24 april 2013 the overall classification of this brief is
play

24 April 2013 The overall classification of this brief is Derived - PowerPoint PPT Presentation

~ TOP SECRET//SI//NOFORN 24 April 2013 The overall classification of this brief is Derived From: NSA/CSSM 1-52 TOP SECRET//COMINT//NOFORN Dated: 20070108 Declassify On: 20291123 .,..... I II TOP SECRET//SI//NOFORN <#> TOP


  1. ~ TOP SECRET//SI//NOFORN 24 April 2013 The overall classification of this brief is Derived From: NSA/CSSM 1-52 TOP SECRET//COMINT//NOFORN Dated: 20070108 Declassify On: 20291123 .,..... I II TOP SECRET//SI//NOFORN <#>

  2. TOP SECRET//SI//NOFORN PMRAgenda ~ Strategic & Technical Overview - ~ Placemats & Highlights - Client Service Leads (CSLs) & Senior Mission Technical Leads (SMTLs) ~ PMR Spotlight ~ MONSTERMIND - ~ SOS Support to CHELSEABLUE - ~ Technical Health - .,..... I II TOP SECRET//SI//NOFORN < #>

  3. TOP SECRET//SI//NOFORN SID Priority: Traditionally Inaccessible Network (TS //SI //REL TO USA , FVEY) SIGINT Development Challenge: Establish a proven foundation of targets in Pakistan's National Telecommunications Corporation's (NTC) VIP Division. Mission Example and Result: Successfully enabled positive identification of users in NTC's VIP division who focus on maintaining the Green Exchange. The Green Exchange branch houses ZXJ-10 switches , which are the backbone of Pakistan's Green Line communications network. This network is used by senior Pakistani civilian and military leadership. Four machines in the VIP division who have Green Exchange related documents on their machines were successfully implanted. 0 D Our Approach • • Evaluated currently tasked selectors related to NTC's VIP division. ••• r· ·~ • Conducted SIGDEV against known selectors to identify other DO OR related targets. \, .... O RML ¥11D • CHJIIR • Collaborated with R&T to use SECONDDATE and QUANTUM to . ====- ~ .) successfully implant four new CNE accesses within the Green DTAII L E _ Al uriniJn'l Exchange. -faititioni l"(I e - vtPll \ .. ....... SIGINT Development Outcome: Four new CNE accesses were gained for the VIP Division and a baseline of collection related to the Green Exchange was established. ;, ·~ (TS //SI //REL TO USA , FVEY) .. . TOP SECRET//SI//NOFORN < #>

  4. ~ ~ ~ ~ ~ ~ ~ ~ ~- ~ TOP SECRET//SI//NOFORN SID Priority: Traditionally Inaccessible Target Networks TS //SI/ /NF) SIGINT Development Challenge: Passive access in Lebanon is limited , thereby hindering SIGDEV , Discovery , and Mobility Exploitation. TAO project REXKWONDO successfully enabled Country-Wide Shaping and Man-in-the-Middle (MiTM) capabilities against Lebanon 's Internet traffic for the first time ever. Mission Example and Result: Combined CT SIGDEV and CNE analysis effort within REXKWONDO, the Lebanese owned OGERO ISP , resulted in multiple successful CNE operations that yielded initial access and collection from Lebanon's International Gateway routers. Currently shaping Hizballah-related traffic to SSO-STORMBREW, providing SIGDEV discovery opportunities for S21 , S2E , and SSG\NAC via XKEYSCORE and MARINA. Proioo:I o ... s;~·· M,Lo 11y Ap~;, .. ~ppio~on ApplD(""n;,,,p,;~o) U1 TCP O us.11o;S11 ~1wfottd1«4W,Yll:t CERT II 8-t TCP 9 US-310$$$ http1>0et ~heuri•tiee eABHAl,tu•e• · Our Approach :.:JD f ~l ia U TCP US-310Sst Ec,.,ols Filter g • S2153 CT SIGDEV SOS analysts provided technical support on various high-interest r US·3IOS5'l U TCP 9 us tiJ TCP 3105S8 Cdunn:A opicaticn 9 targets and assisted in exploitation and implant of the head of the OGERO NOC and map;/googo _oi<ltl/10,pc L v " u TCP • US·3IOS5'l Ea Ja~: U TCP g US·$10S5'l Aep~ Not: «!"3ttim11o nt)http/93t ~; the core routers. us oo,ertisement)http/gL u TCP 9 11oist !!! • Collaboration between multiple divisions within TAO and S215 led to the development I I el us.msst c "'~rtts)wetr/o:ro:il: " TCP 9 Ip .. US·$10S5'l U TCP 9 ctcrn;;n{gcogo _ of a custom-built router exploit and new HAMMERCORE implant builds. .. http/got TCP US.J1-0SSJI Ntp • )k')!:f 8HAt11.'ll!tH .. http/he«! us • The OGERO ISP gateway router (RB) was exploited via HAMREX to enable TCP 310$$$ 8HAlrl. · u•o• http · 1>0et .. http/post TCP 611Al,1:u$et US·310Sst http :'u0$l SECONDDATE MiTM. htt p/post/oCO'.l <ea,est ..,.,.,, .. , TCP US.l"ft!SSJI ,, • .,. r--- -.: m = • ~ = •m = u .. 1 "1 ,.r,-----n, ,.•,---, 9,-- ..,. 0 , -.mrn :n • http/po;t/>:·W\\IW·fo rm .. 0 ,..tE>I • The OGERO upstream Liban Telecom routers were exploited with CGDB, then .. rrniVw etmafJhJt mal :=•iw,,bPRJ Lin TCP US-310S5* ?7S m3 iVw etmaiJwhdJw s lYe ~ implanted with HAMMERCORE and HAMMERSTEIN to enable successful Shaping of TCP US-$10SS,t .. t1tte ,)4)t:t · m3 ps{o oaoe_ ea-th} oet StlMll · uo, TCP US-' HMS$ " Hizballah Unit 1800 related traffic for multiple CT projects. http))4)st m;ps{o oo oB_ea- th}re a.. BHAlrl. ·' u•o• TCP U$·3'10SS$ ... = m;ps{g oage_er th} res • Traffic was exfiltrated to STORMBREW from core routers and was accessible to S21 , OGER O ISP l&OS 2 OS·l10,SS3 LE. QTII ABJAAMOU , l•1ncl70<13ktc:t di;Yil hoq,.uid-t> > « 11 1m:17o•31t tcy• l-.oo8,o.tl ie> OGfRO ISP '6:0S 2 US.J1&5S3 U. OntABJAAMOTl S2E , and SSG\NAC analysts via XKEYSCORE in less than 24 hours following the t l• tn d7oa3ktCJ< lt Y .1h00-ll<l.t) > tt1f1nd7oa 31Ct <ya 1\0o8 to()l(te ) OGE RO ISP UHOS 2 US.J1D5S3 Lf .QTH ABJAAUOTl successful shaping tasking. b31t5b'94,tahba < Co+glePAERO :> OQ:RO ISP UEEOS 2 US~l106$8 U.QTHABfAAUOH b311Sl>"4,t8cSd>••Go+gk:mEAO > OGER O ISP l&OS 2 OS·l10,SS3 U. QTH ABfAAUOH SIGINT Development Outcome: SOS collaboration across the TAO and S215 previously denied access to the International Gateway routers in Lebanon and Sole-Source Discovery against Hizballah. 100 +MB of Hizballah Unit 1800 data has been collected and ingested into XKEYSCORE. S2122 confirms CADENCE dictionary and XKEYSCORE fingerprint hits. NSA SIGINT Enterprise analysts can now conduct SIGDEV on any target IP range of interest in Lebanon using a single passive database [US-3105S8] in XKEYSCORE. (TS/IS 1//N F) _,.~ . .. TOP SECRET//SI//NOFORN <#>

Recommend


More recommend