nsa auroragold
Post on 02-Jun-2018
233 Views
Preview:
TRANSCRIPT
-
8/10/2019 NSA AURORAGOLD
1/63
(U//FOUO) AURORAGOLD
(S//SI//REL) Project Overview: The mission of the AURORAGOLD (AG) project is to maintaindata about international GSM/UMTS networks for the Wireless Portfolio Program Office(WPMO), the Target Technology Trends Center (T3C/SSG4), and their customers. Analysis of thisdata supports:
a) An understanding of the current state,b) Trending, or time-series analysis, from the past through to the future, andc) Forecasting of the evolution of global GSM/UMTS-based networks.
This analysis and developmental activity is currently focusing only on GSM/UMTS infrastructure,
SECRET//COMINT//REL TO USA AUS CAN GBR NZL
voice-data convergence, UMTS technology migration, and UMTS technology deployments.Coincident beneficiaries of this mission are, among others, other NSA SIGDEV elements, protocolexploitation elements, and Five-Eyes Partner SIGDEV organizations.
(C//REL) Alignment: Supports NSAs and SIDs imperative to Know the Future.
(C//REL) Sponsors: WPMO/S3W
(C//REL) Customers: WPMO/S3W; T3C/SSG4; Various S3 collections organizations;numerous IC organizations
(C//REL) Architecture and Infrastructure: Custom-built application based on OZONEframework, using GOLDENCARRIAGE corporate servers for all application and datastorage
SECRET//COMINT//REL TO USA AUS CAN GBR NZL
-
8/10/2019 NSA AURORAGOLD
2/63
(U//FOUO) AURORAGOLD
(S//SI//REL) Corpus:Will contain: Unclassified: Complete replica of Informa Telecoms and Medias World Cellular Information Service(WCIS) queryable database to eventually compare data against that collected from SIGINT Classified: SIGINT-collected IR.21 (International Roaming agreements) documents from around theworld, parsed of their information, analyzed, and giving users the ability to trend this informationover time (time-series analysis). In addition, e-mail selectors from within IR.21s and from SIGINT
SECRET//COMINT//REL TO USA AUS CAN GBR NZL
,
(C//REL) Content: Portion of the WCIS data available via NSANet GUI; remainder to be completed within 2-3 months Currently, Phase 1 contains a small database of worldwide wireless networks being comparedagainst IR.21s from SIGINT to establish our baseline
(C//REL) Capabilities:
Soon, complete WCIS repository to be copied to NSANet for querying by all NSA and 2PPartners Later, agile querying through entire IR.21 and WCIS databases, with capability to perform time-
series analysis via visualization application
SECRET//COMINT//REL TO USA AUS CAN GBR NZL
-
8/10/2019 NSA AURORAGOLD
3/63
(U//FOUO) AURORAGOLD RepositoryCONFIDENTIAL//REL TO USA AUS CAN GBR NZL
Networks & Suppliers
Handsets & Devices
Network Features
Network Coverage
License
License Spectrum
CONFIDENTIAL//REL TO USA AUS CAN GBR NZL
-
8/10/2019 NSA AURORAGOLD
4/63
(U//FOUO) AURORAGOLDCONFIDENTIAL//REL TO USA AUS CAN GBR NZL
(C//REL) Demonstration Script (Only capability currently available is basic querying against small portion of WCIS database) Go to Click on any of the brown boxes Select your search criteria Select your query result criteria Click Submit
View the results
CONFIDENTIAL//REL TO USA AUS CAN GBR NZL
-
8/10/2019 NSA AURORAGOLD
5/63
(U//FOUO) AURORAGOLD
Workin Grou
SECRET//SI//REL TO FVEY
(S//SI//REL) Shaping understanding of the global GSM/UMTS/LTE landscape
SIGDEV Conference 6 June 2012
Derived From: NSA/CSSM 1 52Dated: 20070108
Declassify On: 20370501
This briefing is classified:TOP SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
6/63
Agenda
(U//FOUO) What is AURORAGOLD? (U) Why come to us? (U) Our value proposition
(U)
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
(S//SI//REL) First-hand insight into industry changes (U//FOUO) Targeting efforts (U) Notable successes (U) Future plans (U) Discussion!
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
7/63
What is AURORAGOLD?
(S//SI//REL) Database of Mobile Network Operators
MNOs networks and
(S//SI//REL) Targetdevelopment effort against
MNOs roamin hubs and
(U//FOUO)
SECRET//SI//REL TO FVEY
(U) Team of analysts, developers, and wireless SMEs working on:
PWIDs from collectedGSM/UMTS/LTE roamingdocuments (IR.21s)
working groups
SECRET//SI//REL TO FVEY
(U) Fusion of open source, commercial datawith SIGINT to answer wireless needs
-
8/10/2019 NSA AURORAGOLD
8/63
Why come to us?
(S//SI//REL) Extensive, global IR.21 data vetted bySSG4 analysts:
701 networks of estimated 985 (as of 15 May 2012) First-hand SIGINT information direct from MNOs
(U)
SECRET//SI//REL TO FVEY
ost compre ens ve set o . -re ateemail selectors and keyword-based tasking:
1201 actively managed email selectors (as of 15 May 2012) (U//FOUO) Foundation for worldwide mobile wireless
network trending and forecasting Includes visibility into changing industry standards and practices
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
9/63
How can we help you?(U)
SECRET//SI//REL TO FVEY
(S//SI//REL) Example: AFRICOM IKD-OPS requires information concerningthe SMS Gateway domains for:Libyana mobile (libyana.ly) and AlMadar Al Jadid (almadar.ly). We
SECRET//SI//REL TO FVEY
e eve ese are e on y wo mo eproviders in Libya but if you haveinformation to the contrary please letus know.
3 March 2011
-
8/10/2019 NSA AURORAGOLD
10/63
Weve done the research
(S//SI//REL) Quickly identified collected IR.21s (U//FOUO) Pushed information out to
customer through product reporting
(U)
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
DOCN 000028528ZNY ZNY MMIVXZKZK ZKZK RR SOL DEPDTG R 162037Z MAR 11FM FM DIRNSACL S T O P S E C R E T UMBRA US/UK/CAN/AUS/NZ EYES ONLY QQQQXXMM XXMMENP01FOO11075
SERI SERIAL: 3/OO/506998-11
T GS TAGS: LIC CCOM CLOG COEF CORG CPER CTEC CTPH LI
SU J SUBJ: Libya/Telecommunications: Two Libyan Mobile Phone CompaniesProvide Updated Network Information, June and December 2010(S//SI//REL TO USA, FVEY)
-
8/10/2019 NSA AURORAGOLD
11/63
SIGINT Value Al Madar IR.21(S//SI//REL)
TOP SECRET//SI//REL TO FVEY
TOP SECRET//SI//REL TO FVEY
Extracted from 3/OO/506998-11
-
8/10/2019 NSA AURORAGOLD
12/63
SIGINT Value Al Madar IR.21(S//SI//REL)
TOP SECRET//SI//REL TO FVEY
TOP SECRET//SI//REL TO FVEY
Extracted from 3/OO/506998-11
-
8/10/2019 NSA AURORAGOLD
13/63
IR.21s in AURORAGOLD(S//SI//REL)
TOP SECRET//SI//REL TO FVEY
TOP SECRET//SI//REL TO FVEY
Extracted from 3/OO/506998-11
-
8/10/2019 NSA AURORAGOLD
14/63
We monitor the industry
(S//SI//REL) Visibility into changing standardsand practices for:
Roaming
(S//SI//REL)
SECRET//SI//REL TO FVEY
Billing Interoperability
GSM Association (GSMA), a Swiss associationthat drives the GSM/UMTS/LTE space
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
15/63
Roaming Agreement EXchange (RAEX)
(U) Next-generation roaming exchange process (U) Well-defined XML schemas instead of
semi-structured data in multiple formats
(S//SI//REL)
SECRET//SI//REL TO FVEY
U Emai i e y gives way to SSL sessions witcentral server(s)
SECRET//SI//REL TO FVEY
(S//SI//REL) SIGINT Access SIGINT Value Automated Analytics
Old IR.21s Easy Great Nearly impossible
RAEX IR.21s Difficult Even greater! Easy!
-
8/10/2019 NSA AURORAGOLD
16/63
Targeting Efforts
(S//SI//REL) MNO roaming coordinators, hubs,GSMA working groups, ROAMSYS
(S//SI//REL) ~100% of MNOs in WPMOs Top 20
(U//FOUO)
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
Category Contains
4002 IR21 senders/receivers
3918 GSMA and SIGDEV
Tag Contains
AGIR21 IR21 senders/receivers
AG_USER Individual (usually sender)
AG_ALIAS Alias (usually receiver)
MCC/MNC [###][###] IR21 s/r for given network
AGRAEX RAEX working groups
roaming hub Roaming hub contacts
-
8/10/2019 NSA AURORAGOLD
17/63
Email Address Selectors(S//SI//REL)
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
18/63
Notable Successes
(TS//SI//REL) Characterization of IR.21 collection from 67high-priority networks (DSD)
(TS//SI//REL) Most recent IR.21s from Egypt (S2E) (S//SI//REL) Assessment of IR.21 collection related to a
(U)
TOP SECRET//SI//REL TO FVEY
possible new Chinese network (S2B) (S//REL) Sole source of IR.21 collection, ingest, and
processing for RONIN; >200% improvement (NAC) (S//SI//REL) Working toward enterprise sharing of
licensed, commercial data Today: WiMAX data with JUBILEECORONA (S3516)
(TS//SI//REL) Reporting on GSMA standards and practicesTOP SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
19/63
Future Plans
(S//SI//REL) RAEX IR.21 collection and ingestproviding more query possibilities including:
LTE information
Technolo ies E ui ment
(U)
SECRET//SI//REL TO FVEY
Frequencies (S//SI//REL) AURORAGOLD user interface enabling
SIGINT production chain access for querying and
trending (S//SI//REL) NKB partnership
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
20/63
Discussion
(S//SI//REL) What are your ideas, suggestions,and analytic needs with respect to:
roaming and network information discovery and
(U)
SECRET//SI//REL TO FVEY
GSMAs standards setting activities?
(S//SI//REL) What are we missing? Are there
data elements we should seek out to helpmeet your needs?
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
21/63
Work with us!
(U//FOUO) To contact the AURORAGOLD teamwith an RFI, please use GLOBAL TIPPER
(U)
UNCLA SSIFIED//FOR OFFICIAL USE ONLY
(U//FOUO) WikiInfo: wi AURORAGOLD (U//FOUO) Email:
UNCLA SSIFIED//FOR OFFICIAL USE ONLY
-
8/10/2019 NSA AURORAGOLD
22/63
UNCLA SSIFIED//FOR OFFICIAL USE ONLY
(U) BACKUP SLIDES(U//FOUO) AURORAGOLD
UNCLA SSIFIED//FOR OFFICIAL USE ONLY
-
8/10/2019 NSA AURORAGOLD
23/63
AG/GSMA Reporting
Serial Topic
3/OO/506998-11 (S//SI//REL) Libyan MNO information
3/OO/556211-11 (S//SI//REL) Launch of RAEX; ROAMSYS and GSMA
3/OO/515656-12 (S//SI//REL) GSMA standards releases/changes for 2012
(S//SI//REL)
SECRET//SI//REL TO FVEY
.2/OO/502330-12 (S//SI//REL) GSMA database of Type Allocation Codes (TACs)
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
24/63
GSMA Working Groups(S//SI//REL)
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
(U) Known as of 10 May 2012
-
8/10/2019 NSA AURORAGOLD
25/63
IR.21 Data Extraction(S//SI//REL)
(U) Content
Field AG R
MCC/MNC x x
Operator name x x
(U) Metadata/SRI
Field AG R
SIGAD x x
Case notation x x
TOP SECRET//SI//REL TO FVEY
pera or coun ry x xEmail addresses x
Access point information x
Autonomous system number x
DNS names & IPs x
Inter PLMN backbone IPs xGPRS Roaming Exchange (GRX) x
x xPINWALE Date Time Group x x
PINWALE category & keywords x
Email From & date x
Source & destination IP x
Filename xPDDG x
TOP SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
26/63
Metrics: Network Discovery(S//SI//REL)
SECRET//SI//REL TO FVEY
600
700
800
(S//SI//REL) GSM/UMTS/LTE Networks Discovered in SIGINT
SECRET//SI//REL TO FVEY
0
100
200
300
400
500
New Networks
Confirmed Networks
-
8/10/2019 NSA AURORAGOLD
27/63
Metrics: Network Discovery(S//SI//REL)
SECRET//SI//REL TO FVEY
(S//SI//REL) 701 confirmed 985 estimated
(S//SI//REL) GSM/UMTS/LTE NetworkCoverage
SECRET//SI//REL TO FVEY
(as of 15 May 2012)
-
8/10/2019 NSA AURORAGOLD
28/63
-
8/10/2019 NSA AURORAGOLD
29/63
Metrics: Tasking(S//SI//REL)
1000
1200
1400
1600
(S//SI//REL) Strong Selector Targeting
SECRET//SI//REL TO FVEY
2011-11 2011-12 2012-01 2012-02 2012-03 2012-04
Net change in tasking 363 1 782 206 2 -143
Total tasked 363 364 1146 1352 1354 1211
Extracted from IR.21s 564 1040 527 517 785 711
-400
-200
0
200
400
600
800
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
30/63
RAEX Adoption in SIGINT(S//SI//REL)
TOP SECRET//SI//REL TO FVEY
(S//SI//REL) What we've seen so far... (TS//SI//REL) What we expect...
(S//SI//REL) 36/699 networks(Apr 2012; AURORAGOLD)
TOP SECRET//SI//REL TO FVEY
5% 21%
(TS//SI//REL) 202/985 networks(19 Apr 2012; 3/OO/515656-12)
-
8/10/2019 NSA AURORAGOLD
31/63
TOP SECRET//COMINT//REL TO USA, FVEY
(S//REL TO USA, FVEY ) IR.21 A Technology
TOP SECRET//COMINT//REL TO USA, FVEY
SDC2010
SSG4/T3C Technical Director
Derived From: NSA/CSSM 1-52Dated: 20070108
Declassify On: 20341201
-
8/10/2019 NSA AURORAGOLD
32/63
TOP SECRET//COMINT//REL TO USA, FVEY
Classification
This briefing is classified:
TOP SECRET//COMINT//REL TO USA, FVEY
,
-
8/10/2019 NSA AURORAGOLD
33/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U//FOUO) Todays Agenda
. (U) Emerging Operating Model for Trends and Forecasting
. (U) Wireless Evolution Paths
. (S//REL TO USA, FVEY) Analytic Framework
TOP SECRET//COMINT//REL TO USA, FVEY
. (S//REL TO USA, FVEY) Meet AURORAGOLD
. (U) An Invitation to Join Your Use CasesIncludes Home Work Assignments
-
8/10/2019 NSA AURORAGOLD
34/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U//FOUO) Effective Forecasting:Geopolitical Regions and Targets
Regions &Targets
TechnologyTrends
Discovery
What geographies are of national interest to ourcustomers?What organizations and individuals must wetarget to answer our customers questions?How does those targets communicate?
How is technology evolving?How are technology andtelecoms evolving in regions of interest?How do we expect targets touse emerging technologies?What is the SIGINT threat of
How should discovery informwhat targets/geographies wefocus on next?How do we discover targetadoption of a technology?
Discovery
alsocritical
TOP SECRET//COMINT//REL TO USA, FVEY
Vulnerabilities
Capabilities
Delivery
these emerging technologies?
What vulnerabilities are critical tocurrent success (i.e. where are ourrisk areas)?How do we discover vulnerabilities?How do we introduce vulnerabilitieswhere they do not yet exist?
What capabilities do we need to develop to take advantage of technologyvulnerabilities?What techniques to do we deploy to take advantage of those vulnerabilities (e.g.CNE, supply chain, mid-point, etc.)What role does enabling, cooperative access, HUMINT, 2nd parties, etc. play inbuilding those capabilities?
What products/services do weproduce for which customers?What is workforce makeupand how are they distributed?What role do partners play?
SIGINT PLANNING
CYCLE
-
8/10/2019 NSA AURORAGOLD
35/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Two Types of Investigations
. (S//REL TO USA, FVEY) Horizon ScanningObjective: Initial identification and assessmentAll source researchAnswer the question: Does this technology appear to be a large risk to the SIGINT system? Why or why not?
TOP SECRET//COMINT//REL TO USA, FVEY
. (S//REL TO USA, FVEY) Deep DiveObjective: Cause a funding decision(s)All source research; emphasis on geographic uptake trends; targetuptake plans or vignettes.Answer the question: Are SIGINT targets taking up this technology?How fast?Implicitly contrast the above with the cost and time needed toremediate any SIGINT system shortfalls.
-
8/10/2019 NSA AURORAGOLD
36/63
-
8/10/2019 NSA AURORAGOLD
37/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Roaming Agreements
.(U)
Allow a mobile subscriber to use resources on a visitednetwork Each carriers IR.21 is a technical document that:
Describes the operator itself in various waysLocation, business codes, etc.
Describes access to the IP network of the operator
TOP SECRET//COMINT//REL TO USA, FVEY
, , , .Describes:
Radio Access Network: technology(ies) type(s)Frequency(ies)Telephony routing information (MSISDN ranges; E.212)SCCP gateways (Point codes)Mobile Application Part protocol in use
Hardware, software versions of certain network elements
. (S//REL TO USA, FVEY) Hypothesis: We can identify and track a carrierstechnical evolution with IR.21 and other data.
-
8/10/2019 NSA AURORAGOLD
38/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) 3G Wireless StandardsEvolution Overview
IS-856 Rev B(MC, 64QAM)
IS-1006-A(EBCMCS)
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
IS-1006(BCMCS)
3GPP2
IS-856 Rev 0(1xEV-DO)
IS-856 Rev A(Optimized UL& VoIP)
Opt.VoIP
UMBRev. 0 (FDD)Rev. A (TDD)
IS-2000(CDMA2000 1x)
Mobility
OFDM
OFDM
IS-856 Rev C(MIMO/SDMA,DO Enhancements )1x-adv (IS-2000)
2010
eHRPDEPC
Primarily FDD w/TDD o tions
2011
TOP SECRET//COMINT//REL TO USA, FVEY
Note: Dates shown are standards completion dates (or expected completion dates.) Initial VoIP not as spectrally efficient as Optimized VoIP. Mobility indicates when each particular standard supports mobility inter-operability between the terminal and BTS.
IEEE/WiMAX Forum
Rel-5(HSDPA)
Rel-6(E-DCH,MBMS)
R-99(UMTS)
Rel-7(EnhancedHSDPA)
802.16e
Wave1&2
802.16
(WiMAX)802.16a 802.16d 16e Rev. 2
Rel 1.5
Rel-8(LTEDC HSPA)
3GPP
Mobility
Mobility
Init.VoIP
Opt.VoIP
Init.VoIP
Opt.VoIP
OFDM
802.16m
Rel 2.0
Rel-9(more LTEfeatures)
OFDM
Primarily TDDw/ FDD options
Rel-10(LTE-adv
-
8/10/2019 NSA AURORAGOLD
39/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) And What About 4G?. (U) IMT-adv is an ITU led effort to set requirements for next gen. mobilenetworks
Just as ITUs IMT-2000 defined 3G, ITUs IMT-adv will define 4G
TOP SECRET//COMINT//REL TO USA, FVEY
-
8/10/2019 NSA AURORAGOLD
40/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Framework for Analysis
. (U) 3GPP: Defines technology migration paths.Releases A Clear Technology Roadmap3G begins with Release 99Other releases: 04, 05, 06, 07, 08, 09, . 10, 11 (future)
See: www.3gpp.org/ftp/Information/WORK_PLAN/Description_Releases/
Releases cover:Access: GSM, EDGE, HSPA, LTE, LTE-Advanced, etc.
TOP SECRET//COMINT//REL TO USA, FVEY
Core: GSM Core, Enhanced Packet CoreServices: MS, etc.
. (U) GSMA: Defines carrier information exchange requiredto enable roaming
Changes to IR.21 format warn of imminent technology roll-outAn IR.21 is a GSMA-mandated document. IR.21 are exchanged between Wirelessoperators with roaming agreements, to the GSMA, and to certain clearing houseoperations.
-
8/10/2019 NSA AURORAGOLD
41/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Analytic Process
. (S//REL TO USA, FVEY) Data analysis process is to match information inIR.21, or elsewhere, against Releases in the TechnologyRoadmap
Example: CAMEL Phase 4 (aka CAMEL4) as proxy for Release 5 deployment
. (S//REL TO USA, FVEY) Analytic goals:Establish a date-time for a release de lo ment
TOP SECRET//COMINT//REL TO USA, FVEY
Track releases at the per network levelDisplay status at the national, regional, hemispheric or global scaleMeasure speed of adoption at each scaleIdentify early and late adopter tendencies by network
. (S//REL TO USA, FVEY) Deliverables:Adoption trends over timeForecasts derived from trends and framework changesFormal reporting of data and conclusions as a dataset
-
8/10/2019 NSA AURORAGOLD
42/63
TOP SECRET//COMINT//REL TO USA, FVEY
(TS//SI//REL TO USA, FVEY) Data Flowand Process Overview
WCIS(UnclassifiedData Source)
Raw Data Sets
Unclassified
AURORAGOLD Repository
ITU OpsBulletin
(UnclassifiedData Source)
VISUALIZATIO
1
4
4a
4g
Querying
FileOutput
AnalyzedData Sets Unclassified
5
Analysis ByException;
Some AnalyticDecisions
ENTITYNORMALIZATION
Exception DecisionInformation
4c
4d
4e
AllUsers
TOP SECRET//COMINT//REL TO USA, FVEY
IR.21(Classified
DataSource)
AUTO-MINIMIZATION
SCORPIOFORE;SIGINT Reporting
2
3
7Numbers in red are for reference only
Raw DataSets
Classified
AnalyzedData Sets Classified
4b
4h
Analysis ByException;
Some AnalyticDecisions
Exception DecisionInformation
ENTITYNORMALIZATION
4f All
AppropriatelyCleared Users
SIGINTProduction
Chain
9
8
21 May 2010
Supplementary Outputs:1. Strong Selector and Tasking Management2. Some selectors back to AGR inputs for tasking3. Information outputs to other systems (i.e. RONIN)4. Other??
10
Other (UnclassifiedData Source)
Other
(ClassifiedData
Source)
-
8/10/2019 NSA AURORAGOLD
43/63
TOP SECRET//COMINT//REL TO USA, FVEY
(TS//SI//REL TO USA, FVEY) What Is Done Today
WCIS(UnclassifiedData Source)
Raw Data Sets
Unclassified
AURORAGOLD Repository
ITU OpsBulletin
(UnclassifiedData Source)
VISUALIZATIO
1
4
4a
4g
Querying
FileOutput
AnalyzedData Sets Unclassified
5
Analysis ByException;
Some AnalyticDecisions
ENTITYNORMALIZATION
Exception DecisionInformation
4c
4d
4e
AllUsers
TOP SECRET//COMINT//REL TO USA, FVEY
IR.21(Classified
DataSource)
AUTO-MINIMIZATION
SCORPIOFORE;SIGINT Reporting
2
3
7Numbers in red are for reference only
Raw DataSets
Classified
AnalyzedData Sets Classified
4b
4h
Analysis ByException;
Some AnalyticDecisions
Exception DecisionInformation
ENTITYNORMALIZATION
4f All
AppropriatelyCleared Users
SIGINTProduction
Chain
9
8
21 May 2010
Supplementary Outputs:1. Strong Selector and Tasking Management2. Some selectors back to AGR inputs for tasking3. Information outputs to other systems (i.e. RONIN)4. Other??
10
Other (UnclassifiedData Source)
Other
(ClassifiedData
Source)
-
8/10/2019 NSA AURORAGOLD
44/63
TOP SECRET//COMINT//REL TO USA, FVEY
(S//REL TO USA, FVEY) InformationDelivery Vehicles At NSA
.(S//SI//REL TO USA, FVEY)
Mobile IP Information:
. (S//SI//REL TO USA, FVEY) Telephony and Provider information:TAPERLAY
TOP SECRET//COMINT//REL TO USA, FVEY
. (S//REL TO USA, FVEY) Worldwide Wireless Market information: T3Cpackaged for WPMO consumption
Drives its portfolio investment planning processAffects ~80% of the portfolio (2009), per customer.
. (U) Various and sundry others
-
8/10/2019 NSA AURORAGOLD
45/63
-
8/10/2019 NSA AURORAGOLD
46/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Information Now What?
. (S//REL TO USA, FVEY) Make the data useableAvailable in or out of the SIGINT production chainAttach flows to value-adding chains and processesDeliver as a data-set
Recognize other data sets exist and also are part of analytic processes
TOP SECRET//COMINT//REL TO USA, FVEY
(federation anybody?)
. (S//REL TO USA, FVEY) Make the data traceableIncludes auto-sourcing of data origin
Time-stamping
. (S//REL TO USA, FVEY) T3C will do technology trending and warning
. (U) Would your analytic processes benefit from this data set?
-
8/10/2019 NSA AURORAGOLD
47/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) Your Invitation to Join
. (U) We are few; we welcome partnership.Can you help?Do you have a better way?Lets pull together!!
TOP SECRET//COMINT//REL TO USA, FVEY
. (TS//SI//REL TO USA, FVEY) We are preparing to measure the breadthof our access to IR.21 documents
Goals:Do we cover all 3GPP networks?Tweak accessTweak selectors
Indexer will provide PWID for all identified IR.21, after dedupe.
-
8/10/2019 NSA AURORAGOLD
48/63
TOP SECRET//COMINT//REL TO USA, FVEY
(U) What Are Your Use Cases?
. (S//REL TO USA, FVEY) This is your segmentto make thenotetakers job simpler please categorize your use case;describe impact:
TOP SECRET//COMINT//REL TO USA, FVEY
A) IP Network B) Call Control Switched VoiceC) Hardware model and software version information
Group Discussion.
-
8/10/2019 NSA AURORAGOLD
49/63
S//SI//REL TO USA FVEY
-
8/10/2019 NSA AURORAGOLD
50/63
S//SI//REL TO USA, FVEY
(U//FOUO)
AURORAGOLD
S//SI//REL TO USA, FVEY
Target Technology Trends Center/T3Csupport to WPMO
Overall briefing classification: S//SI//REL TO USA, FVEY
S//SI//REL TO USA FVEY
-
8/10/2019 NSA AURORAGOLD
51/63
S//SI//REL TO USA, FVEY
(C//REL TO USA, FVEY)
Two synergistic efforts:Trending and forecasting of global wireless and cellular networks
A U R O R A G O L D
Data gathering and analytics on GSM/UMTS networks
S//SI//REL TO USA, FVEY
A u t o - M i n i m i z a t i o n
Automated minimization capability to ensure compliance with NSAreporting policy
-
8/10/2019 NSA AURORAGOLD
52/63
WCIS(UnclassifiedData Source) Raw Data
Sets Unclassified
AURORAGOLD Repository
ITU OpsBulletin
(UnclassifiedData Source)
VISUALIZATION
1
4a 4g
Querying
FileOutputs
AURORAGOLD DATA FLOW & PROCESS OVERVIEW(U//FOUO)
AnalyzedData Sets Unclassified
5
Analysis ByException;
Some AnalyticDecisions
ENTITYNORMALIZATION
Exception DecisionInformation
4c
4d
4e
All Users
4
IR.21(Classified
DataSource)
AUTO-MINIMIZATION
SCORPIOFORE;SIGINT
Reporting
S//SI//REL TO USA, FVEY
2
3
7
Raw DataSets
Classified
AnalyzedData Sets Classified
4b 4hAnalysis ByException;
Some AnalyticDecisions
Exception DecisionInformation
ENTITYNORMALIZATION
4f All
AppropriatelyCleared Users
SIGINTProduction
Chain
9
8
Supplementary Outputs:1. Strong Selector and Tasking Management2. Some selectors back to AGR inputs for tasking3. Information outputs to other systems (i.e. RONIN)4. Other??
10
-
8/10/2019 NSA AURORAGOLD
53/63
WCIS(UnclassifiedData Source) Raw Data
Sets Unclassified
AURORAGOLD Repository
ITU OpsBulletin
(UnclassifiedData Source)
VISUALIZATION
1
4
4a 4g
Querying
FileOutputs
AnalyzedData Sets Unclassified
5
Analysis ByException;
Some AnalyticDecisions
ENTITYNORMALIZATION
Exception DecisionInformation
4c
4d
4e
All Users
AURORAGOLD DATA FLOW & PROCESS OVERVIEW:PHASES 0 AND 1
(U//FOUO)
IR.21(Classified
DataSource)
AUTO-MINIMIZATION
SCORPIOFORE;SIGINT
Reporting2
3
7
Raw DataSets
Classified
AnalyzedData Sets Classified
4b 4hAnalysis ByException;
Some AnalyticDecisions
Exception DecisionInformation
ENTITYNORMALIZATION
4f All
AppropriatelyCleared Users
SIGINTProduction
Chain
9
8
Supplementary Outputs:1. Strong Selector and Tasking Management2. Some selectors back to AGR inputs for tasking3. Information outputs to other systems (i.e. RONIN)4. Other??
10S//SI//REL TO USA, FVEY
-
8/10/2019 NSA AURORAGOLD
54/63
WCIS(UnclassifiedData Source) Raw Data
Sets Unclassified
AURORAGOLD Repository
ITU OpsBulletin
(UnclassifiedData Source)
VISUALIZATION
1
4a 4g
Querying
FileOutputs
AnalyzedData Sets Unclassified
5
Analysis ByException;
Some AnalyticDecisions
ENTITYNORMALIZATION
Exception DecisionInformation
4c
4d
4e
All Users
4
AURORAGOLD DATA FLOW & PROCESS OVERVIEW(U//FOUO)
IR.21(Classified
DataSource)
AUTO-MINIMIZATION
SCORPIOFORE;SIGINT
Reporting2
3
7
Raw DataSets
Classified
AnalyzedData Sets Classified
4b 4hAnalysis ByException;
Some AnalyticDecisions
Exception DecisionInformation
ENTITYNORMALIZATION
4f All
AppropriatelyCleared Users
SIGINTProduction
Chain
9
8
Supplementary Outputs:1. Strong Selector and Tasking Management2. Some selectors back to AGR inputs for tasking3. Information outputs to other systems (i.e. RONIN)4. Other??
10S//SI//REL TO USA, FVEY
S//SI//REL TO USA, FVEY
-
8/10/2019 NSA AURORAGOLD
55/63
,
A U R O R A G O L D
NOW: FUTURE:
GSM technology family fromunclassified data Parsing IR.21 documents from SIGINT
Additional fields Additional sources Entity normalization
S//SI//REL TO USA, FVEY
Basic auto-sourcing
Advanced auto-sourcing A u t o - M i n i m i z at i o n SCORPIOFORE reporting Visualizations enabling time-seriesanalyses
RISKS : Data sources and ingest Expanding capability to other wireless technologies
(C//SI//REL TO USA, FVEY)
-
8/10/2019 NSA AURORAGOLD
56/63
(TS//SI//REL) Site Makes First-Ever Collect of High-Interest 4G Cellular Signal
FROM: XXXXXX and XXXXXXXRAINFALL (F78)Run Date: 02/23/2010
(TS//SI//REL) A collaborative effort between on-site collectors, engineers, and off-sitecontractors in mid-January 2010 allowed RAINFALL to make what is believed to be the firstcollection, by any known asset, of Time Division-Long Term Evolution (TD-LTE) 4G
(fourth generation) cellular communications. Exploitation of this signal, an all-InternetProtocol successor to 2G and 3G cellular systems, is a very high priority for NSA and theIntelligence Community. The TD-LTE signal will enter the market in 2010 and becomeglobally important by 2012.
(U) For full details, click HERE.
(U//FOUO) Note: A valid PKI certificate with TK clearance is required to access the abovearticle.
DYNAMIC PAGE -- HIGHESTPOSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // RELTO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007DECLASSIFY ON 20320108
-
8/10/2019 NSA AURORAGOLD
57/63
SECRET//SI//REL TO FVEY
WORKING A ID (UPDATED 17 M AY 2012)
(U//FOUO) AURORAGOLD is a !a" #$ SSG% a&a' s s *!+!'#,!-s a&* .i-!'!ss SMEs
.#- i& #& (S//SI//REL) Da a as! #$ M# i'! N! .#- O,!-a #-s (MNOs) &! .#- s a&*
PWIDs 3#''!3 !* $-#" GSM/UMTS/LTE -#a"i& *#34"!& s (IR521s)
(S//SI//REL) Ta- ! *!+!'#,"!& !$$#- a ai&s MNOs -#a"i& 64 s a&* GSMAss#3ia i#& (GSMA) .#- i& -#4,s a&*
(U) F4si#& #$ #,!& s#4-3! 'i3!&s!* 3#""!-3ia' *a a .i 6 SIGINT # a&s.!-.i-!'!ss &!!*s5
(S//SI//REL) Sample SIGINT (IR.21) Queries (S//SI//REL) W6a IR521s 6a+! .! s!!& $#- &! .#- s .i 6i& a 3#4& - #- s! #$
3#4& -i!s
(S//SI//REL) W6a IR521s 6a+! .! s!!& $#- &! .#- s "a&a !* a "# i'!&! .#- #,!-a #-
-
8/10/2019 NSA AURORAGOLD
58/63
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
59/63
(S//SI//REL) Some IR.21 #ields Use$ul "o SIGINT(U) IR.21 #ield (U) %&a" is i"' (U) o is i" used'*o+ile oun"r,
ode (* )/*o+ile Ne" or-
ode (*N )
(U) A *!3i"a' *i i 3#*! .6i36 4&i84!' i*!& i$i!s a"# i'! &! .#- 5 T6! MCC .6i36 i*!& i$i!s 6!3#4& - is 4s!* as 6! $i-s 6-!! *i i s #$ a& 4s!->sIMSI $#''#.!* 6! .# *i i MNC .6i36 i*!& i$i!s
6! &! .#- .i 6i& 6a 3#4& - 5
(U) P-#+i*! 4&i84! i*!& i$i3a i#& #$ &! .#- s #i*!& i$ &! .#- #4&*a-i!s i& !-$a3!s ,-# #3#'ss#$ .a-! 6a-*.a-! ! 35
*o+ileSu+scri+erIn"e ra"edSer ices !i i"alNe" or- Num+er(*SIS!N)
(U) A &4" !- 4&i84!' i*!& i$ i& a s4 s3-i, i#& i& aGSM #- a UMTS "# i'! &! .#- ( 6! !'!,6#&!&4" !- # 6! SIM 3a-* i& a "# i'!/3!''4'a- ,6#&!)5
(U) A''#. i*!& i$i3a i#& #$ -!a' ,6#&! &4" !- *ia'!*
T0!IG codes (U) A &4" !- a''#3a !* 6! GSMA $#- 4s! as,-i"a- i*!& i$i!-s # 6 .i 6i& $i'! 3#& !& s a&* $i'!&a"!s5 A's# 4s!* as a "#-! !&!-i3 !& i i*!& i$i!-i& 6! "# i'! i&*4s -
(U) I*!& i$ 6! &! .#- $#- i''i& ,4-,#s!s a&*6!', i*!& i$ a- ! s
Si nalinonnec"ionon"rol ar"
(S )
(U) A &! .#- 'a !- ,-# #3#' 6a ,-#+i*!s !9 !&*!*-#4 i& $'#. 3#& -#' s! "!& a i#& 3#&&!3 i#&:#-i!& a i#& a&* !--#- 3#--!3 i#& $a3i'i i!s i&Si &a'i& S s !" 7 !'!3#""4&i3a i#&s &! .#- s
(U) P-#+i*!s -#4 i& i&$#-"a i#& .i 6i& 6! P4 'i3La&* M# i'! N! .#- a&* ,-#+i*!s a33!ss #a,,'i3a i#&s s436 as =00:3a'' ,-#3!ssi& a&*3a''i& 3a-* ,-#3!ssi& # i*!& i$ a- ! s a&*# 6!- i&$#-"a i#&
Su+scri+erIden"i",0u"&en"ica"ion
(U) T6is $i!'* i&*i3a !s .6! 6!- #- a4 6!& i3a i#&is ,!-$#-"!* $#- -#a"i& s4 s3-i !-s a 6! s a- #$GSM s!-+i3! a&* 6! ,! #$ A< 3i,6!- a' #-i 6"+!-si#& i& 4s!5
(S//SI//REL) I .#4'* a's# s6#. 6! !"!- !&3! #$&!. 3i,6!- a' #-i 6"s a&* s4,,#- a- ! a&a' sis
-!&*i& a&* 6! *!+!'#,"!& #$ !9,'#i s5
*o+ile
0pplica"ion ar"(*0 )
(U) A SS7 ,-# #3#' .6i36 ,-#+i*!s a& a,,'i3a i#&
'a !- $#- 6! +a-i#4s *!s i& GSM a&* UMTS "# i'!3#-! &! .#- s a&* GPRS 3#-! &! .#- s #3#""4&i3a ! .i 6 !a36 # 6!- i& #-*!- # ,-#+i*!s!-+i3!s # "# i'! ,6#&! 4s!-s5 T6! M# i'!A,,'i3a i#& Pa- is 6! a,,'i3a i#&:'a !- ,-# #3#'4s!* # a33!ss 6! ;#"! L#3a i#& R! is !- Visi #-L#3a i#& R! is !- M# i'! S.i 36i& C!& !-E84i,"!& I*!& i R! is !- A4 6!& i3a i#& C!& -!S6#- "!ssa ! s!-+i3! 3!& !- a&* S!-+i& GPRSS4,,#- N#*! (SGSN)5
(S//SI//REL) P-#+i*!s a 3'!a-!- 4&*!-s a&*i& #$
&! .#- $!a 4-!s .6!& -#a"i& a -!!"!&i&$#-"a i#& is ,4 'is6!*5 C4--!& i&$#-"a i#& a #4s4 s3-i !-s "# i'i "a&a !"!& a&*a,,'i3a i#&s 3a& ! 4s!* $#- a- ! i& a&* a- !*!+!'#,"!& 5
Ne" or-Elemen"
(U) S,!3i$i3 &! .#- 3#",#&!& s 6!i-"a&4$a3 4-!- s#$ .a-! ? 6a-*.a-! +!-si#&s ! 35
(S//SI//REL) T6is s,!3i$i3 i&$#-"a i#& is &!3!ssa-$#- a- ! i& a&* !9,'#i a i#&5 I&3'4*!s 3#-! a&*
SECRET//SI//REL TO FVEY
SECRET//SI//REL TO FVEY
In$orma"ion a*i# i& ! $a3! i&$# "a i#&5
-
8/10/2019 NSA AURORAGOLD
60/63
In$orma"ion -a*i# i& !-$a3! i&$#-"a i#&5ac-e" !a"a
Ser icesIn$orma"ion
(U) Pa3 ! Da a S!-+i3!s i*!& i$i!s 6! a$$!3 !* GPRS&! .#- s5 A& A33!ss P#i& Na"! is a's# i&3'4*!* i&
6is i&$#-"a i#&5 APNs 3a& i*!& i$ 6! ,! #$s!-+i3! ,-#+i*!* GPRS &! .#- s ,-#+i*!* #"# i'! 4s!-s5 APNs a's# 6!', i*!& i$ 6! &! .#-a&* #,!-a #-@s ,a3 ! &! .#- i&+#'+!* i& 6! IR521a&* 3#4'* ! 4s!* $#- a- ! i& 5
(S//SI//REL) T6is *a a !'!"!& a's# ,-#+i*!si&$#-"a i#& #& 6! WAP a !.a !i& a33!ss a&*"4' i"!*ia "!ssa i& s!-+i3!s a !.a IPa**-!ss!s .6i36 is 4s!$4' $#- a- ! *!+!'#,"!& 5I&si 6 i& # 6! GPRS T4&&!'i& P-# #3#' +!-si#&s
!i& 4s!* .i 6i& 6! &! .#- s is ,-#+i*!* as .!''5GPRS EDGE a&* ;SPA !36'# i!s a-! 3#+!-!*5
SECRET//SI//REL TO FVEY
-
8/10/2019 NSA AURORAGOLD
61/63
-
8/10/2019 NSA AURORAGOLD
62/63
Network Tradecraft Advancement Team (NTAT) 3G
https://wiki.gchq/index.php/File:NTAT.jpg -
8/10/2019 NSA AURORAGOLD
63/63
2nd SCAMP at CSEC process
Worked with CSEC H3 developers to implement IRASCIABLE RABBIT intoOLYMPIADeveloped 41 use casesDeveloped 10 new working aidsIdentified 3 new QFDsResearch conducted on GRX operators over VPN (QFD: IRASCIABLEHARE)Progressed IR21 sharing and analysisExplored other GSMA Association for network intelligence
Progressed signalling over IP analysis (QFD: BOLSHIE POSSUM)MNO EEI target template in developmentIdentified training scenarioConducted real-world training scenarioTied together target analysis to network analysis processUse cases and working aids follow a layered templateResearch conducted on clearing house operators identified keydocumentation and selectors
Explored the usefulness of IR21 processing decided against thisIntegrated TOYGRIPPE analysis into OLYMPIAStreamlined identification of VPNs of interest for crypt analysis
http://
https://wiki.gchq/index.php/File:NTAT.jpg
top related