Title: Blazing Saddles

Release Date: 2015-09-25

Description: This page from GCHQ’s internal GCWiki describes the BLAZING SADDLES tool for handling huge amounts of metadata and the specialised analysis it supports: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.

Document: blazing-saddles-tools-p1-normal.gif:
TOP SECRET STRAP 1 COMINT

The maximum classification allowed on GCWiki is TOP SECRET STRAP1 COMINT. Click to report
inappropriate content.

For GCWiki help contact: webteam Support page

Blazing Saddles

From GCWiki

Jump to: navigation, search

Overview

Getting an account

User requirements

Training/Support

Overview

Blazing saddles
icon.png

Brought to you
by

Logo large.jpg




[edit! Overview

BLAZING SADDLES is the TDB
portion of the second pilot of the Next
Generation Events project under the Better
Analysis Programme. The primary
objective of BLAZING SADDLES is to
increase the supportability and scale of
presence events stored for a number of
key internet profiling tools. This will be
achieved by the deployment of a range of
Applied Research OFDs and an instance
of Black Hole to a TDB maintained
experiment environment at Cheltenham
and also at Bude. For more background to
this work sec the (J: internet Profiling SE
Context provided by BA

[edit] Operational QFDs

• BzS - useful info

o Events Product Centre QFDs
o Loading Status

• Related products

o Social Anthropoid
o TDI Database
o TDIs

• Useful Links

o Blazing Saddles Blog
o SpvSpace Group
o BLACK HOLE
o NGE Input Buffer
o NG_E_G_ateway
o Supporting Internet Operations
o NGE GCForum
o Training

• Tech

o Dev Server Info

o (J:)Technical Documentation/SourceiZ:)
o Technical Documentation
o Infrastructure
o QFD JEEQE deployments
o Operational Deployment
o Reference system activities

QFD

TYpe What it holds

Questions it answersblazing-saddles-tools-p2-normal.gif:
AUTOASSOC

HRMüp

INFINITE MONKEYS

KARMA POLICE

MARBLED GECKO

Bulk unsclccted

TDI-TD1 System information

correlations with
confidence scores
- information

Events about which TDIs

have been seen at
the same times
and from the
same IP addresses
as other TDIs.

Host-referrer
relationships -
information about

Events how P^P*0 8et to

websites,

including links
followed and
direct accesses.

Bulk unsclectcd
v-bulletin
identities -
information about

Events membership of

webforums
powered by
v-bulletin
software.

Bulk unsclectcd
TDI-wcbsite
correlations -
information about
which TDIs have

Events been seen at

approximately the
same time, and
from the same
computer, as
visits to websites.

• What other TDIs belong to
your target

• What technologies your target
is using (so long as those
technologies generate TDIs)

• How do people get to my
website of interest and where
do they go to next?

• What websites have been
visited from a given IF?

• What v-bullctin accounts docs
my target have?

• Who uses this v-bulletin
forum?

• Where are the members of this
v-bulletin forum based?

• Which websites your target
visits, and when/where those
visits occurred

• Who visits suspicious
websites, and whcn/whcrc
those visits occurred

• Which other websites arc
visited by people who visit a
suspicious website

• Which IP address and web
browser were being used by
your target when they visited a
website

Content

Information about
the use of Google
Earth and Google
Maps.

• When, where and from which
IP address, particular areas of
the earth have been looked at

• What areas of the earth were
looked at from a particular IP
address or computerblazing-saddles-tools-p3-normal.gif:
(Combined with MUTANT
BROTH) Who was looking at
those areas of the earth

MEMORY HOLE

MUTANT BROTH

SAMUEL PEPYS

SOCIAL ANIMAL

Information about

_ the use of Google

Content . . ..

and similar

services queries.

Information about

_ TDIs which were

Events

seen on the
Internet.

SAMUEL
PEPYS is a near
real time Internet
diarisation tool. It
enables powerful
IP stream

Events and analysis/profiling

Content by fusing all

available traffic
types in one
place. It contains
both unsclccted
events and
content.

Information about
how users interact

Events with other users,

and with
filcs/picturcs

• When, where and from which
IP address, particular searches
were made

• What searches were made
from a particular IP address or
computer

• (Combined with MUTANT
BROTH) Who made those
searches

• Whether your target is being
seen by the collection system

• Where and when your target
was active

• What IP address your target
was using

• What other TDIs were seen on
that IP address at a similar
time

• What kinds of computers does
you target use

• Who shares a computer with
your target

• Are there any CNE
opportunities for your target?

• SP can answer a wide range of
analytic questions based on all
available traffic types it
contains.

• Who your target interacts
with. Interactions include
chats, file-transfers and
buddy-listsblazing-saddles-tools-p4-normal.gif:
 • What filcs/picturcs/videos
/video on the Internet. your target interacts with
Converged
comms events
database, allowing you to see who your targets have communicated with via phone, over the internet. • What communications your
or using target is engaged in
converged • Who has your target been
SOCIAL Events channels (c.g. communicating with
ANTHROPOID sending emails • What communications have
from a phone or occurred using a particular
making voice locator (IP address, cell tower,
calls over the internet). Will subsume SOCIAL ANIMAL and has replaced HAUSTORIUM (now decommissioned). etc)
Primarily IMEI defeats, including a severity score and associated correlations for • Is this handset cloned?
GOLDEN AXE Events each IMEI. Other • Docs this selector uniquely
selectors such as IMSI. MSC_GT, identify my target?
VLR_GT will be
supported in future.
r


Categories: BLAZING SADDLES | Systems with accreditation information infoboxes | Systems with
expired accreditation





e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh