Title: Selector types

Release Date: 2014-03-12

Description: This slide lists the range of selectors the Turmoil infrastructure at UK base Menwith Hill can use to identify targets, many of which show the ability of Five Eyes agencies to piggyback on commercial services: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

Document: TOP SECRET//COMINT//REL TO USA, FVEY

Selector Types

Machine IDs

- Cookies

• Hotmail GUIDs

• Google prefIDs

• YahooBcookies

• mallruMRCU

• yandexUid

• twitter Hash

• ramblerRUID

• facebookMachine

• doubleclickID

- Serial numbers

- Browser tags

• Simbar

• ShopperReports

• SILLYBUNNY

- Windows Error IDs

- Windows Update IDs



Attached Devices

IMEIsfor Phones

• Apple IMEIs

• Nokia IMEIs
UDIDs

• Apple UDIDs
Bluetooth?

• Device Name

• Device Address

Cipher Keys

- Cipher Keys uniquely
identified to a user

• ejKeylD

Network

- Wireless MACs

- VSAT MACs and IPs

User Leads

User selectors from
Cookies, Registry, and
Profile Folders

• msnpassport

• google

• yahoo

• Youtube

• Skype

• Paltalk

• Fetion

• QQ

• hotmailCID
STARPROC-identified
active users

Remote Administration IPs

• Putty

• WinSCP

TOP SECRET//COMINT//REL TO USA, FVEY

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh