TOP SECRET/151/43EL USA, AUS, CAN, GBIR, NZL

(TS) NSA QUANTUM Tasking Techniques

for the R&T Analyst

PO:
TAO RTD I Team - Booz Allen Hamilton SDS2

10± 3.11.18. 1-1.14.u4:1.00/1!

a. all:"
If.. - .1. 10 •']0110301 '
ilicon0 01 1.0 11:=151114.•:' 1 1i
• . ei l.130 Lb I.0¢::
- .Del . M. I 00 1 ,....X905 '
. ...

The overall classification of this brief is

TOP SECRETUSIIIREL USA, AUS, CAN, GBR, NZL •
Derived From: NSA/CSSM
Dated: 2007DIO8
Declassify On: 20370801

1
SPIEGEL ONLINE
 TOP SECRET/ISUIREL USA, Au S 1 CAN, GBP, NZL

(TSPSIUREL) Only R&T Analysts can submit QUANTUMTHEORY Tasking to the

QUANTUM team. TOPI Analysts can submit QUANITUMNATION Tasking through
Target Profiler. The biggest difference is QUANTUMTHEORY deploys a stagel implant
called VALIDATOF (soon to be COMMONDEER) and QUANTUMI f deploys a
stage° implant called SEASONEDMOTH (SMOTI-1). SMOTHs die within 30 days of
deployment unless requested to extend the life.

(T5f/SIUREL) This presentation does not cover FAA QUANTUM, but if you identify an
active selector, compare the SIGAD in Marina to the SIGAD on the GO QUANTUM wiki
page to see if FAA QUANTUM is an option.

(TS/ISIIIREL) This presentation is geared towards targets seen at US - If you are

unfamiliar with this SIGAD, it is equivalent 10 a TI/NF SIGAD that cannot be
mentioned in this PowerPoint. You can contact the POC of this brief for more
information,

2
SPIEGEL OF
TOP SECRED/COMINTS/REL TO LISA, EVE Y

Web Browsing (Exploit with QUANTUM

The concept man-on-the-side)
• QUANTUM is a man-on-the-side capability. If your target has a selector
that is active in the last 14 days, vulnerable to the QUANTUM technique,
and seen by an 550 site that has QUANTUM capabilities, then there might
be the opportunity to detect that communication in real-time and piggy
back with the requested content back into the target's network and
implant the host.

a QUANTUMTHEORY can be used only if a TAO Project is set up (must

coordinate with your R&T Analyst)

• QUANTUMNATION can be used regardless of a TAO Project (T PI does the

tasking in Target Profiler)
• The biggest difference is QUANTUMTHEORY deploys a stage' implant
called VALIDATOR (soon to be COMMONDEER) and QUANTUMNATION
deploys a stage0 implant called SE_ASONEDMOTH (SMOTH). SMOTHs die
within 30 days of deployment unless requested to extend the life. The
exploit technique is the same.

TOP SECRETKOMINTIREL TO USA, FVEY 8

SPIEGEL ONLINE
 TOP SECRET/MI/MEL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

Internet Router

11
17
Target
Yahoo's
Web Server

SSO Site

SI I

4
SPIEGEL ONLINE
 TOP SECRETUSWREL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1. Target logs into his

Yahoo accounI Internet Router

Yahoo's
Target Web Server

550 Site

I INT • ',eel m ''on

4
SPIEGEL ONLINE
 TOP SECRETUSIHREL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1. Target logs into hEs

Yahoo account l nternet
i m Router
11■1111114

Yah oo' s
Target Web Server

SSO Site
2. SSO site sees the
QUANTUM tasked yahoo
selector's packet and forwards
it to TAO'S FOXACID Server

I INT • rn OF

4
SPIEGEL ONLINE
 TOP SECRETUSIHREL USA, AU, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

4. Yahoo server receives the
packet requesting email content

Internet Router
11111110.

lit YahoWs
Target Web Server

solispoi A
NSA

S50 Site ialip TAO FOXACID

Server
3. FO ACID 'meets a FOXACID url
into the packet and sends it back to
the targets computer

I IkT V Of

4
SPIEGEL ONLINE
 TOP SECRET1/511/REL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

[nternet Router

th7 4
H4-
Yahoo's
Web Server

5. ,PDXACiD packet beats the NSA

Yahoo packet back to llie
endocn t 11-
apilipi 4

TAO FOXACID
Server

Jr

4
SPI EG EL ONLINE
 TOP SECRETUSIHREL USA, AU S, CAN GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

Internet Router
11111111P1IF 11 1111116

1/11
11
-get Tru
411[■■■■
Yahoo's
Web Server
6. The target's 'Yahoo welvage is
loaded but in the background the -
NSA
FOXACID URL hpads which 11111fr

redirects to the FORA ID Exploit

Server.. 411 . 16

TAO FOX ACID

.1

Server

SIGNT Da on t

4
E.17. TEE.EL OFILME
 TOP SECRETBSIMEL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1 1111 ) 1. 1 '
Internet Router
Tt3
Yahoo's
Target Web Server

iNSA
■11111111-

SSO Site
TAO FOXACID
Server
7. If the browser is exploitable
and the PSP is sale, FOXACID
deploys a Stage I implant back
to the target

/GRIT en rt

1
4
SPIEGEL CHLIIIE
 TOP SECRETBSIMEL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

10
1
X 41111r■I■
.11111°
Internet Router

Yahoo's
Target Web Server

NSA

01-, 1 1- 1 1 .1.1-
Target Implanted!

TAO FOXACID
Server
7. If the browser is exploitable
and the PSP is safe, FOXACID
deploys a Stage I. implant back
to the target

4
SPIEL EL oNLINE
TOP SECRETPCOMINTUREL TO LISA, FVEY

QUANTUM Capabilities NSA

(TS/1311/REL) NSA QUANTUM has the greatest success against <yahoo>, <facebook>,
and Static IP Addresses. New QUANTUM realms are often changing, so check the GO
QUANTUM vviki page or the QUANTUM SpySpace page to get more up-to-date news.

NSA QUANTUM is capable of targeting the following realms:

• 6 IPv4_public • mailrulvircu
▪ • alibabaForumUser • msnMailToken64
• • doubleclickID • cici
• • emailAddr • face book
• • rocketmail • simbarUuid
• hi5Uid • twitter
• • hotmailCID • yahoo
• • linkedin • yahooBcookie
• • mail • ymail
• • mailruMrcu • youTube
• • msnMailToken64 • WatcherlD

TOP SECR ET/TCOM INTi/R EL TO USA, EVE Y 5

SPI EG EL ONLINE
TOP SEC ETPCOM INTIIR EL TO LISA, EVE Y

QUANTUMTHEORY - GCHQ
If a Partnering Agreement Form (PAF) is set up with GCHQ for
the CNO project, then the IT Analyst can utilize GCHQ
QUANTUMTHEORY to include additional capabilities such as:
• • ALI BABA • AL
• • BEBO_EMAIL • DOUBLE CLICK
• FACEBOOKCUSER • GOOGLE PREFID
• • GRAIL • HI5
• • HOTMAIL • LINKEDIN
• • MAIL RU • MICROSOFT_MUID
• • MICROSOFLANONA • RAMBLER
• • RADIUS • SIMBAR
• • TWITTER • YAHOO_13
• • YAHOO_L/Y • YANDEX_EMAIL
• • YOUTUBE • IP Address
More information on: https://wiki.gchqi /QUANTUM BISCUIT
If you cannot get to the link try: http:I/

TOP SE CR ETECOM INMR EL TO LISA. FVEY

TOP SECRETKOMAT/AREL TO USA, FVEY

QUANTUM SIGDEV - QFDs

(TS/151 MEL) Find all Selectors associated to your target (Yahoo,
Yahoo B Cookies, Facebook, Hotmail, etc) using Marina, NSA or
GCHQ QFDs.
NSA SATC QFDs:
I •

ALTEREGO QFD:
GCHC., "vuene Selector A Iten ate Se I e 191 Ouerleci Alternate Intersection Stele
Selector Selector {1.10}
Degree Degree
5

, 14,154?

'CaitUE. l fir} 11-. -clfehcon. 67 114 1 SY

DOGCOLLAR QFD:

Selector TIP Enrichient Value Obsermions First Seen On Last Seen Date

9 ZOU /a5P1 2013/0347

Skip to Step 5 once you have all of your selectors...

tei tonal 1911.

TOP SECRETPCOMINTIIREL TO LISA, FVEY 6

SPIEGEL ONLINE
 TOP SECRET/ISUIREL USA, AUS, CAN, GBR, NZL

QUANTUM SIGDEV Marina

Step 1: Skip to Step 5 if you used the QFDs to identify alternate selectors

4 (I-Si/SI/MEL) If you do not use the GCHQ or NSA QEDs you can use Marina. Run a
Marina Selector/Identifier Profile (Federated) search for a 3 month range to look for
additional selectors.

cqt:1--fina-
Hem Same. 'Prat i*FIE q 3•114NY F ksc - lidanbly •• Pr*Emcwi 4 41*.

6
ixilib ClaraaJ:13 "M. 20i20210 7 .D59.50 ikka-rthi

646.1 gr..

j Al* vg Pffirre,* d ■Cintiol* 141ralmr*

Fddriier 11440. 11.1}, 7

T %-ri•

ailimmagitper. voredRocheirri

4..1. Mit) Sprdl,

Matimagyilliers

..1 ,1441. 1g Redo.*

dimply

7
SPIEGEL ONLINE
 TOP SECRETBSUIREL USA, AU S, CAN, GBR, NZL

' (TS//511/REL) Once the query finishes. look at the Equivalent Os section. This will show
you other selectors that your target is using. This is determined by linking content
(logins/email registrations/etc). It is worth verifying that these are indeed selectors
associated to your target. NSA QUANTUM works best against <yahoo> and
<facebook>. Although, it is worth making note of a <gnriail> selector for possible GCHQ
QUANTUM support or for your own notes.

i4ectar h41 -1.1m71 –

wet Can I Ph otos:6

Equivalent 11337 S I New Selector I fc no van Selector

Pao 1 pi 1 er {r4orie Una"' (Deleu11). - • %mime krt• Stree AS • laDIS * ' LetaCICarnMe
Appikdaden Ft/
Erbtity A L... ) 1p Activity
10"
Entity 11

• cob Ir141.>

-0••13.4yailna Fses dNalay nave

4verialicom.macoltD. a has at d <yalipv -;
—.31EMM-651wetisee5. 1-45 alt d <51eypeirialidtan

8
SPIEGEL ONLINE
 TOP SECREVISUIREL USA, AUS, CAN GBR, NZL

(TSI/SIHREL) if your search was on a <yahoo> email address, then click on Machine
IDs and look for a recent <yahooBcookie>. YahooBcookiers are unique to a specific
computer and can hold other <yahoo> addresses that are being logged into on that
computer as long as the user does not clear browser cookies. If you see multiple
<yahooBcookie> pick the most recent Last Heard date. Also higher the Num Heard is,
the more likely that selector does not change.

Fleecing Ple•ecaam

Levine y= 27

.18‘11.5r`
New Selector
Pear 1 cC 1 Fter (None:: - Limit(Elateu13- - • • 7: • , Save ks 7 sr
•
Nropk.likei NM, UPIlt 42. b IP 0 riartilcie A 15 ) p P91*L kat 1-14201) -
'; Nab ‘walice•p mcirai4.0(compotole: n; ..7(dDr.S e MI [ I 15 L3 5133Z •2131.1.1Z135 Ids

cyarocemokie:- .zo aunr .;21)LI 1Z1:15 10.32Z

'3 0 Oki - cyahx.7. y.st.x13rociatia. J LDS 1.1:107. I. LE . ZOL1.111% 1=1.7.

.4 n ,.eb - 201E1.115 19521.2 '3:4 1I2[5 1611.1237

:5 U.et. regolL0.0 [0:4.3 USE. L33514 . 2011 1205 11264167
6 D wt.t. 0.51.5Y. nfl_hilV_Uairridditeljr1V_Nel.NIC10 I 21.1L L115 L353:122 . 23Ll13:15 PR
7 axial ..KV*4•0 .CylieCiacCdue .ZIULLICSIVfc X.111L.7•5053:7
❑

Unique Selerdara FcwitEL

<yahoo> (Known Selector)
@grnail.com<google> (New Selector)
<yahnoBcookie> New Selector)

9
SPIEGEL ONLINE
 TOP SECREVISIIIREL USA, AUS, CAN, GBR, NZL

1 New <google> selector

1Papriv.slent ION; .%

• POVe 1 et/ 1 .43' rim; inProis L I ntR {1>tleit-t1 • .41...Vettp 141.• Sem.a At • laNt. • %Mut: Load Ce.piele
1:7; Appac.totl.an tr"tV A. r fa IR • r11-1.1R y Entity ■
■
.g-- .!•11
r.75,4a7130, ers •-•
360/f.11 care rtmocgjia
IM d..-1-.^51-xoetisar I-. 5!.

(TS/iSII/IREL) Since mail.com<google> is a new selector, you will want to

do a Marina Selector Profile query on it to see if there are additional accounts
associated to the target, Remember NSA QUANTUM cannot target the ‹google>
selector.
. Equtwaleet 1M 5 *IP
(TS//SUIREL)
,I II'ne I of 1 Frier Tkin0 .... Leioul pefaut) Ne11kielze Seve - To-A 31.4tes . LO ecr Cctriplete
You can do AppilEann Entity A Entity
1■OBOrnallom<g06911 e>
❑

this by 3£1.1al.COhlr.c0:146 -:- .11 —aer_<VaniXr}

clicking on the •- (Vahlia 5!Iezbar ditals

:44371N1c:arnIC9DK1/9 911 icivaiisdgt
selector, scroll (514neUser
AnalytIcs
down to Selector
Chuts
Profile, and click *KM- PITON" Whdore 91:11rdinutes)
Range. Ov:Id To Inquiry Day ( 14 p2Hokas) - -
ForietIrd CcretArIx .<= 22
Usef Atilinay Verir (-1 Year)
kevetse ContacbR
FV.Mnre Event 0 Rao:
.. .I Sent PLIC55.30C6'
Navel Detail
Recebred nes4at.Tes: - 29

tagrnp; ‹= F■ nd In

IgEmords.

111
SPIEGEL ONLINE
 TOP SECRET/ISIBREL USA, AU S, CAN, GBR, NZL

, (TSIISIHREL) Change the query to search for the fast 3 Months and click SUBMIT
Selector PireIle Search

5eletirs Prone

511:1•Ch Selector probe [ Agrnal.ciamcgcogisA

Stark Ditio 20111110 I- 9 BD: Mr CC End Datig 20120210 23.50:59 3 1.46e!Lfri.2

Seim:tars birdy
Ye5.temday
0. hi!!
4 Remove
Acid

[1:1Bntif ilE1
Conlage
Ream lrput
This Weep
Last Wed.(
This Month
E1
4iggrialLcan gingle Parater s
Lag Month
skyp eMailticen Parameters 3 Day •

10§1grnautccra goo* Paramaters 2 Days

skypisMairciken Firterrieters 3 EtiY5'

5 DM.
&JEN& skypcMaiTcken Ptserrnkers
• bays
MoIradE ■1=1111:1 - 5144.p eMafliniteri Parane;tus 14 Days
152grnall.corn 40041e Paharivtati:. 1,15nith
_
Quick Add: ! tritEe.:re or wale sisleitlaira seriaratipj by canmes end I errter . 1"forokis
•6 imnths
Authority 19It ers .1yea.

SPIEGEL ONLINE
 TOP SECRETUSUIREL USA, AUS, CAN, GBR, NZL
I.

(TS1/51fiREL) Once the query finishes, look at the Equivalent IDs section and make
note of any new <yahoo>, <hotnnail>, <yahooBcookie>, and <facebook> selectors and
do the same process to identify additional selectors.
Equivalent IDE. 26

i1 Page I of 1 iar FAIN Nona) Lorarl Visualize h - Soy r rE5 - Twig Enrichniriz... Wangar Nava. rapparae

Application Entity A > .c• Activity Entity B

1=1 & t1
WWI Atagn5i.cor cCrocke:., has cIG6o, Fh6#

z El er.." 1 -rVa/Dcnl.m<CPErde) has d5ciay na74

el".113 di§cgay naml

4 ❑ slial weitrol-vAnqIcagic> hos &Oay Ramo
5

7
❑ 0.10

El: EMall

❑
Emal
alirrga-C.?Ir':i1W9leCP
Egicrnal.t.arr.qpcoe>

ncrinad_cm- no3cie5.
1 1...4V4rf

has at

has de.fday wa=ll

New Facebook Selector I
8 M erwt3i @ Tr.-34. or. ,croe.> hes display name

1-1 i .yerk..> ha af•rd t AFAI

1,1
LO El 0431 Jicram.i.o.r.--ccrcogle> hcr-, pi - ckste balk
I] la-um cEnzebgck.:- rew.serre.....th -' '.0111116411411 cir' e-Suc*
12
❑
IEI451 Klynal.t6eteigl*:, hexaked
L5 ❑ elcla i 'kacrt.M-"+"*E 6Itt) d IIMI=III_Vxyroilk.

All Unique Selectors Found From Both Searches:

<yatioo> (Known Selector

@gmail.corri<google, (New Selector)

3 <yahocrBcookie> (New Selector)
4acebook> (New Selector)

12
SPIEG EL ONLINE
 TOP SECRETUSHIREL USA, AUS, CAN, GBR, NZL

1 (TS/./SIIIIREL) Once you have a list of your selector(s), you will want to look at each one
separately to check for the likelihood of successfully exploiting your target via NSA
QUANTUM. We are checking to see if the target itself is seen at US- and if it is active.
2 (TS/./SIIIREL) First we want to run a Marina Active User/Presence (Federated) search on
<facebook> for the past 14 days.

Search 41uAkye Llser..Ma once (Federated:I)

%Wall P.Parfe. Pactback ID

41 1_1 RiCenit 31,101Calga;
UserPteseritn
Start Oath. 201=19 013:130;03 End Due; 20130401 M:55:551 C•ays
F•rtlif&tecl)
MGCI-IQ Presence Viant liry JP Arklre Reskrid Lard Nike. Only;
E•Gci-iQ i'p;*EventINEiFii
iFi4 tG
Saliketers
9 _J.Arich:ry
2r l_iEkUNS &Ad O. R. t o °wear IEF Erman e I LcftrT
_40 Chartr
Li Kris diertn• KNOW. ENtfakklahl I WertlFler 11-1).1i 0
I:; PSC Faceboulc
I :Prtildo
Quick ANC •- •••• • • •• - • - k•••••clars sepreroet1 tae.nee eircl ist wee
• (c•Wilikkllij
!...! SptrklePcm
enable Any Poelm!

• ..:'Uste ActlxIte (SelectorAdentker A. Autlipinit-v Filters

_ wirkichba.
Add Rearcrwer
.. , faichU;hogi
Autlalty

Mutant Broth. Clutionis

If you have OVSC1700, check this
box to search GCHQ databases
Endur&I"PL2111 1;1.1:kW1 TOW!

INehgethea Roe; 516E41" Dei•elr_prrelt

trinigence 'taint ta-am: V

I I Stant open mew lAirclatkk 1;71

13
SP I EGEL ONLINE
) TOP SECRETBSIBREL USA, AUSI CAN, GBR, NZL

(TSI/SIIIIREL) You will either have results or not have results. The key is to look at the
SIGAD for the results and if the SIGAD is capable of doing QUANTUM then you most
likely have a vulnerable target! To check for SIGADs that NSA and GCHQ QUANTUM
can target, type GO QUANTUM in your browser. If GCHQ QUANTUM is needed, then
work with your IR&T Analyst to follow the appropriate steps on the wiki to set up a PAP.

(TSIISIIIREL) You will want to look at the Marina results and make note of the most
frequent SIGAD/IP CIDR for each Active User/Presence (Federated) query

1) Selector
a) SIGAD
b) Active User IP cop - The CDR will be added to the TLN's Whitelist.

-A TLN's Whitelist is a list containing the IF CIDRs your target uses. It is where the

FOXACO server will only continue with exploitation if the external IP Address of
the targetiredirection is on the Whitelist for the TLN your R&T Analyst requests.

14
SPIEGEL ONLINE
TOP SECRETPCOMINTM E I- TO USA, FVEY

Is My Selector Tasked for

UANTUM?
If you sent your IT ana yst a selector to task for
QUANTUMTHEORY and you want to see if it has been tasked yet,
you can enter the selector in Target Profiler and if you see "tasked
for survey" and the Technique to be QUANTUMTHEORY or
QUANTUMNATION then it is tasked! You can also see when the last
FOXACID redirection took place.
<yahoo> r. tL U11:21 2

P-aked
Activity
O F
Tasked for Survey
OI
Technique: VIATITUMTHEORY
saikedi 21912-1;41-26
Teri Last Attempts 21013-Ma r • 01 Owl) °M ai
• v<yahoo> Sena erodif 1013-P i•-U1 11:11:2; 1 Er

Cia tasked for siarq e y

Tasked fur Survey A ethritY
C
Techni que; Q UAPITUIMNATION fr.
Tasked:2013-Jn9
Ta Last Attempt: 2013-Fib-19 (success.)

TOP SECR ET/TCOMINTM E TO USA, EVE Y 16

SPIEGEL ONLINE
TOP SECRETIICOMINTMEL TO USA, FVEY

UANTUMNATION
QUANTUMNATION use new TAO CNE tradecraft and automation to drive broad
scale initial access, specifically an SSG cloud-analytic to identify selectors in SSA]
passive collection that are viable for end-point access, and the use of lightweight
CNE implants to obtain initial access and survey data delivered to the TOPI offices
via corporate SIGINT repositories. For More Information on QUANTUMNATION check
the QUANTUMNATION wiki page

Target Profiler now shows if a selector is vulnerable to a QUANTUM exploit. If your

target is valid for QUANTLIMNATION, A "Vulnerable" link in Target Profiler will
appear. Simply click the link that sends an email to request QUANTUMNATlON
tasking.
<facebook> retlil.tervti 21131a-Fliti-22_13:5).::() 4 IT

ea • YUlnerabIlttles
V.0 '
Vuirrarabie log Owenturn 0(12 davi ego)
Urner PkgentFrilyzill1415.11) (iPad; CPU CS 5_0_1 roc... K) ApplaWr6Ki16/5a4.46 OKI-MAL irk ■ ciihrclg) Vftrzi.orLi5,1 Whabilmi54405
f r 7 4

Note: QUANTUMNATION and standard QUANTUM tasking results in the same

exploitation technique, The main difference is QUANTLIMNATION deploys a stage 0
implant and is able to be submitted by the TOPI. Any ios device will always get
VALIDATOR deployed.

TOP SECRUilCOMINT,NREL TO USA, EVE Y 17

SPIEGEL ONLINE
 TOP SECRETUSUIREL USA, AUS, CAN, GBIR, NZL

(TSI/SIUREL) Once you have a selector, SIGAD, and IP CIDR, you are ready to start
the process for a FOXACID TLN and Tag request.

4 (TSIISII/REL) Depending on the teams, either an IREET analyst or the Branch Chief can
create a TLN (Twisty Lobby Number), Contact your Branch Chief for information on
creating a TLN for each selector you want to target,

(TSIISIOREL) Note: You will need 1 TLN and 1 FOXACID Tag per selector you task with
QUANTUM.

lB
SPI EG EL ONLINE
 TOP SECRET/IV/MEL USA, AUS, CAN, GBR, NZL

Step 8:
(TV/SI/MEL) Once you have a TLN, you will need to submit a FORA ID Tag request.
(TV/SI/MEL) Go to titcpE:( nsalcgi pint and fill out the appropriate
information in the top and within the body of the ticket update this information accordingly. Here is an example:
CT or Non-CT Non-CT
Second Party/Partnering: No
countryIRegigniType: in=m
RSA Target: No
Type of Op: QUANTUM
WPTT: No
Project Name;
TLN 12345 Insert Your TLN
IP Range: "1 Insert Your Active User IP CIOR WHITELIST
MAC Addresses' Unknown
Payload Requested: Val
Start Date: 20130401
POC
IvISQ Support: No

19
SPI EG EL ONLINE
 TOP SECRETHSUIREL USA, AUS, CAN, GBR, NZL

(1Si/81/MEL) Once the ticket is completed, you will receive an email with the FOXACID
Tag for your TLN.

4 (T51/SUIREL) Go to hops:// .nsa.ic.gov, fEndex.php and

fill out the appropriate information in the form to task your selector and tag for
QUANTUM,

4 (T51/SUIREL) Once your selector is tasked for QUANTUM you will see the status
changed to complete.

(TS//31/1REL) The last step it to monitor the TLN in FOISEARCH

https:h .nsa - :ir to look for
redirections and update the plugins or WHITELIST if needed.

(TsiisiIIREL) De-task your QUANTUM request when you hook your target]

20
SPIEGEL ONLINE
 TOP SECRETIISUIREL USA, AUS, CAN, GBR, NJZL

-1 if you have any questions or comments about this presentation, please send an email
to atIMIrnsalc.gov

21
SPIEGEL ONLINE