Close Access Network Exploitation Program Expeditionary Access Operations • II/REL) 83283 is the expeditionary arm of TAO which cts worldwide Human Enabled Close Access Cyber · ns to satisfy National and Tactical SIGINT acce stomer Set: chnologies of Interest: - • ·• Computers 802.11 (WiFi) Various Task Forces COCOM Planners SOCOM Operations Service Cyber Eleme~ 902"d Ml Group ...,____ DIA/CIA/FBI ..,._..... - CSTs I CSGs .._. -A SA TOPls . .....- -v onventional SIGI "4- __ __.--1ements _ _ Party Partne ~ 1 .... Tasks . • • Deploy certified operational teams to tactical environments to execute close access Computer Network Exploitation (CNE) in support of national and tactical requirements • Certify SIGINT personnel to conduct human-enabled CNE missions • Develoo, test, and field solutions for future tactical CNE and endpoint geolocation systems and techniques . • EAO Division EAO Division Chief MAJ, :usA) Senior Enlisted Rep Deoutv Chief LT Technology Branch Capt MSgt (USN) (USAF) Operations Branch LT (USN) Analysis Cell (USMC) Training & Support Branch Human EnabledCNE Tools • • Physical Access Software implants that act as the initial "hook" into target systems to enable remote operations (ROC) • Internet Cafes • Gifting • Detainee Computers • • • • Wireless payload delivery/injection tool Monitors target 's web traffic Injects special ROC tag Target unknowingly owned by the ROC - ISPs - Banks - Telecommunications - Consulates/Embassies • BLINDDATE • 802.11 a/b/g Survey/Exploitation Hardware Handheld , laptop, deep install form factors Plug-in architecture for custom functions: hec mapping , NITESTAND , HAPPY HOUR , BADDECISION , more GUI used for active and passive CNE tools Provides output data ingested by numerous databases (MASTERSHAKE , etc) ·-- .......... r.ea- ·. • s.tJ """ ""] ••• ,... .,............ •• j I It • I: I :• • ••" ... "n.. • .4 .I . - 8 8623692A84E4 ., . . 601 sep?gg?sa 0041: F1 Fafaazzas?; ;-uu1560A6-?F33 - - 3, I .001SGDA6 7 - in. . Hwy-796$ 4? . - . ?gemsantgmo? 1 h. 15- -. 001075559163 pr?" 51958 .. DDOFBSEMQH 00026F49A733 AM1DOFD1FBTO - I 00022DAQB424 . in) a ll.? 001560A75588 . - OOJ vii?!? 00116326328E Red Indicates Probable Location of Wireless Client Overflow Parking "x 6. Each Grid Square is .-Approx- 20m 20m Camp Eggars Static Collection Site • NITESTAND • • • • BLINDDATE Plug-in 802.11 a/b/g wireless injectiontool Monitorstarget'sweb traffic Injectsunique packet that forces client t access a monitoredlisteningpost on the internetfor payload deployment • Transparentto target QKismet Stop Y!iFI 11 Networks TASKED WiFi GPS Plugi ns TARGET 11 Start§ps II !,ess « 11 About SSID BSSID O 00 :15:6D :DC:24 :4D UTSwire less4 00 :15:60 :DC :12:09 e 00 CO CA 23 i'E DI UTSw1reless I 00 CO CA I F 48 F9 .. 0 .. 0 .. 0 00:CO:CA:2 1:61 :E9 UTSwire less3 00:CO:CA:1F:48 :F6 00:CO:CA:1A :FD:54 UTSwlre less3 00:CO:CA:1F:48 :F6 00 :CO:CA:1A :FD:01 UTSwlre less3 00 :CO:CA:1F:48 :F6 00 :1E:58:A0 :89 :70 UTSwlre less4 00 :15:60 :DC :12:09 0 ~ ,'_~ ,'~~ BROWSER GET OK ~ ~ ~ ~ TAG A 202 .95 .79.20 4 SA lPADDR ~ 25 202 95 79 204 p O of ~ 202.95.79.204 202.9 5.79.204 @ @ @ @ o of ~ 202.95.79.204 ~ 202 .95.79.204 O of O of O of Current Operations • EAO-W: Columbia Annex (CANX) - Supports Global CNE Operations in support of customers Coordinates with R&T access priorities Provides WiFi gee-location operator expertise to customers • Afghanistan: OIC, Analyst, 7 x Operators - Bagram - Presence in Bagram , Kabul, and Kandahar Requirements from TOPls , TF 3-10, IOC, CJSOTF-A , tactical CST's • Germany: 2 x operators- Stuttgart - Part of the ETC Support EUCOM and AFRICOM requirements • Southwest USA: 4 x operators- Texas - Supporting Requirements from NSA Texas • TOP SECRET//COMINT//REL TO USA, FVEY Operation IRONPERSISTENCE ATO Support to DIA and TF 3-10 in Afghanistan Ongoing TURKMENISTAN DIA approached EAO-AF about a source with access to some key Taliban targets in Afghanistan. These targets are two of TF 3-1 O's highest priority targets. EAO-Washington coordinated with DIA as well as ATO's MX Team, Bridging and Exploitation Division , and Persistence Division to create the proper tool that addresses the target's sensitive OPSEC practices. ,+, ,,,,. ... ~- i.,.,d,· ------- ~ =-....:.:. ea,, ...a1p~ CNE enabled devices have since been forward deployed to Afghanistan to be used against this target. The devices will be delivered as soon as the source can schedule a meeting with the Task Force Target. TOP SECRET//COMINT//REL TO USA, FVEY OPPORTUNITY: EAO-lraq was requested to conduct a CAT implant on two laptops which were gifted to This is an opportunity to establish long term collect on and refine intelligence pertaining to Intelligence gain will identify the network communications of these individuals, and possibly serve to enhance the overall operational picture of the networks that these agents are operating on.. Result SGT deployed to and gifted two pre-implanted laptops to The items gifted included other items, such as under the auspices of The items were heartily accepted and is awaiting results. 1-52 ated: 20070103 Declassify On: 20360-401 Operationsin Development • • • • • • • • Libya and Syria - EAO is prepared to support contingency operations regarding any requirements in hostile environments EAO Way Ahead - Continue to use partnerships with DoD to meet National and Military access requirements • - Formalize Partnership with USCYBERCOM - Become their expeditionary capability Respond to Cyber requirements in non-CENTCOM AORs BPT conduct Title 10 operations BPT respond to worldwide contingency Operations - Expand the Close Access Network Operator training pipeline with respect to ADET's CANO work role - Continue to work with sister offices, the Services, and commercial vendors for advancements in CANO capabilities and provide testing support when required CONTACT INFORMATION Division Chief Deputy Chief LT Operations Branch LT Analysis Cell Training Branch Tech Branch General Inquires Afghanistan