Title: Mobile Networks in MyNOC World

Release Date: 2014-12-13

Document Date: 2011-01-01

Description: This GCHQ presentation from 2011 provides the background to the agency’s hacking attack on Belgacom: see the Intercept article Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco, 13 December 2014. gchq-mobile-networks-in-my-noc-world

Document: TOP SECRET STRAP 2

Mobile Networks in

World

Head of GCHQ NAC

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ

TOP SECRET STRAP 2

What is a MyNOC ?

MyNOC - My Network Operations Centre

- A Space

- A Concept

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ on I

TOP SECRET STRAP 2

A Space

• Analyst Desktop X 10

• Un-attributable internet X 10

• JTRIG Desktop

• HIGHNOTE-CNE Toolsuite

• COPPERHEAD - CNE Attack box

• NEXUS (BSS Desktop)

• CADDIS (SIS Desktop)

• NRT Tipping Display

• 65” VTC/Collaborative Monitor and Projector

• Virtual Whiteboarding tool and Whiteboard

• Secure telpehony / storage

n/\c

This information is exempt from disclosure under theFreedomoflnformatioiTAi2£22.2nd..m2y.be.sUj£li£ exemption under other UK information

legislation. Refer disclosure requests to GCHQ o

TOP SECRET STRAP 2

A Space

ÜU

BRENT

RUSSETT PHONE

ACCOUNT-MyfiCC-1)

CAUUIS

A RED PORTS
FOR LAP-TOPS

VIDEO SWIICH BOX

KVM SWITCH

iy*M:Ke*p*vïfeü fu jwviue)

NDCUÖ CfJADIXD

CADDIE ENABLED

MyNoc Locations

The MyNocs are located as follows and contain the following capabilities;

MylMUU I A4a

MyN0C2 C4c

MyNOCd Bid

MyNOC4 C4d

MyNOCo A4f

GENERAL

GENERAL

GENERAL

A4a-C29-1 A4a-C29-2 A4a-C29-3

LEGEND:-



NEXUS

Ü1



- FOOT PEDAL

A4a-C29-9 A4a-C29-8 A4a-C29-7

m/\Œ

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ o

TOP SECRET STRAP 2

Interlopers in A Space

This information is exempt from disclosure under t
legislation. Refer disclosure requests to GCHQ or!

exemption under other UK information

TOP SECRET STRAP 2

A Concept

• Collaboration environment bringing together capability from
across GCHQ.

• Appropriate resources identified / Appropriate prioritisation

• Formalised planning process

- Clear Focused objectives

- Selection of Operations Manager

- Preparation

- Review

• Assessment and feasibility

• Professional Operations Manager

- Ensure operation is focused on stated objectives

- Ensures operation is legal

- Protects information equities

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ on I

TOP SECRET STRAP 2

MyNOC & NAC
NAC tasked with development of “greater good” Mobile/Mobile Internet environment. capability in
Due to lack of progress decision made to sponsor three events: MyNOC

- OP WYLEKEY - Exploitation of International Mobile Billing Clearing Houses

- OP SOCIALIST - Exploitation of GRX Operator

- OP INTERACTION - Development of in-depth knowledge of Mobile

Gateways.

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ

TOP SECRET STRAP 2

MyNOC Team assemble

Operations Manager

Network Analysts ( NAC Cheltenham, NAC Bude & NAC

Cyprus)

Dataminer (GTAC)

Open Source Specialist

JTRIG Analysts (Cheltenham & Bude)

CNE Operators (Cheltenham CNE & Scarborough CNE)
VPN Expert (Crypt SD)

EREPO Expert (CNE)

Protocol Analyst (GTE)

Production Tasking Co-ordinator (PTC)

Trainee Ops Managers

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ o

TOP SECRET STRAP 2

One Month Later - OP SOCIALIST

• Scoping session conducted - main focus to be on enabling CNE
access to BELGACOM GRX Operator

• Ultimate Goal - enable CNE access to BELGACOM Core
GRX Routers from which we can undertake MiTM
operations against targets roaming using Smart Phones.

• Secondary focus - breadth of knowledge on GRX Operators

• Operations Manager assigned, team assembles

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ on

TOP SECRET STRAP 2

Preparation work

• Identified static web gateways and IP range used by engineers
and tasked for QUANTUM operations

• Identification and tasking of optimal bearers

• TDI data mining identified potential for exploitation of LinkedIn
as a vector for QI - QI capability developed for LinkedIn

• WOODCUTTER logs analysed for usage by BELGACOM.

n/\c

This information is exempt from disclosure under theFreedomoflnforma^on^Cl2£22.and..ma^be.SUbieCtiO exemption under other UK information

legislation. Refer disclosure requests to GCHQ on

TOP SECRET STRAP 2

MyNOC Focus

• Expand collection and capability to enable better exploitation

of Belgacom.

• Identify key staff at BICS, and selectors used by these

individuals for QI.

• Map the network to better understand the Belgacom

Infrastructure.

• Investigate VPN links from BICS to other telecoms providers.

• Investigate the vulnerability of the MyBICS Reporting Tool.

n/\c

This information is exempt from disclosure under theFreedomoflnforma^înAcl2£22.and..ma^be.SUbieCLiO exemption under other UK information

legislation. Refer disclosure requests to GCHQ o

¡HWmCHKBWCK-

StxxKHttKx^ 3 ■

> Msn s

X Mtjiys

™——™

WC3GRX

AS4Î74

I WtH'S

TOP SECRET STRAP 2

Infrastructure

This information is exempt from disclosure under theFreedom.oinforma£onAct2000andmay.besubiectto exemption under other UK information

legislation. Refer disclosure requests to GCHQ

GGP session btf&VMn AS 1234 a^d AS677j c^sain)

AS 1234 t

AS 4321

aGRsmttn 1234 ancA$G774 prçrçfc-ijpj

V3N tunnel
Standard Bnk
FastEthernet
Serial
Date wrong

TOP SECRET STRAP 2

Key BELGACOM staff

• Identify Belgacom employees

- NOC staff

- In areas related to maintenance or security

• Selectors to enable QUANTUM targeting

- Use of LinkedIn noted

- Use of Slashdot.org noted

• MUTANT BROTH used to identify TDI/Selectors coming from
identified range/proxy

• QI capability enhanced to allow shots on LinkedIn

• QI capability enhanced to allow ‘white listing’ when shooting on

proxy

n/\c

This information is exempt from disclosure under theFreedomoinforma£onAct2000andmaybesubiectto exemption under other UK information

legislation. Refer disclosure requests to GCHQ on

TOP SECRET STRAP 2

NOC IP range search in MUTANT BROTH

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ or I

TOP SECRET STRAP 2

NOC IP range - Target identifiers for QUANTUM INSERT

This information is exempt from disclosure under theFreedomof|nfOima^On^Cl2£22.and..ma^be.SUbieCLiO exemption under other UK information

legislation. Refer disclosure requests to GCHQ on|______________________________________________

V........ f f

i!

# S i 5 ( t t



■ v

H

r

I

********

t m m n
• »»■*•••»

v iii t i ¿ii r

uiiiiih

s i 1! i i Si

3 ♦! *! i 2: i i

5 : : 2 51: ? |

ni mi.

I 1 I'

4 4 4

I $ n i n i
»s*1 11

I

i

I»{

! I :

2 2
§ I



i &
! !

i

M

I

*

0

*



1! il1

n^nvh’1

; I ; ;

: S 5 ;

s s : :
'S31

t :

5 j 5

c s

}t

1}

t

5

« *
? ?
* i

2

I

i?ij

F

I

J

>

S

3

F

5

i

t

IT *

I

ill

ini

I

TOP SECRET STRAP 2

Real-time picture of Ql

TOP SECRET STRAP 2

GTAC effort

• IR21 extractions

• Website research - domains visited from target gateway IPs

• TDI harvesting

• Identified owners of TDIs / finding new potential targets

• Identified the FTP service

• User agent analysis

• Laptop identification

• Mail server analysis

• SSL research

• GRX analysis

n/\c

This information is exempt from disclosure under t
legislation. Refer disclosure requests to GCHQ on I

exemption under other UK information

TOP SECRET STRAP 2

What MyNOC Priority gets you

• Dedicated resources

• Priority tasking of access

• Priority utilisation of CNE Operator resources

• Priority utilisation of CNE Developer resources

• Priority use of enabling community (GTE, GTAC, JTRIG)

• Priority time of legalities bodies

n/\c

This information is exempt from disclosure under exemption under other UK information

legislation. Refer disclosure requests to GCHQ on

TOP SECRET STRAP 2

OP SOCIALIST Outcome

In MyNOC:

- CNE Access to BELGACOM - MERION ZETA - 6 endpoints into

Engineer/support staff IP range

- 2 endpoints into BELGACOM DMZ (from prep VA work)

- Optimal Bearers identified providing good access to BELGACOM proxy.

Post MyNOC:

- Optimal Bearers continue to allow QI against BELGACOM engineers/proxy

- Internal CNE access continues to expand - getting close to access core
GRX Routers - currently on hosts with access

- NAC continue to support with Network Analysis
of internal networks, network understanding
research on credentials and identification of
engineers/system administrators and their
specific roles.

n/\c

This information is exempt from disclosure under theFreedomoflnformatioiTA£iM22aiTd.m2ybesulbe£lio exemption under other UK information

legislation. Refer disclosure requests to GCHQ or|_____________________________________________

TOP SECRET STRAP 2

MyNOC leave behinds for NAC

Focused working in small groups
Regular Brainstorming sessions
Professional Operational Management
Network becomes Target - Target approach to

Network Problems

Awareness of JTRIG and Open-source information specialist
capabilities and how they can support Network Analysis.

Steerage of access for Network Analysis gain
Closer working between NAC and CNE
Joint working between NACs
More NAC MyNOC/Focus efforts to come....

n/\c

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ

TOP SECRET STRAP 2

Questions ?

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information

legislation. Refer disclosure requests to GCHQ

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh