These classified annexes to the Obama administration’s Cyberspace Policy Review were not published with the rest of the report in May 2009 and acknowledge that cyber defence initiatives have civil liberties implications: see the New York Times article Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border, 4 June 2015.
This page from GCHQ’s internal GCWIki, last modified on 25 June 2012, enumerates open-source data sets that are available in various agency databases: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
This undated page taken from GCHQ’s internal GCWiki cites the codename LEGSPIN (highlighted) also found in an analysis of Regin malware: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
This 2011 presentation by the head of GCHQ’s Network Analysis Centre outlines the agency’s interest in exploiting telecommunications companies, namely to “get at the data before it is encrypted”: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
This 2011 presentation, created by GCHQ’s Network Analysis Centre describes new techniques for gathering reconnaissance on the IT personnel of targeted organisations (their “Network Operations Centres”), using Belgacom as an example in several slides: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014.
This 19-page NSA paper, delivered at the 2010 Five Eyes SIGDEV conference, gives a technical explanation of the importance of sourcing mobile carriers’ roaming agreements (IR.21): see the Intercept article Operation Auroragold: How the NSA Hacks Cellphone Networks Worldwide, 4 December 2014.
This undated NSA presentation sets out the network-mapping tool Treasure Map, and supplies information on some of the agency’s collection access points: see the Intercept article New Zealand Launched Mass Surveillance Project While Publicly Denying It, 15 September 2014.
Undated CSEC slides describe LANDMARK, a tool which is used to expand the Five Eyes’ network of Operational Relay Boxes (ORBs) and other compromised machines located outside of Five Eyes territory. Another tool, OLYMPIA, automates the process of pursuing leads identified using the HACIENDA post scanning tool: see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014.