Talk:Tailored Access Operations

Espionage High‑importance

	Tailored Access Operations is within the scope of WikiProject Espionage, which aims to improve Wikipedia's coverage of espionage, intelligence, and related topics. If you would like to participate, visit the project page, or contribute to the discussion.EspionageWikipedia:WikiProject EspionageTemplate:WikiProject EspionageEspionage
High	This article has been rated as High-importance on the project's importance scale.

Computing: Security High‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computer security.

Things you can help WikiProject Computer security with:

Article alerts are available, updated by AAlertBot. More information...

Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

United States Mid‑importance

	United States portal This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States
Mid	This article has been rated as Mid-importance on the project's importance scale.

Mass surveillance High‑importance

	Tailored Access Operations is within the scope of WikiProject Mass surveillance, which aims to improve Wikipedia's coverage of mass surveillance and mass surveillance-related topics. If you would like to participate, visit the project page, or contribute to the discussion.Mass surveillanceWikipedia:WikiProject Mass surveillanceTemplate:WikiProject Mass surveillanceMass surveillance
High	This article has been rated as High-importance on the project's importance scale.

Text and/or other creative content from this version of Office of Tailored Access Operations was copied or moved into Tailored Access Operations with this edit on 2013-12-31. The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted as long as the latter page exists.

Tailored Access?

Latest comment: 12 years ago3 comments3 people in discussion

I've a question. "Tailored Access", what does it mean?--OnionBulb ^{Talk ⁄ Contributions}.- 18:24, 2 July 2013 (UTC)Reply

I guess, something like getting access in a careful and precise way, compare "tailor made". P2Peter (talk) 01:50, 25 July 2013 (UTC)Reply

An extremely polite way of saying hacking. --Paulmd199 (talk) 13:57, 6 August 2013 (UTC)Reply

Recent refs

Latest comment: 12 years ago1 comment1 person in discussion

Sorry I don't have time to edit, but here are some refs from last few days:

The Guardian, 12/29/13
CNET, 12/29/13
CNN, 12/31/13
Info Security Magazine 1/3/14. Carolmooredc (Talkie-Talkie) 19:57, 5 January 2014 (UTC)Reply

QUANTUM attacks

Latest comment: 12 years ago2 comments2 people in discussion

The list of "some FOXACID modules" contains links to the Wikipedia articles of legitimate websites, implying that these websites ARE FOXACID modules, rather than being potential targets. Is this correct?152.51.56.1 (talk) 15:02, 15 January 2014 (UTC)Reply

Eh, I think it's obvious those modules are used to attack users going to those specific sites. An example of how they used their linkedin module (which spoofs/mimics LinkedIn) is given here. Someone not using his real name (talk) 15:25, 15 January 2014 (UTC)Reply

This page isn't quite right.

Latest comment: 10 years ago1 comment1 person in discussion

I feel like there is a lot of WP:SYNTH going on here, as well as an odd tone and style used throughout. There are also some pretty critical citations missing.

I think this article might need a lot of fixing.

Jasphetamine (talk) 23:13, 21 May 2016 (UTC)Reply

External links modified

Latest comment: 8 years ago1 comment1 person in discussion

Hello fellow Wikipedians,

I have just modified one external link on Tailored Access Operations. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

Added archive https://web.archive.org/web/20140115014135/http://www.networkworld.com/news/2013/111113-british-spies-reportedly-spoofed-linkedin-275807.html to http://www.networkworld.com/news/2013/111113-british-spies-reportedly-spoofed-linkedin-275807.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 21:03, 12 January 2018 (UTC)Reply

Posting Classified Documents on Wikipedia

Latest comment: 6 years ago1 comment1 person in discussion

Hello.

There is currently a reference made in Tailored Access Operations which includes an image of what appears to be an alleged U.S. government classified document. I am new here, to Wikipedia, and would like clarification. Are we allowed to post classified documents on Wikipedia? This seems as though it may be an unwise practice, and there is an entirely separate wiki just for this type of stuff.

Also, assuming this type of "whistleblower"/"leaking"/"treason" is deemed acceptable on Wikipedia, how would one reference such documents? As they are, by design, guarded documents/images.

Specifically, I am asking about:

A reference to Tailored Access Operations in an XKeyscore slide

User:RobertJTurner

This discussion might interest you. Brycehughes (talk) 04:53, 29 March 2020 (UTC)Reply

"simbarid" -- What?

Latest comment: 2 years ago2 comments2 people in discussion

In the "QUANTUM attacks" section of this page, an expoitable "module" listed is "simbarid," a redlinked page. In the source cited, the list is clear, reading something called "simbarUuid". Any Google search returns this with no result. Is there any clarification on this whatsoever that we can provide? It almost seems like listing cited gibberish and expecting people to understand. Possibly a classified program? Thanks,Neuropol^Talk 16:58, 9 May 2024 (UTC)Reply

Probably classified, feel free to remove stuff that cannot be cited with non-classified sources. Wikipedia sources do need to be 'published' at the very least, I don't think classified documents meet that threshold. PhotographyEdits (talk) 09:52, 10 May 2024 (UTC)Reply

Shadow Brokers / leak

Latest comment: 11 months ago1 comment1 person in discussion

Why no mention of the leak involving Kaspersky and Shadow Brokers? I realise this is covered in the Equation Group article, but seeing as the link between TAO and EG is more than likely, I think it warrants a mention here as well.

https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html Transmogriff (talk) 12:39, 4 July 2025 (UTC)Reply

Name

Latest comment: 4 months ago1 comment1 person in discussion

> The office is currently known as Office of Computer Network Operations (OCNO)

This is not named in the lead, neither it is the article title. Is the office currently known as TAO, or is this the old name? This is not clear. PhotographyEdits (talk) 13:27, 19 January 2026 (UTC)Reply

Red Team

Latest comment: 1 month ago1 comment1 person in discussion

It was a precursor to TAO, assembled in 1997 to conduct operation "Eligible Receiver". "Founded" by M.V.Hayden, B.Marshall, B.Black, K.Minihan after the success of the said operation.Setenzatsu.2 (talk) 12:42, 5 May 2026 (UTC)Reply

Other information

Latest comment: 1 month ago1 comment1 person in discussion

base was at Information Operations Technology Center (IOTC)
Equation group connections (some TAO employees (two I think) were charged for mishandling classified material at the time of the Shadow Brokers leaks, which were about the Equation group)
- Snowden's leak containes files that describe and name the hacking tools; then that information is used by Kaspersky Lab to track Equation Group's activities and the Shadow Brokers' leak contained tools that were described by Snowden
- leaked NSA operational notes and names of NSA hackers - Shadow Brokers' leak that was about Equation group
Harold Thomas Martin III (Booz Allen Hamilton) and Nghia Hoang Pho leaks
Stuxnet
Operation Treasure Map

Setenzatsu.2 (talk) 13:17, 5 May 2026 (UTC)Reply

What the fuck? Everything ????

Latest comment: 1 day ago5 comments2 people in discussion

I spent days updating the page that clearly didn't contain the current information since 2019 with things that have been public for a while now, even here are people askiing why there aren't sections abt The Shadow Brokers when it is an stablished fact that it was the TAO.

English is my second language and I understand if you fix my spelling or syntaxis or even correcting me on data (eventhough everything I added has a reputable source btw), but deleting my whole shit just bc you had to correct my grammar in a phew paragraphs is insane; you can fact check all the shit I added and it goes through wtf. Conservadont (talk) 13:06, 3 June 2026 (UTC)Reply

You spent days turning the article into a poorly written, typo-ridden mess without prior discussion or consensus. Massive page rewrites like this, especially when controversial or contested, need to be discussed and gain consensus first precisely to avoid major wastes of time like this. Multiple editors have objected to this in edit summaries. Now's your opportunity to convince them of the merits of your edits. ⇒SWATJester ^{Shoot Blues, Tell VileRat!} 14:58, 3 June 2026 (UTC)Reply

poorly written bc of having to deal with this shitty language thats not my first? just 1 guy contested to my edits, with the corrections being grammar or maybe redaction.

Like I said everything I modified has a reliable source to back my edits, the only one with could-be doubious is the structure one bc you have to crawl through the leaked files to generate the structure, which, the guy I referenced did. The Shadow Brokers leak is CONFIRMED to be TAO's, the Equaiton Group is also confirmed (by the Shadow Brokers) to be the TAO, Michael V. Hayden, the guy who founded the Red Team among 3 of his peers published his book with all the Red Team's origins. All the other stuff is literally sourced by leaked intel I REFERENCED, as well as Investigations or coverage of Snowden's TSB's leaks, and nothing else. That's why I'm pissed off, I sourced everything with minor grammar/syntaxis mistakes (common for ESL).

Sure, I can talk before massive changes, dully noted, but when I started I didn't know I had to update the whole page with info it is now commonly accepted as a fact due to its extensive archival and reporting. Conservadont (talk) 15:22, 3 June 2026 (UTC)Reply

At least three people complained about it. Regardless, you didn't lose anything. It's all still there in the history. You can take it paragraph by paragraph and revise them, and bring it up here for discussion and consensus. ⇒SWATJester ^{Shoot Blues, Tell VileRat!} 15:33, 3 June 2026 (UTC)Reply

@Jellysandwich0: and @WAVELANDSHIELDDROP:, you may be interested in helping fix up the issues section by section below. ⇒SWATJester ^{Shoot Blues, Tell VileRat!} 22:39, 4 June 2026 (UTC)Reply

Initial section & History

Latest comment: 1 day ago1 comment1 person in discussion

The current initroductory section contains parts that could be in the section regarding the Red Team instead of being a comment about the organisation tself:

"The Office of Tailored Access Operations (TAO), structured as S32, is a cyberwarfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

TAO identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States."

this is current, after that it skips straight into snowden, when theres a lot more info publicly available of the years of the TAO between that. Theres more information in Michael Hayden's book pertaining the Red Team and TAO's origins, so that could be used for its own separatee sections, both expanding the history and making the introductory section more short and concise, but its not out of the conversation also expanding the initial section to contain a summary of the contents of the page as it is custormary to do; leaving it the following way:

(initial)

The Office of Tailored Access Operations (TAO), also known as Equation Group by Kaspersky^[1] or APT-C-40 by China,^[2] structured as S32,^[3] is an elite cyberwarfare intelligence-gathering unit of the National Security Agency (NSA).^[4]^[5]^[6]^[7]

TAO identifies, monitors, infiltrates, and gathers intelligence on computer systems being used domestically and by entities foreign to the United States.^[8]^[9]^[10]^[11]

History

Red Team

The Red Team was created in 1997, with the objective to carry out Operation Eligible Receiver, which was envisioned to see the most amount of damage a group of skilled hackers could do, during the operation the team thrashed the Cybersecurity of the Department of Defense; it was later stopped after four days following concerns of stalling the functionality of the american military. After this mission, four people, Michael V. Hayden, Bill Marshall, Bill Black and Ken Minihan seeked to make this group a permanent section within the NSA, after seeing the value it would bring to the agency. They put together a team with members of different NSA branches, but after 9/11 and a new influx of budget centered around intelligence and countermeasures.^[5]^[12]^[13]

It also adds the Equation Group label given by kaspersky and the tag by Chinese intel, also adding a very important "elite" and "domestic" remarks that are missing from the original.

The sources used are MIchael Hayden's' book, a documentary on The Shadow brokers that cointains a research and interviews with some TAO employees and another book about the TAO's origins and function in the US' cyberwarfare context Conservadont (talk) 14:55, 4 June 2026 (UTC)Reply

↑ Lab, Kaspersky (February 2015). Equation Group: Questions and Answers (PDF). Kaspersky.
↑ Lau, Lina (2025-02-18). "An inside look at NSA (Equation Group) TTPs from China's lense". Retrieved 2026-05-30.
↑ Nakashima, Ellen (1 December 2017). "NSA employee who worked on hacking tools at home pleads guilty to spy charge". The Washington Post. Archived from the original on 16 April 2021. Retrieved 4 December 2017.
↑ Loleski, Steven (2018-10-18). "From cold to cyber warriors: the origins and expansion of NSA's Tailored Access Operations (TAO) to Shadow Brokers". Intelligence and National Security. 34 (1): 112–128. doi:10.1080/02684527.2018.1532627. ISSN 0268-4527. S2CID 158068358.
1 2 Hayden, Michael V. (23 February 2016). Playing to the Edge: American Intelligence in the Age of Terror. Penguin Press. ISBN 978-1594206566. Retrieved 1 April 2021.
↑ Aid, Matthew M. (10 June 2013). "Inside the NSA's Ultra-Secret China Hacking Group". Foreign Policy. Archived from the original on 12 February 2022. Retrieved 11 June 2013.
↑ Paterson, Andrea (30 August 2013). "The NSA has its own team of elite hackers". The Washington Post. Archived from the original on Oct 19, 2013. Retrieved 31 August 2013.
↑ Kingsbury, Alex (June 19, 2009). "The Secret History of the National Security Agency". U.S. News & World Report. Archived from the original on 1 July 2016. Retrieved 22 May 2013.
↑ Kingsbury, Alex; Mulrine, Anna (November 18, 2009). "U.S. is Striking Back in the Global Cyberwar". U.S. News & World Report. Archived from the original on 1 July 2016. Retrieved 22 May 2013.
↑ Riley, Michael (May 23, 2013). "How the U.S. Government Hacks the World". Bloomberg Businessweek. Archived from the original on May 25, 2013. Retrieved 23 May 2013.
↑ Aid, Matthew M. (8 June 2010). The Secret Sentry: The Untold History of the National Security Agency. Bloomsbury USA. p. 311. ISBN 978-1-60819-096-6. Retrieved 22 May 2013.
↑ Cybernews (2025-07-03). The Biggest Hacking Mystery of Our Time: Shadow Brokers. Retrieved 2026-05-28 – via YouTube.
↑ Sloan, Peter (2017-09-06). "The TAO of Cyber Warfare: Dark Territory". Information Bytes. Archived from the original on 2025-12-07. Retrieved 2026-05-28.

Add topic

[:6-1] Lab, Kaspersky (February 2015). Equation Group: Questions and Answers (PDF). Kaspersky.

[2] Lau, Lina (2025-02-18). "An inside look at NSA (Equation Group) TTPs from China's lense". Retrieved 2026-05-30.

[3] Nakashima, Ellen (1 December 2017). "NSA employee who worked on hacking tools at home pleads guilty to spy charge". The Washington Post. Archived from the original on 16 April 2021. Retrieved 4 December 2017.

[4] Loleski, Steven (2018-10-18). "From cold to cyber warriors: the origins and expansion of NSA's Tailored Access Operations (TAO) to Shadow Brokers". Intelligence and National Security. 34 (1): 112–128. doi:10.1080/02684527.2018.1532627. ISSN 0268-4527. S2CID 158068358.

[Hayde2016-5] 1 2 Hayden, Michael V. (23 February 2016). Playing to the Edge: American Intelligence in the Age of Terror. Penguin Press. ISBN 978-1594206566. Retrieved 1 April 2021.

[fp2013-6] Aid, Matthew M. (10 June 2013). "Inside the NSA's Ultra-Secret China Hacking Group". Foreign Policy. Archived from the original on 12 February 2022. Retrieved 11 June 2013.

[7] Paterson, Andrea (30 August 2013). "The NSA has its own team of elite hackers". The Washington Post. Archived from the original on Oct 19, 2013. Retrieved 31 August 2013.

[Kingsbury-8] Kingsbury, Alex (June 19, 2009). "The Secret History of the National Security Agency". U.S. News & World Report. Archived from the original on 1 July 2016. Retrieved 22 May 2013.

[9] Kingsbury, Alex; Mulrine, Anna (November 18, 2009). "U.S. is Striking Back in the Global Cyberwar". U.S. News & World Report. Archived from the original on 1 July 2016. Retrieved 22 May 2013.

[Riley-10] Riley, Michael (May 23, 2013). "How the U.S. Government Hacks the World". Bloomberg Businessweek. Archived from the original on May 25, 2013. Retrieved 23 May 2013.

[Aid2010-11] Aid, Matthew M. (8 June 2010). The Secret Sentry: The Untold History of the National Security Agency. Bloomsbury USA. p. 311. ISBN 978-1-60819-096-6. Retrieved 22 May 2013.

[:2-12] Cybernews (2025-07-03). The Biggest Hacking Mystery of Our Time: Shadow Brokers. Retrieved 2026-05-28 – via YouTube.

[13] Sloan, Peter (2017-09-06). "The TAO of Cyber Warfare: Dark Territory". Information Bytes. Archived from the original on 2025-12-07. Retrieved 2026-05-28.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]