Documents
Full-Spectrum Cyber Effects
Apr. 4, 2014
UK TOP SECRET STRAP1
GCHQ
Fu||?Spectrum Cyber Effects
?ti 2
Head of JTRIG SD Effects Lead
II tetli-gun. namm. Emm.
SIGINT Development as an enabler
for ?Effects? mission
This; i11fa1'1natim1 is?; exempt u11+:lc1' the nfI11f'n1'111atin11 :3u:t (FDIAJ and 1'I'lE'l}' be u11+:Ic1' other UK lcgistlatimt. Refer tn GCI-IQ
UK TOP SECRET STRAP1
GCHQ
Fu||?Spectrum Cyber Effects
?ti 2
Head of JTRIG SD Effects Lead
II tetli-gun. namm. Emm.
SIGINT Development as an enabler
for ?Effects? mission
This; i11fa1'1natim1 is?; exempt u11+:lc1' the nfI11f'n1'111atin11 :3u:t (FDIAJ and 1'I'lE'l}' be u11+:Ic1' other UK lcgistlatimt. Refer tn GCI-IQ
Destroy Deny Degrade Disrupt Deceive Protect
Computer Network Attack (CNA)
Computer Network Information Operations (CNIO)
Disruption
This inf'o1'|natio11 is exempt the Fn=:edom of'I11f'o1'mt1tion Act and 111211,? be Eli?l?pl ?lh?l? UK i11f'o1'matio11 legislatioti. to GCHQ
0?
Destroy Deny Degrade Disrupt Deceive Protect
Computer Network Attack (CNA)
Computer Network Information Operations (CNIO)
Disruption
This inf'o1'|natio11 is exempt the Fn=:edom of'I11f'o1'mt1tion Act and 111211,? be Eli?l?pl ?lh?l? UK i11f'o1'matio11 legislatioti. to GCHQ
0?
UK TOP SECRET STRAP1
:ttects in (ccno
- Definition: having an impact in the real world
- Key deliverersz JTRIG and CNE
- Now major part of business 5% of Operations
- Across all target types
- Continuous innovation of new tools and techniques
This; iut'e1'matie11 is -Eli?lil under the Freedem ef'I11f'e1'n11tie11 Fuel E?flifl and lTlEl}' he under ether UK i11t'e1'n11tien legislatietl. Refer queries; te
nu nr?
UK TOP SECRET STRAP1
:ttects in (ccno
- Definition: having an impact in the real world
- Key deliverersz JTRIG and CNE
- Now major part of business 5% of Operations
- Across all target types
- Continuous innovation of new tools and techniques
This; iut'e1'matie11 is -Eli?lil under the Freedem ef'I11f'e1'n11tie11 Fuel E?flifl and lTlEl}' he under ether UK i11t'e1'n11tien legislatietl. Refer queries; te
nu nr?
UK TOP SECRET STRAP1
CNIO
Computer Network Information Operations
- Propaganda
- Deception
- Mass messaging
- Pushing stories
- Alias development facebookl
-
f|iCkr? You
This; i11f:J1'1ne1t'1n11 is?; eznzelrpt under Act Z?flfl and 111213,: be under other UK i11fn1'1mtin11 legisleltinll. Refer 2111),: FDIA que1'ie5; to GCHQ
UK TOP SECRET STRAP1
CNIO
Computer Network Information Operations
- Propaganda
- Deception
- Mass messaging
- Pushing stories
- Alias development facebookl
-
f|iCkr? You
This; i11f:J1'1ne1t'1n11 is?; eznzelrpt under Act Z?flfl and 111213,: be under other UK i11fn1'1mtin11 legisleltinll. Refer 2111),: FDIA que1'ie5; to GCHQ
UK TOP SECRET STHAP1
Disruption CNA
- Masquerades
- Spoofing
- Denial of service
Phones
Emails
Computers
Faxes
This information is?; oxonpt nndor tho Freedom of Act E?fifi and may ho under other UK logisaintion. Rofor any FDIA qnoriosa to GCHQ
nn?nr?
UK TOP SECRET STHAP1
Disruption CNA
- Masquerades
- Spoofing
- Denial of service
Phones
Emails
Computers
Faxes
This information is?; oxonpt nndor tho Freedom of Act E?fifi and may ho under other UK logisaintion. Rofor any FDIA qnoriosa to GCHQ
nn?nr?
UK TOP SECRET STRAP1
lndiuidualfEnterprise
Low Impact
pyz.
EFFECTS
On-untry wide
High impact
WiFi DOS Internet
Routing
This infarmatiun is n:xv:11]::t und-:1? th-3 Ff??d?l? Act and may bu: -:Jcv:11]::t undar legislation. R?f?r any to GCHQ
UK TOP SECRET STRAP1
lndiuidualfEnterprise
Low Impact
pyz.
EFFECTS
On-untry wide
High impact
WiFi DOS Internet
Routing
This infarmatiun is n:xv:11]::t und-:1? th-3 Ff??d?l? Act and may bu: -:Jcv:11]::t undar legislation. R?f?r any to GCHQ
UK TOP SECRET STRAP1
Information Operations
INFINITE CURVATUREIMOUNTAIN SLOPE
Sending messages across the full spectrum of communications
Telephony SMS FAX Email
RADIUS Data 9
SALAMANCA TDIS
Data Mining
Open
Phone Code Source
Pre?x IP GEO 9
information is?; eIten?pt under the Freedom of Aet E?fifi and may be under ether UK Refer any FDIA queries; to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Information Operations
INFINITE CURVATUREIMOUNTAIN SLOPE
Sending messages across the full spectrum of communications
Telephony SMS FAX Email
RADIUS Data 9
SALAMANCA TDIS
Data Mining
Open
Phone Code Source
Pre?x IP GEO 9
information is?; eIten?pt under the Freedom of Aet E?fifi and may be under ether UK Refer any FDIA queries; to GCHQ
nn?nr?
UK TOP SECRET STHAP1
ROYAL CONCIERGE
A SIGINT driven hotel reservation tip-off service
From:
To:
?Thank you for reserving ..
ROYAL CONCIERGE exploits these
messages and sends out daily alerts to
working on governmental
hard targets
What hotel are they visiting?
Is it SIGINT friendly?
An enabler for effects can we influence the hotel choice? Can we cancel their visit?
We can use this as an enabler for HUMINT and Close Access Technical Operations
This information is?; ezterrpt under the Freedom o1?'Inf'ort1?ation Act E?fifi and may be eztetrpt under other UK inf'ort1?ation legislation. Refer any FCJIA queries; to GCHQ
nn?nr?
UK TOP SECRET STHAP1
ROYAL CONCIERGE
A SIGINT driven hotel reservation tip-off service
From:
To:
?Thank you for reserving ..
ROYAL CONCIERGE exploits these
messages and sends out daily alerts to
working on governmental
hard targets
What hotel are they visiting?
Is it SIGINT friendly?
An enabler for effects can we influence the hotel choice? Can we cancel their visit?
We can use this as an enabler for HUMINT and Close Access Technical Operations
This information is?; ezterrpt under the Freedom o1?'Inf'ort1?ation Act E?fifi and may be eztetrpt under other UK inf'ort1?ation legislation. Refer any FCJIA queries; to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Information Operations: The Social Web
You
facebooki
Deliver messages and multimedia content across Web 2.0
Crafting messaging campaigns to go ?viral?
This information is eztenpt under the Freedom ofinfornution Asst E?fifi and may be under other UK legislation. Refer any FCJIA queries to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Information Operations: The Social Web
You
facebooki
Deliver messages and multimedia content across Web 2.0
Crafting messaging campaigns to go ?viral?
This information is eztenpt under the Freedom ofinfornution Asst E?fifi and may be under other UK legislation. Refer any FCJIA queries to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Twitter TDI Development
Need SIGINT ctwerage across
Not necessarily cnnsistent with target SIGDEV priurities
5N
mVy?fWJ pb?l?evsm b3Jfc29s%25DAb1
wd
12
.
Sewer
i11frn1'm21t'1n11 is?; en:-zmpt under the Fltednln nf'I11fr:1'1mt'1n11 Act E?l??r and 111213,? be exelnpt under ether UK i11fn1'lmtin11 legislettinlt. Refer tn GCHQ
UK TOP SECRET STRAP1
Twitter TDI Development
Need SIGINT ctwerage across
Not necessarily cnnsistent with target SIGDEV priurities
5N
mVy?fWJ pb?l?evsm b3Jfc29s%25DAb1
wd
12
.
Sewer
i11frn1'm21t'1n11 is?; en:-zmpt under the Fltednln nf'I11fr:1'1mt'1n11 Act E?l??r and 111213,? be exelnpt under ether UK i11fn1'lmtin11 legislettinlt. Refer tn GCHQ
UK TOP SECRET STRAP1
Twitter TDI Development
Baset-34 double encoded URL
5555555 This; i11f'51'n3E1ti5n is?; under the 5f'I11f'51'n?E1t'15n Act E?l??r and 11121}; I35 5:~L5mpt under 5th51' UK inf'51'n?E1t'15n Refer I5 GCHQ
UK TOP SECRET STRAP1
Twitter TDI Development
Baset-34 double encoded URL
5555555 This; i11f'51'n3E1ti5n is?; under the 5f'I11f'51'n?E1t'15n Act E?l??r and 11121}; I35 5:~L5mpt under 5th51' UK inf'51'n?E1t'15n Refer I5 GCHQ
UK TOP SECRET STRAP1
Twitter TDI Development
PPF application across 106: Environment
1272671024 81.169.145.25
128.242.240.20 8 55488 80 Login?
twitter.com 31
TD|?Scope 4 User Route 13
81 .169.145.25 8 38
4848d4 User?Agent 52 Twitter Tools
Geo?|P?Sro 28
Geo?|P?Dst 33 380082;-
Event?security?|abe| 8 10007F
Stream?seourity?|abeI 10 400023EOFF Wants Per day feeding
BLACKHOLE
This; i11t'e1'1ne1t'1e11 is?; under the F1'eei:Iem ef'I11t'e1'1mt'1e11 Fuel Z?l??r and 11121}; be eztempt u11+:le1' other UK i11t'e1'1mtie11 l?gi?ltlli?ll. Refer any FDIA queries; to GCHQ
UK TOP SECRET STRAP1
Twitter TDI Development
PPF application across 106: Environment
1272671024 81.169.145.25
128.242.240.20 8 55488 80 Login?
twitter.com 31
TD|?Scope 4 User Route 13
81 .169.145.25 8 38
4848d4 User?Agent 52 Twitter Tools
Geo?|P?Sro 28
Geo?|P?Dst 33 380082;-
Event?security?|abe| 8 10007F
Stream?seourity?|abeI 10 400023EOFF Wants Per day feeding
BLACKHOLE
This; i11t'e1'1ne1t'1e11 is?; under the F1'eei:Iem ef'I11t'e1'1mt'1e11 Fuel Z?l??r and 11121}; be eztempt u11+:le1' other UK i11t'e1'1mtie11 l?gi?ltlli?ll. Refer any FDIA queries; to GCHQ
UH TOP SEERET
Twitter TDI Development
4* Given a country:
Kawastan i Who are the top Twitter
Users
Jan
- user-
- Tm.? I
Lil
Are they really Kawestan?
<3
SIGDEV augments the I0 process to aid targeting and takeup of message
int'ermat'1en is eztempt under the ef'Int'enmtien Fuel Z?l??r and l'I'lE1}' be under ether UK int'e1'n??t'1en Refer e111}'FDIr3a. queries; te GCHQ
UH TOP SEERET
Twitter TDI Development
4* Given a country:
Kawastan i Who are the top Twitter
Users
Jan
- user-
- Tm.? I
Lil
Are they really Kawestan?
<3
SIGDEV augments the I0 process to aid targeting and takeup of message
int'ermat'1en is eztempt under the ef'Int'enmtien Fuel Z?l??r and l'I'lE1}' be under ether UK int'e1'n??t'1en Refer e111}'FDIr3a. queries; te GCHQ
UK TOP SECRET STHAP1
Information Ops
Spheres of Influence
INFLUENCE
This information is oxonpt nndor tho Freedom of Information Aizt and may ho oxonqat nndor othor iogisiation. Rofor any FCJIA qnorios to GCHQ
nn?nr?
UK TOP SECRET STHAP1
Information Ops
Spheres of Influence
INFLUENCE
This information is oxonpt nndor tho Freedom of Information Aizt and may ho oxonqat nndor othor iogisiation. Rofor any FCJIA qnorios to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Hmi?rmat??n
50 new mobile being
Developed by end of 2010
Also - Target Geog raphical
Identifiers (TGI)
We can shape CNIO against
specific locations, users with
a high degree of cognition
i11f'e1'm21tie11 is?; exempt under the ef'I11f'e1'n??t'1en Act E?l??r and 11121}; be exempt under ether UK iuf'e1'n11t'1en legisalatiett. Refer queries; te GCHQ
UK TOP SECRET STRAP1
Hmi?rmat??n
50 new mobile being
Developed by end of 2010
Also - Target Geog raphical
Identifiers (TGI)
We can shape CNIO against
specific locations, users with
a high degree of cognition
i11f'e1'm21tie11 is?; exempt under the ef'I11f'e1'n??t'1en Act E?l??r and 11121}; be exempt under ether UK iuf'e1'n11t'1en legisalatiett. Refer queries; te GCHQ
ulnerability Assessment Process Development
Enabling ONO For intelligence production teams, based on Target Templating methodology
. .
Tame-I .5 3* we
ter -::I-mug 1e- be -:.1oI1e Io 1he Target
-it that frarrew:-rlt in to El problem
The is. based -dn the understanding dl 6 or Hus all T?mylate
IF. -
1r;- ll"-ej: global and the
etin LIIJ utiuk?ee Ihe
-n-I1-en
Information Need.
Hn en-.el ed ge Gap
Hiri-
JII.
Hyrpot heeia
I-art?. 1: Targtt at: E1
Lee: sort or
Tr HI-rd
II-ulfll fa.-I
IFI
Layer 2: Infrastructure - 1I1-e target
to tliu
H-I-U
-ii.
Layer 3: Teelinnlogy - 1I1a-
teenitulngy the target
Tar?el
ll
ll
Layer -1: Lev:-lung for
n1
. e?
Layer 5: -Cepebi IitleIE. d5'5el.1 -do me have
'3 Erraj?? In :1 Iii-an I 1-"mu "Er?
-
ll
II
3
NADP trained network
Wm i ac i 0 a
inf'e1'm::1t'1en is?; ertempt under the Freedom ef'Inf'e1'n?e1tien Feet E?l?fl and [nay be ertempt under other UK inf'e1'mt1tien legisalatiett. Refer any FCIIA to GCHQ
nn?nr?
ulnerability Assessment Process Development
Enabling ONO For intelligence production teams, based on Target Templating methodology
. .
Tame-I .5 3* we
ter -::I-mug 1e- be -:.1oI1e Io 1he Target
-it that frarrew:-rlt in to El problem
The is. based -dn the understanding dl 6 or Hus all T?mylate
IF. -
1r;- ll"-ej: global and the
etin LIIJ utiuk?ee Ihe
-n-I1-en
Information Need.
Hn en-.el ed ge Gap
Hiri-
JII.
Hyrpot heeia
I-art?. 1: Targtt at: E1
Lee: sort or
Tr HI-rd
II-ulfll fa.-I
IFI
Layer 2: Infrastructure - 1I1-e target
to tliu
H-I-U
-ii.
Layer 3: Teelinnlogy - 1I1a-
teenitulngy the target
Tar?el
ll
ll
Layer -1: Lev:-lung for
n1
. e?
Layer 5: -Cepebi IitleIE. d5'5el.1 -do me have
'3 Erraj?? In :1 Iii-an I 1-"mu "Er?
-
ll
II
3
NADP trained network
Wm i ac i 0 a
inf'e1'm::1t'1en is?; ertempt under the Freedom ef'Inf'e1'n?e1tien Feet E?l?fl and [nay be ertempt under other UK inf'e1'mt1tien legisalatiett. Refer any FCIIA to GCHQ
nn?nr?
UK TOP SECRET STRAP1
Human Systems Analysis
Foreign News Agencies:
- Credential Harvesting
- Employee Analysis
- who?
- how??
- why??
Data in ..
It New Data out
0
Dataout
3?
Social not technological solution
This; i11f'e1?mat'1e11 is under the ef'I11f'e1?1mt'1e11 Aet and 111213,: be uueler other UK i11f'e1?1mtie11 legislatiett. Refer any FDIA queries; to GCHQ
UK TOP SECRET STRAP1
Human Systems Analysis
Foreign News Agencies:
- Credential Harvesting
- Employee Analysis
- who?
- how??
- why??
Data in ..
It New Data out
0
Dataout
3?
Social not technological solution
This; i11f'e1?mat'1e11 is under the ef'I11f'e1?1mt'1e11 Aet and 111213,: be uueler other UK i11f'e1?1mtie11 legislatiett. Refer any FDIA queries; to GCHQ
UK TOP SECRET STHAP1
Future?
Formalising Tradecraft for
?What SIGDEV needs to be
done prior to starting an
Effects operation??
Joining up with 5 EYES where possible (cyber development)
BGPI MPLS network effects (HOTWIRE)
SIP and Effects Denial of Service, Operations
Provide the defensive advice from the offensive perspective
This information is oxonpt nndor tho Froodotn of I??ilftf?ti?? Asst E?flti and may ho oxonqjt nndor othor UK iogiaiation. Rofor any FCJIA qnorioa to GCHQ
nn?nr?
UK TOP SECRET STHAP1
Future?
Formalising Tradecraft for
?What SIGDEV needs to be
done prior to starting an
Effects operation??
Joining up with 5 EYES where possible (cyber development)
BGPI MPLS network effects (HOTWIRE)
SIP and Effects Denial of Service, Operations
Provide the defensive advice from the offensive perspective
This information is oxonpt nndor tho Froodotn of I??ilftf?ti?? Asst E?flti and may ho oxonqjt nndor othor UK iogiaiation. Rofor any FCJIA qnorioa to GCHQ
nn?nr?
TQP
Questions?
V.
Head of JTRIG SD Effects Lead
NSTSI -
Find me an TAPIOCA
9
nu. IJ rm-.
names and phone numbers redacted
infr:1'1n::1t'1m1 is?; eznzelnpt under the Fl?EEdfJl'? nf'I11f31'111ntim1 Pact Z?fi?r and l'I'lE1}' be under UK inf'n1'l11ntim1 legisleltinli. Refer tn GCHQ
nn?nr?
TQP
Questions?
V.
Head of JTRIG SD Effects Lead
NSTSI -
Find me an TAPIOCA
9
nu. IJ rm-.
names and phone numbers redacted
infr:1'1n::1t'1m1 is?; eznzelnpt under the Fl?EEdfJl'? nf'I11f31'111ntim1 Pact Z?fi?r and l'I'lE1}' be under UK inf'n1'l11ntim1 legisleltinli. Refer tn GCHQ
nn?nr?