Upload
others
View
67
Download
0
Embed Size (px)
Citation preview
TOP SECRET STRAP1
Contents
• What is CNE?
• Why do CNE?
• CNE Teams
• Partners
• Challenges
• Contacts
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
Contents
• What is CNE?
• Why do CNE?
• CNE Teams
• Partners
• Challenges
• Contacts
TOP SECRET STRAP1
“ Computer & Network Exploitation delivers to GCHQ data ofintelligence value by remote access to computers, computernetworks and telecom networks without the knowledge orconsent of their owners and users, within the appropriate legalframework“
What is CNE?
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
TOP SECRET STRAP1
Legally accessing computers/networks remotely without theowners permission to:
- Produce Intelligence- Do Effects- Support others: PTD, CND, Partners
OR….
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ o
© Crown Copyright. All rights reserved.
Legally accessing computers/networks remotely without theowners permission to:
- Produce Intelligence- Do Effects- Support others: PTD, CND, Partners
TOP SECRET STRAP1
Why do CNE?
Passive Sigint won’t always work• Can overcome crypt or collection difficulties
• Access to data at rest
To enable conventional Sigint
• Used as an enabler of crypt
• Redirect traffic
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
Passive Sigint won’t always work• Can overcome crypt or collection difficulties
• Access to data at rest
To enable conventional Sigint
• Used as an enabler of crypt
• Redirect traffic
TOP SECRET STRAP1
CNE teams
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
TOP SECRET STRAP1
CNE must comply with current legislation:
• Computer Misuse Act (CMA) 1990 states thatunauthorised access or modification is illegal when:
- person in UK and computer in UK
- person overseas and computer in UK
- person in UK and computer overseas
Legalities & Policy
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
CNE must comply with current legislation:
• Computer Misuse Act (CMA) 1990 states thatunauthorised access or modification is illegal when:
- person in UK and computer in UK
- person overseas and computer in UK
- person in UK and computer overseas
TOP SECRET STRAP1
Exemption is obtained from the CMA using IntelligenceServices Act (ISA) warrants:• Section 5: UK targets (requires at least Foreign Secretarysignature)
• Section 7: overseas targets (can be signed by DO unlesssensitive)
European Human Rights Act
Legal & Policy
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on k
© Crown Copyright. All rights reserved.
Exemption is obtained from the CMA using IntelligenceServices Act (ISA) warrants:• Section 5: UK targets (requires at least Foreign Secretarysignature)
• Section 7: overseas targets (can be signed by DO unlesssensitive)
European Human Rights Act
TOP SECRET STRAP1
Covert Infrastructure, Access & Dataflow
All CNE activity must be UK deniable• Intermediary machines/Covert Infrastructure used to:
- gain access to targets via the internet
- bring data back into corporate repositories
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
TOP SECRET STRAP1
Infrastructure
Implementation/maintenance CNE core infrastructure- CNE Desktop
- Network
- Servers
- Storage
- Sys Admin
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
Implementation/maintenance CNE core infrastructure- CNE Desktop
- Network
- Servers
- Storage
- Sys Admin
TOP SECRET STRAP1
CNE Operations
• Network End Points
• Counter Terrorism
• Single End Points
• Data Harvesting
• Effects
• CNE Scarborough
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
• Network End Points
• Counter Terrorism
• Single End Points
• Data Harvesting
• Effects
• CNE Scarborough
TOP SECRET STRAP1
Types of Operation
Masquerades- Use credentials obtained from CNE or passive
collection to gain access to email, chat rooms etc
Content Delivery- Individually crafted email attacks that dupe target
into visiting an exploitation web server
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
Masquerades- Use credentials obtained from CNE or passive
collection to gain access to email, chat rooms etc
Content Delivery- Individually crafted email attacks that dupe target
into visiting an exploitation web server
TOP SECRET STRAP1
Types of Operation
Router Ops- Targeting network infrastructure via gaining access
to Admin machines
Remote Access- Use security weaknesses to survey and gain access
to computers/devices using public/private tools
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ o
© Crown Copyright. All rights reserved.
Router Ops- Targeting network infrastructure via gaining access
to Admin machines
Remote Access- Use security weaknesses to survey and gain access
to computers/devices using public/private tools
TOP SECRET STRAP1
Effects
Making something happen a target’s computer.- Degrading comms to slow network.
- Bringing down target’s web browser.- Changing users’ passwords on extremist website.
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
TOP SECRET STRAP1
EREPO
• EREPO is the covername for router operations
• Provides access to in country collection through exploitationof routers
• Target data more accessible to SIGINT collection
• Provides crypt material, event tip-offs, target metadata
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ o
© Crown Copyright. All rights reserved.
• EREPO is the covername for router operations
• Provides access to in country collection through exploitationof routers
• Target data more accessible to SIGINT collection
• Provides crypt material, event tip-offs, target metadata
TOP SECRET STRAP1
Capability - Implants
Develops techniques and technical assets, mainlysoftware, for use in CNE Operations.
• Teams:
- Microsoft
- UNIX
- Hardware
- Mobiles
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
Develops techniques and technical assets, mainlysoftware, for use in CNE Operations.
• Teams:
- Microsoft
- UNIX
- Hardware
- Mobiles
TOP SECRET STRAP1
• Vulnerabilities Research and Exploit developmentFind the holes/weaknesses
Use them to gain execution
• Future TechniquesQUANTUM
MUGSHOT
Capability - Research
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
• Vulnerabilities Research and Exploit developmentFind the holes/weaknesses
Use them to gain execution
• Future TechniquesQUANTUM
MUGSHOT
TOP SECRET STRAP1
Capability - Prototyping
• Analyst and Operator Tools
• Automation
• STARGATE
• HIGHNOTE
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
• Analyst and Operator Tools
• Automation
• STARGATE
• HIGHNOTE
TOP SECRET STRAP1
Joint working
• 2nd Parties, SIS and Security Service- all do CNE but have different targets and toolsets
• Close working with OPD-GNE, OPC-TDSD, OPD-JSand other teams within Active Approaches
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
• 2nd Parties, SIS and Security Service- all do CNE but have different targets and toolsets
• Close working with OPD-GNE, OPC-TDSD, OPD-JSand other teams within Active Approaches
TOP SECRET STRAP1
Deconfliction
Deconfliction carried out with Second Parties:
– Implants may interfere with each other
– More activity increases risk of being found
Deconfliction by IP addresses, not target.
‘Primacy’ agreed and tasking shared.
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ o
© Crown Copyright. All rights reserved.
Deconfliction carried out with Second Parties:
– Implants may interfere with each other
– More activity increases risk of being found
Deconfliction by IP addresses, not target.
‘Primacy’ agreed and tasking shared.
TOP SECRET STRAP1
CNE support PTD
Includes:
- Password Cracking
- VPN Exploitation
- CV/Key Extraction
- WHARFRAT
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ o
© Crown Copyright. All rights reserved.
Includes:
- Password Cracking
- VPN Exploitation
- CV/Key Extraction
- WHARFRAT
TOP SECRET STRAP1
• Avoiding detection by target or another agency
• Remaining within the law while increasing pace
• Staying ahead of the game
• Diversifying toolkit
• Meeting increasing customer demands
• Demystifying what we do
• Co-existing with partners
Challenges
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
• Avoiding detection by target or another agency
• Remaining within the law while increasing pace
• Staying ahead of the game
• Diversifying toolkit
• Meeting increasing customer demands
• Demystifying what we do
• Co-existing with partners
TOP SECRET STRAP1
Contacts
•Call
•Visit A3c
•
PTD “We penetrate targets’ defences.”This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK informationlegislation. Refer any FOIA queries to GCHQ on
© Crown Copyright. All rights reserved.
•Call
•Visit A3c
•