Close Access Network Exploitation Program Expeditionary Access Operations • II REL 83283 is the expeditionary arm of TAO which cts worldwide Human Enabled Close Access Cyber · ns to satisfy National and Tactical SIGINT acce stomer Set chnologies of Interest - • ·• Computers 802 11 WiFi Various Task Forces COCOM Planners SOCOM Operations Service Cyber Eleme 902 d Ml Group ____ DIA CIA FBI _ - CSTs I CSGs _ -A SA TOPls - -v onventional SIGI 4- __ __ --1ements _ _ Party Partne 1 Tasks • • Deploy certified operational teams to tactical environments to execute close access Computer Network Exploitation CNE in support of national and tactical requirements • Certify SIGINT personnel to conduct human-enabled CNE missions • Develoo test and field solutions for future tactical CNE and endpoint geolocation systems and techniques • EAO Division EAO Division Chief MAJ usA Senior Enlisted Rep Deoutv Chief LT Technology Branch Capt MSgt USN USAF Operations Branch LT USN Analysis Cell USMC Training Support Branch Human EnabledCNE Tools • • Physical Access Software implants that act as the initial hook into target systems to enable remote operations ROC • Internet Cafes • Gifting • Detainee Computers • • • • Wireless payload delivery injection tool Monitors target 's web traffic Injects special ROC tag Target unknowingly owned by the ROC - ISPs - Banks - Telecommunications - Consulates Embassies • BLINDDATE • 802 11 a b g Survey Exploitation Hardware Handheld laptop deep install form factors Plug-in architecture for custom functions hec mapping NITESTAND HAPPY HOUR BADDECISION more GUI used for active and passive CNE tools Provides output data ingested by numerous databases MASTERSHAKE etc ·-- r ea- · • s tJ ••• •• j I It • I I • • •• n • 4 I - 8 8623692A84E4 601 sep gg sa 0041 F1 Fafaazzas -uu1560A6- F33 - - 3 I 001SGDA6 7 - in Hwy-796$ 4 - gemsantgmo 1 h 15- - 001075559163 pr 51958 DDOFBSEMQH 00026F49A733 AM1DOFD1FBTO - I 00022DAQB424 in a ll 001560A75588 - OOJ vii 00116326328E Red Indicates Probable Location of Wireless Client Overflow Parking x 6 Each Grid Square is -Approx- 20m 20m Camp Eggars Static Collection Site • NITESTAND • • • • BLINDDATE Plug-in 802 11 a b g wireless injectiontool Monitorstarget'sweb traffic Injectsunique packet that forces client t access a monitoredlisteningpost on the internetfor payload deployment • Transparentto target QKismet Stop Y iFI 11 Networks TASKED WiFi GPS Plugi ns TARGET 11 Start§ps II ess « 11 About SSID BSSID O 00 15 6D DC 24 4D UTSwire less4 00 15 60 DC 12 09 e 00 CO CA 23 i'E DI UTSw1reless I 00 CO CA I F 48 F9 0 0 0 00 CO CA 2 1 61 E9 UTSwire less3 00 CO CA 1F 48 F6 00 CO CA 1A FD 54 UTSwlre less3 00 CO CA 1F 48 F6 00 CO CA 1A FD 01 UTSwlre less3 00 CO CA 1F 48 F6 00 1E 58 A0 89 70 UTSwlre less4 00 15 60 DC 12 09 0 '_ ' BROWSER GET OK TAG A 202 95 79 20 4 SA lPADDR 25 202 95 79 204 p O of 202 95 79 204 202 9 5 79 204 @ @ @ @ o of 202 95 79 204 202 95 79 204 O of O of O of Current Operations • EAO-W Columbia Annex CANX - Supports Global CNE Operations in support of customers Coordinates with R T access priorities Provides WiFi gee-location operator expertise to customers • Afghanistan OIC Analyst 7 x Operators - Bagram - Presence in Bagram Kabul and Kandahar Requirements from TOPls TF 3-10 IOC CJSOTF-A tactical CST's • Germany 2 x operators- Stuttgart - Part of the ETC Support EUCOM and AFRICOM requirements • Southwest USA 4 x operators- Texas - Supporting Requirements from NSA Texas • TOP SECRET COMINT REL TO USA FVEY Operation IRONPERSISTENCE ATO Support to DIA and TF 3-10 in Afghanistan Ongoing TURKMENISTAN DIA approached EAO-AF about a source with access to some key Taliban targets in Afghanistan These targets are two of TF 3-1 O's highest priority targets EAO-Washington coordinated with DIA as well as ATO's MX Team Bridging and Exploitation Division and Persistence Division to create the proper tool that addresses the target's sensitive OPSEC practices - i d · ------- - ea a1p CNE enabled devices have since been forward deployed to Afghanistan to be used against this target The devices will be delivered as soon as the source can schedule a meeting with the Task Force Target TOP SECRET COMINT REL TO USA FVEY OPPORTUNITY EAO-lraq was requested to conduct a CAT implant on two laptops which were gifted to This is an opportunity to establish long term collect on and refine intelligence pertaining to Intelligence gain will identify the network communications of these individuals and possibly serve to enhance the overall operational picture of the networks that these agents are operating on Result SGT deployed to and gifted two pre-implanted laptops to The items gifted included other items such as under the auspices of The items were heartily accepted and is awaiting results 1-52 ated 20070103 Declassify On 20360-401 Operationsin Development • • • • • • • • Libya and Syria - EAO is prepared to support contingency operations regarding any requirements in hostile environments EAO Way Ahead - Continue to use partnerships with DoD to meet National and Military access requirements • - Formalize Partnership with USCYBERCOM - Become their expeditionary capability Respond to Cyber requirements in non-CENTCOM AORs BPT conduct Title 10 operations BPT respond to worldwide contingency Operations - Expand the Close Access Network Operator training pipeline with respect to ADET's CANO work role - Continue to work with sister offices the Services and commercial vendors for advancements in CANO capabilities and provide testing support when required CONTACT INFORMATION Division Chief Deputy Chief LT Operations Branch LT Analysis Cell Training Branch Tech Branch General Inquires Afghanistan