This NSA briefing document from May 2012, originally presented at that year’s Five Eyes SIGDEV conference, gives a high-level overview of the NSA’s AURORAGOLD project and names the GSM Association (GSMA) as a specific target: see the Intercept article Operation Auroragold: How the NSA Hacks Cellphone Networks Worldwide, 4 December 2014.
This 19-page NSA paper, delivered at the 2010 Five Eyes SIGDEV conference, gives a technical explanation of the importance of sourcing mobile carriers’ roaming agreements (IR.21): see the Intercept article Operation Auroragold: How the NSA Hacks Cellphone Networks Worldwide, 4 December 2014.
This ODNI briefing from 15 May 2007 describes the rationale for ICREACH and the scale of metadata sharing that was envisioned: see the Intercept article The Surveillance Engine: How the NSA Built Its Own Secret Google, 25 August 2014.
Two images from an NSA presentation describe Dutch-US cooperation in an international mission against Somali pirates in which signals intelligence was used to map contacts and support a naval mission. Identifying and technical details have been redacted: see the NRC Handelsblad article The secret role of the Dutch in the American war on terror, 5 March 2014.
These two slides show the extent and types of information recorded in the NSA’s DNR (phone record) database. Selectors specified include Location Area Code (LAC), Cell Tower ID (CellID), Visitor Location Register (VLR), handset serial number (IMEI) and full phone number (MSISDN): see the Washington Post article NSA tracking cellphone locations worldwide, Snowden documents show, 4 December 2013.