CSE Codewords and Abbreviations

(Updated: August 3, 2017)

Below are listings of almost 100 codewords and nicknames, as well as acronyms and abbreviations related to signals intelligence collection by the Canadian signals intelligence agency Communications Security Establishment (CSE), which from 2008-2014 was known as the Communications Security Establishment Canada (CSEC).




Similar lists are available on this website for NSA, GCHQ and BND. See also the lists of abbreviations of SIGINT and COMSEC, and general telephony and internet terms.

See also the summaries of CSE covernames compiled by Christopher Parsons.

Please keep in mind that a listing like this will always be work in progress!

 

Codewords and Nicknames

8BALL - Passive cyber network defense tool *

A
ATHENA - Ports Information tool
ATLAS - Geolocation and Network Information tool or database
ATOMIC BANJO - Special Source facility that collects http metadata for 102 Free File Upload (FFU) websites *

B
BABAR - French computer exploit used in the SNOWGLOBE program*
BLAZING SADDLES - CSE tool? *
BOLSHIE POSSUM - Question-focussed dataset related to mobile phone exploitation *

C
CASCADE - Joint project for harmonization of cyber sensor capabilities *
CASSIOPEIA - ? *
CATAPULT - Joint NSA-CSE prototype for exchanging SIGINT products between NSA and Second Party partners *
CHORDFLIER - Plugin for the WARRIORPRIDE CNE platform *
COEUS - WHOIS Information tool
CRAFTY SHACK - Analytics documentation *
CROSSBOW - Fast flux botnet detection system *
CRUCIBLE - "Throw-away" cyber threat detection sensor for metadata *

D
DANAUS - Reverse DNS tool or database
DOGHOUSE - Module for the WARRIORPRIDE/REPLICANTFARM platform (?)*

E
EONBLUE - Passive cyber threat detection platform, with over 200 sensors deployed across the globe *

F
FRETTING YETI - Mobile gateway identification analytic *
FRIARTUCK - VPN Events tool or database

G
GAZEBO - Internet access point *

H
HACIENDA - Mapping tool conducting port scans of Internet-connected devices, developed by GCHQ and also used by CSE, NSA, and ASD
HYPERION - Database for IP-IP Communication Summaries

I
ImplantDetector - Implant detection plugin for the WARRIORPRIDE CNE platform *
INDUCTION - Detection platform at gateways between domestic and international networks, with cloud distributed TS//SI processing for content and metadata *
INTOLERANT - Data set stolen by hackers, discovered and exploited by CSEC and Menwith Hill Station since 2010 *
IRASCIABLE HARE - GCHQ question-focussed dataset related to mobile phone exploitation *
IRASCIABLE RABBIT - GCHQ question-focussed dataset related to mobile phone exploitation *
IRRITANT HORN - Five Eyes pilot project for hacking target's phone connections to app stores in order to implant spyware *

J
JAZZFLUTE - ? *

L
LANDMARK - Covert infrastructure for Computer Network Operations *
LEVITATION - Behaviour-base target discovery program that tracks people downloading suspicious files from Free File Upload (FFU) websites *
LODESTONE - Scanning detection system *
LONGRUN -

M
MAKERSMARK (MM) - Russian government-sponsored hacker group *

N
NAMEDROPPER - DNS plugin for the WARRIORPRIDE CNE platform *

O
OLYMPIA - Network knowledge engine for discovering and identifying telephone and computer connections

P
PEITHO - Internet Events (metadata) database
PHOTONIC PRISM (P2) - Program for monitoring Canadian government networks *
PONYEXPRESS - E-mail scanning program *
POPQUIZ - Passive cyber network defense tool *
PROMETHEUS - Computer Network Operations Event Summaries

R
REPLICANTFARM - Computer Network Exploitation modules, output of the WARRIORPRIDE platform *
RootKitDetector - Rootkit detection plugin for the WARRIORPRIDE CNE platform *

S
SEEDSPHERE - Chinese global implant/malware framework conducting cyber attacks (against the Canadian government) *
SLINGSHOT - System to deliver intelligence reports to policy and decision makers
SLIPSTREAM - Machine reconaissance/target discovery plugin for the WARRIORPRIDE CNE platform *
SNIFFLE - Target tracking tool within the EONBLUE platform *
SNORT - Passive cyber network defence tool *
SNOWBALL - Spyware implants, part of SNOWGLOBE
SNOWGLOBE - Hacking operations against the US that may have originated in France *
SNOWMAN - Spyware implants, part of SNOWGLOBE
STRATOS - GPRS Events tool or database
SUNWHEEL - ? *
SUPERDRAKE - Some kind of cyber attacks *

T
THIRD-EYE - Detection platform at select sites, with Unclassified processing for metadata *
TITI - Developer user name used in the SNOWGLOBE program *
TRITON - Tool or database for TOR Nodes

W
WARRIORPRIDE (WP) - Scalable, flexible and portable unified CNE platform used throughout the Five Eyes; equivalent at GCHQ is DAREDEVIL.*
WORMWOOD - Network sniffing and characterization plugin for the WARRIORPRIDE CNE platform *

 

Abbreviations and Acronyms

C
CANSLO - Canadian Special Liaison Officer (in other 5 Eyes capitals)
CCI - Cyber CounterIntelligence (?) (CSE unit CNT1)
CCNE - Counter-CNE (CSE unit K0G)
CDA - Cyber Defence Activities
CDI - Chief of Defence Intelligence (of the DND)
CEO - Canadian Eyes Only
CF - Canadian Forces
CFCSU - Canadian Forces Crypto Support Unit
CFEWC - Canadian Forces Electronic Warfare Centre
CFS - Canadian Forces Station
CNE - Computer Network Exploitation
CNO - Computer Network Operations
CNT - Covert Network Threats (CSE directorate)
CSE - Communications Security Establishment
CSEC - Communications Security Establishment Canada (former name of CSE)
CSIS - Canadian Security Intelligence Service
CTEC - Cyber Threat Evaluation Centre
CWOC - CSE Web Operations Centre

D
DFAIT - Department of Foreign Affairs and International Trade
DIFTS - Domestic Interception of Foreign Telecommunications and Search (CSE-CSIS collaboration)
DLS - Directorate of Legal Services
DND - Department of National Defence
DONUTS - Discovery Of New Unidentified Threats

G
GC - Government of Canada
GCR - Government of Canada Requirement
GND - Global Network Detection (CSE unit GA4)
GOC - Government of Canada

I
ISI - Intelligence Source Identifier
ITS - IT Security

M
MA - Ministerial Authorization

N
NOC - Network Operations Centre
NRT - Near Real-time Tipping (?)
NSPL - National SIGINT Priorities List
NTAT - Network Tradecraft Advancement Team (Five Eyes working group)

O
OCSEC - Office of the CSE Commissioner
ORB - Operational Relay Box

R
RCMP - Royal Canadian Mounted Police

S
SA - Special Access
SCNet - Secure Channel Network
SI - Security Intelligence / Special Intelligence
SIRC - Security & Intelligence Review Committee
SLA - Support to Lawful Access (CSE-CSIS collaboration)
SME - Subject Matter Expert
SMO - Support to Military Operations
SRE - ?
SUSLOO - Special US Liaison Office Ottawa

T
TEXPRO - ?
TSSA - Top Secret SIGINT Access

W
WP - WARRIORPRIDE (see codewords listing)
WPID - WARRIORPRIDE IDentity (?)




Links and Sources
- Christopher Parsons: CSE Covernames/Programs and Suggested Use/Implementation
- Christopher Parsons: Summaries of disclosed CSE documents
- Weblog about Canadian SIGINT: Lux ex Umbra
- Crash course about the Canadian signals intelligence agency CSEC

1 comment:

Anonymous said...

PHOENIX - testing against publicly known TLS weaknesses

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties