Overview#
APEX is an
National Security Agency (
NSA)
SIGINT program.
VPN Phase 2: #
Targeted IKE Forwarding (Spin 15)-
VPN Phase 3: Static Tasking of ESP#
- HAMMERSTEIN receives static tasking to exfil targeted ESP packets.
- APEX reconstructs/reinjects ESP packets to the TURMOIL VPN components.
- TURMOIL VPN requests VPN key from CES and attempts decryption.
VPN Phase 4: Dynamic Targeting of ESP#
- Based on the value returned by KEYCARD, the ESP for a particular VPN may be targeted as well
- TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters for capturing the ESP for the targeted VPN
VoIP Phase 1: Static Tasking of VoIP (Spin 16)#
- HAMMERCHANT monitors VoIP SIP/H.323 signaling and exfiltrates only targeted VoIP RTP sessions to TURMOIL
- APEX reconstructs and bundles the voice packets into a file, attaches appropriate metadata and delivers to PRESSUREWAVE
- This triggers a modified VoIP analytic to prepare the VoIP for corporate delivery.
VoIP Phase 2. VoIP Call Survey#
VoIP Phase 3. Dynamic Targeting of VoIP#
- HAMMERSTEIN captures/exfils all VoIP signaling
- APEX reconstructs/reinjects the signaling to the TURMOIL VoIP components.
- TURMOIL VoIP extracts call metadata and sends to FASCIA; checks KEYCARD for hits.
- If called/calling party is targeted for active exfil, then TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters to capture the targeted RTPT session
- Phase 3 leverages all TURMOIL VoIP signalling protocol processorsa to expand SIP and H.323 (e.g. Skype) without additional development on the implant.
Category#
Government Surveillance
There might be more information for this subject on one of the following: