This GCHQ presentation from March 2009 shows that the agency has targeted a number of popular websites in a concerted effort to harvest cookies (“target detection indentifiers”) on a massive scale: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This NSA presentation from 11 June 2009 explains the scope of metadata collection within XKeyScore: see the Intercept article XKEYSCORE: NSA’s Google for the World’s Private Communications, 1 July 2015.
This undated GCHQ presentation explains the agency’s FLYING PIG database and its role in undermining SSL/TLS encryption: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This CSEC presentation from 2012 outlines the agency’s capabilities against SSL encryption at that point: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This undated GCHQ presentation introduces the FLYING PIG and HUSH PUPPY tools: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This undated article from GCHQ’s internal GCWIki gives technical details about the US-German Joint Sigint Activity group: see the Der Spiegel article New NSA Revelations: Inside Snowden’s Germany File, 18 June 2014.
This slide lists the range of selectors the Turmoil infrastructure at UK base Menwith Hill can use to identify targets, many of which show the ability of Five Eyes agencies to piggyback on commercial services: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
This extract from an NSA document describes research into Quantum tools being performed at Menwith Hill in the UK: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
This Booz Allen Hamilton presentation on the NSA’s Quantum tools describes the different kinds of malware attacks available to workgroups within the agency, the procedure an analyst must follow in order to make use of them and the way the systems themselves work, using a “man-on-the-side” attack from TAO’s FOXACID server. It also describes the respective Quantum capabilities of the NSA and GCHQ. See the Der Spiegel article Inside TAO: Documents Reveal Top NSA Hacking Unit, 29 December 2013.