Four slides taken from a 24 April 2013 NSA presentation detail how SECONDDATE man-in-the-middle attacks were used against targets in Pakistan and Lebanon: see the Intercept article The NSA Leak is Real, Snowden Documents Confirm, 19 August 2016.
This post from internal NSA newsletter SIDToday dated 19 November 2003 provides an early description of FAIRVIEW and STORMBREW, later known as Upstream collection: see the Intercept article Iraqi Insurgents Stymied the NSA and Other Highlights from 263 Internal Agency Reports, 10 August 2016.
This NSA Special Source Operations presentation from 22 March 2013 supplies a detail about the Breckenridge access point that supports the identification of the corporate partner codenamed STORMBREW as US telecommunications company Verizon: see the New York Times article AT&T Helped U.S. Spy on Internet on a Vast Scale, 15 August 2015.
This NSA memo from 23 March 2012 presentation describes the agency’s proposal for a fourth FAA 702 certification that would allow it to target hackers “tied to malicious cyber activity”: see the New York Times article Hunting for Hackers, N.S.A. Secretly Expands Internet Spying at U.S. Border, 4 June 2015.
This excerpt from the 14 March 2013 edition of internal NSA newsletter SSO Weekly describes an incident on 12 March where “unwitting” contractors discovered a cable tap known as WHARPDRIVE, which had to be discreetly reinstalled and provides details about the Breckenridge access point that corroborate the identification of the NSA’s corporate partner STORMBREW as Verizon: see the Der Spiegel article Spying Together: Germany’s Deep Cooperation with the NSA, 18 June 2014.