Donate for the Cryptome archive of files from June 1996 to the present

23 November 2013

NSA TreasureMap

The NY Times today cites an NSA tool called "Treasure Map" and describes its capabilities but does not publish visual examples. Also cited is "Packaged Goods," an associated tool. If publicly available,Cryptome asked for pointers to the two.

From: tom <tom[at]>
Subject: TreasureMap
Date: Sat, 23 Nov 2013 11:17:28 -0800
To: cryptome[at]

TreasureMap is not a document but viewing software -- very similar to MindMeister, see below -- that draws (and updates) network diagrams according to what is currently carried in an associated database. The key feature is scalability: vector graphics that zoom in and out to any level of resolution. Sort of like Google Earth, only using lines and nodes.

The NYTimes says the map is 300,000' wide; that's virtual width, at full zoom you could only see a very small part of the internet network some analyst wants to surveille.

So someone could only send you a screenshot of TreasureMap at a particular resolution. That would be very useful to technical people. Otherwise they would have to send you both the very large database (at some instant) and the proprietary defense contractor viewing software which would not install on your computer.

Below I attach a jpg from very similar software used by Marc Ambinder to show the organizational structure of NSA, its programs and tools. Note that MindMeister is able to attach images and text documents to nodes on the map so it is "all" there in one place. In TreasureMap, these would be (or link to) the phone numbers, email, name, SSI, recent Visa purchases, etc. of people owning the devices in the current zoom.

The NSA example:


More examples are shown here:

PackagedGoods sounds like the software tool that makes the above unnamed database. "Despite the document’s reference to “unwitting data centers,” government officials said that the agency does not hack into those centers. Instead, the officials said, the intelligence community secretly uses front companies to lease space on the servers."

Uhh, we've seen this before with NSA's break-in of Tor. They lease server space initially for their malware, which then breaks out of its confines to capture the traceroute data they want in real time, but mostly they rent space to store and serve the information they have swiped from the data center to the TreasureMap database federation. So the joke is on the data center -- they're hosting the very thief of their other customers' data.

Let's hope someone can release the document describing PackagedGoods, or at least can name the front companies. It is really impossible to defend our privacy without knowing more of the operational attack details -- this drip, drip, drip of policy documents, often with gratuitous self-censoring by the journalists themselves, is not helping the public secure their phones or computers.