TOP SFCRF.T//SI//ORCON//NOFORX a msn Hotmail Go« „ paltalk™n- Youffl facebook Gr-iai! AOL b mail &
PRISM/US-984XN Overview
OR
The SIGAD Used Most in NSA Reporting Overview
PRISM Collection Manager, S35333
Derived From: NSA/CSSM 1-52 April 20L-3 Dated: 20070108 Declassify On: 20360901 TOP SECRET//SI// ORCON//NOFORN TOP SECRET//SI//ORCON//NOEÛEK ® msnV Hotmail ^ paltalk.com Youi Google Ccnmj
( TS//SI//NF) Introduction ILS. as World's Telecommunications Backbone
Much of the world's communications flow through the U.S. • A target's phone call, e-mail or chat will take the cheapest path, not the physically most direct path - you can't always predict the path. • Your target's communications could easily be flowing into and through the U.S. International Internet Regional Bandwidth Capacity in 2011 Source: Telegeographv Research TOP SECRET//SI// ORCON//NOFORN TOP SECRET//SI//ORCON//NOEQBN Hotmail msn Google ^iïftvgm paltalk™m YouSM) facebook Gm i ¡1 ^ ^ M V^fc i v w*jr ComnuMcatiw Bemm ^mmtmm fcyGooglc AOL & mail  xr^ (TS//SI//NF) FAA702 Operations U « '«PRISM/ -A Two Types of Collection 7 T vv Upstream •Collection of ;ommujai£ations on fiber You Should Use Both
PRISM • Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google Facebook, PalTalk, AOL, Skype, YouTube Apple. TOP SECRET//SI//ORCON//NOFORN TOP SECRET//SI//ORCON//NOEÛEK Hotmail ® MM msn Google paltalk.com YOUE f^AVi r/irmiVAlfCcmmjotal«f Rhnnl'MirBe>coo WxdS6 GM i! facebook • ty Google AOL & mail Jk
(TS//SI//NF) FAA702 Operations V Lfte 5o/7?: PRISM vs. Upstream
PRISM upstream 9 U.S. based service Worldwide DNI Selectors / providers sources • Worldwide DNR Selectors ^^ Coming soon sources Access to Stored Communications s/ (Search) 0 Real-Time Collection (Surveillance) v' "Abouts" Collection 0 • Voice Collection ^Voice over IP v' Direct Relationship with ^)Only through FBI Comms Providers V TOP SECRET//SI// ORCON//NOFORN Mg TOP SECRET//SI//ORCON//NOEÛRK Hotmail msn Google paltalk.com YOUE facebook CooinjnicaK«' Beycoo Vftxös & w Gnai^•Google l AOL mail <â
'•PRISM, (TS//SI//NF) PRISM Collection Details
What Will You Receive in Collection Current Providers (Surveillance and Stored Comms)? It varies by provider. In general:
E-mail • Microsoft (Hotmail, etc.) Chat - video, voice • Google Videos Photos • Yahoo! Stored data • Facebook VoIP • PalTalk File transfers • YouTube Video Conferencing • Skype Notifications of target activity - logins, etc. • AOL Online Social Networking details • Apple Special Requests
Complete list and details 011 PRISM web page: Go PRISMFAA TOP SECRET//SI// ORCON//NOFORN TOP SECRET//SI//ORCON/7NOEÛEX V Hotmail msn Go file „ A paltalkiom Youd) facebook GtyCoogfcH iil AOL %f> mail Â
(TS//SI//NF) Dates When PRISM Collection Began For Each Provider
2007 2008 2009 2010 2011 2012 2013 TOP SECRZT//SI//ORCON 7NOFORN TOP SECRET//SI ORCON NOFORN V Hotmail m msn Google paltalk You® GM i! facebook / ^".vM yr QyrmsyKat«- BeyaWWyœ lyCooglC AOL mail ¿3 (TS//SI//NF)FAA702 Reporting Highlight PRISM ancl STORMBREW Combine RISIVI To Thwartx SAME-DAY NTOC/FBI COLLABORATION PREVENTS 150GB EXFIL EVENT FROM C LEARED DEFENSE CONTRACTOR (CDC)
2012 14 DEC
U.S. CDC :!ijj y
NTOC TIPS FBI TO MMINENT THREAT KK FB^HËLPS CDC REMOVE 2 NTOC tips the IMPLANT FBI to the activity CD The FBI contacts the CDC ancl works with thennp clean the^^^^ The victim performed comj ions on the infecte fc^NTING EXFILTRATION on the NTOC DISCO RSARY INTENT TOP SECRET//SI//ORCON//NOFORN Hotmail msn Gougle ~ rXV05 paltalk You ES facebook OrrrnjfKalO' ftyav Ww* GRAAIL AOL & maiH Â
(Ts//si//NF) Some Higher Volume Domains Collected from FAA Passive
In addition to Hotmail, Yahoo, Google, Paltalk, Facebook, Skype, AOL: Select IP Addresses
wanadoo.fr
alcatel-lucent.com
TOP SECRET//SI// ORCON//NOFORN TOP SECRET//SI//ORCON//NOEÛEK Hotmail msn Google paltalk'cöm. YoulfflS GMHI facebook a—njmeaMo« Be>cflOW3fös (-/Google AOL ^ mail Â
(TS//SI//NF) PRISM Tasking Process
Target Analyst inputs selectors into Unified Targeting Tool (UTT) Surveillance J^^^^^endin^^tore^Comm^ Special FISA Oversight and Processing S2 FAA Adjudicators in Each Product Line Targeting Review/Validation (SV4) Stored Comms Review /Validation Surveillance Ü Pending Stored Comms Targeting and Mission Management (S343) Final Targeting Review and Release y- £ Unified Targeting Tool (UTT) ¿ i PRINTAURA; Site Selector Distribution Manager
Pending Stored Comms Surveillance >• FBI Electronic Communications Surveillance Unit (ECSU) Research & Validate NO USPERs
Targeting Stored Comms Release Providers Selectors ^ FBI PINWALE, (Google, > > Data Intercept Technology Unit (DITU) NUCLEON, Tnllprtinn Collection Yahoo, etc.) etc. TOP SECRET//SI// ORCON//NOFORN TOP SECRETASI ORC ON//NOFORN ms/i Hotmail GouQie ^ paltalk'roir You® facebook Nf / «A'i •. Zf e—«o»«*»« Gí^ai! AOL mail Â
(TS//SI//NF) PRISM Collection Dataflow
PRINTAURA, FBI DITU TRAFFICTHIEF S3 53 2
SCISSORS. MARINA T132 &
£ MAINWAY Protocol Metadata Exploitation, FALLOUT S3132
SCISSORS, CONVEYANCE T132
DNI Content. Videos. NUCLEON PINWALE ¡Partitions TOP SECRET//SI//ORCON//NOFORN an TOP SECRET//SI//ORCON//NOEQRN y* Hotmail msn ^ paltalk.com YOUB Google Commjn
(TS//SI//NF) PRISM Case Notations P2ESQC120001234
V PRISM Provider Fixed trigraph, denotes Year CASN established P1: Microsoft Serial # PRISM source collection for selector P2: Yahoo P3: Google Content Type P4: Facebook A: Stored Comms (Search) P5: PalTalk B: IM (chat) P6: YouTube C: RTN-EDC (real-time notification of an e-mail event such as a login P7: Skype or sent message) P8: AOL D: RTN-IM (real-time notification of a chat login or logout event) PA: Apple E: E-Mail F: VoIP G: Full (WebForum) H: OSN Messaging (photos, wallposts, activity, etc.) I: OSN Basic Subscriber Info J: Videos . (dot): Indicates multiple types TOP SECRET//SI// ORCON//NOFORN