TOP SFCRF.T//SI//ORCON//NOFORX
Gr-iai! facebook msn Hotmail
a
G o « „ paltalk™n- Youff l
AOL b mail &
PRISM/US-984XN Overview
O R
The SIGAD Used Most in NSA Reporting Overview
PRISM Collection Manager, S35333
April 20L-3 Derived From: NSA/CSSM 1-52 Dated: 20070108
Declassify On: 20360901
TOP SECRET//SI// ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEÛEK
G M i! V Hotmail
facebook msn
ty GOOglC
Google ® ^ paltalk.com Youi
/ ^ AU • Ccnmj<K8t« Be>cnö Wxd6
AOL mail
( TS//SI//NF) Introduction ILS. as World's Telecommunications Backbone
Much of the world's communications flow through the U.S.
• A target's phone call, e-mail or chat will take the cheapest path, not the physically most direct path - you can't always predict the path.
• Your target's communications could easily be flowing into and through the U.S.
International Internet Regional Bandwidth Capacity in 2011 Source: Telegeographv Research
TOP SECRET//SI// ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEQBN
G m i ¡1 facebook msn Hotmail
fcyGooglc
Google ^iïftvgm paltalk™m YouSM) ^ ^ M V fc i v w*jr ComnuMcatiw Bemm mmtmm
AOL & mail Â
(TS//SI//NF) FAA702 Operations Two Types of Collection
T
You Should
Use Both
Upstream •Collection of
;ommujai£ations on fiber
x r ^ U « '«PRISM/
v v 7 - A
PRISM • Collection directly from the servers of these U.S.
Service Providers: Microsoft, Yahoo, Google Facebook, PalTalk, AOL, Skype, YouTube Apple.
TOP SECRET//SI//ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEÛEK
G M i! facebook msn Hotmail
ty Google
Google f^AVi • ® M M
paltalk.com YOUE r/irmiVAlff Rhnnl'MirS Ccmmjotal« Be>coo Wxd6
AOL & mail Jk
(TS//SI//NF) FAA702 Operations V Lfte 5o/7?: PRISM vs. Upstream
DNI Selectors
DNR Selectors
Access to Stored Communications (Search)
Real-Time Collection (Surveillance)
"Abouts" Collection
Voice Collection
Direct Relationship with Comms Providers
PRISM upstream
9 U.S. based service / providers
•
Worldwide sources
^ ^ Coming soon Worldwide sources
s/ 0 v '
0 ^Voice over IP
• v ' ^ ) O n l y through FBI V
TOP SECRET//SI// ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEÛRK
Gnail facebook msn Hotmail
Google Mg
paltalk.com YOUE CooinjnicaK«' Beycoo Vftxös & w
AOL mail <â
(TS//SI//NF) PRISM Collection Details '•PRISM,
Current Providers
• Microsoft (Hotmail, etc.) • Google • Yahoo! • Facebook • PalTalk • YouTube • Skype • AOL • Apple
What Will You Receive in Collection (Surveillance and Stored Comms)?
It varies by provider. In general:
E-mail Chat - video, voice Videos Photos Stored data VoIP File transfers Video Conferencing Notifications of target activity - logins, etc. Online Social Networking details
Special Requests
Complete list and details 011 PRISM web page: Go PRISMFAA TOP SECRET//SI// ORCON//NOFORN
TOP SECRET//SI//ORCON/7NOEÛEX
GH iil V Hotmail
facebook msn
tyCoogfc
G o file „ A paltalkiom Youd)
AOL %f> mail Â
(TS//SI//NF) Dates When PRISM Collection Began For Each Provider
2007 2008 2009 2010 2011 2012 2013 TOP SECRZT//SI//ORCON 7NOFORN
TOP SECRET//SI ORCON NOFORN
GM i! V Hotmail
facebook msn
lyCooglC
Google m QyrmsyKat«- BeyaWWyœ
Y o u ®
(TS//SI//NF)FAA702 Reporting Highlight PRISM ancl STORMBREW Combine
To Thwartx
paltalk / ^ " . v M y r
AOL mail ¿3
RISIVI
SAME-DAY NTOC/FBI COLLABORATION PREVENTS 150GB EXFIL EVENT FROM C LEARED DEFENSE CONTRACTOR (CDC)
2012 14 DEC
U.S. CDC :!ijj y
The victim performed comj EXFILTRATION on the
NTOC T IPS FBI TO M M I N E N T THREAT
2 NTOC tips the FBI to the activity
ions on the infecte NTOC DISCO
K K FB^HËLPS CDC REMOVE I M P L A N T
CD The FBI contacts the CDC ancl works with thennp clean t h e ^ ^ ^ ^
fc^NTING RSARY INTENT
TOP SECRET//SI//ORCON//NOFORN
GRAAIL facebook msn Hotmail Gougle ~ r X V 0 5 paltalk You E S
AOL & mai OrrrnjfKalO' ftyav Ww*
HÂ
(Ts//si//NF) Some Higher Volume Domains Collected from FAA Passive
In addition to Hotmail, Yahoo, Google, Paltalk, Facebook, Skype, AOL: Select IP Addresses
wanadoo.fr
alcatel-lucent.com
TOP SECRET//SI// ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEÛEK
GMHI facebook msn Hotmail
Google paltalk'cöm. YoulfflS a—njmeaMo« Be>cflOW3fös
AOL ^ mail Â
(TS//SI//NF) PRISM Tasking Process Target Analyst inputs selectors into
Unified Targeting Tool (UTT) Surveillance
S2 FAA Adjudicators in Each Product Line Targeting Review/Validation
J ^ ^ endin tore Comm^ Special FISA Oversight and Processing
(SV4) Stored Comms Review /Validation
Surveillance Ü Pending Stored Comms
Targeting and Mission Management (S343) Final Targeting Review and Release
y- £ Unified Targeting Tool (UTT)
¿ i PRINTAURA; Site Selector
Distribution Manager
Surveillance >• Pending Stored Comms
Surveillance >•
FBI Electronic Communicat ions Surveillance Unit (ECSU)
Research & Validate NO USPERs
Providers (Google,
Yahoo, etc.)
Targe t ing Se lec to rs ^
Stored Comms Release Providers (Google,
Yahoo, etc.)
FBI Data Intercept Technology Unit (DITU) >
Providers (Google,
Yahoo, etc.) >
Tnllprtinn
FBI Data Intercept Technology Unit (DITU) Col lec t ion
Providers (Google,
Yahoo, etc.)
PINWALE, NUCLEON,
etc.
TOP SECRET//SI// ORCON//NOFORN
TOP SECRETASI ORC ON//NOFORN
G í ^ a i ! facebook ms/i Hotmail G o u Q i e ^ paltalk'roir Y o u ®
Nf / «A'i • . Z f e—«o»«*»« AOL mail Â
(TS//SI//NF) PRISM Collection Dataflow
FBI DITU PRINTAURA, S3 53 2 TRAFFICTHIEF
SCISSORS. T132
£
MARINA &
MAINWAY Protocol
Exploitation, S3132
Metadata
SCISSORS, T132
FALLOUT
CONVEYANCE
DNI Content. Videos.
¡Partitions PINWALE NUCLEON
TOP SECRET//SI//ORCON//NOFORN
TOP SECRET//SI//ORCON//NOEQRN
C M ¡1 y * Hotmail
facebook msn
fcyGOOglC
PRISM Provider P1: Microsoft P2: Yahoo P3: Google P4: Facebook P5: PalTalk P6: YouTube P7: Skype P8: AOL PA: Apple
an ^ paltalk.com YOUB
Rpuwl WÏII<. Commjn<al<«' Beyeofl Wxds
-nil AOL^ > m a i
(TS//SI//NF) PRISM Case Notations
P 2 E S Q C 1 2 0 0 0 1 2 3 4 V
Fixed trigraph, denotes PRISM source collection
Year CASN established for selector
Serial #
Content Type A: Stored Comms (Search) B: IM (chat) C: RTN-EDC (real-time notification of an e-mail event such as a login
or sent message) D: RTN-IM (real-time notification of a chat login or logout event) E: E-Mail F: VoIP G: Full (WebForum) H: OSN Messaging (photos, wallposts, activity, etc.) I: OSN Basic Subscriber Info J: Videos . (dot): Indicates multiple types
TOP SECRET//SI// ORCON//NOFORN