Documents

SOMALGET

May 19, 2014

1/2
Download
Page 1 from SOMALGET
mmputer Center Intra: Here in 5213, we've had great 5t1cce55 t15i11g 5y5tem5 that bnffer fnll-take andia ccullecticun far a I- naminal 3D day5 -- tl1e5e 5y5tem5 have led ta real i11 target di5cavery -- and we wa11ted ta alert ether analy5t5 ta their petential. Cellecter5: plea5e take nete afhaw bene?cial tl1e5e type5 pf callectc-r5 ca11 be ta analy5t5, a5 campared ta mare traditicunal mc-del5. (SIFSIIEREL) SCIMALGET i5 a family af callectian 5y5tem5 wl1icl1 greatly facilitate and make pe55ible remarkable 11ew way5 ef perferming bath target develepmentl and target di5ccuvery.2 Signi?cant analytic and 5ncce55e5 i11 bath area5 have been made SID a11aly5t5 the twcu ctnn1trie5 where SCIIVIALGET acce55e5 currently e15-:i5t and the Eahama5). (U) Haw It Wark5: SCIMALGET cc-llectic-n 5y5tem5 farwani fuii?tai-ze metadata in real time and buffer ful'l'?take aadia far narninal'iy 30 day5.3 It "15'kE5 P'3'55ll3"lE the 5ElE"3tl'3'11 Uf andia cantent agai115t the buffered data after the fact, i1111ear real-time, er np ta 3D day5 later. Tl1i5 ability i5 dnbbed "retrc-5pective retrieval." The pewer ef rene5pective retrieval i11 facilitating target develc-pment cur di5cc-very lie5 i11 it5 ability ta permit the a11aly5t ta 5electively retrieve andia cantent and immediately validate hi5ther tentative analytic cc-ncln5itn15 derived from metadata. 0 SCIIMALGET acce55 ta Bahamian GEM cammtniicatic-115 l1a5 led tn the d'i5caverv af internatianal narcatic5 and 5peciai?intere5t aiien 5innggier5. Tl1i5 acce55 -- tagether with t15e pf methad5 that take advantage af target5' behavieral pattern5?l -- have allewed enr 52F analy5t5 ta gai11 a firm tn1der5ta11di11g af the target5' activitie5 even when d1e5e cantact5 pricur ta their di5cavery. (U) Mare ta Came? Tl1e5e 5ncce55e5, wl1icl1 depend an acce55 ta bnffered andia ?le5 that may be a55cuciated with 5electer5 net ta5l-;ed tn the collection a55et i11 qne5tian, argue in favor af a caiiectian rnetitadaiayy far teiephany that may be viewed a5 ta XKE YSCORE. That i5, we buffer certain caii5 titat EEIAY be af fareign vaiae far a 5a?icient periad ta permit a wel'l'?infarrned' d'eci5ian an whetiter ta retrieve and return 5peci?c aadia cantent. prcuper engineering, and there i5 little rea5-an d1i5 capability cainiat expand ta ether acce55e5 (be5ide5 ?and the Bahama5), previded campatible hardware a11d i11terface5 are developed a11d deplc-yed.5
mmputer Center Intra: Here in 5213, we've had great 5t1cce55 t15i11g 5y5tem5 that bnffer fnll-take andia ccullecticun far a I- naminal 3D day5 -- tl1e5e 5y5tem5 have led ta real i11 target di5cavery -- and we wa11ted ta alert ether analy5t5 ta their petential. Cellecter5: plea5e take nete afhaw bene?cial tl1e5e type5 pf callectc-r5 ca11 be ta analy5t5, a5 campared ta mare traditicunal mc-del5. (SIFSIIEREL) SCIMALGET i5 a family af callectian 5y5tem5 wl1icl1 greatly facilitate and make pe55ible remarkable 11ew way5 ef perferming bath target develepmentl and target di5ccuvery.2 Signi?cant analytic and 5ncce55e5 i11 bath area5 have been made SID a11aly5t5 the twcu ctnn1trie5 where SCIIVIALGET acce55e5 currently e15-:i5t and the Eahama5). (U) Haw It Wark5: SCIMALGET cc-llectic-n 5y5tem5 farwani fuii?tai-ze metadata in real time and buffer ful'l'?take aadia far narninal'iy 30 day5.3 It "15'kE5 P'3'55ll3"lE the 5ElE"3tl'3'11 Uf andia cantent agai115t the buffered data after the fact, i1111ear real-time, er np ta 3D day5 later. Tl1i5 ability i5 dnbbed "retrc-5pective retrieval." The pewer ef rene5pective retrieval i11 facilitating target develc-pment cur di5cc-very lie5 i11 it5 ability ta permit the a11aly5t ta 5electively retrieve andia cantent and immediately validate hi5ther tentative analytic cc-ncln5itn15 derived from metadata. 0 SCIIMALGET acce55 ta Bahamian GEM cammtniicatic-115 l1a5 led tn the d'i5caverv af internatianal narcatic5 and 5peciai?intere5t aiien 5innggier5. Tl1i5 acce55 -- tagether with t15e pf methad5 that take advantage af target5' behavieral pattern5?l -- have allewed enr 52F analy5t5 ta gai11 a firm tn1der5ta11di11g af the target5' activitie5 even when d1e5e cantact5 pricur ta their di5cavery. (U) Mare ta Came? Tl1e5e 5ncce55e5, wl1icl1 depend an acce55 ta bnffered andia ?le5 that may be a55cuciated with 5electer5 net ta5l-;ed tn the collection a55et i11 qne5tian, argue in favor af a caiiectian rnetitadaiayy far teiephany that may be viewed a5 ta XKE YSCORE. That i5, we buffer certain caii5 titat EEIAY be af fareign vaiae far a 5a?icient periad ta permit a wel'l'?infarrned' d'eci5ian an whetiter ta retrieve and return 5peci?c aadia cantent. prcuper engineering, and there i5 little rea5-an d1i5 capability cainiat expand ta ether acce55e5 (be5ide5 ?and the Bahama5), previded campatible hardware a11d i11terface5 are developed a11d deplc-yed.5
Page 2 from SOMALGET
(U) Notes: 1. (U) Target developme11t the process hy vvhich a11 analyst ca11 extend knowledge of a known target by observing eleme11ts of metadata tl1at relate to that target. 2. (U) Target discovery the process whereby a11 analyst ca11 discover targets by observing nietadata as it relates to behaviors characteristic of hisfher target set, regardless of vvhether or 11ot the newly discovered selectors are related to lcnovvn targets. 3. (SEESIEEREL) The 11omi11al days storage" acttlally varies depe11di11gnpo11 on space, power, a11d observed activity levels. 4. Clhserving that targets te11d to use prepaid calli11g cards i11 a11 attempt to mask the desti11atio11 of telepl1o11e calls, 8213 focnsed o11 mohile identi?ers i1111nmher ra11ges that represent newly activated accotmts. We have also used SMS text messages to identify a11d renieve andio of interest. 5. Storage capacity is directly related to the amotmt of disk storage that ca11 be deployed. 1-?Jl1e11 deployed against entire networks, as SCIMALGET is, the hack- e11d datahase a11d processing required for interactive searcl1 a11d retrieval of also requires e11terprise-class data warehousing a11d high-performance processing to manage the vast amotmt of data capnlred. Currently this vvarehonse dynamically manages roughly 5 billion call events, with the capacity to e:-cpand well beyond our cnrre11t target This retrospective retrieval infrastructure is web based a11d is already i11 place. As noted, with proper engineering a11d coordination, there is little reason this capability caimot expand to other accesses, provided compatihle hardware a11d interfaces are developed a11d deployed.
(U) Notes: 1. (U) Target developme11t the process hy vvhich a11 analyst ca11 extend knowledge of a known target by observing eleme11ts of metadata tl1at relate to that target. 2. (U) Target discovery the process whereby a11 analyst ca11 discover targets by observing nietadata as it relates to behaviors characteristic of hisfher target set, regardless of vvhether or 11ot the newly discovered selectors are related to lcnovvn targets. 3. (SEESIEEREL) The 11omi11al days storage" acttlally varies depe11di11gnpo11 on space, power, a11d observed activity levels. 4. Clhserving that targets te11d to use prepaid calli11g cards i11 a11 attempt to mask the desti11atio11 of telepl1o11e calls, 8213 focnsed o11 mohile identi?ers i1111nmher ra11ges that represent newly activated accotmts. We have also used SMS text messages to identify a11d renieve andio of interest. 5. Storage capacity is directly related to the amotmt of disk storage that ca11 be deployed. 1-?Jl1e11 deployed against entire networks, as SCIMALGET is, the hack- e11d datahase a11d processing required for interactive searcl1 a11d retrieval of also requires e11terprise-class data warehousing a11d high-performance processing to manage the vast amotmt of data capnlred. Currently this vvarehonse dynamically manages roughly 5 billion call events, with the capacity to e:-cpand well beyond our cnrre11t target This retrospective retrieval infrastructure is web based a11d is already i11 place. As noted, with proper engineering a11d coordination, there is little reason this capability caimot expand to other accesses, provided compatihle hardware a11d interfaces are developed a11d deployed.