSA tool or database
PACKETWRENCH – Computer exploit delivered by the FERRETCANON system
PADSTONE – Type 1 Cryptographic algorithm used in several crypto products
PAINTEDEAGLE – SI-ECI compartment related to the BULLRUN program
PALANTERRA – A family of spatially and analytically enabled Web-based interfaces used by the NGA
PANGRAM (PM) – Alleged SCI control system
PANTHER – The embassy of Vietnam in Washington DC
PARCHDUSK (PD) – Productions Operation of NSA’s TAO division
PARTNERMALL PROGRAM (PMP) – A single collaboration environment, to be succeeded by the Global Collaboration Environment (GCE)
PARTSHOP – ?
PATHFINDER – SIGINT analysis tool (developed by SAIC)
PATHWAY – NSA’s former main computer communications network
– Call chaining analysis tool (developed by i2)
PAWLEYS – SI-ECI compartment related to the BULLRUN program
PEARL – Retired SIGINT product codeword
PEDDLECHEAP – Computer exploit delivered by the FERRETCANON system
PENDLETON – SI-ECI compartment related to the BULLRUN program
PEPPERBOX – Tool or database for targeting Requests (CSEC?)
PERDIDO – The mission of the European Union at the United Nations in New York
PERFECTMOON – An out-sites covering system
PHOTOANGLO – A continuous wave generator and receiver. The bugs on the other end are ANGRYNEIGHBOR class
PIEDMONT – SI-ECI compartment related to the BULLRUN program
PICARESQUE (PIQ) – SI-ECI compartment related to the BULLRUN program
PICASSO – Modified GSM handset that collects user data plus room audio
PINUP – Retired SIGINT product codeword
– Database for recorded signals intercepts/internet content
PITCHFORD – SI-ECI compartment related to the BULLRUN program
PIVOT – Retired SIGINT product codeword
PIXIE – Retired SIGINT product codeword
PLATFORM – Computer system linking the ECHELON intercept sites
PLUS – NSA SIGINT production feedback program
POCOMOKE – The Brazilian Permanent Mission to the UN in New York
POISON NUT – CES VPN attack orchestrator
POLARBREEZE – NSA technique to tap into nearby computers
POPPY – SIGINT satellite program
POPTOP – Collection system for telephony data
POWELL – The Greek mission at the United Nations in New York
PREFER – System for identifying and extracting text messages (SMS) from the DISHFIRE database
PRESSUREPORT – Software interface related to PRESSUREWAVE
PRESSUREWAVE – NSA cloud database for VPN and VoIP content and metadata
PRIMECANE – American high-tech company cooperating in providing a network access point for the ORANGECRUSH program
– Program for collecting foreign internet data from US internet companies
PROFORMA – Intelligence derived from computer-based data
– Mobile tactical SIGINT collection system
PROTEIN – SIGINT Exchange Designator for ?
PROTON – SIGINT database for time-sensitive targets/counterintelligence
PROTOSS – Local computer handling radio frequency signals from implants
PURPLE – Codename for a Japanese diplomatic cryptosystem during WWII
– US military OPSEC program (since 1966)
PUTTY – NSA tool or database
PUZZLECUBE – NSA tool or database
PYLON – SIGINT Exchange Designator for ?
Q
QUADRANT – A crypto implementation code
QUADRESPECTRE PRIME – ?
– A consolidated QUANTUMTHEORY platform to reduce latencies by co-locating passive sensors with local decisioning and traffic injection (under development in 2011)
– Secret servers placed by NSA at key places on the internet backbone; part of the TURMOIL program
QUANTUMBISCUIT – Enhancement of QUANTUMINSERT for targets which are behind large proxies
QUANTUMBOT – Method for taking control of idle IRC bots and botnets)
QUANTUMBOT2 – Combination of Q-BOT and Q-BISCUIT for webbased botnets
QUANTUMCOOKIE – Method to force cookies onto target computers
QUANTUMCOPPER – Method for corrupting file uploads and downloads
QUANTUMDNS – DNS injection/redirection based off of A record queries
QUANTUMHAND – Man-on-the-side technique using a fake Facebook server
QUANTUMINSERT (QI) – Man-on-the-side technique that redirects target internet traffic to a FOXACID server for exploitation
QUANTUMMUSH – Targeted spam exploitation method
QUANTUMNATION – Umbrella for COMMONDEER and VALIDATOR computer exploits
QUANTUMPHANTOM – Hijacks any IP address to use as covert infrastructure
QUANTUMSKY – Malware used to block targets from accessing certain websites through RST packet spoofing
QUANTUMSMACKDOWN – Method for using packet injection to block attacks against DoD computers
QUANTUMSPIN – Exploitation method for instant messaging
QUANTUMSQUEEL – Method for injecting MySQL persistant database connections
QUANTUMSQUIRREL – Using any IP address as a covert infrastructure
QUANTUMTHEORY (QT) – Computer hacking toolbox used by NSA’s TAO division, which dynamically injects packets into target’s network session
QUANTUM LEAP – CIA tool to “find non-obvious linkages, new connections, and new information” from within a dataset
QUARTERPOUNDER – Upstream collection site
– Relay satellite for reconaissance satellites
QUEENSLAND – Upstream collection site
R
RADIOSPRING – ?
RADON – Host tap that can inject Ethernet packets
RAGEMASTER – Part of ANGRYNEIGHBOR radar retro-reflectors, for red video graphics array cable in ferrite bead RFI chokers between video card and monitor, target for RF flooding and collection of VAGRANT video signal
(RGT) – ECI compartment for call and e-mail content collected under FISA authority
RAILHEAD – NCTC database project
RAISIN – NSA database or tool
RAMPART – NSA operational branches that intercept heads of state and their closest aides. Known divisions are RAMPART-A, RAMPART-I and RAMPART-T. Also mentioned as a suite of programs for assuring system functionality
RAVEN – SIGINT satellite
REACTOR – Tool or program related to MARINA?
REBA – Major NSA backbone project
REDHAWK – NSA tool
REDROOF – NSA tool
REMATION – Joint NSA-GCHQ counter-TOR workshop
RENOIR – NSA telephone network visualization tool
REQUETTE – A Taiwanese TECO in New York
RESERVE (RSV) – Control system for the National Reconnaissance Office (NRO)
RESERVEVISION – Remote monitoring tool
RESOLUTETITAN – Internet cable access program?
RETRO – see RETROSPECTIVE
RETROSPECTIVE – 30-day retrospective retrieval tool for SCALAWAG
RETURNSPRING – High-side server shown in UNITEDRAKE internet cafe monitoring graphic
RHINEHEART – NSA tool or database
– Class of SIGINT spy satellites (in 1975 changed to AQUACADE)
RICHTER – SIGINT Exchange Designator for Germany
RIPCORD – ?
RIVET JOINT – Reconaissance operation
ROADBED – Probably a military SIGINT database
ROCKYKNOB – Optional DSP when using Data Over Voice transmission in CROSSBEAM
RONIN – NSA tool for detecting TOR-node IP-addresses
RORIPA – SIGINT Exchange Designator for ?
ROYALNET – Internet exploitation tool
RUFF – Compartment of TALENT KEYHOLE for IMINT satellites
RUMBUCKET – Analytic tool
RUTLEY – Network of SIGINT satellites launched in 1994 and 1995
S
SABRE – Retired SIGINT product codeword
SALEM – ?
SALVAGERABBIT – Computer implant plug-in that exfiltrates data from removable flash drives that connect to an infected computer
SAMOS – Reconnaissance satellite program
SAPPY – Retired SIGINT product codeword
SARATOGA – SSO access facility (since 2011)
SARDINE – SIGINT Exchange Designator for Sweden
– Narrow band voice encryption for radio and telephone communication
SAVIN – Retired SIGINT product codeword
SCALAWAG – Collection facility under the MYSTIC program
SCALLION – Upstream collection site
SCAPEL – Second Party satellite intercept station in Nairobi, Kenia
SCHOOLMONTANA – Software implant for Juniper J-series routers used to direct traffic between server, desktop computers, corporate network and internet
SCIMITAR – A tool to create contact graphs?
SCISSORS – System used for separating different types of data and protocols
SCORPIOFORE – SIGINT reporting tool
SEABOOT – SIGINT Exchange Designator for ?
SEADIVER – Collection system for telephony data
SEAGULLFARO – High-side server shown in UNITEDRAKE internet cafe monitoring graphic
SEARCHLITE – Tactical SIGINT collecting system for like cell phone calls
SEASONEDMOTH (SMOTH) – Stage0 computer implant which dies after 30 days, deployed by the QUANTUMNATION method
SECONDDATE – Method to influence real-time communications between client and server in order to redirect web-browsers to FOXACID malware servers
SECUREINSIGHT – A software framework to support high-volume analytics
SEMESTER – NSA SIGINT reporting tool
– Transportable suite of ISR equipment (since 1991)
– Radome on top of the U2 to relay SIGINT data to ground stations
SENTINEL – NSA database security filter
SERENADE – SSO corporate partner (foreign?)
SERUM – Bank of servers within ROC managing approvals and ticket system
SETTEE – SIGINT Exchange Designator for ?
– Operation for intercepting telegraphic data going in or out the US (1945-1975)
SHAREDVISION – Mission program at Menwith Hill satellite station
SHARKFIN – Sweeps up all-source communications intelligence at high speed and volumes
SHARPFOCUS (SF2) – Productions Operation of NSA’s TAO division
SHELLTRUMPET – NSA metadata processing program (since December 2007)
SHENANIGANS – Aircraft-based NSA geolocation system used by CIA
SHIFTINGSHADOW – Sub-program of OAKSTAR for collecting telephone metadata and voice content from Afghanistan through a foreign access point
SHILLELAGH – Classified Suite A algorithm
SHORTSHEET – NSA tool for Computer Network Exploitation
SHOTGIANT – NSA operation for hacking and monitoring the Huawei network (since 2009)
SIERRAMONTANA – Software implant for Juniper M-series routers used by enterprises and service providers
SIGINT NAVIGATOR – NSA database
SIGSALY – The first secure voice system from World War II
SILKWORTH – A software program used for the ECHELON system
SILLYBUNNY – Some kind of webbrowser tag which can be used as selector
SILVER – Soviet cipher machine partially exploited by NSA in the 1960’s
SILVERCOMET – SIGINT satellites?
SILVERZEPHYR (SZ) – Sub-program of OAKSTAR for collecting phone and internet metadata and content from Latin and South America through an international transit switch
SIRE – A software program used for the ECHELON system(?)
– Type 2 Block cipher algorithms used in various crypto products
SKOPE – SIGINT analytical toolkit
SKYSCRAPER – Interface to the ROADBED system
SKYWRITER – NSA tool to prepare (internet) intelligence reports
SLICKERVICAR – Used with UNITEDRAKE or STRAITBIZARRE to upload hard drive firmware to implant IRATEMONK
SLINGSHOT – End Product Reports (CSEC?)
SMOKEYSINK – SSO access facility (since 2011?)
SNICK – 2nd Party satellite intercept station in Oman
SNORT – Repository of computer network attack techniques/coding
SOAPOPERA – (former?) database for voice, end product and SRI information
SOMBERKNAVE – Windows XP wireless software implant providing covert internet connectivity, routing TCP traffic via an unused 802.11 network device allowing OLYMPUS or VALIDATOR to call home from air-gapped computer
SORTING HAT – ?
SORTING LEAD – ?
SOUFFLETROUGH – Software implant in BIOS Juniper SSG300 and SSG500 devices, permanent backdoor, modifies ScreenOS at boot, utilizes Intel’s System Management Mode
SOUNDER – Second Party satellite intercept station at Cyprus
SPARKLEPONY – Tool or program related to MARINA
SPARROW II – Airborne wireless network detector running BLINDDATE tools via 802.11
SPECTRE – SCI control system for intelligence on terrorist activities
SPECULATION – Protocol for over-the-air communication between COTTONMOUTH computer implant devices, compatible with HOWLERMONKEY
SPHINX – Counterintelligence database of the Defense Intelligence Agency
SPINNERET (SPN) – SSO collection facility
SPLITGLASS – NSA analytical database
SPLUNK – Tool used for SIGINT Development
SPOKE – Compartment for less sensitive COMINT material, retired in 1999
SPOTBEAM – ?
SPORTCOAST – Upstream collection site
SPRIG – Retired SIGINT product codeword
SPRINGRAY – Some kind of internal notification system
SPYDER – Analytic tool for selected content of text messages from the DISHFIRE database
STARBURST – The initial code word for the STELLARWIND compartment
STARLIGHT – Analyst tool
STARPROC – User lead that can be uses as a selector
STARSEARCH – Target Knowledge tool or database (CSEC?)
STATEROOM – Covert SIGINT collection sites based in US diplomatic facilities
STEELFLAUTA – SSO Corporate/TAO Shaping program
STEELKNIGHT – (foreign?) partner providing a network access point for the SILVERZEPHYR program
STEELWINTER – A supercomputer acquired by the Norwegian military intelligence agency
STELLAR – Second Party satellite intercept station at Geraldton, Australia
STELLARWIND (STLW) – SCI compartment for the President’s Surveillance Program information
STEPHANIE – Covert listening post in the Canadian embassy in Moscow (est. 1972)
STINGRAY – Device for tracking the location of cell phones (made by Harris Corp.) STONEGHOST – DIA network for information exchange with UK, Canada, Australia and New Zealand (TS/SCI)
STORMBREW – Program for collection from an international transit switches and cables (since 2001)
STRAIGHTBIZARRE – Software implant used to communicate through covert channels
STRATOS – Tool or databse for GPRS Events (CSEC?)
STRAWHAT – NSA datalinks between field sites and processing centers (1969-?)
STRIKEZONE – Device running HOWLERMONKEY personality
STRONGMITE – Computer at remote operations center used for long range communications
STRUM – (see abbreviations)
STUCCOMONTANA – Software implant for Juniper T-Series routers used in large fixed-line, mobile, video, and cloud networks, otherwise just like SCHOOLMONTANA
STUMPCURSOR – Foreign computer accessing program of the NSA’s Tailored Access Operations
SUBSTRATUM – Upstream collection site
SUEDE – Retired SIGINT product codeword
SULPHUR – The mission of South Korea at the United Nations in New York
SUNSCREEN – Tool or database
SURFBOARD – NSA tool or database
SURLEYSPAWN – Data RF retro-reflector, gathers keystrokes FSK frequency shift keyed radar retro-reflector, USB or IBM keyboards
SURPLUSHANGAR – High to low diode, part of the QUANTUM system
SURREY – Main NSA requirements database, where tasking instructions are stored and validated, used by the FORNSAT, SSO and TAO divisions
SUTURESAILOR – Printed circuit board digital core used with HOWLERMONKEY
SWAMP – NSA data system?
SWAP – Implanted software persistence by exploiting motherboard BIOS and hard drive Host Protected Area for execution before OS loads, operative on windows linux, freeBSD Solaris
– NSA data model for analyzing target connections
T
TACOSUAVE – ?
TALENT KEYHOLE (TK) – Control system for space-based collection platforms
TALK QUICK – An interim secure voice system created to satisfy urgent requirements imposed by conditions to Southeast Asia. Function was absorbed by AUTOSEVOCOM
TAPERLAY – Covername for Global Numbering Data Base (GNDB), used for looking up the registered location of a mobile device
TARMAC – Improvement program at Menwith Hill satellite station
TAROTCARD – NSA tool or database
TAWDRYYARD – Beacon radio frequency radar retro-reflector used to positionally locate deployed RAGEMASTER units
TEMPEST – Investigations and studies of compromising electronic emanations
– GCHQ program for intercepting internet and telephone traffic
THESPIS – SIGINT Exchange Designator for ?
THINTREAD – NSA program for wiretapping and sophisticated analysis of the resulting data
THUMB – Retired SIGINT product codeword
THUNDERCLOUD – Collaboration program between NSA units T1222 and SSG
TIAMAT – Joint venture between the German BND and another country with access for NSA
TICKETWINDOW – System that makes SSO collection available to 2nd Party partners
TIDALSURGE – Router Configurations tool (CSEC?)
TIDEWAY – Part of the communications network for ECHELON
TIMBERLINE – The NSA satellite intercept station at Sugar Grove (US)
TINMAN – Database related to air warning and surveillance
TITAN POINTE – Upstream collection site
– Presumably Chinese attacks on American computer systems (since 2003)
TITLEHOLDER – NSA tool
TOPAZ – Satellite program
TOTECHASER – Software implant in flash ROM windows CE for Thuraya 2520 satellite/GSM/web/email/MMS/GPS
TOTEGHOSTLY – Modular implant for windows mobile OS based on SB using CP framework, Freeflow-compliant so supported by TURBULENCE architecture
TOWERPOWER – NSA tool or database
TOXICARE – NSA tool
TOYGRIPPE – NSA’s CES database for VPN metadata
TRACFIN – NSA database for financial data like credit card purchases
TRAFFICTHIEF – Part of the TURBULENCE and the PRISM programs
TRAILBLAZER – NSA Program to analyze data carried on communications networks
TRAILMAPPER – NSA tool or database
TRANSX – NSA database
TREACLEBETA – TAO hacking against the Pakistani terrorist group Lashkar-e-Taiba
TREASUREMAP – NSA internet traffic visualization tool
TREASURETROVE – Analytic tool
TRIBUTARY – NSA provided voice threat warning network
TRIGGERFISH – Device to collect the content of digital cell phone calls (made by Harris Corp.)
TRINE – Predecessor of the UMBRA compartment for COMINT
TRINITY – Implant digital core concealed in COTTONMOUTH-I, providing ARM9 microcontroller, FPGA Flash and SDRAM memories
TRITON – Tool or database for TOR Nodes (CSEC?)
– Series of ELINT reconnaissance satellites (1994-2008)
TRYST – Covert listening post in the British embassy in Moscow
TUBE – Database for selected internet content?
TUMULT – Part of the TURBULENCE program
TUNINGFORK – Sustained collection linked to SEAGULLFARO, previously NSA database or tool for protocol exploitation
TURBINE – Active SIGINT: centralized automated command/control system for managing a large network of active computer implants for intelligence gathering (since 2010)
TURBOPANDA – The Turbopanda Insertion Tool allows read/write to memory, execute an address or packet; joint NSA/CIA project on Huawei network equipment
TURBULENCE (TU) – Integrate NSA architecture with several layers and sub-programs to detect threats in cyberspace (since 2005)
TURMOIL – Passive SIGINT sensors: high speed collection of foreign target satellite, microwave and cable communications, part of the TURBULENCE program Maybe for selecting common internet encryption technologies to exploit.
TURTLEPOWER -NSA tool
TUSKATTIRE – Ingest system for cleaning and processing DNR (telephony) data
TUTELAGE – Active defense system to monitor network traffic in order to detect malicious code and network attacks, part of the TURBULENCE program
TWEED – Retired SIGINT product codeword
TWISTEDKILT – Writes to Host Protected area on hard drive to implant Swap and its implant installer payload
TWISTEDPATH – NSA tool or database
TYPHON HX – GSM base station router network in box for tactical Sigint geolocating and capturing user
U
ULTRA – Decrypted high-level military Nazi messages, like from the Enigma machine
UMBRA – Retired compartment for the most sensitive COMINT material
UNIFORM – SIGINT Exchange Designator for Canada
UNITEDRAKE – Computer exploit delivered by the FERRETCANON system
USHER – Retired SIGINT product codeword
V
VAGRANT – Radar retro-reflector technique on video cable to reproduce open computer screens
VALIDATOR – Computer exploit delivered by the FERRETCANON system for looking whether a computer has security software, runs as user process on target OS, modified for SCHOOLMONTANA, initiates a call home, passes to SOMBERKNAVE, downloads OLYMPUS and communicates with remote operation center
– Decrypted intercepts of messages from Soviet intelligence agencies
VERDANT (VER) – Alleged SCI control system
VESUVIUS – Prototype quantum computer, situated in NSA’s Utah Data Center
VICTORYDANCE – Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen
VIEWPLATE – Processor for external monitor recreating target monitor from red video
VINTAGE HARVEST – Probably a military SIGINT tool
VITALAIR – NSA tool
VOICESAIL – Intelligence database
– Class of SIGINT spy satellites (1978-1989)
VOXGLO – Multiple award contract providing cyber security and enterprise computing, software development, and systems integration support
W
WABASH – The embassy of France in Washington DC
WAGONBED – Hardware GSM controller board implant on CrossBeam or HP Proliant G5 server that communicates over I2C interface
WALBURN – High-speed link encryption, used in various encryption products
WARPDRIVE – Joint venture between the German BND and another country with access for NSA (2013)
WATERWITCH – Hand-held tool for geolocating targeted handsets to last mile
WAVELEGAL – Authorization service that logs data queries
WEALTHYCLUSTER – Program to hunt down tips on terrorists in cyberspace (2002- )
WEASEL – Type 1 Cryptographic algorithm used in SafeXcel-3340
WEBCANDID – NSA tool or database
WESTPORT – The mission of Venezuela at the United Nations in New York
WILLOWVIXEN – Method to deploy malware by sending out spam emails that trick targets into clicking a malicious link
WISTFULTOLL – Plug-in for UNITEDRAKE and STRAITBIZARRE used to harvest target forensics via Windows Management Instrumentation and Registry extractions, can be done through USB thumb drive
WHIPGENIE (WPG) – ECI compartment for details about the STELLARWIND program
WHITEBOX – Program for intercepting the public switched telephone network?
WHITELIST – NSA tool
WHITETAMALE – Operation for collecting e-mails from Mexico’s Public Security Secretariat
WINDCHASER – Tool or program related to MARINA
WINDSORBLUE – Supercomputer program at IBM
WINDSTOP – Joint NSA-GCHQ unilateral high-volume cable tapping program
WINTERLIGHT – A QUANTUM computer hacking program in which Sweden takes part
WIRESHARK – Database with malicious network signatures
WITCH – Retired SIGINT product codeword
WITCHHUNT – ?
WOLFPOINT – SSO corporate partner under the STORMBREW program
WORDGOPHER – Platform to enable demodulation of low-rate communication carriers
WRANGLER – Database or system which focuses on Electronic Intelligence
X
– Program for finding key words in foreign language documents
XKEYSCORE (XKS) – Program for analysing SIGINT traffic
Y
YACHTSHOP – Sub-program of OAKSTAR for collecting internet metadata
YELLOWPIN – Printed circuit board digital core used with HOWLERMONKEY
YELLOWSTONE – NSA analytical database
YUKON – The embassy of Venezuela in Washington DC
Z
ZAP – (former?) database for texts
ZARF – Compartment of TALENT KEYHOLE for ELINT satellites, retired in 1999
ZESTYLEAK – Software implant that allows remote JETPLOW firmware installation, used by NSA’s CES unit
– See also this list of NSA codewords from 2002
Links and Sources
– List of NSA Code Names Revealed
– About What the NSA’s Massive Org Chart (Probably) Looks Like
– About Code Names for U.S. Military Projects and Operations
– National Reconnaissance Office: Review and Redaction Guide (pdf)
– About How Codes Names Are Assigned
– Wikipedia article about the Secret Service codename
– List of crypto machine designators
– Wikipedia article about the CIA cryptonym
– Article about Security Clearances and Classifications
– Listing in German: Marjorie-Wiki: SIGDEV
– William M. Arkin, Code Names, Deciphering U.S. Military Plans, Programs, adn Operations in the 9/11 World, Steerforth Press, 2005.
via Electrospaces.Blogspot.com
