Documents
SOCIAL ANTHROPOID Briefing
Sep. 25, 2015
SOCIAL
ANTHROPOID
SECRET STRAP1
SOCIAL
ANTHROPOID
SECRET STRAP1
2m
WNW
I><m
.UW.
mmn?md. Wag?u.?
2m
WNW
I><m
.UW.
mmn?md. Wag?u.?
mx_m._._Zm
M.
I
Ibfm.
me>n<
m>r>z>zn> mm
mmn?md. Wag?u.?
mx_m._._Zm
M.
I
Ibfm.
me>n<
m>r>z>zn> mm
mmn?md. Wag?u.?
I SCALING HUGE VGLUMES EIF EVENTS,
EXISTING SYSTEMS ARE BREAKING.
I GGNVERGENEE.
I DESIGN.
BUT STILL NEED
I ENRIEH
I VISUALISE
I MERGE WITH NSA DATA SGUREES
SECRET STRAP1
I SCALING HUGE VGLUMES EIF EVENTS,
EXISTING SYSTEMS ARE BREAKING.
I GGNVERGENEE.
I DESIGN.
BUT STILL NEED
I ENRIEH
I VISUALISE
I MERGE WITH NSA DATA SGUREES
SECRET STRAP1
.2
m>r>Z>Zn>
m__U IMNM.
ZZW
Am?mm cum;
mmn?md. Wag?u.?
.2
m>r>Z>Zn>
m__U IMNM.
ZZW
Am?mm cum;
mmn?md. Wag?u.?
We.
GCHQ QUERY SCREEN
Search
UERSION 2.o4 L?gged in as:
fouery input Results- -- . .I.
Search type
Selector Selector Pair Locator {not
Selector search
%5aued queries
You have 1 saved queries.
Saved query functionality has been temporarily disabled. I
.. IQueries will be automatically submitted to all instances of and SOCIAL
I For bulk queries enter multiple selectors {one per lineRelatlye Date .
- If allow wildcards Is ticked, in Is treated as a multI-character wildcard pault: ma llESEh-otmall. com}.
Llnlilce other and have no special meaning {to query for a literal =3 sign, unchei
II By default, results will be returned in which your input selector appears in either he Use 1 Dayisj all]
To return results in which your selector appears only as the active user, tick the Querye
I Updated: The system will automatically retrieye records containing the normalised yers In?ll-Ida Tlme
as suehJ there is ne lenqer a need te her-r :ulice 'u'nln- ruler-1r teen-It: Ill? enr?l?'
Searches on Yahoo! email addresses will
If in doubt, or for further details, consult Set Date
MIXED -
Miranda 2D14EI
JIC Priority 8; Purpose
HRFI. Justification sting
Search period {optional}: I
v! Filter results by matched selectors prior to display
IJLIEISEFS Ell-I
QUERY BY USE START AND END, RELATIVE
DATES
We.
GCHQ QUERY SCREEN
Search
UERSION 2.o4 L?gged in as:
fouery input Results- -- . .I.
Search type
Selector Selector Pair Locator {not
Selector search
%5aued queries
You have 1 saved queries.
Saved query functionality has been temporarily disabled. I
.. IQueries will be automatically submitted to all instances of and SOCIAL
I For bulk queries enter multiple selectors {one per lineRelatlye Date .
- If allow wildcards Is ticked, in Is treated as a multI-character wildcard pault: ma llESEh-otmall. com}.
Llnlilce other and have no special meaning {to query for a literal =3 sign, unchei
II By default, results will be returned in which your input selector appears in either he Use 1 Dayisj all]
To return results in which your selector appears only as the active user, tick the Querye
I Updated: The system will automatically retrieye records containing the normalised yers In?ll-Ida Tlme
as suehJ there is ne lenqer a need te her-r :ulice 'u'nln- ruler-1r teen-It: Ill? enr?l?'
Searches on Yahoo! email addresses will
If in doubt, or for further details, consult Set Date
MIXED -
Miranda 2D14EI
JIC Priority 8; Purpose
HRFI. Justification sting
Search period {optional}: I
v! Filter results by matched selectors prior to display
IJLIEISEFS Ell-I
QUERY BY USE START AND END, RELATIVE
DATES
SECOND STAGE QUERY SCREEN
SOCIAL ANTH ROPOID mum in
iQuery input Results-3?: FLesults:- if Result5:-
?I'eur input terms matched 3'3 euents frem 23:36:45 GMT te FriI 21 Jan 2311 33:33:49 GMT.
Teu may restrietthe seleeters metehing yeur ingutterrns by selecting frern the values heluuiJ grierte te yeur query results.
highlighted seleeters ere nermelisetl uersiens ef yeur eriginel guerir seeds.
I. 3eleet all De-seleet ell
gmeil.eern (emeiLeddressl 2
grneil.eern (Unknewn) 1
hetrheil.eerh (Unknewnl
lire.se (miner) 3
liue.se (Sender) 3
EIPTIEINAL
liire.se 33
Cenhnuel
?a Filter results leg matched selecters Drier tn: distilling
SECRET STRAP1
SECOND STAGE QUERY SCREEN
SOCIAL ANTH ROPOID mum in
iQuery input Results-3?: FLesults:- if Result5:-
?I'eur input terms matched 3'3 euents frem 23:36:45 GMT te FriI 21 Jan 2311 33:33:49 GMT.
Teu may restrietthe seleeters metehing yeur ingutterrns by selecting frern the values heluuiJ grierte te yeur query results.
highlighted seleeters ere nermelisetl uersiens ef yeur eriginel guerir seeds.
I. 3eleet all De-seleet ell
gmeil.eern (emeiLeddressl 2
grneil.eern (Unknewn) 1
hetrheil.eerh (Unknewnl
lire.se (miner) 3
liue.se (Sender) 3
EIPTIEINAL
liire.se 33
Cenhnuel
?a Filter results leg matched selecters Drier tn: distilling
SECRET STRAP1
m-
RESULTS
WILL BE BETTER WITH
i?l SOCIAL Selector search Mozilla Firefnx
Eile Edit Eiew History Bookmarks Iools Help A A I
I
in Most 'v'isitecl Discover eLilzIrarv iTime PhoneBook Weather
SDEIAL Selector search
TDP SECRET STRAPZ EHDRDAL
Logged in as:
yQuerv input .5 Results:? Results_ "7 Results?' 5_ Results?"
User A User Filter criteria
User A User . 4!
User A type User A User A value User type User User value
role role To filter this result set
name name
choose some criteria
3" I: I L:
30?Nov?2010 1?:43:29 tele hony event 11?. 5 selectorsII duration: 0W an
Active user irnsi) . app"! I
Action: voice Action type: call
User 1:5 calls User A
voice call irnsi -
Select all
De?select all
?Ema? 'ms' HEADER BUN IAINS KEY INFCI
ShowI only events
. . . I these
voice call Imsl
. technology types:
A I telephonv even1l
voice call
voice call
And these
voice call I I actions:
cancel_location netw-i
Locators:
net-A.
Source Polnt?Eode: 20 ocat on_rnessage ne
message (101
message!
30?Nov?2010 1?:4?:21 . sms_submit rnessagE'
IV a
Action: voice Action t} l:l
unknown call (164
?Dice '35? . update_ ocation netw-
I I voice call (152 event
voice call imsi
?4
. Operator
. . . I I Bearer ?ltering
voice call Imsl language
Ternporal filtering
voice call . I TDI filtering
1 =v .
-- Participant count
Page 1 Of 4 First Displav Summary I Export filtering
Ki- in?Fo-?r-rn ati n- is lie-tic n.
m-
RESULTS
WILL BE BETTER WITH
i?l SOCIAL Selector search Mozilla Firefnx
Eile Edit Eiew History Bookmarks Iools Help A A I
I
in Most 'v'isitecl Discover eLilzIrarv iTime PhoneBook Weather
SDEIAL Selector search
TDP SECRET STRAPZ EHDRDAL
Logged in as:
yQuerv input .5 Results:? Results_ "7 Results?' 5_ Results?"
User A User Filter criteria
User A User . 4!
User A type User A User A value User type User User value
role role To filter this result set
name name
choose some criteria
3" I: I L:
30?Nov?2010 1?:43:29 tele hony event 11?. 5 selectorsII duration: 0W an
Active user irnsi) . app"! I
Action: voice Action type: call
User 1:5 calls User A
voice call irnsi -
Select all
De?select all
?Ema? 'ms' HEADER BUN IAINS KEY INFCI
ShowI only events
. . . I these
voice call Imsl
. technology types:
A I telephonv even1l
voice call
voice call
And these
voice call I I actions:
cancel_location netw-i
Locators:
net-A.
Source Polnt?Eode: 20 ocat on_rnessage ne
message (101
message!
30?Nov?2010 1?:4?:21 . sms_submit rnessagE'
IV a
Action: voice Action t} l:l
unknown call (164
?Dice '35? . update_ ocation netw-
I I voice call (152 event
voice call imsi
?4
. Operator
. . . I I Bearer ?ltering
voice call Imsl language
Ternporal filtering
voice call . I TDI filtering
1 =v .
-- Participant count
Page 1 Of 4 First Displav Summary I Export filtering
Ki- in?Fo-?r-rn ati n- is lie-tic n.
4r 4..
RESULTS MEIRE METADATA
SOCIAL Selector search - Mozilla Firefox
Eile Edit Eiev-iI Historv ?ookmarks Iools Help
a '42.
Most Discover eLibrarv iTime PhoneElook Weather
SDEIAL Selector search
TOP SECRET STRAPZ EHDRDAL
SOC IAL ANTH ROPOID
riQuerv input Results: Results:- Results_ Results_
User A User
User A User
I User A type User A User A value dIspIay I User type User User value display
ro ro
name name
30?Nov?2010 1?:43:29 telephony event . 5 selectorsl duration: A
Active user:
Action: voice Action type: call
voice call imsi Called-MSG
voice call imsi caller tel_numl:ier
voice call imsi Called?MSRN
voice call tel_numl:uer Called-MSG
voice call tel_numl:ier Called-MSRN
voice call tel_numl:ier caller tel_numl:ier I I
Locators:
SPLAY THE
Source Point?
INFEI IN QFD SPEAK
5:11: I
Bearer: SigAd: Pooc: om
THE ETADATA
Source:
BLACK HULE filename: Key: Plugin: v2
Additional meta?dataNormal Telephone call,
E, I, 234, o, cIRcu1T_Io_cooE 39, 1,
RJ, GLASGOW, 20215, R,
:44, I, 000132, I, 1,
n, L, MSRN
20032, ummeas4en1, a, 24cc1, 25
Page 1 of 4 F-?ir?sT Premous 1 2 3 4
Last Go Change Sort Order Display Summary Export
Next
This information is exempt under the Freedom of Information Act 2000 FOIA and ma be exem under other UK. information legislation.
.
Transferring data Fru?
Filter criteria
To filter this result set
choose some criteria
below and then click
Fir-pl?
Event type filtering
Select all
. De-select all
Show only events
these
technology types:
telephony eveni
And these
actions:
cancel_location netw-
insrt_sul::scril:ier
location_message ne
message {101
sms_de iver message
sms_submit message
snd_routing_info netI.
subscriber_info netw-
unknown call (164 ev
update_location netw
voice call (152 event
a?
Bearer filtering
Temporal filtering
TDI filtering
Participant count
filtering
4r 4..
RESULTS MEIRE METADATA
SOCIAL Selector search - Mozilla Firefox
Eile Edit Eiev-iI Historv ?ookmarks Iools Help
a '42.
Most Discover eLibrarv iTime PhoneElook Weather
SDEIAL Selector search
TOP SECRET STRAPZ EHDRDAL
SOC IAL ANTH ROPOID
riQuerv input Results: Results:- Results_ Results_
User A User
User A User
I User A type User A User A value dIspIay I User type User User value display
ro ro
name name
30?Nov?2010 1?:43:29 telephony event . 5 selectorsl duration: A
Active user:
Action: voice Action type: call
voice call imsi Called-MSG
voice call imsi caller tel_numl:ier
voice call imsi Called?MSRN
voice call tel_numl:uer Called-MSG
voice call tel_numl:ier Called-MSRN
voice call tel_numl:ier caller tel_numl:ier I I
Locators:
SPLAY THE
Source Point?
INFEI IN QFD SPEAK
5:11: I
Bearer: SigAd: Pooc: om
THE ETADATA
Source:
BLACK HULE filename: Key: Plugin: v2
Additional meta?dataNormal Telephone call,
E, I, 234, o, cIRcu1T_Io_cooE 39, 1,
RJ, GLASGOW, 20215, R,
:44, I, 000132, I, 1,
n, L, MSRN
20032, ummeas4en1, a, 24cc1, 25
Page 1 of 4 F-?ir?sT Premous 1 2 3 4
Last Go Change Sort Order Display Summary Export
Next
This information is exempt under the Freedom of Information Act 2000 FOIA and ma be exem under other UK. information legislation.
.
Transferring data Fru?
Filter criteria
To filter this result set
choose some criteria
below and then click
Fir-pl?
Event type filtering
Select all
. De-select all
Show only events
these
technology types:
telephony eveni
And these
actions:
cancel_location netw-
insrt_sul::scril:ier
location_message ne
message {101
sms_de iver message
sms_submit message
snd_routing_info netI.
subscriber_info netw-
unknown call (164 ev
update_location netw
voice call (152 event
a?
Bearer filtering
Temporal filtering
TDI filtering
Participant count
filtering
FILTERS, SUMMARISATIEIN AND
SEARCHES
SOC IA A NTH ROPOID
Query Input Results_ Results:-
User It Use
User it User it User User
User A. rule User it displav User tvpe User
tvpe value rule value
name nam
93-Dec-2919 tele event -. 1 selectpr. duratian: 99:99:99
native men?imam
Actien: unknewn nctien tvpe: call
unknewn ca irnsi net_avai ah e not available
Lecaters:
Spurce Origin-Paint-Cnde: 2914? Spurce Destinatien Dest-Ppint-dee: 69432
EIMnre
93-Dec-2919 99:95:13' telephenv event 1 selecter. dur
Active user=_imsii
Action: upclate_ ecatien Action tvpe: netwerk
ims
SUMMARY CIF
TARGET BEHAVICIUR
upclate_ ecatien
netwerk
Le caters:
Saurce Spurce
EIMnre
93-Dec-2919 99:94:39 event - 1 selectpr. duratian: 99:99:99
?ctive user: (imsij
?ctinn: unknewn nctipn tvpe: ca
unknewn ca irnsi net_avai ah e not available
Lecaters:
Drinin?Pnint?Fn?e: Destinatinn nest?Pnint?Cnrle: snare?
.1
Page 1 cf 59 Farst Pre~.rieus Next Change Sert Orcler Display Summary CSU Expert
Last (59) Ge
SECRET STRAP1
Legged in a3:
Filter criteria
Te filter this result set cheese serne
criteria helew and then click apply I
Participant ceunt filtering
Shaw enlv events in which the
participant ceunt:
Is greater than
Bearer filtering
Temperal filtering
TDI filtering
Participant ceunt filtering
FILTERS, SUMMARISATIEIN AND
SEARCHES
SOC IA A NTH ROPOID
Query Input Results_ Results:-
User It Use
User it User it User User
User A. rule User it displav User tvpe User
tvpe value rule value
name nam
93-Dec-2919 tele event -. 1 selectpr. duratian: 99:99:99
native men?imam
Actien: unknewn nctien tvpe: call
unknewn ca irnsi net_avai ah e not available
Lecaters:
Spurce Origin-Paint-Cnde: 2914? Spurce Destinatien Dest-Ppint-dee: 69432
EIMnre
93-Dec-2919 99:95:13' telephenv event 1 selecter. dur
Active user=_imsii
Action: upclate_ ecatien Action tvpe: netwerk
ims
SUMMARY CIF
TARGET BEHAVICIUR
upclate_ ecatien
netwerk
Le caters:
Saurce Spurce
EIMnre
93-Dec-2919 99:94:39 event - 1 selectpr. duratian: 99:99:99
?ctive user: (imsij
?ctinn: unknewn nctipn tvpe: ca
unknewn ca irnsi net_avai ah e not available
Lecaters:
Drinin?Pnint?Fn?e: Destinatinn nest?Pnint?Cnrle: snare?
.1
Page 1 cf 59 Farst Pre~.rieus Next Change Sert Orcler Display Summary CSU Expert
Last (59) Ge
SECRET STRAP1
Legged in a3:
Filter criteria
Te filter this result set cheese serne
criteria helew and then click apply I
Participant ceunt filtering
Shaw enlv events in which the
participant ceunt:
Is greater than
Bearer filtering
Temperal filtering
TDI filtering
Participant ceunt filtering
BCZUK
DU .2
ENTIHZMN
mmn?md. Wag?u.?
BCZUK
DU .2
ENTIHZMN
mmn?md. Wag?u.?
GCHQ REDIREETED BALLS
la) SOCIAL AHTHROPOID: Selector search - Mozilla Firefox
l: lF! trill mew ?nnkmerkc I_nn c ?eln
6" 1.:
IL Most Discover eLibrory iTime PhoneBoolt. Weather
SOCIAL ANTI IROPOID: Selector scorch
TOP SECRET STRAPZ UK CIIORDAL
Logged in as:
-
User A User Filter criteria
User A User . ..
User A type User A User A raw ualue User type User User ram value I
name FDIC name TLI Filter resulL seL some
criteria helnw enrl Then click Apply
28?0ct?2010 14:36:02 telephony event 2 selectors. duration: 00:00:00
ALliun:vuie ven ype I ellng
VOICE Ba? ?Sr tal?numbar . BEIGESllulwI unly event:
I
Source Cell technology types:
telephony.r {1102/1 events}
Mnre (4F: events)
ODN EXI IN SOCIAL
Active usel
:1an these
Actlon: VDIC
rtreefe funnel (451 euenrc)
-- El location messoqe network (109-4 event?
voice coil I lleI' tel number
A I message (305 events)
voiee eoll H'Edirewon' sms_de iver message (503 events)
Number El message (203 events}
Lucaturs: Ilnk'nnuun hell-(HIHH events)
9 . 40545 t. t. . 40103 El uoclote location network (-40 events)
ource oln e. es Ina Ion oln e. VOICE ca? ?206 events)
5R1:
IIKti-Vlli'l l-I'l
Source:
BLACK HOLE filenarne: 20101028 140000 SALAMANCA Key: Plugin: 5 v2
Addiliuudl
ADDITIONAL NUMBER 1 ADDITIONAL NUMBER 1 CALL ANSWERED STATE U. CALL DIRECTION MT. CALL END STATE:
E. I. 02. o. c1ncu1T_ID_coDE 320MUMBHIKISCS. 1401.03. GRIP-1580401.. O.
TIMESLOT 09
28-Oct-201 elephony event (Upip). 2 selectors. duration: 00:00:13
Artlue user: Tel_n rnherj
INDICATOR DiverLeIJ.
ALliuu: true: uell
unknown
ne
4
Locators:
Bearer
Source Polnt-Cocle: 40235 Source ?394? Destlnatlon IP94-
m? I I Iernperal filtering
Pnoe of 160 Find. 1 2 3 4 5 if: QNUXL (160) GU Order Display Summary CSU ExuurL TDI ?ltering
LFUUIIL I'iILeriIIu
i3 uquIIuL ul? ALL FOIA and Illcl uLlII-_-r UK luuiblaLiull.
Rural FOIA ugELi-Fb LU eCH-gueu
(Iii
GCHQ REDIREETED BALLS
la) SOCIAL AHTHROPOID: Selector search - Mozilla Firefox
l: lF! trill mew ?nnkmerkc I_nn c ?eln
6" 1.:
IL Most Discover eLibrory iTime PhoneBoolt. Weather
SOCIAL ANTI IROPOID: Selector scorch
TOP SECRET STRAPZ UK CIIORDAL
Logged in as:
-
User A User Filter criteria
User A User . ..
User A type User A User A raw ualue User type User User ram value I
name FDIC name TLI Filter resulL seL some
criteria helnw enrl Then click Apply
28?0ct?2010 14:36:02 telephony event 2 selectors. duration: 00:00:00
ALliun:vuie ven ype I ellng
VOICE Ba? ?Sr tal?numbar . BEIGESllulwI unly event:
I
Source Cell technology types:
telephony.r {1102/1 events}
Mnre (4F: events)
ODN EXI IN SOCIAL
Active usel
:1an these
Actlon: VDIC
rtreefe funnel (451 euenrc)
-- El location messoqe network (109-4 event?
voice coil I lleI' tel number
A I message (305 events)
voiee eoll H'Edirewon' sms_de iver message (503 events)
Number El message (203 events}
Lucaturs: Ilnk'nnuun hell-(HIHH events)
9 . 40545 t. t. . 40103 El uoclote location network (-40 events)
ource oln e. es Ina Ion oln e. VOICE ca? ?206 events)
5R1:
IIKti-Vlli'l l-I'l
Source:
BLACK HOLE filenarne: 20101028 140000 SALAMANCA Key: Plugin: 5 v2
Addiliuudl
ADDITIONAL NUMBER 1 ADDITIONAL NUMBER 1 CALL ANSWERED STATE U. CALL DIRECTION MT. CALL END STATE:
E. I. 02. o. c1ncu1T_ID_coDE 320MUMBHIKISCS. 1401.03. GRIP-1580401.. O.
TIMESLOT 09
28-Oct-201 elephony event (Upip). 2 selectors. duration: 00:00:13
Artlue user: Tel_n rnherj
INDICATOR DiverLeIJ.
ALliuu: true: uell
unknown
ne
4
Locators:
Bearer
Source Polnt-Cocle: 40235 Source ?394? Destlnatlon IP94-
m? I I Iernperal filtering
Pnoe of 160 Find. 1 2 3 4 5 if: QNUXL (160) GU Order Display Summary CSU ExuurL TDI ?ltering
LFUUIIL I'iILeriIIu
i3 uquIIuL ul? ALL FOIA and Illcl uLlII-_-r UK luuiblaLiull.
Rural FOIA ugELi-Fb LU eCH-gueu
(Iii
mmn?md. Wag?u.?
mmn?md. Wag?u.?
mj. .1
A .3. mx>z_urn
onIO
I I
.MIZU
I I
mmn?md. Wag?u.?
mj. .1
A .3. mx>z_urn
onIO
I I
.MIZU
I I
mmn?md. Wag?u.?
a.
LEAKY GATEWAYS
JQJ SOCIAL Selector search - Mozilla Firefox
Eile Edit ?iew History Bookmarks Iools Help
@vcx LI.
g. Most Discover eLibrarv iTime lj PhoneBook Weather
SDEIAL Selector search -
TEIP SECRET STRAPZ
Logged in as:
yQuery input Results-.
User A User
User A User A User User
User A type User A User type User
role value role value
name name
lilMore .A
UD.11.J.F event
Active user?UserId) _MaehineId)
Action: send Action type: message
From Unknown From Unknown
Locators:
Source Destination ww?
HARD ASSCIEIATIDN
Bearer: SigAcl: PDDE: HM
Source:
BLACK HOLE filename: Kev: Plugin: A v4
Arlrlifinnal arfius-
User agent: SAMSUNG-GT-SSESSAIIE SHPIUPPIRS Nextreaming profileHMIDP-El eonfigurationg?CLDC-ll I
Additional Ineta?data:
Action SendEmailJ Actor?Context ate Protocol Est?- ?n Etre=m
Dst?Port 330J Stream?Src?Port 1.7'06 'H'ia infoH Gatewayr Huawei Technologies
MEIRE USEFUL INFCI
24?0ct?2010 06:10:16 event {yahoo}. 5 selectors
Active _MaehineId) ?H-huawei-
Action: send Action type: message
From Unknown From Unknown Em
Locators:
Source Destination
More
24?0ct?2010 06:10:16 event {yahoo}. 5 selectors
Active ?I:MaehineId]I
I-unn- - .
Page 1 Of 1 First F'i'evmus 1 Meant Last :1 Change Sort Order Displayr Summaryr CSU Export
This information is exempt under the Freedom o'F In'Formation Act .2000 (FOIA) and Irnai,I be exempt under other UK in'Forrnation legislation.
Refer. e'T'J-f FQI.A FlHtariSS
?3
a.
LEAKY GATEWAYS
JQJ SOCIAL Selector search - Mozilla Firefox
Eile Edit ?iew History Bookmarks Iools Help
@vcx LI.
g. Most Discover eLibrarv iTime lj PhoneBook Weather
SDEIAL Selector search -
TEIP SECRET STRAPZ
Logged in as:
yQuery input Results-.
User A User
User A User A User User
User A type User A User type User
role value role value
name name
lilMore .A
UD.11.J.F event
Active user?UserId) _MaehineId)
Action: send Action type: message
From Unknown From Unknown
Locators:
Source Destination ww?
HARD ASSCIEIATIDN
Bearer: SigAcl: PDDE: HM
Source:
BLACK HOLE filename: Kev: Plugin: A v4
Arlrlifinnal arfius-
User agent: SAMSUNG-GT-SSESSAIIE SHPIUPPIRS Nextreaming profileHMIDP-El eonfigurationg?CLDC-ll I
Additional Ineta?data:
Action SendEmailJ Actor?Context ate Protocol Est?- ?n Etre=m
Dst?Port 330J Stream?Src?Port 1.7'06 'H'ia infoH Gatewayr Huawei Technologies
MEIRE USEFUL INFCI
24?0ct?2010 06:10:16 event {yahoo}. 5 selectors
Active _MaehineId) ?H-huawei-
Action: send Action type: message
From Unknown From Unknown Em
Locators:
Source Destination
More
24?0ct?2010 06:10:16 event {yahoo}. 5 selectors
Active ?I:MaehineId]I
I-unn- - .
Page 1 Of 1 First F'i'evmus 1 Meant Last :1 Change Sort Order Displayr Summaryr CSU Export
This information is exempt under the Freedom o'F In'Formation Act .2000 (FOIA) and Irnai,I be exempt under other UK in'Forrnation legislation.
Refer. e'T'J-f FQI.A FlHtariSS
?3
SOCIAL ANTHROPOID
User A
User A
role
User A type
LIN Loading:- in; Loading-. Results:_
s, Results:
User A User A
display
value name
Logged in as:
Results:?
User
User type User
role
19?Nov?2010 22:33:49 event 3 selectors
Action: save Action type: message
Locators:
EILess
From Unknown
FULL RANGE EIF TRAFFIC TYPES
SRI:
Bearer: PDDE: HM
Source:
Additios
Action SaveDraftEmail
Stream-Dst-Port Stream-Src-Port 64??6
BLACK HULE
Actor?Context IClwnerJ Eaid EventState COMPLETE, Protocol Route:
Key: Plugin: A v4
19?Nov?2?l? 22:15:33? webmail event [windo
Active use
Action: save
Action type: message
From Unknown
Locators:
Source Destination
More
19?Nov?2010 22:06:32 webmail event 3 selectors
Page 1 of 1 First Previous 1 Next Last
CEINTEXT RICH AETIEIN TYPES
Unknown
SECRET STRAP1
iv
.I. .
I Change Sort Order Display Summary Export
Fvsuhts-
Filter criteria
To filter this result set ohoose some
oriteria below and then oliok
Event type filtering
Show only events with these
technology types:
SOCIAL ANIMAL (544 events)
ehat {4638 events)
El pop3 {2 events)
El {Eu events)
webmail (243 events)
El aooept friend (2 events)
El alias user events}
El ohat message {4808 events)
El download message {2 events)
El message (1 events)
El list friend {15? events)
El login user (125 events)
El logout user events)
El observe friend (33 events)
El photo message {3 events)
El remove friend {2 events)
El reguest friend events)
save message {45 events)
El send message (153 events)
El message {32 events}
El view folder {9 events)
El view message {13 events}
E-earer filtering
Temporal filtering
TDI filtering
Participant oount filtering
SOCIAL ANTHROPOID
User A
User A
role
User A type
LIN Loading:- in; Loading-. Results:_
s, Results:
User A User A
display
value name
Logged in as:
Results:?
User
User type User
role
19?Nov?2010 22:33:49 event 3 selectors
Action: save Action type: message
Locators:
EILess
From Unknown
FULL RANGE EIF TRAFFIC TYPES
SRI:
Bearer: PDDE: HM
Source:
Additios
Action SaveDraftEmail
Stream-Dst-Port Stream-Src-Port 64??6
BLACK HULE
Actor?Context IClwnerJ Eaid EventState COMPLETE, Protocol Route:
Key: Plugin: A v4
19?Nov?2?l? 22:15:33? webmail event [windo
Active use
Action: save
Action type: message
From Unknown
Locators:
Source Destination
More
19?Nov?2010 22:06:32 webmail event 3 selectors
Page 1 of 1 First Previous 1 Next Last
CEINTEXT RICH AETIEIN TYPES
Unknown
SECRET STRAP1
iv
.I. .
I Change Sort Order Display Summary Export
Fvsuhts-
Filter criteria
To filter this result set ohoose some
oriteria below and then oliok
Event type filtering
Show only events with these
technology types:
SOCIAL ANIMAL (544 events)
ehat {4638 events)
El pop3 {2 events)
El {Eu events)
webmail (243 events)
El aooept friend (2 events)
El alias user events}
El ohat message {4808 events)
El download message {2 events)
El message (1 events)
El list friend {15? events)
El login user (125 events)
El logout user events)
El observe friend (33 events)
El photo message {3 events)
El remove friend {2 events)
El reguest friend events)
save message {45 events)
El send message (153 events)
El message {32 events}
El view folder {9 events)
El view message {13 events}
E-earer filtering
Temporal filtering
TDI filtering
Participant oount filtering
FEATURES ARE WE GETTING
SCALE
GEQ INCLUDING NEW FILTERING
SELEETQR PAIRS QUERY
BREAD DAK ENRIEHMENT
LQEATQR QUERY
EMAIL DEIMAIN QUERY
TDS
DISPLAYNAMES
SECRET STRAP1
FEATURES ARE WE GETTING
SCALE
GEQ INCLUDING NEW FILTERING
SELEETQR PAIRS QUERY
BREAD DAK ENRIEHMENT
LQEATQR QUERY
EMAIL DEIMAIN QUERY
TDS
DISPLAYNAMES
SECRET STRAP1
GCHQ
GED INC. FILTERING
Results:_ Results:_ Results: Results:_ Results: Results:- Results: Results:?
User A User A User User Filter criteria
User A User
User A type User A raw:I User type User
To Filter this result set choose some
value nan1e value name
criteria loelow and then click Applv
Source Destination IP94:
FIMore Event type Filtering
Mon. :13 Jan 2:111 05:45:13 GMT socIAL ANIMAL event [Yahoo] chat message. 2 selectors Bearer ?ltering
Active PESHAWAR. PAKISTAN GED ?ltering
Unknown Yehoo-unarne Unknown Yahoo-uname
Select all De-select all
lac-atom:
Source IP94: only euenis geo-Iocated to tt
following countries:
Kazakhstan [1 events]
Pakistan (39 events]
2 United States [4 events]
Unknown [3?1 events]
16 Dec 06:00:13 GMT SDEIAL [?I'ahoo] chat messageI 2 selectors
Active PESHAWAR. PAKISTAN
Unknown Yehoo-unan?e Unknown Yahoo-uname
{iit'a?l??r?i
we
Fl More
11'luI 16 Dec 2010 06:00:10 GMT ANIMAL event ['I'ahoo] chat messageI 2 selectors
Active PAKISTAN
Unknown Yehoo-unarne Unknown Yahoo-uname -
l;l More
SECRET STRAP1
GCHQ
GED INC. FILTERING
Results:_ Results:_ Results: Results:_ Results: Results:- Results: Results:?
User A User A User User Filter criteria
User A User
User A type User A raw:I User type User
To Filter this result set choose some
value nan1e value name
criteria loelow and then click Applv
Source Destination IP94:
FIMore Event type Filtering
Mon. :13 Jan 2:111 05:45:13 GMT socIAL ANIMAL event [Yahoo] chat message. 2 selectors Bearer ?ltering
Active PESHAWAR. PAKISTAN GED ?ltering
Unknown Yehoo-unarne Unknown Yahoo-uname
Select all De-select all
lac-atom:
Source IP94: only euenis geo-Iocated to tt
following countries:
Kazakhstan [1 events]
Pakistan (39 events]
2 United States [4 events]
Unknown [3?1 events]
16 Dec 06:00:13 GMT SDEIAL [?I'ahoo] chat messageI 2 selectors
Active PESHAWAR. PAKISTAN
Unknown Yehoo-unan?e Unknown Yahoo-uname
{iit'a?l??r?i
we
Fl More
11'luI 16 Dec 2010 06:00:10 GMT ANIMAL event ['I'ahoo] chat messageI 2 selectors
Active PAKISTAN
Unknown Yehoo-unarne Unknown Yahoo-uname -
l;l More
SECRET STRAP1
Select-3r F'air' Email clan-Iain
20140
. F'IJr'pujsEe
HFLFI. Justificaticun preparing sliI:lEes fur training
Search period licuptiujnal?l:
Filter rF-sults pr'iujr' tn:
Saue Queryr Submit
SECRET STRAP1
Select-3r F'air' Email clan-Iain
20140
. F'IJr'pujsEe
HFLFI. Justificaticun preparing sliI:lEes fur training
Search period licuptiujnal?l:
Filter rF-sults pr'iujr' tn:
Saue Queryr Submit
SECRET STRAP1
GECHQ
EMAIL DDMAIN QUERY
I ANTH ROPOID mm? 3'03 BETA
Query My IQuery input Results- Results: - Results: Results: - Results:
SECRET STRAP1
earth t'll 'I'our input ten-I15 matched 14e'uen15 from 'l1'luI Jan 2011 09:12:53 TueI [ll Feb 2011 15:42:20 GMT.
You may restrict the selectors matching your input terms by selecting from the yalues below, prior to proceeding to your query results.
salectc' Any highlighted selectors are normalised yersions oF your original query seeds.
Select all De-select all
brandon.com.ua [Unknown] 2 occurrences
brandon.com.ua [Account?wner] E- occurrences
brandon.com.ua [Hccount?wnerj E- occurrences
?T?ou ha
randon.com.ua (email_address:l 1 occurrences
brandon.com.ua [Account?wner] 1 occurrences
I Que
Con?nue
Domair
l?
or ri d? pti null: chlillr'EEIll 12:41:13" to 030252011 12:41:12 JIC F'riority EiF'urpose 1H3
Filter results lay matched selectors prior to clisplay HRA Jugtl?catl?n
Query actiye users only
Target Enrichment
Save Query 'l Submit Query
SECRET STRAP1
GECHQ
EMAIL DDMAIN QUERY
I ANTH ROPOID mm? 3'03 BETA
Query My IQuery input Results- Results: - Results: Results: - Results:
SECRET STRAP1
earth t'll 'I'our input ten-I15 matched 14e'uen15 from 'l1'luI Jan 2011 09:12:53 TueI [ll Feb 2011 15:42:20 GMT.
You may restrict the selectors matching your input terms by selecting from the yalues below, prior to proceeding to your query results.
salectc' Any highlighted selectors are normalised yersions oF your original query seeds.
Select all De-select all
brandon.com.ua [Unknown] 2 occurrences
brandon.com.ua [Account?wner] E- occurrences
brandon.com.ua [Hccount?wnerj E- occurrences
?T?ou ha
randon.com.ua (email_address:l 1 occurrences
brandon.com.ua [Account?wner] 1 occurrences
I Que
Con?nue
Domair
l?
or ri d? pti null: chlillr'EEIll 12:41:13" to 030252011 12:41:12 JIC F'riority EiF'urpose 1H3
Filter results lay matched selectors prior to clisplay HRA Jugtl?catl?n
Query actiye users only
Target Enrichment
Save Query 'l Submit Query
SECRET STRAP1
LDEATDR QUERY
Search type
Selector Selector F'air Locator Email domain
Locator search
Saved queries
?T?ou haye 1 sayed queries.
I lQueries will be automatically submitted to all instances of SOCIAL but NOT to SOCIAL ANIMAL.
1' For hulk queries, enter multiple locators [one per line].
- If allow wildcards is ticked, is treated as a multi-character wildcard.
Unlike other IOFOs, and?-. haye no special meaning [to query for a literal sign, uncheck Iallow wildcards' rather than IescapingI the wildcard.
I By default, results will he returned in which your input locator appears in either the Source or Other locator column
Use the checklookes below to change which of the source, other and destination columns you query.
1' Selecting "Search all typesII will return all matches regardless of the locator type.
'y'y'hen IISearch all typesII is False, you must select at least one type. Locators haye to match one of these types to be returned. ?r?ou can only pick the types that are ayailalole For the database columns (source,
destination and.u"or other] you haye selected.
Locators: Types to query:
A
Cell-Global-Identifier Miranda
Oest-IP-Address
F'rIorIty S: F'urpose 1HS
Flight'i?iumbe" HRA Justification testing
Search period [optional]: to
-:'1'Lllow wildcards IQuery For source locators
Search all types IQuery for other source locators Save Query Submit Query
Target Enrichment IQuery for destination locators
LDEATDR QUERY
Search type
Selector Selector F'air Locator Email domain
Locator search
Saved queries
?T?ou haye 1 sayed queries.
I lQueries will be automatically submitted to all instances of SOCIAL but NOT to SOCIAL ANIMAL.
1' For hulk queries, enter multiple locators [one per line].
- If allow wildcards is ticked, is treated as a multi-character wildcard.
Unlike other IOFOs, and?-. haye no special meaning [to query for a literal sign, uncheck Iallow wildcards' rather than IescapingI the wildcard.
I By default, results will he returned in which your input locator appears in either the Source or Other locator column
Use the checklookes below to change which of the source, other and destination columns you query.
1' Selecting "Search all typesII will return all matches regardless of the locator type.
'y'y'hen IISearch all typesII is False, you must select at least one type. Locators haye to match one of these types to be returned. ?r?ou can only pick the types that are ayailalole For the database columns (source,
destination and.u"or other] you haye selected.
Locators: Types to query:
A
Cell-Global-Identifier Miranda
Oest-IP-Address
F'rIorIty S: F'urpose 1HS
Flight'i?iumbe" HRA Justification testing
Search period [optional]: to
-:'1'Lllow wildcards IQuery For source locators
Search all types IQuery for other source locators Save Query Submit Query
Target Enrichment IQuery for destination locators
. isplayr Name Summary
Summarl,l IIiisplaI,I Names Export
under other UK information loisle Jn. n'spla? Name summary
Summar',I of all selectors with clisplal,I names within this result set.
[Unknown]
"rouTuloe Seruice 1 occurrences
TDS GENERATION
muslimaid@gator.ceml3.co.uk [Unknown]
r??ticl 2 occurrences
hotrnaiLcom [aner]
hotmai .com 24S occurrences
WDRK DN A
hotrnaiLcom [Unknown]
?1occorrences
hotmaiLcom [Unknown]
1 occurrences
7-: I In 'I.com [Account?wner]
21 occurrences
=Ihotn1a il .com [Unknown]
- hotmai .com 1 occurrences
SECRET STRAP1
. isplayr Name Summary
Summarl,l IIiisplaI,I Names Export
under other UK information loisle Jn. n'spla? Name summary
Summar',I of all selectors with clisplal,I names within this result set.
[Unknown]
"rouTuloe Seruice 1 occurrences
TDS GENERATION
muslimaid@gator.ceml3.co.uk [Unknown]
r??ticl 2 occurrences
hotrnaiLcom [aner]
hotmai .com 24S occurrences
WDRK DN A
hotrnaiLcom [Unknown]
?1occorrences
hotmaiLcom [Unknown]
1 occurrences
7-: I In 'I.com [Account?wner]
21 occurrences
=Ihotn1a il .com [Unknown]
- hotmai .com 1 occurrences
SECRET STRAP1
a?
Heme Data Fusien
lei"? Analysis - Communications between identifiers
1.1VISUALISATIDNS
Q51.
7]
Date Time
01-Sep-2010 20:39:42
01-Sep-2010 20:39:42
01?Sep?2010 20:39:42
01-Sep-2010 20:39:33
01-Sep-2010 20:39:33
01?Sep?2010 20:39:33
01-Sep-2010 20:39:33
01-Sep-2010 20:39:20
01?Sep?2010 20:39:20
01-Sep-2010 20:39:20
Data Seurte
SOCIHL ENTHROPOID
SOCIHL ENTHROPOID
SOCIFHL
SOCIFEL
SOCIFEL
SOCIFHL
SOCIFEL
SOCIHL ENTHROPOID
SOCIFHL
SOCIHL ENTHROPOID
Fl. Type Fl.
Email address
Email address
Email address hetmail.tem
Email address live.se
Email address live.se
Email address ive.se
Email address live.se
hetmail.tem
Email address
Email address
Email address
SECRET STRAP1
-: MEI caravan-:n'qre rsati 0
20 1 0-00-01
20 :30El:
items
Send instant
message -
$10-11"- 2010-00-01
20:30:
rm
5?
?3
'73:?x?ydk?
{?01k
a
REG-awed
42.0 Send instant
message
2010-00-01
20:40:41.0
Send instant
ITIESSEQE 0'
2010-00-01
20:39:20.:13
El
?.393
A
a?
Heme Data Fusien
lei"? Analysis - Communications between identifiers
1.1VISUALISATIDNS
Q51.
7]
Date Time
01-Sep-2010 20:39:42
01-Sep-2010 20:39:42
01?Sep?2010 20:39:42
01-Sep-2010 20:39:33
01-Sep-2010 20:39:33
01?Sep?2010 20:39:33
01-Sep-2010 20:39:33
01-Sep-2010 20:39:20
01?Sep?2010 20:39:20
01-Sep-2010 20:39:20
Data Seurte
SOCIHL ENTHROPOID
SOCIHL ENTHROPOID
SOCIFHL
SOCIFEL
SOCIFEL
SOCIFHL
SOCIFEL
SOCIHL ENTHROPOID
SOCIFHL
SOCIHL ENTHROPOID
Fl. Type Fl.
Email address
Email address
Email address hetmail.tem
Email address live.se
Email address live.se
Email address ive.se
Email address live.se
hetmail.tem
Email address
Email address
Email address
SECRET STRAP1
-: MEI caravan-:n'qre rsati 0
20 1 0-00-01
20 :30El:
items
Send instant
message -
$10-11"- 2010-00-01
20:30:
rm
5?
?3
'73:?x?ydk?
{?01k
a
REG-awed
42.0 Send instant
message
2010-00-01
20:40:41.0
Send instant
ITIESSEQE 0'
2010-00-01
20:39:20.:13
El
?.393
A
Barr
TIME
L. I TIME
m>r>z>zn>
mmn?md. Wag?u.?
Barr
TIME
L. I TIME
m>r>z>zn>
mmn?md. Wag?u.?
CONTACTS
Senior Users:
Business Change:
SECRET STRAP1
CONTACTS
Senior Users:
Business Change:
SECRET STRAP1
Questions?
SECRET STRAP1
Questions?
SECRET STRAP1