Important Terms and Keywords

General Keywords

The following are keywords that appear in document descriptions:

  • 5Alive: GCHQ metadata database

  • Back-door Access

    The principle that the intelligence agencies can access data held by organizations without having to formally ask them to hand over information through the "front door".


    A GCHQ database that is used for discovering VPNs which communicate data through encrypted tunnels across the internet.

  • Belgacom

    A Belgians telecom provider whose customers include several EU institutions. In September 2013 the firm revealed that its systems had been hacked since at least 2011.

  • BLEAKINQUIRY: Metadata database of potentially exploitable VPNs

  • Boundless Informant

    A tool used by the NSA to analyze the metadata that it holds. It allows analysts to determine what information is currently available about a specific country and whether certain trends can be deduced.

  • Cloud

    The term used to refer to information stored from a service provider's data centres, as opposed to being stored on the user's own computer.

  • Comint

    An abbreviation for Communications Intelligence.

  • Computer Network Exploitation - CNE

    A term used to refer to efforts to exploit data gathered from surveillance targets.

  • Computer Network Attack - CNA

    Operations to manipulate, disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.

  • Computer Network Defense - CND

    Efforts to defend against the CNO of others, especially that directed against the U.S. and allied computers and networks.

  • Computer Network Operations - CNO

    CNE, CNA, and CND collectively.

  • Cryptanalytic vulnerability

    A flaw in the design, implementation or system integration of cryptography used in an information security device, or a flaw in the way that a cryptographic information security device is used.

  • Data mining

    The analysis of large stores of information in order to obtain new knowledge.

  • Deep Packet Injection

    The addition of data into an internet stream. The NSA and GCHQ have been alleged to do this in order to send codes to target's computers that cause them to be infected with spyware as part of an operation called QUANTUM.

  • Dial Number Recognition - DNR

    A term used to refer to information gathered from telephone taps.

  • Digital Network Intelligence

    A term used to refer to content sent over the internet.

  • Dishfire

    A codename used to refer to a system used by the NSA to processes and store information intercepted from SMS messages.

  • Dropmire

    The name for a surveillance program involving the infection of security-enhanced fax machines based in foreign embassies by the NSA and GCHQ.


    A codename that refers to a global intelligence-gathering network operated on behalf of the Five Eyes Alliance (Australia, Canada, New Zealand, the UK, and the US).

  • Encapsulating Security Payload - ESP

    Provides traffic confidentiality (via encryption) and optionally provides authentication and integrity protection.


    A surveillance program ran by GCHQ that aimed to break various encryption technologies used by Hotmail, Google, Yahoo and Facebook. It is named after the 1642 battle in the English Civil War.

  • EgotisticalGiraffe

    A codename given to a program ran by the NSA's Tailored Access Operations (TAO). This program involves techniques used to undermine the TOR network.

  • ELINT - Electronic Intelligence.

  • Exfiltrate: To extract data through a target's defences.


    An NSA data repository, FASCIA is used to store the location information of mobile devices.


    A PPTP repository.

  • Global Telecom Exploitation - GTE

    A GCHQ unit that collects data from fibre optic cable.

  • Human Intelligence - HUMINT

    The term used for the gathering of information from human sources.

  • Hyperion

    CSEC metadata database.

  • Implant

    A software or hardware subcomponent that is surreptitiously placed in a target environment (CPU, router, etc) to pass selected information back to NSA, where it is processed for analysis.

  • Indigenous (systems and devices)

    Non­-commercial cryptographic information security system or device developed by a SIGINT target.

  • Information Operations (IO)

    Actions were taken to affect adversary information and information systems while defending one's own information and information systems.

  • Information security device or system

    A device or system that provides any of the following services for communication or information systems: confidentiality, data integrity, authentication, and authorization.

  • Intrusive Access

    Refers to CNE operations involving remote manipulation, hardware/software modifications, or sensing of environment changes in a computer device or system, and/or occasionally the facilities that house the systems.

  • Internet Protocol Security - IPsec

    Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.


    Joint Worldwide Intelligence Communications System, operated by Defense Intelligence Agency (DIA) and serving the Department of Defense (DoD) and Intelligence Community (IC).


    CSE's "behaviour­based target discovery project," LEVITATION is an effort to monitor file sharing sites in order to locate extremist training and propaganda materials. This program is capable of monitoring 10­15 million interactions with file sharing sites such as Megaupload, Rapidshare and Sendspace.

  • Signals Intelligence Activity Designator: SIGAD

    The NSA gives a SIGAD code to each one of its surveillance programs. For example, the SIGAD name for PRISM is US-984XN.

  • NIOC

    Navy Information Operations Command Maryland.

  • MARINA: Metadata or "structured data" long-term repository.


    A program administered by GCHQ that collects the internet "cloud" traffic of Yahoo and Google from an interception point on British territory.


    NSA program for monitoring voice call and metadata content.

  • Off­-Net Operations

    Refers to covert or clandestine field activities of personnel carried out in support of CNE activities.


    CSE network intelligence database which makes collected network metadata accessible and can be used as an analytic tool.

  • OTR

    A protocol called Off­-the-­Record (OTR) for encrypting instant messaging in an end­-to-­end encryption process.

  • PINWALE: Long­-term primary content repository for tasked SIGINT collect.

  • Physical subversion

    Subverts with physical access to a device or host facility. Other terms sometimes used to connote physical subversion are close access enabling, exploitation, or operations; off-net enabling, exploitation, or operations; supply­chain enabling, exploitation, or operations; or hardware implant enabling, exploitation, or operations.

  • PRESSUREWAVE: NSA primary content repository.

  • PRISM: Collection directly from the servers of U.S. service providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple.


    A general NSA surveillance program code for a host of computer network operations. Programs include diverse operations devised for SIGINT development, such as redirecting communications for surveillance, controlling target's computer, denial of access attacks, and file upload/download disruption. Sub­programs include QUANTUMTHEORY, QUANTUMBOT, QUANTUMCOPPER among others.

  • Remote subversion

    Subverts without physical access to a device or host facility; obtains unauthorized permission. Other terms sometimes used to connote remote subversion are computer network exploitation; endpoint access, exploitation, or operations; on­net access, exploitation, or operations; software implant access, exploitation, or operations; or accessing or exploiting data at rest.

  • Re­-purposing

    An intelligence innovation technique that utilizes captured foreign CNE components (implants, exploits, etc) to shorten the development cycle of new CNE tools.

  • Signals Intelligence - SIGINT

    The term used for the gathering of information from electronic signals and systems, whether created by humans or machines.

  • Signals Intelligence Activity Designator - SIGAD

    The NSA gives a SIGAD code to each one of its surveillance programs. For example, the SIGAD name for PRISM is US­984XN.

  • SRI: Signals related Information.

  • Supply Chain Operations

    Interdiction activities that focus on modifying equipment in a target's supply chain.

  • Telecom data intelligence (TDI),is the ability of a telecommunications company (mobile operator and/or fixed line carrier), to extract detailed customer­profiling data from the data that is generated in the network combined with the data that is collected directly from the customers.

  • TOYGRIPPE: VPN metadata repository

  • Transport Layer Security (TLS) / Secure Sockets Layer (SSL)

    Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over a computer network. Widely used on the internet to provide secure web browsing, webmail, instant messaging, electronic commerce, etc.

  • Victim stealing

    An intelligence technique which exploits weaknesses in foreign CNE implants to gain access to victims and either take control of the foreign implant or replace it with our own.

  • UPSTREAM: Collection of communications on fibre cable and infrastructure as data flows past.

  • UTT: Unified Targeting Tool

  • VULCANDEATHGRIP - Repository for tasked, full-take VPN collection.

  • VPN: Virtual Private Network.


    Processes and databases digital network intelligence collected from various field sites, targeted and non­targeted. Developed by the NSA and shared among the Five Eyes.

Important Terms and Keywords