and they said to the titans: watch out olympians in … · olympia & the case study csecs...
TRANSCRIPT
AND THEY SAID TO THE
OLYMPIANS IN THE TITANS: WATCH OUT
• HOUSE! >> • • CSEC - Advanced Network Tradecraft
SD Conference June 2012 • Overall Classification: TOP SECRETIISI
OLYMPIA & THE CASE STUDY
CSECs Network Knowledge Engine
Various data sources Chained enrichments Automated analysis
)1.1 /PIA
Brazilian Ministry of Mines and Energy (MME)
New target to develop
Limited access/target knowledge
TOP SECRET 1/ Si
QUESTIONS
a How can I use the information available in SIGINT data sources to learn about the target?
o What can I find that would help me inform access development efforts?
o Can I automate the analytical process and/or re- use analytics designed for other purposes?
• TOP SECRET 1/
am, : a I.,. ..1--..4 am :mit ■I• ■ I ■.1 ■ La.i. lam .111■1• lol■ I ■ Illaa
••PE A. ■-. V L 1 IMP}... IIALL.IIP li'AL AP .......3,-• ha myna.. knor ...r •orn ••...E .., +••s NJ MIRAN 'P. ..,• I I I ■-•• ME -IIII {LEM ma Pe• PM it .IIP 7.11-111•4111.
P
1.••111•
.11.1 1•L
••-1110...11 IMAJ:ELTIP
.1.•4
l' Pr
r, s• 1.14■1 %I • II In {■•11 kAlma IT
al, a...,
■1.a.1.■
• Y r-
1ilaal3m Iml■•• Taloa
I 44 Vi. Cal lar
.110 •-•• 4.1 I.• 11■S Prawl •PPPI
faa .1,411, MI.. ,y
akin 4L 411111 UK* %lira .1111•
Si Ml1.11 a.m...
MOM ••••■ MA J4 IL IT I1lIIhH .
■ Pm*. ■.•Ph 1.1.1.11 11 11.11r
.01.1•1 101trp111.1.■ r
• CLI FIllah L.. IMP{ I IOW{ I NIPPPIPX i1YW 1 IL{ is • • '..Prw r Nigh' 7rha7R.11 ■1+■ •.• 1L-P∎Jri 71•41.P 3 ▪ •PIA11.1.141 • ISMildriKS 4114 ■ ?I d{ I cr ilikrc rlorlOne{ LPN" ri MAW 110414E 144 61,11. IVI ir•Ir I. FL ▪Fic Fis 14k 4 Mc 10:t 1111
▪ mom lh Pti 11.1k 1.11 611111.r,IVAAPIPe 71:6•ImPr 14Pw01 m 1C IdgamiKIIP•bm' iLL I}POSIcII}dIR•Irminre 1.4414ld'e lIWZNACIdiNe .11 J Jr61.11•11{ Ip.1oa
n :
la %MALI •.1.1141-11. 0.11.1.111LI
1-•1...L..11E.1.1110
In a .1• IELIAL•I
..•'•-•" I " -"II.<11:41.10 I n I 1.1 01.1 dap,.
31••••LI:IX II" "IRK I d":11M1
WIW I r..iblde i rt. Uri
■• • NI.
I T "PP- WAIL L
ay..11:1 II
P.r1 •al La la
171 H. P•11{1.0 •irir Ir r'Yi1Jl iili lelatIr
OLYMPIA AT A GLANCE
F• I a .1-11,1
• 1,1•L■a a P I
111 law NI a • pi Ora, lama •
Lima
1•■
▪
•
▪
•••• 41•13
gal• •'"
laaa
▪ P.I2.1••PaI AC7Y IY r Lei tr■p*Ing•Ilmlill lr P
• Paaluk OITI ei 1■0. ail:UP:n:4i IP
4lom alinule+ •u.P:p..memn oh le
P•.•.•■
MI PPP-PP+ PK. gior•Pv N' • C11170.1 be
l•laa al Ildal 5•Fm.■ NIPLISIJIA •
II •rm••■ 1■•19 WV kir P • AIII•Ir■•amla p•P■3•11a1I
Palmla.■ waq • V- P.M PARIS
• "•• ■•r rEasaM P.M NI Liao macmu...N.
pm-hon 4.1014. pH II =NOY. •
PA +=el Calm". M.IIMIMI.1 MI
• Lai AN "aka i44.11.1350- • "-p •■.a. rreharas‘mo
I WE rola 111.14hY •in •
-171 r∎ •■• EN Pm WM I Ir.
' 1.1100 Rd Maki% 'Ash. P ▪ iyala MAY LIM AA •
m.a
ana
I ma .• !Mit 111.4 J 21•a I dial •
• Ne...•
Airr 4141
TOP SECRET 1/ SI
1■••.,
APE. 111.
al= .M.1
— Raw
mem ssuri n as wacco i rl
I I■
193-1 — 41 ' ; b 114 doh 1■•
1111 1
- • r, • ■Ma ■.■.E.ma .LL■smo. .■.■ • ■•■ 1 M.1= E■i■Mr 11■•14■ M■l■ •=4
.EXECIIIMIMMk1 =IN4PS.,W• NIFIJF lmhm mhXdIrOWNI Mit Piff~
▪ macriars ozioxim
▪ {ti 4.--erm %minim! 'mewl 0.6)
▪ Cramp all:L
▪ Irgd Pnxko Peparis. ;51.1111c6HDr;
• FRI ErprAL LI MATE}
GPFISE•mis LI:IRAPN
la 44:49cal lerilt1+11 OUR I ▪ Gaai 13,_rarri1ErC H Cmcissiarii
p Gni te_sl WWI Qt1
(.0
4K.41E4%11411 14491w{ik !dm* IAT
141 C.K bk-Ivrvk Irfervabon (30..k9
474 Ik fk SurrirrIFilotcn r nsr 1 1171:11;11"
▪ hreerra• itC l WHEW)
R eo.fftik DNSlM dna UR
H Ibrahr fodl5. {1111111;111k6
• Str rt.! FridYrltrYi0e1 L11h'E dR1}
▪ TN Orlin! @Fero MARINO
• T CI CI &hi Belrel ROTH 0]
gi Two rmtpaag l otimisko.D T 1471 kV 41:41u MI IP EFFEIB:1:10
▪ TM' r4 E1414K I PPITC011
Thlii.1.341411.3 .);AC rAG E 1:10:XIMAR
X vPKI ka.•••91 r nts nevoC411104
▪ NIPH E bir11:1
I PH Everl3 CI IX GRP P E I
51 WIJ r rard rut! I IAN T [ Maki
(3 rfHlJ hhl1rnR111r1 ICCIELIS)
44 413 igoorn•int
M■1= 1=1.6... 11-
■•fa imelme Saar .ro Aimm W li Ir■Lrrm•r•rm 'rim§
iim■4 MIL N■m m∎ -∎ 1 Ar■I a 1■1■ 1a■ ml
k•- ".? I pi
1.■-■•=41.
■■■r•■•.0 Pa pI4r 111.111LEN4 MN M.1 ip•M
11. 161b4 40' *II 4.411.•
• I am ••
•aim Ri■ M.1■1, as TLI u L■ E■• CP
■IN =.1■Y irld■ ml■ .=I■• ml
r
• •:■1■1.• •
= .09-mm.thr. I.M.1.711 • •.• • -.14
- • . sm..= L
,AMPI ■••=. 13.1 1. .
3:18
i .% LM--I - • • • • 'IS I
Imi■ ka..surn Wald • .•31 ai•Aria■•=1s.4. 11411.1. =NW
WI■ i..Y ■1. MAI =Mil* I= 'JAY P.M
rpm —mm..
{m- :
. . a
• • • ••
• ' • •
• • • •
• : • •
OLYMPIA AT A GLANCE
p.■•r • 4,, curia r
nus rrammra. r 51. =mai.. •
r
4 •5.
▪
Q516.1...ailo 1 Lka..1 • 1111.sead 154u:414 " E a` EdiP.A.1.1iii■11-111,1,
R 1.41m4a•wak34i..
.Spr+ F 441 41•1■.■11 ■.. 0.4 .=
▪ ZIPM ▪ 1...s4■1■ 1,L,M1.1 W. •
▪ 1. Lsma ismr,ps m. •K 3•■• =bp MK 11=3 Im ■
4 1-m..1 Im ip a m 3∎ .1.∎ ■
• 1710=9.1 wm 37.1.1:1••
uramcps Im
n•plaml !MOM. WPM !NM P
PP 1. "Ir . L.L j : 1 ,1.4,ELACIMInixpl&
1r4l...4411rnwpw• II *hi 'IMO .:31P,414.1,
•P • a I
I 1.4.4aa.c.a.ma — 1.-■4=
M.0.1i1.11.1=M •ith LEY&
a 11■-■
-I
TOP SECRET 1/ SI
II ■ lut EL ri mo%
Sort rcel$
7.aclec.:erh 'Arnpalor QulpEA
▪ PhLro. NurnLsi QL•ly
SlEt ebifed. Registreacri MIMI ITU' LAI
Lnailecathe?
7iSt hX.e. : :Cr4
Paul/maim Idappiag I Dull
RAI Pima Hama Pa rameac Tip+ Abiuffloill
phoner..kraber kagt14 Ye; 3 tan Seem Original Seiedai Dry Clriainel %War C !RIMY
SArhar Fri
6... Chiginil SiltelEr UMW"
Get Freida
OLYMPIA - AUTOMATION
I liwed •11=Iscr
steos 16 F kWh% P CS ERli I (SEDELk DA R Eng.% 144.79:111
PASe..D. P' teem att11). bate Fkage, Win 14 FASCIA PCS Mira:" (5E1513. INR Se I !dm, Pak Range * FASCIA Ma Evtris.111:101. time Live frU • FRI E.reirrt 11ZYTTATE:t Elate Rant Net Yen ▪ FRI Emilia 11.0MA Tr Dar Itorigr, IP Rms.
Pawed ONSADJOLIUSJ; Norwa F mom rd DNS IDANAL an El narrr
• realot eru on IANILCIAU EP
Geoloc al iv n 1.61:21-141 Grar-Lnaw); 02' Rant G5246idikl and Neberilik Imiorrinatori (AT Nit ruedik fr.ahgpa
fiecrlacalion 1r5d Ivetwark Hornriatiori !MOM ASH
j &ON ElOn PoLi D PA1NA.1 W o1 •.1fkat. NMI III CHIC licawaril IATLASJ. Ahrpgi
10 Gm* ortkrosi. IN to R.iirk ▪ CiPPI5
Eve & 01 PATC114 Di Fe Raw, 3:'_2
▪ GM fvtr 01-1411CrS) Pitt HMO, tAK
d';. E intb {ST PATOS:c D. Cc Rai 3c. TEC
1.1?. GPM Eu ISTIATOSX DIAR S•cleclor. Date Range
C041c llkiOrriErVIWft LAIC. a Qatotl (IXTIerNAfteg Mc:
▪ EP'-1P C.vcrunullkierickil idwirnehr OHYP IERPOMF Rrve P REV et Mobile rierrecoL Operzta 0341:41]!1 ,11SL
Malty u NetilmrK Ope.11.17 IOC*); IJILK rierivare Reipstratim iswin 111J 11114
5 orm RavEim. Rironelko rrvaitswomc E ecca Pena 114:4#WINg Prelg Pe Free Tel
Numerous enrichment and data manipulation nodes Drag and drop each node
Create links between nodes Hit the Play button
TOP SECRET 1/ Si L.
ANALYSIS CASE STUDY
What we know about the target: - Domain: @mme.govubr - 9 DNR. selectors - Very little collection
TOP SECRET 1/ Si
r
• 644 ii■•■ Mmkga:.4
• wpm... ir.a raw I. 41.911•P p.7.—Y101 K. I I b•
- I M. A, rI413 r.wirr• weigy.wr
—4101
Eirnmate Dicaie Ps
PA RIB CIrty Cupp!
WIP
Eyarr£.ary■••■ath
ME=
41rr l
ANALYSTS DETERMINE TARGET'S IPs AND ISPs
Mail Servers Output unit
EOP4LUF (F.J4311.1A
Cut St en
TPEICIAII3 171.4T XIIP
WTI Iqn 21.1344.041511.47.24L4
Florin &Mc
ruirriy.mere
Tarreitalmrr4t-Fro.1=
Hostna me IPv4 Country ASN Owner Carrier
Reif' onst_A01.
rorrepn come 9r.V her
ryrreit0 rirrn4.9.rul-A
Domain's IPs Output
LE& SEEM
&inn F 13 1.73105% GMT 2oie
Sit Air 1901.:54:10 47b.fr
•
ANALYSIS - DETERMINE TARGET'S IPs AND ISPs
9110:Lvl
pki4+1 1.404:m
311141:4.1.dINF LE14rom
1141441 Aeot eftte-T,
D571:49 mese 1 eletern
renztruel
embrirel
mem!
net! aid
IIM14f4I fI 4mirotrl
Mal Nisi
ern We I mem**
✓mbrdd
Wirral
✓uipm
WIN a
14 41 p rmbi Elul
rulL•rd.-1
rrretralri
. rn 12 al rl
emblel d 1.rn kir rl
t luDhl4r1
tau el
C 5p1 FORM Ma
1 Wit 1.9. 1..11 FY.
A le■Vo.rrentopYr
A n 42 .m.rns-F
ifilPlLeerrker.i, hi
▪ ODM.11:. rivri.pYriar
4 it Maw n..rh dalI FA
.4 nd. mrne cm. or
▪ num O. rum 9n.1}1
4 weer. mmcslw h
▪ 0112 414X. lei. 1:4
sr011 mmc2rr. Lid
priNclonisrma.iicre.1:4
sr•.0.13 riTri4.01.
.4 yo-rnp. rirrsrlia fir
▪ ir.d.:p..mrilipp.11
L ewe. .ir
4 sorra; 4mm4 mna FI1.11
4 unincurrintscreim
sere rnrrl soar 4 ...raw. rrrnagoy .kr
▪ sileskiswett.F..111
A .0..1 arm.
p rualwn .mrra ur.
▪ u eibJef•Elgor hl !I kr r ...myna ear. br
A tem werrerric.14
Noi pg•ii
I, 4.khgr JrOM Civrfmi
L-31; 1
tNael Mkt corn*e wilt+ .reerrietno 1.111511
traii IMIL a rrrIEFMr.• dr mLsmrl.ru. hr..l
1}'{g.F 7.1P31 eerme{rh11). da riMM1k1 41141
tr,21 Min rinvlegelltd irtensellr. 1:1,7511
4:a Mullin Witt dr rffilin4r1. n O En rill
brad LEO curl. lecirsur th irceerietrio bind
1:4471 117 coffer...dud dr ml rmal no haul
Lau; &al i nI orpany Lk. rill
braid LEM {41T414.11 311}1 IA env! AA IA
tray Lai ra rn. I • 9r:I nd rLl1N ern rl rah' mu!
Lai ra rrriEF:ehn dr mlEm.r1 no nel
+ID OP rrrlege4Tri tfe Ir+ernetno VIP 1
WW1 4.? .)11 carriiNimph:H Or Mtaupe mu hi gal
brau 430 vs mks Toll" dm limrdnr 171 Er
11:19W caindeirlINIre eignr114.5 brari 111165.11 wrrrlo Fritr dr iiriarrrim ri LH ma 1
tral l(SSI arm§ 0i:cit.! dr rtienetier NW!
tree, 149fr1 cerrrisgrrIN de inarrifinsi 4111. 1 Lana Lai s rrrk. gimLin dr warm! no kr rill
.1.13:1 r qa-5I Lb rn•r1 n I.•
trail .1a! it mete irchu ll1 inhrmrk bum!
ban ILLID ea n.leF le.driN rmi 1 rui ha rue
4.230 arrll "01 r11 .14 Nevi 1:rarl L}A) wrrrb goyim dr LA and no hr rue
tau &DO carriewer di WI Ph
brill 1434 4,10, -4 t "Mita 01. OT•ii ka
RAI sum
▪ oifdroodrxi I Thy otc 2.2.20.91CLIT Min mit Dos ZL641713 AILL
Wed Elet Z1 GI V170147 MU
1111.10K td 34, 202 OJT 2113 Hen Tun 2i .B:4112:11 Ci54.1100
'P.M 541111132 .9a GM' 2114
545. W 32Te Cle JIM?
Thu FEL, 1.1i34 1 61.(TD113
Wed Sip 1.5 01.3rJ9 134AT
Thu Hai 0i 1.111P-01.0.11 .1U11
Ilion Arra 11-110:041 MIET2441
Weller. LEI 32-1.3:11 GM MP Fri F1.131.alith VIA=
Mmi n.2.5 11-115:1:611741 211D
1k41 FON 311.11.37 MR Fri MA IT 1411A-13 LerE
Fri Hai Z1141:1411.G.1017 DES 111 YrL11 .11 Id DWI c•4•11 r .21X151
Tim. Wry LS 31 ..19Kei C*11
111.411 Map 03 d3 rpm IOW Tye 1. 1.1111Mbei EMI WO
• 1.1111 D3 LEM 41 illdt
Tut ue• LS ]] DK19 {-4,q 3:49 11.11cy alpl 20 !me se Coe e ..111111
1.1.1:11111 1144-1
Hen 1...% 43 11041.47 G.1.110:13.0
ure Sow
Tut iyky ciff2indisr 5.0 Mt. toltltilk Mot 203.2 Tim May 06 L2 GMT MU
Whi Aga 691183.4)2114JIT 20L2
KI !] MI fan Nue .1..g A41..# GIP 18:1
Tut ket.20 L5A g 1lI GMT NU
Srl Car 3, 1:1:1:614..115 13Pal
hk,i Del. 39 1.3710.13
Tim Pet 20 354913 GMT ?Xi
fur DIE hS 15:4111 CA1 XII. 3
Sri Pk LS IMMO {KT
Tue Sep Gar ,43). GMT DM
Sr WO MOY1.114 T.2141
Sal Piler.LP Mill ail ALI
14+1511:..19 011.)3 oen LD 33..ez C.4.47
Sal blo..19 1:11A3A1 SNIXIL1
]'Fl Nth 13 1:1111)m Won NU &•11.4c,: I3 i51:1.1e 1r1 i 1.tl 24'_1
Sol hh.v Li OLP NEI OW pm imaml NAVA 6rel1
&NI Nee IA 61.41 EEL
- i No-•L9W 0454 Q41 a!L r4ve 131.4 I Ate
Ilt1 We Li D110251 SW IOU
1415403 IXIIWYSI Cpuell
TOP SECRET 1/ SI
ClyiarrpcCorigkritin l' 1=6 10
I .fieldS
1 1
■
(Anti Uwe Mit Delrul Siolut Optiersinillet Frt1( "Iiret 1.rtl• •sre
1 IFIDS ri Illo r.< h9tlip p
P Rrgt hilse imq72nit IPP2rqf
3 Lo., F Mu ix_krep F
• Cit Friurnitot V*BS.reatim us
01
stw rim' MEI=
Cacard
Mar
Farb
I
ANALYSIS - DISCOVER TARGET'S PROXY
High IP nErNiPhii 04111,00 Rename valgeE. WIDE'
Low IP
IP Range
REMOTE PORT contains 80 REMOTE PORT contains 443
TOP SECRET II SI
Tar et Proxy Out nit
F '1t • 11
6:443:TS (1).,.
6:443:TS Ili;
6:443:T5 (1)-:
6:443:TS 12).;
6:443:15
6:443;T5
6!.443:T5 (51.1
61443:F5 1 ;
6:443:TS 1* 6:6065 7:FC (1);
ANALYSIS - DISCOVER TARGET'S PROXY
6:47367:F C (11;
6:27373.:FC (1);
6:443329::FC (1.1;
6:47950:FC (111;15:48'
6:541595:1C (11:6:43
6;316711FC (11;6;343
15: L2 15 3 FC 01;6:4135
16:4027:TC (11:4483
. •
6:443:15 179);6:30:1 6:26764:f C 111;6:267
6:4113:TS (I); 6:11217:FC (1);
• • 3 •T •
6:443:TS (1): 6:45611:F (11;
6:443:15 (14);6:80:16:15170:FC (21;6 -.53
TOP SECRET I/ SI
enti IIP remote IP remote enti ort
Entity LP :
Remote IP : various
Remote Port : 443
IITIMEITErn P Pulps!.
PT. -
13u 4.2z CCWO...ti1 to' duij : U15.12. by
Er Er
ANALYSTS — DETERMINE TPs MY TARGET COMMUNICATES WITH
Sia za.i 3 Saa low- 2 aid
mr-4.
Fain OM rvir4
it or
Mirrabolk ditksfireir.
.4.M.13.401.;z
so
ti
Eirml row by 1:1-1 Lasaa 2
elms!rd 1
Hypinan tarNi
t.E
Sant ear bk r cbrtarl
Ste. lOwl Dulbul 011.141 ISJ
"sr rw..3
SrL ! Jere
azinibinr gl.rrwci
1.1rn
. I ita rraLm • Ms z • • • • • •
rrwrrc il:mr iv kr Tyos
IX jii11,31.91
2 T5 11
H121111M1W
4 17.JP • —
k► oscrn 1P21 wed iiri imIda 133 droim
kir-ton P
Si I rq
i:11(41
p.m Td
•
rfrowin Orr!' 1 eriell .IP fir i:r ;i) tart fluur. rei n) ren , tut 11.1 r iv IP zonto,t. rfetx-t I cuth- • t 12; rr Ili in rf.in 1-Ktod 1:n4:mkt!). IP dr rm. ,
briusti LelEteNn agos pir
harsh tElf:02 111M9natlanplE
trIL Ecni7 Li "'Cain'.
mimic ip rnr.rditre
15e WI nix itiorture.
Sal, CO ni)lilialltban
de Pram I el rominurimi 5P
!" :a{ • lioN. Of. C4117.MP f !:1C NI I r ramp ire I n
mlembri cmtkozhange*
krd re:
kg haw Eithotrinit
:41x:file; lelixocr-x4nwsaod40
ripe roe b lecinciire5
.• L.
malt-No Lrfdilel LL:14671. H.mitieeli
5.!!-.!! ri
Jm= 1■■•I M■,•,7
-- .;:nuo.- a -, L
N e
IE
rff14 PP nr viitc C:110171 m ny 71'
me la ItrnE, FIV
N -:41.:2
or re b_wre g rkbr
r.D.
orto o .hrno
f OM? k7 ITC'S!
=VIP
f. N 1.1 ffi "42 .9. DV f
fliTE ntie.gokthr
?MN mfr .9Jr _r
os name s arting omain IP starting domain IP in contact with starting domain Port used by starting domain
1 rr s
wner o con .ac Carrier of IP contact ASST of IP contact Country of IP contact IP range for IP •
ANALYSIS — DETERMINE IPs MY TARGET COMMUNICATES WITH
TOP SECRET tri SI
Iclanbfy Isrgarl. and 'ID par! 1 Standamclula fmarel narnosi 3 SI:endlandus fold na MGM
Distant 5 Elms hmtult Ilan $ Eye* rercIAN
IT" Fdrisrard NIS MANAUS). 004131n rwithrrient Itch.
Stier Rego Sulferl-type non
TlY MAI Pain co
Marbly laige IP and Sisemiarclue. Mold riarrpri
■gil■arni th .
Clig_ cm Li kurertlriEd trimbrrB 1 DrscarC urr.d...2Mad .uQrtl
ANALYSIS - IDENTIFY POTENTIAL MAN ON THE SIDE OPERATION AGAINST MY TARGET
•
AMA rantati ourtr conlac! 1 II=Ps car:tar
UM brat!! IS 265,11 buorJ1 t0421 L i ii
145 715 bria 11
bras I
4$774111 J 7738 brazi I
nu2 brad I 1699 brazi I 136711 braZI 1411130 leolikik 1
I MCA roa I II :,0 1.P1 br..321 1
'283 IL brae 1. iSti 113 bran I
144 N corrtatt C <NOtKe N kN. rOnterl bra
bruit
bra 711
bnrtlk
!Mail!
bra iel
colorrutil.
Ingrayll
larval
.42.11
nribieleci
•_
TOP SECRET Si
Sri
ANALYSIS - IDENTIFY POTENTIAL MAN ON THE SIDE OPERATION AGAINST MY TARGET
Results targellxn-Inarrie
f •
ILACMOVPII rrIntrAIN t
in-mistreprixemelc-v tit
B11.11.2.1
▪ .■P=pur
.111 mimildra ro•■..1r
4mahri-mi•-empnw Ir
Pi pkt`wv•br.ti
41 MAIM aNIA.P.
• 61■•triprier
Pi sk-dkri amid ▪ 1•••••raimal "ti"
A Alin. AmP.IAI
A ■ r-0r .c•Anci
17. •••• 1 •LIII• •II
••• . •••••
Pal r Am la
1' FreiNIWILE2115
rpl•mr. oil Iowan
14 }how wrenersewnla.
Fih.o7r1 Ir
• idall met%
• +1.411-14— 6.1
dort•Lr•••,1 111.: 44■•
114 •414• nfi 1 ■
111• ' I 14w..1,-.. • 4■.1.1 01,4himl,
41=7.1mp 1..1.1
111.P1011+1 1. 1404111-
ON 11114 10
s•Adir.41N } YI
Al alai PLIA
Elm, is ou ■.11.•
n-Islamizmi Ls
• • 1 ..••••Lorcil
•■ • ■ • • ■ •■•
• 1 ••1 1...1.-1 1r
'IVA IN WY
3 1spl•rt-ri • • •••• I d
limar444 11 .114111 h
*Liu LifhEl
L. 1111,11 L.
1•11.4 A. • m4-14 6
ININ11 1 11$11.1.•
large! Corptia tir trttixti COrded p L Case Not irtp Qin Crtvritry Dtgra ph
teAMS:T( (1); 6.134FS 01 MAJOR) 01 bra.9
6110%41:7C. 6$0,_FS CLI PAA10:199 (1..k brazil
eirDup by Ccilectan Sites
r ffpnvir (cla nothing! 2
FirsIbiatha DNI Lh Ira?
CV O%) iriput Corriguration Intik* Fill .14:51ificakin Cluiputcf DNI Chains
TOP SECRET 1/ Si
Cgrflia CFI**
•
ki opiri icalm• zi:Filrm:rtzrrml:cri
ilvatP61 =1:1EM U p h prni.p.m
LI im kdilim maim t km:Fameman
risnws tTriCbrh r'
Is■ 41:40. 1.1142.:•••1 Irrper 'Mop.w Tiro rili-•170Awmaisrs
Al m.13:11•Irlerma aimpe ri dm
P in rraa.ri Ing■• s. Lme..lwam. papai r 1:I■Ji lir WIngr
.• . • .. • • : Eid I F. 4.154,11;
. :
5dp rmppq 1=2E=
FicillaWem iumm1101. -Wiliam's wy I A.4 F• •, •
n-ir2k•-i iw.Ark.r 1. _
poim WIN hr.
. L .p-1
ANALYSIS - DISCOVER CONTACTS OF MY TARGET AND COLLECTION SITES I SEE MY TARGET ON
SUMMARY
Based on the information collected, I am better positioned to analyse my target's telecoms environment.
• BPaA
HUMINT- enabled
TOP SECRET 1/ Si
CNE Olan on the Sisk. cookie-replay,
CDR1,
MOVING FORWARD
o I have identified MX servers which have been targeted to passive collection by the Intel analysts, who are assessing the value, provenance, etc. of the traffic generated by the mail servers.
o I am working with TAO to further examine the possibility for a Man on the Side operation.
o Based on the network information gathered, the NAC has started a BPoA analysis on the MME,
TOP SECRET 1/ Si
•