Title: Computer Network Exploitation

Release Date: 2018-02-17

Description: This undated GCHQ presentation gives an overview of the agency’s use of hacking techniques, including an explanation of what it perceived the legal position to be at the time: see the Intercept

Document: TOP SECRET STRAP1

Contents

• What is CNE?

• Why do CNE?

• CNE Teams

• Partners

• Challenges

• Contacts

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

What is CNE?

” Computer & Network Exploitation delivers to GCHQ data of

intelligence value by remote access to computers, computer
networks and telecom networks without the knowledge or
consent of their owners and users, within the appropriate legal

framework”

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

OR

Legally accessing computers/networks remotely without the
owners permission to:

- Produce Intelligence

- Do Effects

- Support others: PTD, CND, Partners

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Why do CNE?

Passive Sigint won't always work

• Can overcome crypt or collection difficulties

• Access to data at rest

To enable conventional Sigint

• Used as an enabler of crypt

• Redirect traffic

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

CNE teams

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Legalities & Policy

CNE must comply with current legislation:

• Computer Misuse Act (CMA) 1990 states that
unauthorised access or modification is illegal when:

- person in UK and computer in UK

- person overseas and computer in UK

- person in UK and computer overseas

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Legal & Policy

Exemption is obtained from the CMA using Intelligence
Services Act (ISA) warrants:

• Section 5: UK targets (requires at least Foreign Secretary
signature)

• Section 7: overseas targets (can be signed by DO unless
sensitive)

European Human Rights Act

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Covert Infrastructure, Access & Dataflow

All CNE activity must be UK deniable

• Intermediary machines/Covert Infrastructure used to:

- gain access to targets via the internet

- bring data back into corporate repositories

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Infrastructure

Implementation/maintenance CNE core infrastructure

- CNE Desktop

- Network

- Servers

- Storage

- Sys Admin

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

CNE Operations

• Network End Points

• Counter Terrorism

• Single End Points

• Data Harvesting

• Effects

• CNE Scarborough

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Types of Operation

Masquerades

- Use credentials obtained from CNE or passive
collection to gain access to email, chat rooms etc

Content Delivery

- Individually crafted email attacks that dupe target
into visiting an exploitation web server

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Types of Operation

Router Ops

- Targeting network infrastructure via gaining access
to Admin machines

Remote Access

- Use security weaknesses to survey and gain access
to computers/devices using public/private tools

Wgchq

This information is exempt under the Freedom r' r * ' " ■ ■ nder other UK information

legislation. Refer any FOIA queries to GCHQ o

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Effects

Making something happen a target's computer.

- Degrading comms to slow network.

- Bringing down target's web browser.

- Changing users' passwords on extremist website.

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

EREPO

• EREPO is the covername for router operations

• Provides access to in country collection through exploitation
of routers

• Target data more accessible to SIGINT collection

• Provides crypt material, event tip-offs, target metadata

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Capability - Implants

Develops techniques and technical assets, mainly
software, for use in CNE Operations.

• Teams:

- Microsoft
-UNIX

- Hardware

- Mobiles

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Capability - Research

• Vulnerabilities Research and Exploit development

Find the holes/weaknesses
Use them to gain execution

• Future Techniques

QUANTUM

MUGSHOT

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Capability - Prototyping

• Analyst and Operator Tools

• Automation

•STARGATE

• HIGHNOTE

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Joint working

• 2nd Parties, SIS and Security Service

- all do CNE but have different targets and toolsets

• Close working with OPD-GNE, OPC-TDSD, OPD-JS
and other teams within Active Approaches

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Deconfliction

Deconfliction carried out with Second Parties:

- Implants may interfere with each other

- More activity increases risk of being found
Deconfliction by IP addresses, not target.

'Primacy' agreed and tasking shared.

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

CNE support PTD

Includes:

- Password Cracking

- VPN Exploitation

- CV/Key Extraction

- WHARFRAT

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Challenges

• Avoiding detection by target or another agency

• Remaining within the law while increasing pace

• Staying ahead of the game

• Diversifying toolkit

• Meeting increasing customer demands

• Demystifying what we do

• Co-existing with partners

Wgchq

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ

© Crown Copyright. All rights reserved.

TOP SECRET STRAP1

Contacts

•Email

•Call

•Visit A3c

PTD "We penetrate targets' defences."

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information
legislation. Refer any FOIA queries to GCHQ on

© Crown Copyright. All rights reserved.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh