jspωiki
APEX

Overview#

APEX is an National Security Agency (NSA) SIGINT program.

VPN Phase 1: IKE Metadata Only (Spin 15)#

VPN Phase 2: #

Targeted IKE Forwarding (Spin 15)-

VPN Phase 3: Static Tasking of ESP#

  • HAMMERSTEIN receives static tasking to exfil targeted ESP packets.
  • APEX reconstructs/reinjects ESP packets to the TURMOIL VPN components.
  • TURMOIL VPN requests VPN key from CES and attempts decryption.

VPN Phase 4: Dynamic Targeting of ESP#

  • Based on the value returned by KEYCARD, the ESP for a particular VPN may be targeted as well
  • TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters for capturing the ESP for the targeted VPN

APEX Voice over IP Phases#

VoIP Phase 1: Static Tasking of VoIP (Spin 16)#

  • HAMMERCHANT monitors VoIP SIP/H.323 signaling and exfiltrates only targeted VoIP RTP sessions to TURMOIL
  • APEX reconstructs and bundles the voice packets into a file, attaches appropriate metadata and delivers to PRESSUREWAVE
  • This triggers a modified VoIP analytic to prepare the VoIP for corporate delivery.

VoIP Phase 2. VoIP Call Survey#

VoIP Phase 3. Dynamic Targeting of VoIP#

  • HAMMERSTEIN captures/exfils all VoIP signaling
  • APEX reconstructs/reinjects the signaling to the TURMOIL VoIP components.
  • TURMOIL VoIP extracts call metadata and sends to FASCIA; checks KEYCARD for hits.
  • If called/calling party is targeted for active exfil, then TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters to capture the targeted RTPT session

Implementation of Voice over IP Phase 2 and 3 will be driven by mission need. #

  • Phase 3 leverages all TURMOIL VoIP signalling protocol processorsa to expand SIP and H.323 (e.g. Skype) without additional development on the implant.

Category#

Government Surveillance

More Information#

There might be more information for this subject on one of the following: