This undated 81-page NSA presentation and accompanying handdrawn diagram, both produced by the author of ‘I hunt sys admins’ explains how a country’s entire network traffic could be fed into agency systems: see the Intercept article The Hunter, 28 June 2016.
This undated NSA document provides a decision tree for the analysis of email addresses, IP addresses, cookies and phone numbers in XKeyScore and other agency tools: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This undated NSA document explains how to set up an aspect of the XKeyScore architecture: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This undated presentation from NSA’s Network Analysis Center describes agency techniques for overcoming Virtual Private Networks (VPNs): see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This undated NSA presentation sets out the network-mapping tool Treasure Map, and supplies information on some of the agency’s collection access points: see the Intercept article New Zealand Launched Mass Surveillance Project While Publicly Denying It, 15 September 2014.
This page from the NSA intranet dated July 2011 supplies advice from the NSA Offices of General Counsel (OGC) and Oversight and Compliance (NOC) on the admissibility of targeting strategies against the users of popular websites (including WikLeaks and the Pirate Bay): see the Intercept article Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters, 18 February 2014.
This presentation gives an overview of the NSA’s programmes targeting the fibre optic cables that carry much of the world’s internet traffic. One slide gives a breakdown of which data sources form the basis of Presidential daily briefings. Another shows that the access point used to collect Yahoo and Google cloud data (MUSCULAR) is operated by GCHQ on UK territory. Slides detailing RAMPART cable accesses were published by the Intercept on 18 June 2014: see the Washington Post article How we know the NSA had access to internal Google and Yahoo cloud data, 4 November 2013.