Documents

Operational Engineering November 2010

Sep. 25 2015 — 9:33a.m.

/37
1/37
Download

tzevem?s Events Product Centre SECRET STRAP1 GCHQA

vzevents Agenda '2 Welcome '2 Salamanca erFDs I"?Guiding Light Questions SECRET STRAP1

tzevem?s IMMINGLE Key changes July 2010 to present: Inferred data from B3M now flagged Updates to handle identifiers from HARD ASSOC and 83M correctly MAINWAY: now grouped and ?agged in same way as SALAMANCA MAINWAY: direct access to event details provided GPRS flagging THUGGEE rules applied to SALAMANCA events SECRET STRAP1 - GCHQ

vzevents I Elna-?: Sui-11m"? Cir-plug] man-r]! IMMINGLE *5er Porn-inlet: ump? II-IH :Imnmm Lara-Him Julie-m [2-31 in I L1 I REL-nun lull-lg EFT: in: mm! Jinan-i- rune-m WM 111532315: n: Inn utm guru__aae?1_l mm" - Flu I 1 Ff": - H?JmIl-ta? her-Ira: 4C- Huh-1'1 giant?s-cl Pen-In an I 1: SW l? IJJH rhf?a. muf?n: 1" f" [1?.th r: Walk in Prowlede FFIE EFDHM 'D-ntn Burg-a - Elan [1am I1 HIhlh?J}: r; PHWE r-L lmEl FHEH I F'Tmm :1 r? ?Ewnl {Full-:11 tin-Ice: ?H'iimi- II, imamsm IZIL div?. mlLa 5 II.-. f' MAINWAY options and Help pages lame l? imhd-n Uri-'1'an I: [rum-d: Halidth IJJI-Iriuim r: 51W tau-II fl:- [-0313 I22: Bur-l, The-15 mm? l-o f? Elm-u Al Dunn-mm WEN Pain-prim [:uu SECRET STRAP1

Izeveni's IMMINGLE 3.39m was: 5 'f 3" .r'li; 1. .EAA 11 lgf'leIIQ-Dl Big-D I liE-UllJL?hqq?fMl? 1'4 If" 1! HQZDI I l-u-I. Mil-h Puf?n-I. 1133-1 FURLAMANCA- mg?npolo (Jamal - I m?mfg'ag?gfy 1-D DEQIIMWAAWAA innrhECl-h. I: I -J.MA1NWAT 11; a ll: El I-?mm- 3 3b.: . . $335an ?rm-142 4r . r? ?ll. WP '33::34 I 5H . 111.1315 Fr; . I grail?Hr] 5-06-52 BMW 123:In.- .q?I fr? . EH AB qr-r? . ?kg: Eva-Its: '4 i II SAUDI ARABIA HI a '9 9792:] 12:15 ?h a?wzal [if i- SEED IDENTIFIER .-.. . MA It: 3. aflurlzulu - .- . 1 Wk 1?1. D-aizasuurce Text MWATH I . 1:;ng I. NU 3,201.3 .3332 Sean Matt m-na?mmnmam r" I35F 5Fir5t Tail: 24-D5l-E?l? 15* HEW- 25 emu-mm .- - I- .- 3'31'3 95-47ERGAEI Text I l_ u- SECRET STRAP1

vzevem?s IMMINGLE :2 What next? FASCIA GPRS flagging HAUSTORIUM decommissioning Next Gen Contact Chaining NEXT GENERATION . events SECRET STRAP1

Izeven?l's BRIO and SALAMANCA I1- Key changes since July: r2.- NRT (Near Real Time) Storage 3 days *2 Extra feeds from TERRAINs at BUDE and SOUNDER I2 2nd Party usage of SALAMANCA: SHAREOWN replaces ESCHAR r2 CallAnsweredState and CallEndState added to TERRAIN-SALAMANCA feed a? SECRET STRAP1 GCHQ

Izevem?s (cont.) I I I Pa klstan NGN InferenCIng errors Eh EH fuchI'Ih'ururrmr 'rl 'n'urli -. J. u. tun-uni'hn-?a am 1.: prawn-c cutaigaml?? ?all In . ?mul . Brian-hr l1'l 3.1.111Jami. . huh-'nan-mi- - . . 'uIld'JI"tad-all mm a' a . . Cl?: qr. 5 LLIJHII ICED-1: - . . ?rir53.55w'l'u' ?pl. H.- I ?l?nr I: Iran;

vzevem?s SECRET STRAP1 (Em?

tzevem?s Scaling "3 Current scale There are 100 unique bearers feeding the 825 tools. Consistently averaging over 30 billion events per-day into the input buffer. 0 MB is loading over 10.5 billion a 6 months data retention for MB 1,890,000,000,000 records and requires 400 TB. 0 Total storage of over one petabyte. a SECRET STRAP1

tzevents Scaling *2 Future Scale Further 58 bearers by end of 2010 An additional 40 bearers in Q1 2011. 0 MB will ingest over 20 billion events per day requiring one petabyte of storage. 0 Overall storage will increase to 2.5 petabytes. Scope scaling to 400 bearers. a SECRET STRAP1

m1ou mum:- 1-H I?duwlnw n. I: 'Ii' Vahwv-Ilaal?ev PM 1.5. ire-?Elba, mlhsI 31-? n1 -- I: .It-nnl ?farm mum va?lams I?m-web same: mhmnu Tahuo webmal? amt: EDIIEL awn dram?. news. and mat-Hint: Funkl?: I'Dll'llanw "anon-Emma THE 5i:an [Jam IS 1115 IE TIEI unmma Isme?man aft!? "fauna! c?man EHHIHS rr 1m ii an a primal-yr The ?ll manna; rlh: mam: an a aananda :Inrnaln a! {3 hr . ma?a: for mana- on primary! accnnuaryuuma MGII. In Iamc, In] u-surnarnn: appears part mama Immi- r: ma?m? ilsarl. ubfuawhau "H?er Tm Dafahaie buli- nu; ?nal-Inan- Emmy-"m using iiran aubs?'lu?an Wile tailed 9011 1 TM Mammal? break truth rala?tl ?irt with? ru one and Ium i bikini: plih twirl}! use an a TEII Ta nunf-Canhsn Is aneth anemummu 3E: 5.5. J-Ehan Elms ?lbh?hhl 1ha ?aunt sauirh] nliarr! rat-martin": a'n'ah Ho h?thcr allarr ahm I: brink. Imom'm, ur Inhalp'ful. plaasu am? MEMDW anu In: . MUIANI Elm-J l-IEI?im tuna ?r LMTHIP plLICEAL 3mm SECRET STRAP1

eevem?s Samuel Pepys r2 Pull through and upscaling of TR SPs. Currently 43 bearers. - 14 from TR SP - 29 additional bearers from TPS (generating HTTP, TDI, Websearch, FTP and Squeal). - Circa 40 additional bearers just generating Squeal. ?Approval to increase aperture to 100 bearers for all data-types. ?Approval to increase user numbers to 200. SECRET STRAP1

Izevem?s SOCIAL ANTHROPOID SECRET STRAP1

rzevem?s r2What is Social Anthropoid? SOCIAL ANTHROPOID is a converged comms database. It will allow you to see when your targets have communicated via phone, over the internet, or using converged channels sending e-mails from a phone or making voice calls over the internet). SECRET STRAP1 - GCHQ -

raevem?s li?What about the existing comms data- bases? ?When SOCIAL ANTHROPOID contains all the necessary data and has all the core functionality of the legacy tools Social animal, HAUSTORIUM ancl SALAMANCA will be de-commissioned. a SECRET STRAP1

rzevents '2 What data is in Social Anthropoid?? All of Salamanca data (telephony) Social animal data. Instant Messenger. Webmail. - SIP H323 VOIP Yahoo Voice Blackberry MMS SMS (from Salamanca and other sources) GTP (GPRS session set-ups) And more.. 5. SECRET STRAP1

tzevem?s PEWhat about SMTP, POP3 and Starting to receive these data types now. Capability deployed as part of HeartBeat 11. a SECRET STRAP1

reevem?s a? ?IrrFr'r anI' . %Eaued queries To. have 1 sawed guerres. I . Test :v I QLeries will no aLto?netita ly sultn'rtted to all instances ot' SQCIR- ECCIAL MWAL ant Convergent SQCIEIL AHINEL. - Fo' :uull-: gLeriesJ enter n'ultirtle selecto?s {one per line). - If ellow r-Iiltcards is ti:ltet_ a is treated as a n'rJlti-charaeter {e g. parole .H II matthpaul'je. pau1456.pau1eayahaa.cam 'natc'r :uut U'rl lte other and here to s:e::ie n'rea'rirg [to :ueryr for a lterel sign. urchecc 'el ow ratherthan 'eseeoing' t're I- Eugr del?eutJ results rail he retuo?e: i?r wl?ich 'rour nrtut selector ir ether t?re Userf. o' _ser column {in MirnLtern'rs is the 'ectorJ o?the 'sueject' with the ere-rt}. To tetur?r relets ahitl' _rour selector o?rlg.r as the attve userJ?ce tl'e Query attire uses on _v checdooe: I Fro't-end processing rorr?a ises 32C selectors ir veritus weesJ ntleing t'e ren'ooa o: from the usernames o: Emei addresses. To get IEn'rai groJ will neet to norTra ise 'rourtueries in the sa?ne wa-r {e searc' instead Smeil iEef ignores the dot so there snI: danger of getting et'erts fo'the wrong atcant If :loulotJ co?rsult rout loeel 22C tech ex. "1i'en :la JJC F'rio?ty Furrtose HFlriI. JL stiFr certi :In Search period (cpto?ra to g; =ite' resuts log n'attl'ert selectors :Iritrto dstuley rill-rm QJe'g Lsers o?rly testing l+ Save Quer':r ii-t. Submit query SECRET STRAP1

aevents .- Jur InIltn mum lJirr U: :r A Ulcr U: I:r I ?lpl-Ir run [lili?llr anh- roll i:an Pasdts summer: 1'3 Eli-[Iri- ?din-a- ncuunr .I'Luucm no: mm .6. 2:1 Liar 41. Um A Tn: umr User 15 Fir?: Sam Len-I Stan CID-1M all chat 0-: dub: 31-3 ?4w; that mks-sane was??! mm e-m-all :rnml H: 3 I - that 31-h? :11 Ell rhdi "lHt?hdue _I1 _n_n11i Eur-Iij I 1 gum-c, mung: 153:4? 3-1 '7 Flr?nri than: mess-a nu:m1il.c Sender Mai HI: ":1er ail tern i -L- H: - 1551433"; Zd?uul- that EH-Ill-Z?t-Z?ll 33-Oct-2017. char masca- I.nu Err-an.an Sam-Jar Fun an: -r :nm -Fnh?r mun :r '1 pl I 15:53:? mammal ?LliLIn.? - . that 12 -JL H-EGJI Lz-lun-EUI: Lhat mas-:5: Er 131m a-I.fr' small Iu'luxmaalmru small I that: ma?age -2 13:15:14 chat char mussaqn hartmal .It Enndar Remnant hn?m-?lmrq Jnknown 3' rna?sage-a 15:39.13 Source- chat . Qa-nuu- 2:31 33-hau-E??1 mat may: 5r .Izu' urn-all -iilun imam Dr :rnall t: I: MEESJQE- ?1 I manna Eh in?ll-PE Action: .11: '?til?l: Ill n1? P'nlr Tr'ruz'l'lr'll El . Eran-El: 111 ?Juli-.12 - (?In dun-Iran], I lul: :tnrl a Ian!- I I'll' I - . . - ?lial-II}: ?rdnr L?nspla] Eumrlar-f lit-U Fulani; an: :o_n2- ii-itu-i-u; ?F-u SECRET STRAP1 .

'2 Telephony in Santhropoid j, I mar 11 rult ?ier-? n1? Mniw- IL Uur .I. name I: aim [l?i-r-cuu-Eul? -- tnIEpI-mlr went Iglnbal). 2 ?Int-1n. durahun: uummub I .Irlin type.- Benin a?n Faint?[ME Eli-?43una'anI-vn tli= =HrJ Lu-zm-Jri: SuurEE Paint?Ende: ?E-Nuu?E?ll} telephony event {glob-34), 2 selectur-s, duratmn: Hill?e u: Ium'J-ru mtlun: Acilun [rpm I:.3i a Pulml-EuchUDC-g diel'nd :uu H: l'uhlLtudL': ED =41 Ehluw way-cum Ill-*th {glam-J). a d'erTJill'I: :mmuruu mun Adi-J pt; Gail un-in awn :dll teLr-unbe- diil Ed Soul-1:1: Fui'nl: [ad-3: EDT-11 ?c?inatinn Fain]: Emit: Pemtn- Paul:- 5 Him ?rm: 1P _n Imhar I Jl ?Lu: Ln :an SECRET STRAP1 Ui?f 3 ram - Usrr 3 display name

Convergenca - GTP tunnel Ilan?. HIE-FD Us." A Hill! U?l-El' A hm: User it Uicr I: ran valu: Ua-cr Ii roll.- Hit:- 5 H131.- [Ii-Er User II raw Halal: displafnamr dismal-llI nanlr: EII-Hnu-i'l'lln "n.an ruFM (9111:. IFIl?anri ?lL'wI: um: ?t?nn: .ld'inn l-"u-r Till-'3 tum-2 In'uil - a' Hate tUnn: tel_nl.1mtlr n1 wall 1 Hm rhl-"I I - 1x I_Iy_l_._1 11, -. E'murte IPIH: Elli-?HE: Damnation 1" JiEl-u' al events from Iris 5 r-1 fin:an (91:11:, .1 craeE-E m:th tun: 'runr-BI rut? tunna] In'm IIPI. Tutu tunn? not dualiahle arr-3U: tun-191 mas-lat?: lull quad-Juli: I I \u Sum-ti:- Enurrc Dr?lna?un II- 1' 1.1-: l_ 1.I .rll SECRET STRAP1 GCHQ

'2 Convergence Leaky Gateways [Ia-tr Fl User A User A. raw User IJqu Type Ultr A dupr ?It? 3 will" nihil- ?amt U: rli User-Bram dlfl. ?alm- 1? name 24-1] A: l- JEIJI. If! ll! er'. J. inn-tr.th Hechnet? Ill-? on: urn-IF let-Inn type: mmuge [hm-nun? I ?nurtr Dublin-Ilian 24-nct-zu1u [Iazl 1:5] webmall event [Hahn-n), 5 {ale-(tar; Indian: send ?ction type.- message Mina-urn I mum.? mu;? Iii'llm'a- Ed??rt-E?l? man IS- nebmall cue-n1 [yahnuL 5 :electnri ?ctive us tun?rum [r22 Ethan: send ?ctmn tyne: rruti-acuc [ill mm mm? ununmn 3r:n" mun ?4-?rl rumll 5 Biff L5 HzcuuriUw-?mr SECRET STRAP1 GCHQ

vzevents OSN Li's A. Ii User A ml: Mae-r .H. Uur l. User It ran uslua Br Ii User type User It Llser Hm value :liiplay rim-rm unma- 11:41:42 - AhI'?lALtuunt {Fanhuuk}. icln?mrs ?tlj ue us acetic-u:- um in Hull: Lzllat Al?liull In?: "mi-Jan: 1ha:me:uge Facahnnl-wd - Locum?: mr-Inr-r: l?-JuI-E?ll] 21:41:41! - SERIAL paler:an PI usEr?IF samba-o until El?: 4. t'l' lr-rn?rnn: [El-HIqu- 15-Jul-20?! 21:11:31' EHLIAL thHALevantiFamhnuH}, 2 user: :riwhb??'mtl ull-Lut Attitm t'l'llt". "Ir-way. Eli'lurt' 3' 1:11:11 'Iinillnl eunnt {Famhnuk}, ?Elna-an ?ctive ?ier-{rambmt-uid} nttl'nn: that Action t'fpa: SECRET STRAP1

tzevem?s Looks good, When can I have an account? Santhropoid is currently in the second stage of UAT. ?We currently have 200 users representing all areas of the business. ?Aiming to be in a position to release Santhropoid to the masses in early January. a SECRET STRAP1

pzevents New data source li' LUSTRE new data-source available in MB. Good for North Africa. '2 Source field This will enable new non- routine data-sources to be added to the QFDE. CNE JTRIG GLASSBACK data used for test case. COLLATERAL a SECRET STRAP1 Gama?

uzevem?s New Loaders e4: New loaders deployed to MB and HR Map, improvements to KP. Latency of the data in the QFDs has been greatly reduced, now around 12 hours. 0 Each instance of MB can now ingest 8 billion events per? day (total 32 billion) Some QFDs were previously 1-5 days behind. Query performance during loading has also been improved. a SECRET STRAP1

tzevents GUIDING LIGHT QFD Presented by (Guiding Light SU) SECRET STRAP1

Izeven?l's What is GUIDING I: New QFD developed in August 2010 by TDB- Events. rz Primary objective: ?To understand the traffic seen on the Next Gen Events bearers.? a SECRET STRAP1

Igeven?l's What can it do for me? General Questions: I: Given a case notation, what are the TDI types that are found on it? Ir: Given a TDI type/subset, which bearers produce the highest number of events? What type of traffic is on which bearers and where is it coming from? *2 Which bearers provide the most amount of traffic type from place y? SECRET STRAP1

laeven'l's Front End Interface GUIDING LIGHT Frum Date Tu Date l?ust?m Custern I Dress-ants Bearer e.g_ 51 s: Event Type ezg. semester-ts; Cuunlry?igraphe {using ISO standard 31 Min Event taunt FrernAteEI Mate: The as wildsard character represents er rne?re characters. Event Types Seurse Tynes Daily Emma Prs?le Elearers' Countries a? 51? SECRET STRAP1 .

vzevem?s any? Em. 'irlrir?-E. illi?ahrai :3 I I-i:e II err'yw I I'Irig'rn'rim ".1Irlrg. I1 JE pea-ante ?33: were? "If. ., JE aiera? pea-antra- 5 2'5 Fee-enure- tree-enme- pea-anne- pea-ange- pee-ante- 52:: 5 .25 55-inch mas-anne- mes-ence- sear-2h :5 Urea-eme- Balance ceaenqa 'qat r1939.an ?gatqreTera? Irl:h C'Iullmhul' Q1alt?nhar mltanhar' L: 1eltenhar' ?lg-Iran her? ITHHII :rlhul' C'Iullmhul' C1elt_anhar' L: mltanharf 1elten.l_1_ar' Ewe-Henna? I: ?elgenhar' mltanhar' Ljeltanhar' I: ?Is-gunner {Hull ErlhiJl'. {Hull :rlhul' mltanhar' I: mltanharj _L'?eltenhar? I: ?elgenhar? {Hull :rlhul' {Hull :rlhul' mltanhar' ll: qultenhar l: {Hull ErlhiJl'. ITHHII Irlhul' Results - Full Profile Query WEEJC: 1099:1313. _5 :Igzulqa x'L LHL Him: I ?r1133 _15 I: _Ul .F r. . .RP ?1??th _I'jnr? EM lle! 'l FI IT: EQEPD I: EQEPD ?rm-w _HI11har??gilr4mi-IJser-?qer1_ _aw-x k_ ant . EQEPD a _HfJ?dl 3' FII 'rI I: SECRET STRAP1 L: 'm d: I- UL: 53-: --: an a: [In J-

Results Pivot: Event Types Event Twas Sectiun3 :44: I . 3,333,333 .. . . .. . 3,333,331 3,313,331 334,333 .. . 433,333 I 3544:?: tannin-435 (T43) 343,333 333,333 33,413 . .. 31.333 - 53'553 33,343 . . 33,343 . 31,334 13.444 14,433 tE?u??t?fp??GHQ: - 14"]93 E?i-e?tarit?pa 34mg . 14333 . . - 11,333 13.1133 3 ntry P13413112 3.531 - 3,334 3,333 .444 E33431: Ty'paJ 33:31.? I Emu Easter - 'qai'lyzcujun?ca 3.4334 .4443: SECRET STRAP1

Results Pivot: Countries (From) ?rm-H .5: 341 Fr: . tJ-1 aw 13: :2 5'5 'e t'E' . I In: I Fri-1 Ill .IT ll . FTE 14'! . 135 I-?o I I LEE I: bE EI-JII .. 55'. 'I'i II- I I IIEI t! 'Juef :?g-imn IJ 'I-cLIc-e - Eucrl 1. I, SE 1' Egsliulim Ecl. .F hm I um SECRET STRAP1 Gama;

Izeveni's Recent Enhancements :2 Data from Bude (RPC) ?Inc uding data from SWORDPLAY '2 New fields PDDG SIGAD SSDG a SECRET STRAP1

Eevenfs Future Enhancements Near future: eAdding BROAD OAK Targeting data :2 Incorporating MI functionality from REFORMER (where appropriate!) Adding more feeds. (Ongoing) Longer term: rat-Adding Cipher and MI information a: Linkage into ARTEMIS (or its successor) SECRET STRAP1 Gama?

eevents Any Questions SECRET STRAP1

Fetching more

Filters SVG