, , ,

GCHQGCHQ Codewords and Abbreviations

Below is a listing of nicknames, codewords and abbreviations used by the British signals intelligence agency Government Communications Headquarters (GCHQ) in past and present. Also included are some related codewords from the British military and other intelligence agencies.

CODEWORDS are single words which are always expressed in capital letters and are used to provide a security cover for reference to a particular protected matter. Codewords can be classified or unclassified and are taken from the United Kingdom Codeword Index, which is maintained by the Defence Crisis Management Centre (DCMC).

NICKNAMES are names made up of two words selected by the originator and used for convenience for reference to any matter where security protection is not required. Nicknames consist of two words, which are chosen at random and must be distinct and which cannot be run together into a single word. This to avoid confusion with codewords.

Codewords and NicknamesAbbreviations and Acronyms

See also the lists of SIGINT and COMSEC Abbreviations and NSA Codewords
Please keep in mind that a listing like this will always be work in progress.

Codewords and Nicknames


5-ALIVE – Database for 5-tuple (TCP/IP) metadata

ABSOLINE EPILSON – CNE endpoint operation *
ALVIS (BID 610) – British high-level encryption machine, developed by Plessey (1960s-1980s)*
AMBASSADORS RECEPTION – A computer virus used by GCHQ’s JTRIG unit
ANGRY PIRATE – is a tool that will permanently disable a target’s account on their computer
ANTICRISIS GIRL – Initiative to monitor websites like Wikileaks *
AQUILA – STARGATE CNE architecture component *
ARCANO – Access point for a Cable & Wireless access to the Apollo South submarine internet cable *
AUTOASSOC – Query-Focused Dataset populated with iPhone metadata and identifiers *

BADASS – See Abbreviations
BEARDED PIGGY – Database used for discovering Virtual Private Networks (VPNs) *
BEGAL – Something related to smartphone tracking *
BIG BUS – STARGATE CNE architecture component *
BIGOT – List of personnel cleared for access to highly sensitive information or operations
BIRD SEED – System for capturing tweets from known malware/vulnerability researchers *
BIRDSTRIKE – JTRIG architecture for capturing tweets from a handful of twitter acounts of known malware/vulnerability researchers *
BLACKHOLE – Database or system for extracted social media messages from mobile phones *
BLUE – Complex cypher used by the Japanese government since 1930, broken in 1932
BOLSHIE POSSUM – Question-focussed dataset related to mobile phone exploitation *
BOMB BAY – Capacity to increase website hits/rankings
BOURBON – Joint NSA and GCHQ program for breaking Soviet encryption codes (1946-?)*
BRENT – Secure telephone capable of securing calls up to the level of Top Secret
BRIDE – Joint US-UK project for decrypting intercepts of messages from the KGB (US codename: VENONA) *
BROADOAK – GCHQ (telephone?) tasking database *
BROKER – Some type of target *
BULLROARER – Something used for fiber-optic cable “node balancing” *
BUMPERCAR – Operations to disrupt and deny Internet-based terror videos or other materials
BUMPERCAR+ – An automated system developed by JTRIG CITD to support JTRIG BUMPERCAR operations
BURLESQUE – Capacity to send spoofed SMS messages
BURRITO ALPHA – Computer Network Exploitation (CNE) End Point project

CADDIS – MI6 (Secret Intelligence Service) desktop interface *
CARBON ROD – Map viewer? *
CARBOY – Satellite intercept station near Bude in the UK
CATEGORY – Submarine cable(?) to which Verizon has a “non-cable access” *
CAVIAR – Encrypted teleprinter traffic from the Soviet Union (1940s) *
CHEESY NAME – Program to single out vulnarable encryption keys *
CHEYENNE MOUNTAIN – STARGATE CNE architecture component *
CHEYENNE MOUNTAIN2 – STARGATE CNE architecture component *
CIRCUIT – Internet interception monitoring center in Seeb, Oman, also known as Overseas Processing Centre 1 (OPC-1) *
CLARET – Counter-infiltration operations on Borneo, in which SIGINT played an important role (1964-’65) *
CLARINET – Fiber-optic cable intercept facility in the south of Oman *
CLEAN SWEEP – Masquerade Facebook Wall Posts for individuals or entire countries
CLOTHO2 – Component of STARGATE CNE *
COBRA MIST – Large over-the-horizon radar station at Orford Ness in Suffolk (terminated in 1973) *
COLERIDGE – Soviet military machine cypher from the “Poets” series (1940s) *
CONCRETE DONKEY – Capacity to scatter an audio message to a large number of telephones, or repeatedely bomb a target number with the same message
CONFLICT – Tunnel under Vienna dug by the SIS to wiretap Soviet telephone cables (1948-195?) *
COPPERHEAD – A Computer Network Exploitation (CNE) attack box used by MyNOC *
CORINTH – Probably GCHQ’s telephony tasking database *
CROWN PRINCE – Technique for identifying Apple UDIDs in HTTP traffic *

DACRON – Cover name for Verizon Business
DAMAGE – Operation involving 8 reconaissance flights in the Mediterranean by Comet spy planes (1974) *
DAPINO GAMMA – Hacking operation in order to acquire SIM card keys from Gemalto *
DEAF AID – Portable short-range ELINT reception and analysis kit (developed in the 1950s) *
DEFIANT – Submarine SIGINT collecting mission off the Soviet coast (1955) *
DEPTHGAUGE – Tool for mapping links between telephone switches *
DISTILLERY – Tool for real time analysis of data streams for SQUEAKY DOLPHIN
DONNINGTON – Access point for the FLAG and Apollo South submarine internet cables *
DOLVEN – Operation involving 5 reconaissance flights along the Egyptian and Syrian coast by Comet spy planes (1974) *
DREAMY SMURF – Method to stealthily activate a mobile phone that is turned of
DRUDGE – Cable & Wireless access point for a submarine internet cable (tested in 2008) *
DRUMKIT – Tool for analysing telephony data on satellite links *
DRUMROLL – Tool for viewing hits from analysing telephone numbers on satellite links by DRUMKIT *

EDGEHILL – Program similar to NSA’s BULLRUN program
ELAPSE – Submarine cable(?) to which Cable & Wireless has a “non-cable access” *
ENGULF – Operation that conducted a succesful TEMPEST attack on the Hagelin cypher machines in the Egyptian embassy in London (1956)*
EREPO – Probably a collection site where data are processed by the Traditional version of XKeyscore * or something related to Computer Network Exploitation *
ERIDANUS – STARGATE CNE architecture component *

FAINT – Cable & Wireless access point for a submarine internet cable (2008) *
FEDEX – Component of STARGATE CNE *
FIRE ANT – Open Source visualisation tool
FISH – Messages produced by the Nazi German teleprinters *
FLYING PIG – Tool for querying databases for TLS/SSL encrypted traffic
GATEWAY – Ability to artificially increase traffic to a website
GERONTIC – Cover name for Cable & Wireless, since 2012 part of Vodafone
GESTATOR – Amplification of a given message, normally video, on popular multimedia websites like Youtube
GIB(B)US – SeaMeWe-3 or TAT-14S submarine cable to which Cable & Wireless has a “non-cable access” *
GLADDY CHI – Computer Network Exploitation (CNE) End Point project *
GLADDY IOTA – Computer Network Exploitation (CNE) End Point project *
GLASSBACK – Technique of getting a targets IP address by pretending to be a spammer and ringing them; target does not need to answer
GLOBAL SURGE – Prototype network knowledge base of the NAC unit *
GOLD – Joint SIS-CIA operation to wiretap Soviet army landlines through a tunnel under Berlin (1953-1956; UK codename: STOPWATCH)
GRASP – Access point for a Cable & Wireless submarine internet cable * (since 2008) *
GREY – American diplomatic code (early 1940s) *
GUITAR – Fiber-optic cable intercept station in Seeb, Oman *

HACIENDA – JTRIG tool that performs bulk port scans (of entire countries) * *
HAPPY TRIGGER – Database for structured open source datasets for cyber defense purposes *
HEADRESS IOTA – Computer Network Exploitation (CNE) End Point project *
HEADRESS KAPPA – Computer Network Exploitation (CNE) End Point project *
HEADRESS NU – Computer Network Exploitation (CNE) End Point project *
HEADRESS OMICRON – Computer Network Exploitation (CNE) End Point project *
HANNIBAL – Secure ISDN telephone capable of protecting voice and data up to the level Top Secret
HARD ASSOC – System that creates correlations for mobile phones *
HAVLOCK – Real-time website cloning techniques allowing on-the-fly alterations
HIASCO – Access point for a British Telecom submarine internet cable *
HIDDEN SPOTLIGHT – Vulnarability database fed by the OVAL list *
HIGHLAND FLING – Operation to mine the e-mail accounts of Gemalto employees in France and Poland *
HIGHNOTE – A Computer Network Exploitation (CNE) toolsuite use by MyNOC *
HOPSCOTCH – GHCQ hacking tool or question-focussed dataset
HUSH PUPPY – Knowledge base for encrypted traffic
HUSK – Secure one-on-one web based dead-drop messaging platform

INCENSER – Joint NSA-GCHQ program for tapping an internet cable between Europe and Asia with the help of Cable & Wireless; part of the WINDSTOP program
INTERACTION – Operation of the MyNOC unit for development of in-depth knowledge of mobile gateways *
IRASCIBLE EMITT – Tool or question-focussed dataset for data from mobile network operators *
IRASCI(A)BLE HARE – Tool or question-focussed dataset related to mobile phone exploitation * *
IRASCIBLE MOOSE – Tool or question-focussed dataset for data from mobile network operators *
IRASCI(A)BLE RABBIT – Tool or question-focussed dataset related to mobile phone exploitation * *
IRIS – ? *
ISCOT – Wartime Comintern traffic in Europe *

JANET – ? *
JEDI – JTRIG terminal that enables access to the public internet from a secure GCHQ workstation

KIRKISTOWN – Submarine cable(?) to which Cable & Wireless has a “non-cable access” *
KITTIWAKE – GCHQ/DSD listening post at Stanley Fort in Hong Kong (1977-1997)
KNAPWEED – Submarine cable(?) to which Verizon has a “non-cable access” *

LATUS – Access point for the Cable & Wireless access to the Apollo North and another submarine internet cable *
LEGION JADE – See NSA Codenames
LEGION RUBY – See NSA Codenames
LEGSPIN – GHCQ hacking tool
LINNELL – Submarine cable(?) to which Cable & Wireless has a “non-cable access” *
LITTLE – Cover name for Level 3
LLANDARCYPARK – GCHQ research server
LONGFELLOW – Soviet military machine cypher from the “Poets” series (1940s) *
LORD – Tunnel under Vienna dug by the SIS to wiretap Soviet telephone cables (1948-195?) *
LOVELY HORSE – Database for unstructured open source datasets for cyber defense purposes (like twitter feeds from cyber security researchers) *

MAD – Component of STARGATE CNE *
MAGIC – Joint US-UK cryptanalysis program during World War II
MARBLE POLLS – Something related to cyber vulnarabilities *
MARVEL ICE – Component of STARGATE Computer Network Exploitation *
MASK – Comintern communications (targeted since 1929)*
MERA PEAK – Front-end tool that performs Google-like searching across repositories *
MERION ZETA – Covername for Belgacom (and/or its GRX network)
MINIATURE HERO – Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.
MIRANDA – System for managing intelligence requirements of GCHQ customers *
MONDELLO – Access point for the Solas submarine internet cable *
MONKEY PUZZLE (MP) – GCHQ’s unified targeting tool *
MOUTH – Tool for collection for downloading a user’s files from Archive.org
MULLENIZE – GHCQ program for linking machines to IP addresses
MUSCULAR (JPM?) – Joint NSA-GCHQ operation to tap the cables linking Google and Yahoo data clouds to the internet * Part of WINDSTOP
MUTANT BROTH – Query-Focused Dataset that stores billions of Target Detection Identifiers (DTI), gathered by QUANTUM exploitation *

NEWTONS CRADLE – TOR nodes accessible by GCHQ
NEXUS – MI5 (Security Service) desktop interface *
NIGELLA – Cover name for a Cable & Wireless access point to the FLAG Europe Asia (FEA) submarine cable in Cornwall *
NOCTURNAL SURGE – Database for Access Control Lists (ACLs) used for finding identifiers of system administrators *
NOSEY SMURF – An ability to covertly and remotely turn on the microphone of a mobile phone
NUMDAH – Access point for a British Telecom access to the SeaMeWe-3 submarine internet cable *

ONIONBREATH – Program for detecting hidden services on the TOR network *
OPTIC NERVE – A web interface to display Yahoo webcam images *
OPULENT PUP – Covername for an A5/3 crypto algorithm attack requirement *
OVERLIT – Some type of target *
OVERTASK – British enclave within the NATO mission network ISAF SECRET
PARANOID SMURF – Self-hiding capabilities of mobile phone spyware
PAT – Operation involving series of 12 reconaissance flights along the Baltic and the Polish coast by Comet spy planes (1974) *
PFENNING ALPHA – Computer Network Exploitation (CNE) End Point project for access to the FLAG fiber-optic cable *
PHOTON TORPEDO – A technique to actively grab the IP address of MSN messenger user
PINNAGE – Cover name for Global Crossing
POKERFACE – Internet data sanitisation system *
PORUS – Kernel stealth plugin for mobile phones
POSITIVE PONY – “IP address to company and sector mapping” *
PRESCOTT – Submarine cable(?) to which there’s a “non-cable access” *
PRESTON – Some kind of access point *
PURPLE – High-level cypher machine used by Japan during World War II *

QUICK ANT – Tool for TOR data as part of the FLYING PIG program
QUICKIE – Submarine sonar system (1950s) *

RATTAN – Joint US-UK program for decrypting Soviet radio messages (1944, renamed to BOURBON)*
RED – Lower level cypher used by the Japanese navy since World War I
RED – Particular Enigma cypher used by Nazi Germany *
REMEDY – Cover name for British Telecom
ROCKEX – British high-level cypher machine (1943-1973)
ROLLING THUNDER (RT) – DDoS attack against hactivists *
ROYAL CONCIERGE – Program for monitoring hotel reservations to track diplomats
RUMOUR MILL – Data query tool?
RUSSETT – Internal GCHQ phone system? *
SANJAK – Submarine SIGINT collecting mission in the Arctic Circle (1955) *
SCAPEL – Former satellite intercept station near Nairobi in Kenya
SCEPTRE – Submarine cable(?) to which British Telecom has a “non-cable access” *
SCRAPHEAP CHALLENGE – Perfect spoofing of e-mails from Blackberry targets
SHORTSHEET – Exploitation server used in QUANTUM operations *
SILVER – SIS operation to wiretap Soviet army landlines through a tunnel under Vienna (1949-1955)
SILVER SPECTOR – Allows batch Nmap scanning over TOR
SLIDE – Some tool to exploit iPhones *
SNICK – Satellite intercept station near Seeb in Oman
SOCIAL ANTHROPOID – Database for telephony selectors *
SOCIALIST – NAC MyNOC operation to provide access to the Belgacom GRX network (2009-2011)
SOLARSHOCK116 – End point machine in Iran, found in a TAO operation *
SOUNDER – Satellite intercept station at Ayios Nikolaos on Cyprus
SOUTHWINDS – Program related to monitoring mobile phones aboard air planes
SPRING BISHOP – Database for URL’s of a targets Facebook profile *
SQUEAKY DOLPHIN – Program for real-time monitoring of online activity on social media websites
STARGATE – Computer Network Exploitation (CNE) operation *
STELLABLUE – Covert cable access or cooperating telecommunications partner *
STOPWATCH – Joint SIS-CIA operation to wiretap Soviet army landlines through a tunnel under Berlin (1953-1956; joint UK-US codename: GOLD)
STRAP – Compartments for sensitive intelligence information, with levels 1, 2 and 3
STREETCAR – Cover name for Interoute
STUNT WORM – Program for exploiting the TOR network
STURGEON – Messages produced by the T-52 Geheimschreiber cypher machine from Nazi Germany *
SUGAR – Tunnel under Vienna dug by the SIS to wiretap Soviet telephone cables (1948-195?) *
SUNBLOCK – Ability to deny functionality to send/receive e-mail or view material online
SWAMP DONKEY – A tool that will silently locate all predefined types of file and encrypt them on a targets machine
SWORDFISH – Decompression tool

TAPER – Soviet military cypher machines used at division level (1940s)*
TEMPEST – Spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations
TEMPORA – Computer system for filtering and searching billions of internet data, mainly from the Middle East, North Africa and Europe (operational since 2011). Similar to NSA’s XKEYSCORE system.
TERMINAL SURGE – Database for Telnet sessions collected by the NAC unit *
TERRAIN – Processing system that sessionizes data from internet links before sending it to XKEYSCORE *
THICKISH ALPHA – Some CNE-related log viewer tool *
THIEVING MAGPIE – Program to intercept communications from airplane passengers *
TIBET – Operation involving 7 reconaissance flights along the Baltic and the Polish coast by Comet spy planes (1974) *
TICKETWINDOW – System that makes Special Source collection available to 2nd Party partners *
TIDAL SURGE – Some kind of database used by the NAC unit *
TIMPANI – Fiber-optic cable intercept facility near the Strait of Hormuz in Oman *
TINT – Experimental research environment for an internet traffic filtering system * (or joint NSA/GCHQ project to develop the Deep Dive XKS capability)
TRACKER SMURF – High-precision geolocation method for mobile phones
TRANSIENT THURIBLE – An XKEYSCORE site with “Deep Dive” capability managed by GCHQ * Part of the WINDSTOP umbrella program *
TRYST – Covert listening post in the British embassy in Moscow *
TUNNY – Messages from the on-line cypher machine Lorenz SZ-40 used by the High Command of Nazi Germany
TUXEDO – RAF’s regional stockpile of nuclear weapons on Cyprus *
TWO FACE – Database with open source information related to cyber defense(?) *

UDAQ – GCHQ’s computer-to-computer (C2C) data repository
ULTRA – Compartment for Top Secret COMINT information, like decrypted high-level military Nazi messages (until 1946) *
UNDERPASS – Change outcome of online polls (previously known as NUBILO)

VENONA – Joint US-UK project for decrypting intercepts of messages from the KGB (British codename: BRIDE)
VISAGE – Probably a submarine cable access point of Cable & Wireless (2008)*
VITREOUS – Cover name for Viatel

WARPATH – Mass delivery of SMS messages to support an Information Operations campaign
WARPIG – A botnet that can be deployed against target computers *
WARRIOR PRIDE – Mobile phone spyware kits
WEALTH – Operation against hacktivism in support to law enforcement (2011) *
WHIPSAW – Redirect and exploitation server *
WOLFRAMITE – Capability against the A5/3 GSM encryption algorithm *
WYLEKEY – Operation of GCHQs MyNOC unit targeting international mobile billing clearing houses *

ZOOL – Database with open source information related to cyber defense(?) *

– See also the codenames of JTRIG tools and techniques

Abbreviations and Acronyms

ACD – ?

BADASS – BEGAL Automated Deployment And Survey System *
BJ – Blue Jacket (file cover for signals intelligence information)
BP – Bletchley Park
BSS – British Security Service (MI5)

C – Chief of the Secret Intelligence Service (SIS or MI6)
CCDF – Cryptologic Common Data Format
CCM – Combined Cipher Machine (1942-1950s)
CCNE – ?
CDO – Cyber Defence Operations (formerly NDIST)
CESD – Communications-Electronics Security Department (1965, in 1969 renamed into CESG)
CESG – Communications-Electronics Security Group
CISA – ?
CITD – Covert Internet Technical Development (JTRIG unit)
CKX – ? (team working on hacker forums?)
CMDU – Cypher Machine Development Unit
CNE – Computer Network Exploitation
CNIO – Computer Network Information Operations
CPC – (Central or Cheltenham?) Processing Centre
CSOC – Cyber Security Operations Centre
CX – Prefix for a report from the SIS

DCMC – Defence Crisis Management Centre
DCO – Direct Cable Ownership (submarine cables)
DGI – Director General of Intelligence (at the Ministry of Defence)
DIS – Defence Intelligence Staff
DMZ – Demilitarized Zone
DRIP – Data Retention and Investigatory Powers (act)
DWS – Diplomatic Wireless Service

EPR – ?

FCO – Foreign & Commonwealth Office

GC&CS – Government Code & Cypher School (predecessor of GCHQ)
GCHQ – Government Communications Headquarters
GCO – Government Communications Officer *
GTAC – GCHQ Target Analysis Center(?)
GTAC – Government Technical Assistance Center (est. 2000, later: NTAC)
GTE – Global Telecommunications Exploitation

HANDEX – Handset Exploitation
HHFP – ?
HRA – Human Rights Act
HSOC – Human Science Operations Cell

ICTR – ?
IMP – Interception Modernisation Programme
INOC – InterNet Operations Centre
IOCA – Interception of Communications Act 1985
IPP – ?
IRIS – ? *
IRU – Indefeasible Right of Use (submarine cables)
ISA – Intelligence Services Act (1994)

JARIC – Joint Air Reconnaissance Intelligence Cell
JBOS – ?
JIC – Joint Intelligence Committee
JMB – ?
JPC – (Joint) Processing Centre(?)
JPT – Joint Project Team
JSRU – Joint Speech Research Unit
JTLS – Joint Technical Language Service
JTRIG – Joint Threat Research Intelligence Group

KMSG – Key Management Strategy Group (5-Eyes)

LC – Leased Capacity (submarine cables)
LCSA – London Communications Security Agency (1953, in 1965 renamed into CESD)*
LCSB – London Communications Security Board
LPG – London Processing Group

MCE – ? (GCHQ unit)
MCT – ? (GCHQ unit)
MHE – ? (GCHQ unit)
MHET – Mobile Handset Exploitation Team (joint NSA-GCHQ unit since 2010)
MISD – ?
MoD – Ministry of Defence
MP – MONKEY PUZZLE (see codewords listing)
MP-LEG – ? (approval unit?)
MTI – Mastering the Internet
MTI – Methods to Improve (sequential 5 year SIGINT programs at GCHQ)
MVR – Massive Volume Reduction *
MyNOC – My Network Operations Centre

NAC – Network Analysis Centre
NDIST – ? (now: CDO)
NEP – NATO & Europe Policy (Ministry of Defense division)
NOC – Network Operations Centre
NRT – ? (tipping system) *
NTAC – National Technical Assistance Centre (previously: GTAC)
NTAT – Network Tradecraft Advancement Team (GCHQ unit)

OCAA – Online Covert Action Accreditation
OCE – Other Current Expenditure
OOA – ?
OPA – ?
OPC – Office of Primary Concern
OPC – Overseas Processing Centre
OPC-CNE – Office of Primary Concern-Computer Network Exploitation(?)
OPC-HQ – ?
OPDSDHQ – ? (GCHQ unit)
OSDS – ?

PCS – Personal Communication Services (mobile phone technology)
PFS – Perfect Forward Secrecy
PPF – ?
PSIS – Permanent Secretaries’ Committee on the Intelligence Services
PTC – Production Tasking Co-ordinator
PTD – Penetrate Target Defense?

QFD – Query-Focused Dataset *
QI – QUANTUM INSERT (See NSA codewords listing)

RFS – Ready For Service (submarine cables)
RIPA – Regulation of Investigatory Powers Act (2000)
RPC – Regional Processing Centre (at GCHQ Bude)
RT – ROLLING THUNDER (see codewords listing)

SCDU – Services Communications Development Unit
SD – SIGINT Development
SDC – SIGINT Development Conference (annual Five Eyes event)
SEM – ?
SEP – Single End Point
SIS – Secret Intelligence Service (MI6)
SME – ?
SMI – Secure Management Infrastructure (for crypto management)
SMO – ?
SRT – Sensitive Relationship Team *
SSE – Special Source Exploitation
SSMG – ?
SSOS – ?

TDE – ?
TDI – Target Detection Identifier (such as computer cookies)
TDSD – ?
TEA – ? (GCHQ unit)
TECA – ? (unit for mobile phone exploitation)
TGA – ?
TICOM – Target Intelligence COMmittee (after World War II)
TND – (Target Number Database?)
TYPEX – British high-level cypher machine (1937-1950s)

UKUSA – UK-USA signals intelligence agreements

VX – Vauxhall Cross (SIS/MI6)

Y – Wireless interception (usually low-level)
Y Section – SIS unit undertaking interception activities
Y Service – Signals interception arms of the three armed services

Links and Sources
– NSA Observer: Things the NSA doesn’t want you to know
– The Defence Manual of Security (2001)
– Richard J. Aldrich, GCHQ, The uncensored story of Britain’s most secret intelligence agency, Harper Press, London 2010.