Cryptome unveils Snowden Documents

Donate for the Cryptome archive of files from June 1996 to the present




10 February 2016. Add 99 pages to Boing Boing (released 2 February 2016). Tally now *6,318 pages of The Guardian first reported 58,000 files; caveat: Janine Gibson, The Guardian NY, said on 30 January 2014 “much more than 58,000 files in first part, two more parts” (no numbers) (tally about ~10.6%). DoD claims 1,700,000 files (~.04% of that released). ACLU lists 525 pages released by the press. However, if as The Washington Post reported, a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released. Note Greenwald claim on 13 September 2014 of having “hundreds of thousands” of documents. At Snowden current rate it will take 20-620 years to free all documents.

6 February 2016. (±) False Tallies-the Prisoner’s Dilemma?

2 February 2016. Add 14 pages to The Intercept.

23 December 2015. Add 7 pages to The Intercept

20 November 2015. Add 5 pages to Telesurtv and The Intercept.

28 September 2015. Add 21 pages to The Intercept.

24 September 2015. Add 283 pages to The Intercept.

15 August 2015. Add 74 pages to New York Times-Propublica.

11 August 2015. Add 29 pages to The Intercept.

3 August 2015. Add 10 pages to The Intercept.

16 July 2015. Add 8 pages to The Intercept.

1 July 2015. Add 1,240 pages to The Intercept.

26 June 2015. Add 13 pages to The Intercept.

22 June 2015. Add 250 pages to The Intercept.

13 June 2015. Italian journalist provides correspondence with USG on Snowden documents:

2015-1504.pdf offsite Stefania Maurizi-NSA Snowden Correspondence      June 13, 2015
2015-1503.pdf offsite Stefania Maurizi-DoJ Snowden Correspondence      June 13, 2015
2015-1502.pdf offsite Stefania Maurizi-State Snowden Correspondence    June 13, 2015

12 June 2015. Paul and FVEYDOCS tweet: off the Record:

12 June 2015. Aeris tweets: PDF.

12 June 2015. Christopher Parsons writes:

Saw your tweet re: sources for Snowden docs. I’ve compiled all the relevant Canadian documents, along with summary information of the documents’contents along with indexing information, here:

In the coming months I’m hoping to have equivalent summaries for Australia and New Zealand (and will then be moving on to do similar summary work for US- and UK-based documents).

12 June 2015. Snowden documents compilations (plus this one):

If all documents are free somewhere please send pointer to: cryptome[at]

12 June 2015. Add 4 pages to The Intercept.

4 June 2015. Add 91 pages to The New York Times.

28 May 2015. Add 23 pages to The Intercept.

22 May 2015. Add 26 pages to CBC (with The Intercept).

21 May 2015. Edward Snowden was quoted in Forbes on May 10, 2015:

“What I did was that I worked in partnership with the journalists who received the material. As a condition of receiving the material they agreed, prior to publication, to run these stories by the government. Not for the government to censor them, but for the government to be able to look at these and go “look, this isn’t going to get anybody killed, this isn’t going to put a human agent behind enemy lines at risk” or something like that. “This isn’t going to make Al Qaeda be able to bomb buildings.” And I think the value of this model has been proven to be quite effective.”

This indicates all stories about document releases have been “run-by governments prior to publication.” Cryptome has filed an FOIA request to NSA for records of these “run-bys.”

21 May 2015. Add 10 pages to The Intercept.

19 May 2015. Add 19 pages to The Intercept.

18 May 2015. Add 6 pages to The Intercept.

8 May 2015. Add 40 pages to The Intercept.

5 May 2015. Add 46 pages to The Intercept.

2 April 2015. Add 7 pages to The Intercept.

30 March 2015. Snowden documents archive by The Courage Foundation:

24 March 2015. Add 152 pages to CBC News.

14 March 2015. Add 2 pages to New Zealand Herald.

10 March 2015. Add 12 pages to The Intercept. Add 8 pages to New Zealand Herald.

8 March 2015. Add 35 pages to New Zealand Star Times.

6 March 2015. Add 4 pages to New Zealand Herald.

5 March 2015. Snowden Archive, searchable:

5 March 2015. Add 6 pages to New Zealand Herald.

19 February 2015. Add 32 pages to The Intercept.

10 February 2015. Add 2 pages to The Intercept.

5 February 2015. Add 3 pages to The Intercept.

4 February 2015. Add 5 pages to The Intercept.

30 January 2015. Compilation of Snowden documents:

[Repost] 4 April 2014. ACLU offers NSA documents search:


If more lists please send: cryptome[at]

28 January 2015. Add 21 pages to CBC News.

26 January 2015. Add Citizenfour Snowden Documentary High-Definition, with innumerable images, by Cryptome.

25 January 2015. Add Citizenfour Snowden Documentary by Cryptome, with innumerable images, some 87 extracted by Paul Dietrich in following entry.

22 January 2015. Add 87 pages to Paul Dietrich (via Citizenfour).

17 January 2015. Add 199 pages to Der Spiegel.

28 December 2014. Add 666 pages to Der Spiegel.

22 December 2014. Add 1 page to New York Times.

13 December 2014. Add 67 pages to The Intercept.

4 December 2014. Add 63 pages to The Intercept.

25 November 2014. Add 72 pages to Süddeutsche Zeitung.

6 November 2014. At current rate of release it will take 31 to 908 years for full disclosure.

10 October 2014. Add 69 pages to The Intercept.

17 September 2014. Add 2 pages to The Intercept.

14 September 2014. Add 68 pages to Der Spiegel.

13 September 2014. In video Glenn Greenwald claims to have “hundreds of thousands” of documents (at 9:06 min)

Audio excerpt:

5 September 2014. Add 32 pages to The Intercept.

31 August 2014. Add 34 pages to Der Spiegel.

25 August 2014. Add 55 pages to The Intercept.

16 August 2014. Add 26 pages to Heise.

12 August 2014. Add 6 pages to The Intercept.

5 August 2014. Add 12 pages to The Intercept.

4 August 2014. Add 23 pages to The Intercept.

25 July 2014. Add 4 pages to The Intercept.

14 July 2014. Add 8 pages to The Intercept.

14 July 2014. “I’m as mad as hell and I’m not going to take this anymore!”

Cryptome has sent a demand for accounting and public release specifics to holders of the Snowden documents: New York Times, Washington Post, The Guardian, Barton Gellman, Laura Poitrias, Glenn Greenwald, ACLU, EFF and John and Jane Does, US Citizens:

11 July 2014. See related essay, Open the Snowden Files, Krystian Woznicki, 11July 2014:


11 July 2014. @PaulMD notes this claim in the Washington Post, 11 July 2014:

We did not have an official NSA list of targets. We had to find them in the pile ourselves. Soltani, an independent researcher, did most of the heavy lifting on that. Because the information was not laid out in rows and columns, the way it might be in a spreadsheet, Soltani wrote computer code to extract what we were looking for from something like a quarter-million pages of unstructured text.

If a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released.

9 July 2014. Add 8 pages to The Intercept.

9 July 2014. Add 1 page to Washington Post.

23 June 2014. Add 9 pages to Der Spiegel.

22 June 2014. Add 41 pages to Information-The Intercept.

Revised. This is included in entry above. 18 June 2014. Add 20 pages to The Intercept.

18 June 2014. Add 200 pages to Der Spiegel.

16 June 2014. Add 4 pages to Der Spiegel.

1 June 2014. Add 4 pages to New York Times.

23 May 2014. Cryptome placed online No Place to Hide, 310 pages, to compensate for failure to release Snowden documents: (27MB)

19 May 2014. The Intercept released 12 pages.

13 May 2014. Glenn Greenwald released 107 pages, some new, some previously published, some full pages, some page fragments.

5 May 2014. Related tally of redactions of Snowden releases:

30 April 2014. Add 19 pages to The Intercept.

30 April 2014. Add 2 pages to Dagbladet belatedly.

5 April 2014. Add 21 pages to The Intercept.

4 April 2014. ACLU offers NSA documents search:


If more lists please send: cryptome[at]

2 April 2014.

29 March 2014. Add 1 page to Der Spiegel.

22 March 2014. Add 3 pages to Der Spiegel.

22 March 2014. Add 2 pages to New York Times.

21 March 2014. Add 7 pages to Le Monde.

20 March 2014. Add 6 pages to The Intercept.

18 March 2014. Add 4 pages to Washington Post.

13 March 2014. Add 1 page to The Intercept.

12 March 2014. Add 35 pages to The Intercept.

12 March 2014. Add 62 pages to New York Times. Add 2 pages to NRC Handelsblad.

7 March 2014. Add 8 pages to The Intercept.

27 February 2014. Add 3 pages to Guardian.

25 February 2014. Add 11 pages to NBC News.

24 February 2014. Add 4 pages to The Intercept.

24 February 2014. Add *50 pages to The Intercept (7 pages are duplicates of GCHQ Psychology).

18 February 2014. Add *45 pages to The Intercept (37 pages are duplicates of release by NBC News).

Note: Between 10-17 February 2014, The Intercept disclosed fragments of Snowden pages and the New York Times referenced some but as far as known did not release them in full. If available please send link.

10 February 2014. Add 1 page to NRC Handelsblad (via

7 February 2014. Add 15 pages NBC News.

5 February 2014. Add 14 pages NBC News.

31 January 2014. Add 27 pages to CBC News.

27 January 2014. Add 47 pages to NBC News.

27 January 2014. Add 18 pages to Anonymous via New York Times.

16 January 2014. Add 8 pages to The Guardian.

* 14 January 2014. Add 21 pages to (duplicate).

* 13 January 2014. Add 4 pages to (duplicate).

Related Snowden Document and Page Count Assessment:

* 5 January 2014. Add 16 pages to Der Spiegel (30 December 2013. No source given for NSA docs). Tally now *962 pages (~1.7%) of reported 58,000. NSA head claims 200,000 (~.50% of that released).

4 January 2014. The source was not identified for *133  pages published by Der Spiegel and Jacob Appelbaum in late December 2013. They are included here but have not been confirmed as provided by Edward Snowden. Thanks to post by Techdirt.

Glenn Greenwald tweeted:

Glenn Greenwald @ggreenwald, 8:05 AM – 29 Dec 13@Cryptomeorg @ioerror I had no involvement in that Spiegel article, ask them – and they don’t say those are Snowden docs.

Matt Blaze tweeted, 11:24 AM – 2 Jan 14

matt blaze @mattblazeIf there are other sources besides Snowden, I hope journalists getting docs are careful to authenticate them (& disclose uncertainty).

3 January 2014. Add 13 pages to Washington Post.

3 January 2014. See also EFF, ACLU and LeakSource accounts:

2 January 2014. Add 1 page to Washington Post published 10 July 2013.

* 31 December 2013. Add 16 pages to Der Spiegel.

* 30 December 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum (no source given for NSA docs).

* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum (no source given for NSA docs).

* 30 December 2013. Add 42 pages (8 duplicates) to Der Spiegel (no source given for NSA docs).

* 29 December 2013. Add 4 pages to Der Spiegel (no source given for NSA docs).

24 December 2013. Add 2 pages to Washington Post.

23 December 2013

We’ve yet to see the full impact of former National Security Agency contractor Edward Snowden’s unauthorized downloading of highly classified intelligence documents.

Among the roughly 1.7 million documents he walked away with — the vast majority of which have not been made public — are highly sensitive, specific intelligence reports, as well as current and historic requirements the White House has given the agency to guide its collection activities, according to a senior government official with knowledge of the situation.

The latter category involves about 2,000 unique taskings that can run to 20 pages each and give reasons for selective targeting to NSA collectors and analysts. These orders alone may run 31,500 pages.

13 December 2013. Add 26 pages to Trojkan (SVT). Tally now 797 pages (~1.4%) of reported 58,000. NSA head claims 200,000 (~.40% of that released). Australia press reports “up to 20,000 Aussie files.”

Rate of release over 6 months, 132.8 pages per month, equals 436 months to release 58,000, or 36.3 years. Thus the period of release has decreased in the past month from 42 years.

12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington Post.

21 November 2013. See also EFF and ACLU accounts:

Timeline of releases:

[See tabulation below for full timeline.]

5 October 2013

26 Years to Release Snowden Docs by The Guardian

Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen releases over four months, an average of 48 pages per month, or 1.28% of the total. At this rate it will take 26 years for full release.

Number Date Title Pages

The Guardian 276
27 February 2014 GCHQ Optic Nerve 3
21 16 January 2014 SMS Text Messages Exploit 8
20 9 December 2013 Spying on Games 2
18 18 November 2013 DSD-3G 6
19 1 November 2013 PRISM, SSO
SSO1 Slide
SSO2 Slide
18 4 October 2013 Types of IAT Tor 9
17 4 October 2013 Egotistical Giraffe 20*
16 4 October 2013 Tor Stinks 23
15 11 September 2013 NSA-Israel Spy 5
14 5 September 2013 BULLRUN 6*
13 5 September 2013 SIGINT Enabling 3*
12 5 September 2013 NSA classification guide 3
11 31 July 2013 XKeyscore 32
10 27 June 2013 DoJ Memo on NSA 16
9 27 June 2013 Stellar Wind 51
8 21 June 2013 FISA Certification 25
7 20 June 2013 Minimization Exhibit A 9
6 20 June 2013 Minimization Exhibit B 9
5 16 June 2013 GCHQ G-20 Spying 4
4 8 June 2013 Boundless Informant FAQ 3
3 8 June 2013 Boundless Informant Slides 4
2 7 June 2013 PPD-20 18
1 5 June 2013 Verizon 4

Washington Post 297
9 July 2014 NSA Emails 1
18 March 2014 NSA SCALAWAG 2
18 March 2014 NSA MYSTIC 2
2 January 2014 Quantum Computer 2 10
2 January 2014 Quantum Computer 3
23 December 2013 NSA/CSS Mission 2
11 December 2013 Excessive Collection 9
11 December 2013 SCISSORS 2 7
11 December 2013 SCISSORS 1 4
11 December 2013 Yahoo-Google Exploit 6
11 December 2013 Cable Spying Types 7
11 December 2013 WINDSTOP 1
11 December 2013 Co-Traveler 24
11 December 2013 GSM Tracking 2
11 December 2013 SIGINT Successes 4
11 December 2013 GHOSTMACHINE 4
5 December 2013 Target Location 1
4 December 2013 FASCIA 2
4 December 2013 CHALKFUN 1
26 November 2013 Microsoft a Target? 4
4 November 2013 WINDSTOP, SSO, Yahoo-Google 14
30 October 2013 MUSCULAR-INCENSOR Google and Yahoo 4
14 October 2013 SSO Overview 4
14 October 2013 SSO Slides 7
14 October 2013 SSO Content Slides 9
4 October 2013 Tor 49
4 October 2013 EgotisticalGiraffe 20*
4 October 2013 GCHQ MULLENIZE 2
4 October 2013 Roger Dingledine 2
30 August 2013 Budget 17
10 July 2013 PRISM Slide 1
29 June 2013 PRISM 8
20 June 2013 Warrantless Surveillance 25*
7 June 2013 PPD-20 18*
6 June 2013 PRISM 1

Der Spiegel * 1,278
17 January 2015 NSA Prepares for Cyber Battle 199
28 December 2014 NSA Attacks on VPN, SSL, TLS, SSH, Tor 197MB 666
14 September 2014 GCHQ STELLAR 26
14 September 2014 NSA Treasure Map 38
14 September 2014 NSA Treasure Map New 4
31 August 2014 NSA GCHQ Spy Turkey 34
23 June 2014 NSA German SIGADs 9
18 June 2014 NSA German Spying-2 200
16 June 2014 NSA German Spying 4
29 March 2014 NSA Spy Chiefs of State 1
31 December 2013 QFIRE * 16
30 December 2013 TAO Introduction * 16
30 Deceber 2013 QUANTUM Tasking (8 duplicates of QUANTUMTHEORY) 28*
30 December 2013 QUANTUMTHEORY 14
29 December 2013 TAO ANT COTTONMOUTH (images)
(DE article)
29 October 2013 NSA-CIA SCS 3
27 October 2013 NSA-CIA SCS 2
20 October 2013 Mexico President 1
20 September 2013 Belgacom 3
16 September 2013 SWIFT 3
9 September 2013 Smartphones 5
1 September 2013 French Foreign Ministry 0
31 August 2013 Al Jazeera 0

O Globo Fantastico ~87
7 October 2013 CSE Brazil Ministry 7
8 September 2013 Petrobas ~60
3 September 2013 Brazil and Mexico 20

New York Times 216
15 August 2015 NSA SSO Fairview Stormbrew Blarney (with Propublica) 74
4 June 2015
4 June 2015
NSA Expands Phone Spying at Borders
NSA Expands Phone Spying at Borders 2
22 December 2014 NSA Tracks Zarrar Shah 1
1 June 2014 NSA Identity Spying 4
22 March 2014 NSA Huawei SHOTGIANT 2
12 March 2014 NSA Stellarwind Classification
NSA FISA FAA Classification
AG Dissemination
NSA Cryptanalyist FISA Database
NSA Spying Timeline
9 December 2013 Spying on Games 82*
23 November 2013 SIGINT Strategy 2012-2016 5
3 November 2013 SIGINT Mission 2013SIGINT Mission 2017 22
28 September 2013 Contact Chaining Social Networks 1
28 September 2013 SYANPSE 1
5 September 2013 BULLRUN 4*
5 September 2013 SIGINT Enabling 3*

ProPublica 163*
15 August 2015 NSA SSO Fairview Stormbrew Blarney (with NY Times) 74*
9 December 2013 Spying on Games 82*
5 September 2013 BULLRUN 4*
5 September 2103 SIGINT Enabling 3*

Le Monde 20
21 March 2014 CSE SNOWGLOBE 7
25 October 2013 NSA Hosts FR Spies 4
22 October 2013 Wanadoo-Alcatel 1
22 October 2013 Close Access Sigads 2
22 October 2013 Boundless Informant 2
22 October 2013 PRISM 11

Dagbladet 15
April 2014
December 2013
Norway Assistance 2
19 November 2013 BOUNDLESSINFORMANT 13

NRC Handelsblad 7
12 March 2014 NSA Aids Dutch Anti-Piracy 2
8 February 2014 MIVD BoundlessInformant
Cryptome mirror
30 November 2013 Dutch SIGINT 3
23 November 2013 SIGINT Cryptologic Platform 1

Huffington Post 3
27 November 2013 Muslim Porn Viewing 3

CBC 214
22 May 2015 US-UK-CA-AU-NZ Cellphone Spying 26*
24 March 2015 CSEC Cyber Threats 152
28 January 2015 CSE LEVITATION-FFU Project 21
30 January 2014 CSEC IP Profiling 27
10 December 2013 NSA-CSEC Partnership 1
10 December 2013 G8-G20 Spying 4*
2 December 2013 G8-G20 Spying 3
29 November 2013 G8-G20 Spying 1

The Globe and Mail 18
30 November 2013 CSEC Brazil Spying 18*

SVT (Swedish TV) 2
5 December 2013 Sweden Spied Russia for NSA 2

L’Espresso 3
6 December 2013 NSA Spies Italy 3

Trojkan (SVT) 29
11 December 2013 NSA Sweden FRA Relationship 1*
11 December 2013 NSA 5 Eyes Partners 1
11 December 2013 NSA Sweden FRA Agenda 8
11 December 2013 NSA Sweden FRA RU Baltic 1
11 December 2013 NSA GCHQ Sweden FRA COMINT 1
11 December 2013 NSA Sweden FRA  XKeyscore Plan 5
11 December 2013 NSA Sweden FRA XKeyscore Sources 1
11 December 2013 NSA Sweden FRA XKeyscore Tor et al 3
11 December 2013 NSA Sweden FRA XKeyscore Slide 1
11 December 2013 NSA Sweden FRA Quantum 1 1
11 December 2013 GCHQ Sweden FRA Quantum 1
11 December 2013 NSA Sweden FRA Quantum Accomplishments 2
9 December 2013 NSA and Sweden Pact 3*

Jacob Appelbaum * 71
30 December 2013 NSA Catalog * 50
30 December 2013 NSA Catalog Video Clips * 21 63*
19 June 2014 NSA Partners 41*
14 January 2014 SSO (duplicate) 7*
14 January 2014 PRISM (duplicate) 11*
13 January 2014 5-Eyes Spy G8-G20 (duplicate) 4*

New York Times
27 January 2014 NSA Smartphones Analysis 14
27 January 2014 GCHQ Mobile Theme 4

NBC News 87
25 February 2014 GCHQ Cyber Effects 11
7 February 2014 GCHQ Cyber Attack 15
5 February 2014 GCHQ Anonymous 14
27 January 2014 GCHQ Squeaky Dolphin 47

The Intercept 2,704*
2 February 2016 UAV Programs 14
23 December 2015 NSA-GCHQ Juniper 7
17 November 2015 NSA SCS Venezuela 5
28 September 2015 NSA Rogue Olympics 21
24 September 2015 NSA-GCHQ 29 Documents 283
11 August NSA SIGINT Philosopher 29
16 July 2015 NSA Manhunting 8
1 July 2015 NSA XKeyscore and More 1,264
26 June 2015 NSA on NYT Warrantless Wiretap Story 13
22 June 2015 GCHQ 11 Filles 250
12 June 2015 NSA SID Hacker Interview 4
28 May 2015 NSA SID Today 23
22 May 2015 US-UK-CA-AU-NZ Cellphone Spying 26*
21 May 2015 NSA Medical Spying 10
19 May 2015 NSA SID NATO 19
18 May 2015 JTAC Attack Methodology 3
18 May 2015 NCTC Major Terrorism Figures 1
18 May 2015 Black Budget Bin Laden Raid 2
8 May 2015 NSA SKYNET 40
5 May 2015 NSA Black Budget SID RT10 WG Language 46
2 April 2015 NSA GCHQ JTRIG Argentina-Iran 7
10 March 2015 NSA Apple DPA Cryptanalysis 12
19 February 2015 GCHQ PCS Harvesting At Scale 32
10 February 2015 NSA Iran GCHQ 2
5 February 2015 DNI NATO Cyber Panel 3
4 February 2015 GCHQ Lovely Horse et al 5*
13 December 2014 GCHQ Belgacom Hack 67
4 December 2014 NSA AURORA GOLD et al 63
10 October 2014 10 NSA Releases
Computer Network Exploitation Declass
National Initiative Task Security 2
National Initiative Task Security 1
Exceptionally Controlled Info Compartments
Exceptionally Controlled Info Pawleys
Exceptionally Controlled Information
Sentry Eagle 2
Sentry Eagle 1
Tarex Classification Guide
Whipgenie Classification Guide
17 September 2014 NSA Visit by NZ Spy 2
5 September 2014 Masterspy Quadrennial Report 2009 32
25 August 2014 NSA ICREACH 55
12 August 2014 GCHQ Covert Mobile Phones Policy 6
5 August 2014 NCTC Terrorist Identifies 12
4 August 2014 US-NSA Pays Israel $500,000 2
4 August 2014 NSA-Israel Spying Pact 2013 3
4 August 2014 Israel-US Spying Pact 1999 16
25 July 2014 NSA Saudi Arabia 4
14 July 2014 NSA JTRIG Tools-Techniques 8
9 July 2014 NSA FISA Accounts 8
19 June 2014 NSA Partners 41*
19 May 2014 12 Various Pages 12
NSA Visit by GCHQ Lobban
PRISM with Olympics
4 April 2014 GCHQ Full Spectrum Cyber
NSA 5-Eyes SIGDEV Conference
20 March 2014 NSA Hunt Sysadmins 6
13 March 2014 NSA Third Party 1
12 March 2014 NSA HammerchantNSA UK on Mikey and Ibake

NSA Turbine and Turmoil

NSA Thousands of Implants

NSA More Than One Way

NSA GCHQ Quantumtheory

NSA Selector Types

NSA Quantum Insert

NSA Analysis of Converged Data

NSA Phishing and MTM Attacks

NSA Menwith Hill xKeyscore

NSA Industry Exploit

NSA 5 Eyes Hacking













7 March 2014 NSA Ask Zelda 8
24 February 2014 GCHQ Disruption 4
24 February 2014 GCHQ Online Deception
(7 pages duplicates of GCHQ Psychology)
18 February 2014 GCHQ Psychology37 Duplicates of NBC News *44
18 February 2014 NSA-GCHQ Discovery 1
Glenn Greenwald
13 May 2014 A variety of documents 107
Cryptome 310
26 January 2015 Citizenfour Snowden Documentary High Definition (7-Zip MP4) (3.6GB) ~
25 January 2015 Citizenfour Snowden Documentary (7-Zipped MP4) (1.2GB) ~
23 May 2014 No Place to Hide (27MB) 310
Heise 26
16 August 2014 NSA GCHQ CSEC HACIENDA 26
Süddeutsche Zeitung 7
25 November 2014 Vodafone GCHQ Cables List and Slides 72
Paul Dietrich
22 January 2015 87 Citizenfour Screengrabs 87
New Zealand Herald 20
14 March 2015 GCSB Targets Solomons 2
10 March 2015 NSA-New Zealand Relationship 8
6 March 2015 GCSB XKeyscore 2 4
5 March 2015 GCSB XKeyscore 6
New Zealand Star Times 35
8 March 2015 GCSB XKeyscore 3 35
17 November 2015 NSA SCS Venezuela 5*
Boing Boing
2 February 2016 GCHQ Malware 99


TOP-SECRET – NSA SHARKSEER Program Zero-Day Net Defense Presentation

Page Count: 12 pages
Date: September 2015
Restriction: None
Originating Organization: National Security Agency
File Type: pdf
File Size: 1,653,564 bytes
File Hash (SHA-256): 156ED749C29E087C5698C8843C3FB39458A7F960C616EE12FE60818968DB068D

Download File


Program Definition: Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by leveraging, dynamically producing, and enhancing global threat knowledge to rapidly protect the networks.


IAP Protection: Provide highly available and reliable automated sensing and mitigation capabilities to all 10 DOD IAPs. Commercial behavioral and heuristic analytics and threat data enriched with NSA unique knowledge, through automated data analysis processes, form the basis for discovery and mitigation.

Cyber Situational Awareness and Data Sharing: Consume public malware threat data, enrich with NSA unique knowledge and processes. Share with partners through automation systems, for example the SHARKSEER Global Threat Intelligence (GTI) and SPLUNK systems. The data will be shared in real time with stakeholders and network defenders on UNCLASSIFIED, U//FOUO, SECRET, and TOP SECRET networks.

NSA-Sharkseer_Page_04 NSA-Sharkseer_Page_05 NSA-Sharkseer_Page_06 NSA-Sharkseer_Page_07 NSA-Sharkseer_Page_08 NSA-Sharkseer_Page_09

Opinion – NSA Chief Expects More Cyberattacks Like OPM Hack


The U.S. should brace itself for more attacks like one on the U.S. Office of Personnel Management—in which millions of sensitive government records were stolen, the director of the National Security Agency warned on Wednesday

The U.S. government last week said that two cyberattacks on the agency compromised more than 21 million Social Security numbers, 1.1 million fingerprint records, and 19.7 million forms with data that could include a person’s mental-health history.

“I don’t expect this to be a one-off,” said Navy Adm. Mike Rogers, who heads the NSA and the U.S. military’s Cyber Command.

The incident is causing the government to review cybersecurity policies, he added. “As we are working through the aftermath of OPM,” Adm. Rogers said one of the questions is “what is the right vision for the way forward in how we are going to deal with things like this.”

Cyber Command, though responsible for protecting Defense Department networks, wasn’t charged with defending the Office of Personnel Management’s system, he added.

Director of National Intelligence James Clapper last month said China is suspected to be behind the hack.

Adm. Rogers likened the hacking of U.S. government records to last year’s attack on Sony Pictures Entertainment, which revealed sensitive company information. He said such events required a governments and companies to step back and review procedures.

Adm. Rogers was speaking at the London Stock Exchange as part of an outreach effort to the financial sector to raise awareness of cybersecurity threats.

“We are in a world now where, despite your best efforts, you must prepare and assume that you will be penetrated,” he told the group. “It is not about if you will be penetrated, but when,” he said.

David Omand, the former head of the U.K. Government Communications Headquarters, said at the event that the average cost of a breach on U.S. companies is around $20 million. U.K. figures suggest a lower cost, though he said those may be too conservative.

Adm. Rogers said companies and the government needed to work together to protect networks. “Cyber to me is the ultimate partnership. There is no single entity out there that is going to say: ’don’t worry, I’ve got this.’”


Exposed – New details about the joint NSA-BND operation Eikonal

Under operation Eikonal, the NSA cooperated with the German foreign intelligence service BND for access to transit cables from Deutsche Telekom in Frankfurt. Here follows an overview of what is known about this operation so far. New information may be added as it comes available.


Initial reporting

Operation Eikonal was revealed by the regional German paper Süddeutsche Zeitung and the regional broadcasters NDR and WDR on October 4, 2014. They reported that between 2004 and 2008, the German foreign intelligence service BND had tapped into the Frankfurt internet exchange DE-CIX and shared the intercepted data with the NSA.

For this operation, NSA provided sophisticated interception equipment, which the Germans didn’t had but were eager to use. Interception of telephone traffic started in 2004, internet data were captured since 2005. Reportedly, NSA was especially interested in communications from Russia.

To prevent communications of German citizens being passed on to NSA, BND installed a special program (called DAFIS) to filter these out. But according to the reporting, this filter didn’t work properly from the beginning. An initial test in 2003 showed the BND that 5% of the data of German citizens could not be filtered out, which was considered a violation of the constitution.

Süddeutsche Zeitung reported that it was Deutsche Telekom AG (DTAG) that provided BND the access to the Frankfurt internet exchange, and in return was paid 6000,- euro a month. But as some people noticed, Deutsche Telekom was not connected to DE-CIX when operation Eikonal took place, so something didn’t add up.

As we will see, this was right, and the actual cable tap was not at DE-CIX, but took place at Deutsche Telekom. Nonetheless, many press reports still link Eikonal to the DE-CIX internet exchange.

Operations center room in the former BND headquarters in Pullach
(Photo: Martin Schlüter – Click to enlarge)

Eikonal as part of RAMPART-A

As was first reported by this weblog on October 15, 2014, operation Eikonal was part of the NSA umbrella program RAMPART-A, under which the Americans cooperate with 3rd Party countries who “provide access to cables and host U.S. equipment”.

Details about the RAMPART-A program itself had already been revealed by the Danish newspaper Information in collaboration with The Intercept on June 19, 2014. The program reportedly involved at least five countries, but so far only Germany and, most likely, Denmark have been identified.

On October 20, Information published about a document from NSA’s Special Source Operations (SSO) division, which confirms that an operation codenamed “EIKANOL” was part of RAMPART-A and says it was decommissioned in June 2008.

The slide below shows that under RAMPART-A a partner country taps an international cable at an access point (A) and then forwards the data to a joint processing center (B). Equipment provided by the NSA processes the data and analysts from the host country can then analyse the intercepted data (C), while they are also forwarded to NSA sites in the US (D, E):

Parliamentary hearings

Because of the confusion about the role of Deutsche Telekom in operation Eikonal, the NSA investigation commission of the German parliament (NSAUA) decided to also investigate whether this company assisted BND in tapping the Frankfurt internet exchange.

During hearings of BND officials it became clear that operation Eikonal was not about tapping into the Frankfurt internet exchange DE-CIX, but about one or more cables from Deutsche Telekom. This was first confirmed by German media on December 4, 2014.

Hearing of November 6, 2014 (Live-blog)

According to witness T.B., who was heard on on November 6, 2014, it was just during the test period that the filter system was only able to filter out 95% of German communications. When the system went live, this percentage rose to 99% with a second stage that could filter out even more than 99%. When necessary, a final check was conducted by hand.

Hearing of November 13, 2014 (Live-blogOfficial transcript)

During this hearing, the witness W.K. said that Eikonal was a one of a kind operation, there was targeted collection from traffic that transited Germany from one foreign country to another.

This was focussed on Afghanistan and anti-terrorism. Selected data were collected and forwarded to NSA. The internal codename for Eikonal was Granat, but that name wasn’t shared with NSA. There was even a third codename.

For Germany, Eikonal was useful because it provided foreign intelligence for protecting German troops and countering terrorism. The NSA provided better technical equipment that BND didn’t had. In return, BND provided NSA with data collected from transit traffic using search profiles about Afghanistan and anti-terrorism. BND was asked to cooperate because NSA isn’t able to do everything themselves.

Eikonal provided only several hundred useful phone calls, e-mail and fax messages a year, which was a huge disappointment for NSA. This, combined with the fact that it proved to be impossible to 100% guarantee that no German data were collected and forwarded, led BND to terminate the program.

For Eikonal, the cable traffic was filtered by using selectors provided by both NSA and BND. Although not all selectors can be attributed to a particular country and there may have been up to several hundred thousand selectors, witness W.K. said that BND was still able to check whether every single one was appropriate: only selectors that could be checked were used.

Hearing of December 4, 2014 (Live-blogOfficial transcript)

During this hearing, BND-employee S.L., who was the project manager of operation Eikonal at BND headquarters, testified. He told that BND had rented two highly secured rooms of ca. 4 x 6 meters in the basement of a Deutsche Telekom switching center in the Frankfurt suburb Nied.

These rooms were only accessible for BND personnel and contained the front-end of the interception system, existing of 19 inch racks, with telecommunications equipment like multiplexers, processors and servers. These devices were remotely controlled from the headquarters in Pullach.*

Based upon analysis of public information about telecommunication networks, BND choose specific cables that would most likely contain traffic that seemed useful for the goals of the operation. It became clear that for redundancy purposes, cables only used 50% of their capacity. For example, 2 cables of 10 Gbit/s carried only 5 Gbit/s of traffic, so in case of a disruption, one cable could take over the traffic of the other one.

The switching center of Deutsche Telekom in Frankfurt-Nied
where some cables were tapped under operation Eikonal
(Screenshot: ZDF Frontal21 – Click to enlarge)

After a specific coax or fiber-optic cable had been selected, technicians of Deutsche Telekom installed a splitter and a copy of the traffic was forwarded to one of the secure rooms, where it was fed into a (de-)multiplexer or a router so the signal could be processed. After they got rid of the peer-to-peer and websurfing traffic, the remaining communications data, like e-mail, were filtered by selectors from BND and NSA.

The selected data were sent back to BND headquarters in Pullach over a leased commercial line, of which the capacity was increased after the internet collection became fully operational. From Pullach to the JSA in Bad Aibling there was a 2 Mbit/s line.


Eikonal started with access to a telephone cable (Leitungsvermittelt). Project manager S.L. told that the first cable was connected (aufgeschaltet) in December 2004, but that it’s signal was too weak. Therefore, in January 2005, an amplifier was installed.

In February, March and April additional cables were connected, so telephony collection started in the spring of 2005. By the end of 2006, Deutsche Telekom announced that its business model for dedicated transit cables would be terminated, so in January 2007 the telephone collection ended.*

BND also wanted access to internet traffic (Paketvermittelt), for which the first cable became available by the end of 2005, but because the backlink was missing, collection was technically not possible. This was solved in 2006, and in the spring of 2006 a second cable was added, and they tested the front-end system and subsequently the filter systems until mid-2007 (Probebetrieb).

During this stage, data were only forwarded to the joint NSA-BND unit JSA after a manual check. Fully automated forwarding only happened from late 2007 until operation Eikonal was terminated in June 2008 (Wirkbetrieb).*

Legal issues

The collection of telephone communications from transit cables was done under the general authority of the BND Act, with details specified in the “Transit Agreement” between BND and Deutsche Telekom, which for the latter was signed by Bernd Köbele.

For the collection of internet data it was impossible to fully separate foreign and domestic traffic, so it couldn’t be ruled out that German communications were in there too. Therefore, BND requested an order from the G10-commission, which, like the FISA Court in the US, has to approve data collection when their own citizens could be involved.

A G10-order describes the communication channel (Germany to/from a specific foreign country) that BND is allowed access to, the threat profile and it also authorizes the search terms that may be used for filtering the traffic.*

Such an order allows the collection of G10-data (communications with one end German), which were processed within BND’s separate G10 Collection program. As a bycatch, this G10-interception also yielded fully foreign traffic (Routine-Verkehre), which was used for operation Eikonal:

Some employees from Deutsche Telekom and from BND had doubts about the legality of this solution, which seemed to use a G10-order as a cover for getting access to fully foreign internet traffic.

Eventually, the federal Chancellery, apparently upon request of the BND, issued a letter saying that the operation was legal. This convinced the Telekom management and the operation went on. It didn’t become clear under what authority this letter was issued.

After BND had learned how to collect internet traffic from fiber-optic cable, it applied for G10-orders to intercept (one end German) communications from 25 foreign and domestic internet service providers in 2008. This time these cables were being tapped at the DE-CIX internet exchange, which is also in Frankfurt.


The collection under operation Eikonal resulted in only a few hundred intelligence reports (German: Meldungen) a year, each consisting of one intercepted e-mail, fax message or phone call. These were burned onto a CD to hand them over to NSA personnel at the JSA.*

According to S.L., metadata (containing up to 91 fields) were “cleaned” so only technical metadata (Sachdaten) were forwarded to the JSA, where they were used for statistical and analytical purposes.

Personal metadata (personenbezogene Daten), like e-mail and IP addresses were not shared. Technical metadata are for example used to identify the telecommunication providers, transmission links and the various protocols.

Hearing of December 18, 2014 (Live-blogOfficial transcript)

During this hearing, a talkative general Reinhardt Breitfelder, head of the SIGINT division from 2003-2006, confirmed many of the details from the earlier hearings of his subordinates. He also gave impressions of the dilemmas in dealing with the NSA and what to do with the equipment they provide.

Hearing of January 15, 2015 (Live-blogOfficial transcript)

In this hearing, the commission questioned two employees from Deutsche Telekom (Harald Helfrich and Wolfgang Alster), but they provided very little new information, except for that Deutsche Telekom personnel only knows between which cities a cable runs, but they don’t know what kind of traffic it contains – they are not allowed to look inside.

A room where hearings of the parliamentary committee take place
(photo: DPA)

Disclosures from Austria

On May 15, 2015, Peter Pilz, member of the Austrian parliament for the Green party, disclosed an e-mail from an employee of the Deutsche Telekom unit for lawful intercept assistance (Regionalstelle für staatliche SonderAuflagen, ReSa), who notified someone from BND that apparently a particular fiber-optic cable had been connected to the interception equipment. The e-mail describes this cable as follows:

Transit STM1 (FFM 21 – Luxembourg 757/1), containing 4 links of 2 Mbit/s:

Channel 2: Luxembourg/VG – Wien/000 750/3
Channel 6: Luxembourg/CLUX – Moscow/CROS 750/1
Channel 14: Ankara/CTÜR – Luxembourg/CLUX 750/1
Channel 50: Luxembourg/VG – Prague/000 750/1

STM1 stands for Synchronous Transport Module level-1, which designates a transmission bit rate of 155,52 Mbit/second. A similar multiplexing method is Wavelength-Division Multiplexing (WDM) commonly used in submarine fiber-optic cables. The latter having a much larger capacity, generally STM-64 or 9,5 Gbit/second.

The number 757 is a so-called Leitungsschlüsselzahl (LSZ), which denotes a certain type of cable. In this case it stands for a channelized STM-1 base link (2 Mbit in 155 Mbit), which seem to be used for internal connections.

According to the meanwhile updated LSZ List, the number 750 stands for a “DSV2 Digitalsignal-Verbindung 2 Mbit/s”, which is a digital signal path.

The cable mentioned in the e-mail therefore only has a small capacity, which seems to indicate that NSA and/or BND selected it carefully.

FFM 21 stands for “Frankfurt am Main 21”, which according to Deutsche Telekom’s network map is the name of the Point-of-Presence (PoP) located at its facility in the Frankfurt suburb Nied – the location where that Eikonal tapping took place.

This means we have a physical cable running between Luxembourg and the Deutsche Telekom PoP in Frankfurt, but containing channels to cities which are much further, so they have to connect to channels within other physical cables that run from Frankfurt to Moscow, Prague, Vienna and Ankara, respectively:

As the e-mail is from February 3, 2005, it must relate to telephone collection, because for Eikonal, the first cable containing internet traffic only became available by the end of that year.

The Transit agreement

On May 18, the Austrian tabloid paper Kronen Zeitung published the full “Transit Agreement” (pdf) between BND and Deutsche Telekom, in which the latter agreed to provide access to transit cables, and in return will be paid 6.500,- euro a month for the expenses. The agreement came into retrospective effect as of February 2004.

This disclosure got little attention, but is rather remarkable, as such agreements are closely guarded secrets. The Transit agreement existed in only two copies: one for BND and one for Deutsche Telekom.

It is not known how Pilz came into possession of these documents, but it seems the source must be somewhere inside the German parliamentary investigation commission. They are the only persons outside BND and Deutsche Telekom who, for the purpose of their inquiry, got access to the agreement and the other documents.

Leaking these documents to Pilz seems not a very smart move, as it will further minimize the chance that the commission will ever get access to the list of suspicious NSA selectors.

Country lists

On May 19, Pilz held a press conference (mp3) in Berlin, together with the chairman of the Green party in Luxembourg and a representative of the German Green party. Here, Pilz presented a statement (pdf), which includes the aforementioned e-mail, 10 questions to the German government, and two tables with cable links to or from Austria and Luxembourg:

Lists of links that apparently were on a priority list of NSA.
LSZ = Leitungsschlüsselzahl (cable type indentifier);
Endstelle = Endpoint; Österreich = Austria.
(Source: Peter Pilz – Click to enlarge)

According to Pilz, the full list contains 254 (or 256) cable links. 94 of them connect EU member states, 40 run between EU members and other European countries like Switzerland, Russia, Serbia, Bosnia-Herzegovina, Ukraine, Belarus and Turkey. 122 links connect European countries with nations all over the world, with Saudi Arabia, Japan, Dubai and China being mentioned most.

The country which most links (71) run to or from is the Netherlands. The list for that country was disclosed by Peter Pilz during a press conference in Brussels on May 28, 2015. The US, the UK and Canada are not on the list, although there were apparently 156 links from/to Britain too.

On June 5, 2015, Peter Pilz held a press conference in Paris, where he presented a statement (.docx) containing a list of 51 transit links to or from France. Interestingly, this list now also includes some additional technical identifiers for these links, which were apparently left out in the earlier ones:


First part of the list with links related to France
(Source: Peter Pilz – Click to enlarge)


According to the updated LSZ List, the new codes in this list stand for:

703: VC3 Virtual Container connection with 48,960 MBit/s
710: (not yet known)
712: VC12 Virtual Container connection with 2,240 MBit/s
720: (not yet known)
730: (not yet known)

VC3 and VC12 are from the Synchronous Digital Hierarchy (SDH) protocol to transfer multiple digital bit streams synchronously over optical fiber. This has the option for virtual containers for the actual payload data. VC3 is for mapping 34/45 Mbit/s (E3/DS3) signals; VC4 for 140 Mbit/s (E4); VC12 for 2 Mbit/s (E1).

The new identifiers in this list stand for: O-nr.: Ordnungsnummer; GRUSSZ: Grundstücksschlüsselzahl; FACHSZ: Fachschlüsselzahl.

No information about these identifiers was found yet, but by analysing the data in the list, it seems that the FACHSZ codes are related to a telecom provider. France Telecom for example appears with FACHSZ codes CFT, VPAS, VCP3, VB5 or 0.

The GRUSSZ number identifies a particular city, with the first two or three digits corresponding with the international telephone country codes. The last two digits seem to follow a different scheme, as we can see that a capital always ends with “10”:

Paris = 33010
Lyon = 33190
Reims = 33680
Brussels = 32010
Prague = 42010
Oslo = 47010
Warsaw = 48010
Poznan = 48020
Moscow = 70010

It’s possible that these are just internal codes used by Deutsche Telekom, as internationally, connections between telephone networks are identified by Point Codes (PC). From the Snowden-revelations we know that these codes are also used by NSA and GCHQ to designate the cable links they intercept.

NSA or BND wish lists?

Initially, Peter Pilz claimed these links were samples from a priority list of the NSA, but on May 27, he said in Switzerland, that the list was from BND, and was given to NSA, who marked in yellow the links they wanted to have fully monitored.

The German parliamentary hearings were also not very clear about these lists. On December 4, project manager S.L. confirmed that NSA had a wish list for circuit-switched transit links, but in the hearing from January 15 it was said that there was a “wish list of BND” containing some 270 links. And on March 5, former SIGINT director Urmann said he couldn’t remember that NSA requested specific communication links.

Maybe the solution is provided by the Dutch website De Correspondent, which reports that there is a much larger list (probably prepared by BND) of some 1000 transit links, of which ca. 250 were marked in yellow (probably those prioritized by NSA).

Whose cables?

Media reports say that these cables belong to the providers from various European countries, but that seems questionable. As we saw in the aforementioned e-mail, it seems most likely that the lists show channels within fiber-optic cables, and that the physical cables all run between the Deutsche Telekom switching facility in Frankfurt and the cities we see in the lists.

In theory, these cables could be owned or operated by those providers mentioned in the lists, but then they would rather connect at a peering point like the DE-CIX internet exchange, instead of at the Deutsche Telekom switching center. Deutsche Telekom runs its own Tier 1 network, a worldwide backbone that connects the networks of lower-level internet providers.

Simplified structure of the Internet, showing how Tier 1, Tier 2 and Tier 3 providers
transit data traffic in a hierarchial way and how Tier 2 providers exchange
traffic directly through peering at an Internet eXchange Point (IXP)
(diagram: Wikimedia Commons – click to enlarge)


It is not clear how many of the over 250 links on the list were actually intercepted. We only know that for sure for the STM-1 cable with the four channels described in the aforementioned e-mail from Deutsche Telekom to BND.

Strange is the fact that during the parliamentary hearings, most BND witnesses spoke about “a cable in Frankfurt”, which sounds like one single physical cable, whereas the disclosures by Peter Pilz clearly show that multiple channels must have been intercepted.

During the commission hearing of January 29, 2015, BND technical engineer A.S. said that under operation Eikonal, telephone traffic came in with a data rate of 622 Mbit/s. This equals a standard STM-4 cable, which contains 252 channels of 2 Mbit/s. This number comes close to the channels on the “wish list”, but it seems not possible that those were all in just one physical cable.

Another question is whether it is possible to only filter the traffic from specific channels, or that one has to have access to the whole cable.

It should be noted that not the entire communications traffic on these links was collected and stored, but that it was filtered for specific selectors, like phone numbers and e-mail addresses. Only the traffic for which there was a match was picked out and processed for analysis.

Possible targets

Based upon these documents, Peter Pilz filed a complaint (pdf) against 3 employees of Deutsche Telekom and one employee of BND for spying on Austria, although at the same time he said he was convinced the NSA was most interested not in Austrian targets, but in the offices of the UN, OPEC and OSCE in Vienna.

Apparently he didn’t consider the fact that Eikonal was part of the RAMPART-A umbrella program, which is aimed at targets in Russia, the Middle East and North Africa. Many cities mentioned in the disclosed lists seem to point to Russia as target, and project manager S.L. testified that Eikonal was mainly used for targets related to Afghanistan, which fits the fact that there are for example 13 links to Saudi Arabia.

Green party members from various countries claimed that this cable tapping was used for economical or industrial espionage, but so far, there is no specific indication, let alone evidence for that claim.


Video – East German Stasi vs NSA Data Collection


Has the Land of the Free become the Land behind the digital Berlin Wall? The government of East Germany collected information on its .

Senior NSA executive Thomas Drake is an expert on spying in Stasi Germany . having studied it for years. Drake told Washington’s Blog that the U.S. has the wildest dreams of the Gestapo. KGB and East German Stasi comes into full being to protect you from TERRA TERRA TERRA. (You know why THIS word is being used here ?!)

Julia Angwin talks about her new book, Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.

Exposed – NSA FOIA Report 2014



[NSA excerpt]

The NSA FOIA and Declassification Services Offices identified records appropriate for posting based on requester interest. These offices did not wait for there to be frequent requests, but based the decision to post information on the likelihood that others would have a significant interest in having access to the information. NSA added two new sections to the front page of its public website With these new sections, the general public was able to see NSA information released in response to news reporting on the unauthorized disclosure of classified information. Examples included statements to the press, as well as public speeches, found at the following link: The NSA FOIA and Declassification Services office reviewed, released, and posted 136 editions of the Cryptolog (4,400 pages), along with frequently asked questions about the history of the journal and the significance of the release. NSA posted 100 additional documents (249 pages) relating to the USS PUEBLO incident, History Today articles, an NSA Technical Journal article, Cryptologic History documents, NSA policies, and several miscellaneous documents, totaling over 1,000 pages.

o The NSA Research Directorate posted the following new material on at Science of Security contest winners; information about the NSA partnership with North Carolina State University; the 20th Anniversary issue of its quarterly publication, The Next Wave.

o The NSA Information Assurance Directorate (IAD) published information on both the NSA web page, as well its web page at

o Examples of new information made available in 2013 by IAD were as follows: