Technology
The hardware, software, and technical methodologies that intelligence and law-enforcement services use to conduct interception, intrusion, surveillance, forensic extraction, and side-channel collection. The capability layer underneath the operations the rest of the site documents — what the agencies actually use, where it came from, who built it, and where the institutional record on its deployment sits.
Interception
Carnivore (DCS-1000)
The Federal Bureau of Investigation's 1997-2005 packet-capture system for the substantive interception of email and other internet communications under court-ordered electronic-surveillance authority. Operationally deployed at internet service providers' institutional infrastructure under court orders compelling provider cooperation; substantively retired in approximately 2005 in favour of commercial-off-the-shelf packet-capture replacements. The principal pre-Snowden institutional documented case of US law-enforcement internet-traffic-interception capability.
SIM Swapping
A category of social-engineering and insider-corruption attack against mobile carrier account-management infrastructure to transfer a victim's phone number from the victim's SIM card to a SIM card controlled by the attacker. Once the transfer completes, the attacker substantively receives the victim's incoming SMS messages, voice calls, and SMS-delivered second-factor authentication codes — substantively producing the operational compromise of any account the victim has secured with SMS-based two-factor authentication. Distinct from SS7 exploitation, which intercepts traffic without requiring any account-control compromise.
SS7 Exploitation
The exploitation of Signaling System No. 7 (SS7) — the 1975-vintage ITU-standardised global telecom signaling protocol that interconnects mobile and landline carriers worldwide — to substantively intercept SMS messages, voice calls, and subscriber-location data without requiring any compromise at the target device. The substantively defining operational characteristic is that SS7 access requires either licensed carrier status or grey-market purchased access; the substantive operational consequence is that SS7 exploitation is substantially the exclusive operational domain of state-actor and well-funded commercial-actor categories.
Stingray (IMSI Catcher)
A category of cellular-network interception device that mimics a legitimate cellular base station to compel mobile devices within physical proximity to register against the device, substantively producing the disclosure of the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of registered devices and, in some operational modes, the substantive interception of voice and SMS traffic. The principal commercial-vendor line is the Harris Corporation Stingray product family from which the colloquial designation derives; substantial alternative-vendor product lines include the Digital Receiver Technology Hailstorm, Septier Communications IMSI Catcher, and Septier Guardian product families.
Implants
Pegasus
A commercial mobile-spyware platform developed by the Israeli firm NSO Group from approximately 2011 onward, sold under regulated-export licence to government clients for installation on iOS and Android target devices via zero-click and one-click delivery vectors. Substantially documented through Citizen Lab and Amnesty International technical research as deployed against journalists, dissidents, attorneys, and political-opposition figures across more than fifty countries.
TAO ANT Catalogue
The 2008-vintage product catalogue of hardware, firmware, and software implants developed by the NSA's Advanced Network Technology (ANT) division within the Tailored Access Operations directorate, leaked December 2013 and published by *Der Spiegel*. Substantially documented approximately fifty implant products covering BIOS persistence, USB-cable beaconing, motherboard-level access, RF-emanation hardware, and adjacent technical-implant categories. The principal documentary basis for the public-record reconstruction of NSA hardware-implant capability.
Emanation / side-channel
What goes here, and what doesn't
The Technology section documents the capability layer — the specific tools, platforms, and technical methodologies that intelligence and law-enforcement services use to conduct collection. It is structurally distinct from the dossier section (which documents operations and named programmes), the agency section (which documents institutional bodies), and the lexicon (which defines vocabulary). A technology entry covers a specific artifact or technique — its origins, its operational characteristics, the institutional record on its deployment, and the legal-and-oversight framework within which it operates.
Entries are categorised by primary function: interception (passive collection of in-transit communications and data), implant (active intrusion that establishes ongoing access), forensic (post-seizure device extraction and analysis), surveillance (continuous-monitoring platforms), and emanation (passive side-channel and electromagnetic-leakage collection). The categorisation is operational rather than rigid: a single artifact may sit at the boundary of two categories, and the entries flag boundary cases where the categorisation is contested.
The same editorial standards apply as elsewhere on the site: every claim cites a primary source, status badges distinguish documented from alleged, prose hedges where the public record is contested. The substantial portion of what is in this section is documented through the post-2013 declassified institutional record (the Snowden disclosures, the Citizen Lab and Amnesty International technical reporting on commercial spyware, the documented court records on lawful-intercept methodologies, and the extensive academic-and-policy literature). Where deployment is alleged but not documented, the entry says so explicitly.