Ghosthunter tasking process
Sep. 6 2016 — 9:03a.m.
TOP SECRET//COMINT GHOSTHUNTER Tasking Process ( , Sept 09) Written to understand how the current GHOSTHUNTER (GH) process works and how GCHQ should present tasking. Note: APPARITION has been designed to provide global access for VSAT geolocation requirements in future and will have its own unique tasking process in place. Some requests which are assessed by the NAC may be put on the APPARITION system depending on the location of the modem and which system has best access. Background/Current Formal Tasking There is an Overhead task (362) which drives tasking requirements using GHOSTHUNTER. It includes both a US and GCHQ CRN. Despite its title of MultiCountry (stems from when a limited number of AOIs were included), the US CRN requests coverage of targets worldwide (GW). However, note that the GCHQ CRN only mentions Iraq, Iran, Pakistan, Afghanistan, Algeria, Philippines, Lebanon, Mali, Kenya, Sudan and Somalia. The task consists of two priorities: 1. Pri 2/336 (336 is OH speak for a tipper). This priority is usually used for actionable requests using GH, that is when the decision has been made between the Network Analysis Centre (NAC) at NSA in liaison with Task Force commanders in-theatre (usually covert) to apprehend a specific target. This is likely to be a short suspense request. 2. Pri 3. There are two parts to this priority (both non-actionable): routine daily VSAT search/survey performed by two OH resources and scheduled daily by Denver which will provide a lat/long for a VSAT dish (not GH); the more dynamic GH tasking used in conjunction with Comsat assets to provide the timely location of an internet user. Tasking may consist of an attempt to locate a known target of interest or a VSAT survey type request. Locational data can be matched with imagery if required. [Note: Overhead resources are requested on an adhoc basis to achieve geos]. GH tasking used at its non-actionable priority is to learn and establish pattern of life for known terrorists who use internet cafes to communicate. The whereabouts of such targets is established using known IP/MAC addresses in conjunction with the Comsat/OH accesses and the GH system at MHS (main GH hub) which resides in the New Mission Development Centre at site. 1 of 3 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on TOP SECRET COMINT
TOP SECRET//COMINT What GHOSTHUNTER can do for you Basically, it provides geolocation of modems of interest, when active, based on certain locational data (usually from Mastershake). The more you know about the location the better, though requests may be made to country level (depending on size) as well as the more usual city level. In order to forward requests, tasking must contain as much locational info as possible from Mastershake; liaise with the NAC directly for further help and verification of targets. Also, if an IPT is seeing interesting traffic on a satellite modem, GH may be able to help to establish patterns of activity, again use the NAC to discuss your request. A bonus to the geolocation of a modem is that GH will also geolocate all modems which are on the same signal, close to the targeted area and active at the time of the initial geolocation. It’s not advised to request geolocation of every modem on a bearer as GH requires at least some locational data as a starting point. How tasking is performed What GH allows at MHS is a 24/7 search for targets of interest. The position is tasked using an IP/MAC Priority list provided and managed by the NAC, so all requests must come through NAC channels. Searches are performed using where possible MP15 (search antenna) or MP14 (NMDC special dish) at site; Moonpenny sustained collection is not interrupted. If the target cannot be accessed via these dishes, site may use other GH connected sites such as Sounder. [[Note to above: coordination of resources is usually done by phone for timeliness, am told sometimes requests go through Bude (email) but this isn’t slick. Also, unlike TK sites, no access to Info WorkStation (IWS) chat facility which MHS uses. Sounder has a callout rota for HVTs (Pri 2 type requests) as they don’t operate 24/7]]. Using the target list, the GH operator at MHS performs a search with a comsat asset using information on the tasking list (MAC, downlink RF, IP etc); once a target is noted active, an adhoc OH resource is then requested via Denver to perform the geolocation. This process can be performed 24/7. Results of this are either emailed or klieglighted ) as well as input to Mastershake. I’m told the Mastershake entry is tagged with a GH line for id. For both Pri 2 tippers and Pri 3 requests, a KL is issued and can be married up with imagery if this has been requested. How to task Initially, it’s been agreed with the NAC that any potential tasking will be forwarded to them or discussed initially to check before being submitted for tasking. As well as Mastershake, they check the NAC Knowledge Database (NKD, US Eyes). 2 of 3 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on TOP SECRET COMINT
TOP SECRET//COMINT There are formatted forms to submit tasking requests on email which I hold once we get the process running. NAC POCs: , . The NAC is aware that not everyone has TK email and don’t see this as a problem. Once accepted by the NAC, tasking is forwarded to sites for execution. Also, tasking can be discussed with MHS before submission (POC: to check whether it’s a suitable). Results Will be input to Mastershake, be aware that all the data is replicated daily into the 2 nd party Mastershake (ie the one GCHQ accesses) and at the very most will take 24 hours to populate. In addition to this, klieglights are issued and can be found in the following db: ( can help with forwarding these. Imagery may also be requested, again I’d go through if you need help. 3 of 3 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on TOP SECRET COMINT