OCR of the Document

View the Document >>

National Security Agency, The FASHIONCLEFT Protocol, October 16, 2008. Top Secret//Comint//Rel to USA, FVEY.

The FASHIONCLEFT Protocol STDP 532354 go October 16 2008 TOP 1 TOP Definition FASHIONCLEFT protocol used by implants to exfiltrate collected network packets to the Common Data Receptor CDR Provides support for Metadata Authentication Integrity AntiReplay Data Uses 1024-bit RSA 128-bit RC6 Based on DNT standards FOGYNULL EXfil Protocol FUNNELAPS EXfil Data Format SHELLGREY Exfil Metadata Format October 16 2008 TOP TOP How To EXfiltrate 1P Packets 1 Make a copy of the captured packet 2 Modify packet IP destination address 3 Modify other protocol fields 1P UDP TCP as needed to bypass firewalls and tag packets for ID 4 Optionally Transport layer payload 5 Send modified Data Packet DP to new destination October 16 2008 TOP 3 TOP Receiver Needs Metadata - Metadata explains how to Identify an eXfil packet and the implant source Recover original IP destination address Recover other original protocol fields IP UDP TCP Contains Key to transport layer payload - Metadata sent in a Session Announcement SA - SAs use or sent to an IP port - Multiple copies of SA sent to mitigate dropped SA packets - Receiver is dynamically configured with - SA IP ports Infrastructure 8 Implant Private Keys October 16 2008 TOP 4 TOP Session Announcement Format - IP Header TCP UDP Header Deployment-Id 0x00 Target-Id Ur a1a2a3a4 0 SA Payload Implant-Id Oxb1b Packet-lF-Selector 0x01 Infrastructure Header 128 bytes - RSA w Infrastructure Public Key - Contains ID ID Deployment Id Target Id Implant Id imp'lj lsa x de l ode MOE Implant Header 128 bytes - RSA w Public Key - Contains ML - 128 bit CV MI and checksum for Data Len 1 Exfil Metadata Block EXfil Metadata Block variableMinimum packet length 344 bytes 4 4 3 C53 C3 Exfil-ld Exfil-Type Packet Time-of-lntercept Filter-Id 0x12 FUN October 16 2008 TOP 5 TOP Session Announcement Processing 1 Look for SAs at IP port that are at least 344 bytes long IP dstPort Easy quick initial check 1 RSA w Infrastructure Private Key Authenticate w Slow secondary check can t withstand much non SA traffic on IP port 1 RSA w lD s Private Key Authenticate w 1 RC6 EXfil Metadata w CV and MI Perform integrity check 1 Extract Metadata and create Data Packet DP filter rule Metadata contains either 5 tuples or pattern mask offset that match DPs or pattern mask offset October 16 2008 TOP 6 TOP Data Packet Processing Identify an exfil packet that matches DP filter rule Modify to original IP destination address Modify to original protocol fields 1P UDP TCP transport layer payload Have now recovered the original captured packet 1 Associate metadata with recovered packet Implant CASN Turmoil link CASN 1 Perform protocol specific processing Reinject Bundle Need option to force packets to be strongly selected October 16 2008 TOP 7 Questions October 16 2008 TOP 8 Supplemental Material October 16 2008 TOP 9 TOP FASHIONCLEFT 8 Turmoil Adding FASHIONCLEFT capability to Turmoil supports these missions VPN Provide key exchanges obtained from unique TAO accesses to the VPN Attack Orchestrator Create new high bandwidth eXfiltration path to Turmoil for streaming to overcome limited CDR bandwidth Others Automatic eXfil path discovery October 16 2008 TOP 10 TOP Library Reuse CDR PPF TAO Common Data Receptor Access Control Point ACP C SURPASSPIN Inner Outer SP-in SP-out Java FOGYNULL Technique Software Kit C Turmoil Packet Processing Framework Atomic Event Generator AEG Stateful Event Generator SEG Event Filter EF Packet-to-Packet Transform Engine TE October 16 2008 TOP 11 TOP ACP Equivalent Cache setTimeWindow Acp getStatus Cache setSize - Cache getArchivingStatus Cache getInfo - SaFilter getList Cache c1ear - DpFilter getList Cache enableArchiving - Cache getInfo Cache disableArchiving Cache getArchivingStatus Acp checkRawPacket - packet processing callback SaFilter set - cache the packet SaFilter de1ete if cacheFull SaFilter getList - archiveIfEnabled SaFilter clearList - warnIfInCacheTimeWindow - find process all matching DpFilters DpFilter set - find process unique matching SaFilter - Create DpFilter check cache for match DpFilter de1ete DpFilter getList DpFilter clearList October 16 2008 TOP 12 TOP To be Determined - Tasking Monitoring of Turmoil Add Delete Query tasking JMS Add Delete Query other processing config options MBean Tasking configuration persistence Processing metrics 8 logging Should tasking use CDR icf files Implant Config Files Should Turmoil interface w TAO tasking database - Protocol Processing Metadata Implant CASN Turmoil link CASN Reinject Packet Bundling VPN etc Force Strong Selection Option On Off Turmoil 30 sec DFCE vs CDR 15 minute packet cache October 16 2008 TOP 13 TOP Current CDR Tasking FLASHHANDLE Mission Manager FMM Provides tasking to FMM Server Reads configuration information from the PUZZLECUBE database Allows the operator to add change tasking including generating implant keys Tasking changes are Sent back to PUZZLECUBE Via JDBC messages Published Via JMS messages to SURPASSPIN SURPASSPIN stores the tasking in a persistent POJO cache October 16 2008 TOP 14 TOP Implant Configuration File icf 4843 HAMMERCHANT 4343 a1b20000 00000113 21Mar2007 IMPLANLRSAJNF ICF DTG Wed Mar 21 13 12 33 2997 RSANAME Infrastructure_Key_E rsa 4843 HAMMERCHANT FOR TARGET ID RSAINFO Wed Aug 25 10 17 29 2004 rsagenkey v2 0 0xa1b20000 RSASIZE 1024 0x4843 RSAMOD 32 IMPLANT VER 1 0xe420b8d5 0x47673b7a 0xaf4039a1 0xc704d5ba m7 lines deletedm 0xa1b20000 RSAMU 33 99999113 0xed5692b1 0x449323bb 0xed7653e5 0xcd9feb5e m7 lines 172 32 6 113 BatonRouge RSAPRIV 32 0x6305f12b 0xd1b85426 0x4f5a6810 0x68be4748 m7 lines deleted Tunnel-Id 2-Fashioncleft RSAPUB 32 IMPLANLLM 2 63_1_1_173 12900 0x00000003 0x00000000 0x00000000 0x00000000 2 68 1 1 178 12001 lines deleted' e3d3ae0a b341ade1 4dce30e0 77861acc RSANAME 4343 same format as October 16 2008 TOP 15 TOP Packet Cache Options - CDR uses a 15 minute packet cache SAs are sent multiple times per session and the cache is searched for matching DPs to mitigate dropped SAs - Simple Cache Use existing Turmoil cache Delay Flow Control Engine - Large Cache Create a large cache that allows a 15 minute delay Options Start with Simple cache and see if we miss too many DPs If problems then implement Large cache Start with a Large cache and see if we can keep up with data rate 8 memory requirements If problems then scale back to Simple cache October 16 2008 TOP 16 TOP Simple Packet Cache The hardware LightDelay provides a 30 second cache The software provides a 2 second cache Pros 1 0 problems with buffering data since Turmoil does it automatically 2 0 work required to implement cache Cons 1 Cache is much smaller than 15 minute 900 seconds 30X 30 CDR requirement 2 Cache delay is further reduced by unspecified latency to register new DP filters after receipt of SA 3 Many DPs would be ignored if SA is missed delayed Possibly mitigated by sending multiple SA copies in first 30 or 2 seconds of eXfil October 16 2008 TOP 17 TOP Large Packet Cache Implement large 15 minute packet cache within AEG Pros 1 Meets CDR cache requirement 2 Most all DPs should be processed even if initial SA is missed delayed Cons 1 Violates normal Turmoil architecture May not be possible feasible to implement a large cache at typical Turmoil rates 2 Requires caching all IP packets sent to IP address then manually searching for DP hits instead of letting the PPF search packets 3 Time effort required to implement October 16 2008 TOP 18 TOP 1D 8 Processing October 16 2008 TOP 19                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu