PO: TAO RTD I Team - Booz Allen Hamilton SDS2

The overall classification of this brief is

10± 3.11.18. 1-1.14.u4:1.00/1! a. all:"

If.. - .1. 10 •']0110301 ' ilicon0 01 11 1 1i 1.0:=151114.•:'

• . ei l.130 Lb I.0¢:: - .Del . M. I 00 1 ,....X905 '

. ...

TOP SECRET/151/43EL USA, AUS, CAN, GBIR, NZL

(TS) NSA QUANTUM Tasking Techniques for the R&T Analyst

TOP SECRETUSIIIREL USA, AUS, CAN, GBR, NZL •

Derived From: NSA/CSSM Dated: 2007DIO8

Declassify On: 20370801

1 SPIEGEL ONLINE

TOP SECRET/ISUIREL USA, Au S 1 CAN, GBP, NZL

(TSPSIUREL) Only R&T Analysts can submit QUANTUMTHEORY Tasking to the QUANTUM team. TOPI Analysts can submit QUANITUMNATION Tasking through Target Profiler. The biggest difference is QUANTUMTHEORY deploys a stagel implant called VALIDATOF (soon to be COMMONDEER) and QUANTUM I f deploys a stage° implant called SEASONEDMOTH (SMOTI-1). SMOTHs die within 30 days of deployment unless requested to extend the life.

(T5f/SIUREL) This presentation does not cover FAA QUANTUM, but if you identify an active selector, compare the SIGAD in Marina to the SIGAD on the GO QUANTUM wiki page to see if FAA QUANTUM is an option.

(TS/ISIIIREL) This presentation is geared towards targets seen at US - If you are unfamiliar with this SIGAD, it is equivalent 10 a TI/NF SIGAD that cannot be mentioned in this PowerPoint. You can contact the POC of this brief for more information,

2

SPIEGEL OF

TOP SECRED/COMINTS/REL TO LISA, EVE Y

Web Browsing (Exploit with QUANTUM The concept man-on-the-side)

• QUANTUM is a man-on-the-side capability. If your target has a selector that is active in the last 14 days, vulnerable to the QUANTUM technique, and seen by an 550 site that has QUANTUM capabilities, then there might be the opportunity to detect that communication in real-time and piggy back with the requested content back into the target's network and implant the host.

a QUANTUMTHEORY can be used only if a TAO Project is set up (must coordinate with your R&T Analyst)

• QUANTUMNATION can be used regardless of a TAO Project (T PI does the tasking in Target Profiler)

• The biggest difference is QUANTUMTHEORY deploys a stage' implant called VALIDATOR (soon to be COMMONDEER) and QUANTUMNATION deploys a stage0 implant called SE_ASONEDMOTH (SMOTH). SMOTHs die within 30 days of deployment unless requested to extend the life. The exploit technique is the same.

TOP SECRETKOMINTIREL TO USA, FVEY

8 SPIEGEL ONLINE

TOP SECRET/MI/MEL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1117 Target

Internet Router

Yahoo's Web Server

SSO Site

SI I

4 SPIEGEL ONLINE

TOP SECRETUSWREL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1. Target logs into his Yahoo accounI

Target

Internet Router

Yahoo's Web Server

550 Site

I INT • ',eel m ''on

4

SPIEGEL ONLINE

TOP SECRETUSIHREL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1. Target logs into hEs Yahoo account

Target

limnternet Router

11■1111114

Yah oo' s Web Server

SSO Site

2. SSO site sees the QUANTUM tasked yahoo

selector's packet and forwards it to TAO'S FOXACID Server

I INT • rn OF

4 SPIEGEL ONLINE

lit Target

Internet Router

11111110.

YahoWs Web Server

TOP SECRETUSIHREL USA, AU, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works 4. Yahoo server receives the

packet requesting email content

NSA

ialipsolispoi A

S50 Site

TAO FOXACID Server

3. FO ACID 'meets a FOXACID url into the packet and sends it back to

the targets computer

I I k T V Of

4 SPIEGEL ONLINE

TOP SECRET1/511/REL USA, AUS, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

th7H4-4 Yahoo's

Web Server

[nternet Router

5. ,PDXACiD packet beats the Yahoo packet back to llie

endocn t

NSA

411- apilipi TAO FOXACID

Server

Jr

4 SPI EG EL ONLINE

11 1111116

411[■■■■

Yahoo's Web Server

NSA -

411. 16 .1

11111fr

TOP SECRETUSIHREL USA, AU S, CAN GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

1/1111 Tru-get

6. The target's 'Yahoo welvage is loaded but in the background the

FOXACID URL hpads which redirects to the FORA ID Exploit

Server..

Internet Router

11111111P1IF

TAO FOX ACID Server

SIGNT Da on t

4

E.17. TEE.EL OFILME

TOP SECRETBSIMEL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

Tt3 Yahoo's

Web Server

) 1.1111111' 11111 Target

Internet Router

SSO Site

■11111111-

iNSA

TAO FOXACID Server

7. If the browser is exploitable and the PSP is sale, FOXACID deploys a Stage I implant back

to the target

/GRIT en rt

1 4

SPIEGEL CHLIIIE

Internet Router

.11111°X 41111r■I■

110 Target

Target Implanted!

Yahoo's Web Server

0111111111.1.11 -, --- . - NSA

TAO FOXACID Server

7. If the browser is exploitable and the PSP is safe, FOXACID deploys a Stage I. implant back

to the target

TOP SECRETBSIMEL USA, AU S, CAN, GBR, NZL

What is QUANTUM?

QUANTUM Generic Animation - High Level of How It Works

4 SPIEL EL oNLINE

TOP SECRETPCOMINTUREL TO LISA, FVEY

QUANTUM Capabilities NSA (TS/1311/REL) NSA QUANTUM has the greatest success against <yahoo>, <facebook>, and Static IP Addresses. New QUANTUM realms are often changing, so check the GO QUANTUM vviki page or the QUANTUM SpySpace page to get more up-to-date news.

NSA QUANTUM is capable of targeting the following realms: • 6 IPv4_public • mailrulvircu ▪ • alibabaForumUser • msnMailToken64 • • doubleclickID • cici

• • emailAddr • face book • • rocketmail • simbarUuid • hi5Uid • twitter • • hotmailCID • yahoo • • linkedin • yahooBcookie • • mail • ymail • • mailruMrcu • youTube • • msnMailToken64 • WatcherlD

TOP SECR ET/TCOM INTi/R EL TO USA, EVE Y

5 SPI EG EL ONLINE

TOP SEC ETPCOM INTIIR EL TO LISA, EVE Y

QUANTUMTHEORY - GCHQ If a Partnering Agreement Form (PAF) is set up with GCHQ for the CNO project, then the IT Analyst can utilize GCHQ QUANTUMTHEORY to include additional capabilities such as:

• • ALI BABA • AL • • BEBO_EMAIL • DOUBLE CLICK

• FACEBOOKCUSER • GOOGLE PREFID • • GRAIL • HI5 • • HOTMAIL • LINKEDIN • • MAIL RU • MICROSOFT_MUID • • MICROSOFLANONA • RAMBLER • • RADIUS • SIMBAR • • TWITTER • YAHOO_13 • • YAHOO_L/Y • YANDEX_EMAIL • • YOUTUBE • IP Address

More information on: https://wiki.gchqi

/QUANTUM BISCUIT If you cannot get to the link try: http:I/

TOP SE CR ETECOM INMR EL TO LISA. FVEY

TOP SECRETKOMAT/AREL TO USA, FVEY

QUANTUM SIGDEV - QFDs (TS/151 MEL) Find all Selectors associated to your target (Yahoo, Yahoo B Cookies, Facebook, Hotmail, etc) using Marina, NSA or GCHQ QFDs.

NSA SAT C QFDs: I •

ALTEREGO QFD:

GCHC., " vuene Selector A Iten ate Se I e 191 Ouerleci Alternate Intersection Stele Selector Selector {1.10} Degree Degree

5

, 14,154?

'CaitUE. l fir}

11-.. -clfehcon.

67 114 1 SY

DOGCOLLAR QFD:

Selector

TIP

Enrichient Value Obsermions First Seen On Last Seen Date

9 ZOU /a5P1 2013/0347

Skip to Step 5 once you have all of your selectors...

tei tonal 1911.

TOP SECRETPCOMINTIIREL TO LISA, FVEY

6 SPIEGEL ONLINE

Fddriier 11440. 11.1},

T %-ri•

ailimmagitper. voredRocheirri

4..1. Mit) Sprdl,

i*FIE q 3•114NY

cqt:1--fina- Hem Same. 'Prat F ksc - lidanbly •• Pr*Emcwi 4 41*.

7

..1 ,1441. 1g Redo.*

dimply

Matimagyilliers

6

ixilib ClaraaJ:13 "M. 20i20210 7 .D59.50 ikka-rthi

j Al* vg Pffirre,* d ■Cintiol* 141ralmr*

646.1 gr..

TOP SECRET/ISUIREL USA, AUS, CAN, GBR, NZL

QUANTUM SIGDEV Marina Step 1: Skip to Step 5 if you used the QFDs to identify alternate selectors

4 (I-Si/SI/MEL) If you do not use the GCHQ or NSA QEDs you can use Marina. Run a Marina Selector/Identifier Profile (Federated) search for a 3 month range to look for additional selectors.

7 SPIEGEL ONLINE

i4ectar h41 -1.1m71 –

wet Can I Ph otos:6

Equivalent 11337 S

Pao 1 pi 1

Appikdaden

I New Selector I fc no van Selector

Ft/

er {r4orie Una"' (Deleu11). - • %mime krt• Stree AS • laDIS * ' LetaCICarnMe Erbtity A L... ) 1p Activity

10" Entity 11

<yalipv -;

-0••13.4yailna

4verialicom.macoltD. —.31EMM-651wetisee5.

Fses dNalay nave

has at d

1-45 alt d

cob Ir141.>

<51eypeirialidtan

•

a

TOP SECRETBSUIREL USA, AU S, CAN, GBR, NZL

' (TS//511/REL) Once the query finishes. look at the Equivalent Os section. This will show you other selectors that your target is using. This is determined by linking content (logins/email registrations/etc). It is worth verifying that these are indeed selectors associated to your target. NSA QUANTUM works best against <yahoo> and <facebook>. Although, it is worth making note of a <gnriail> selector for possible GCHQ QUANTUM support or for your own notes.

8 SPIEGEL ONLINE

TOP SECREVISUIREL USA, AUS, CAN GBR, NZL

(TSI/SIHREL) if your search was on a <yahoo> email address, then click on Machine IDs and look for a recent <yahooBcookie>. YahooBcookiers are unique to a specific computer and can hold other <yahoo> addresses that are being logged into on that computer as long as the user does not clear browser cookies. If you see multiple <yahooBcookie> pick the most recent Last Heard date. Also higher the Num Heard is, the more likely that selector does not change.

Fleecing Ple•ecaam

Levine y= 27

.18‘11.5r`

Pear 1 cC 1 Fter (None:: - Limit(Elateu13- - • • 7: • , Save ks 7 Nropk.likei NM, UPIlt 42. b

New Selector

15 ) p P91*L kat 1-14201) -

sr •

IP 0 riartilcie A '; Nab ‘walice•p mcirai4.0(compotole: n; ..7(dDr.S e

cyarocemokie:-

MI [ I 15 L3 5133Z •2131.1.1Z135 Ids

.zo aunr .;21)LI 1Z1:15 10.32Z

'3 0 Oki - cyahx.7. y.st.x13rociatia. J LDS 1.1:107. I. LE . ZOL1.111% 1=1.7.

.4 n ,.eb - 201E1.115 19521.2 '3:4 1I2[5 1611.1237

:5 U.et. regolL0.0 [0:4.3 USE. L33514 . 2011 1205 11264167

6 D wt.t. 0.51.5Y. nfl_hilV_Uairridditeljr1V_Nel.NIC10 I 21.1L L115 L353:122 . 23Ll13:15 PR

7 ❑ axial ..KV*4•0 .CylieCiacCdue .ZIULLICSIVfc X.111L.7•5053:7

Unique Selerdara FcwitEL <yahoo> (Known Selector)

@grnail.com<google> (New Selector)

<yahnoBcookie> New Selector)

9 SPIEGEL ONLINE

Sem.a At • laNt. • %Mut: Load Ce.piele

Entity ■

IM

.!•11

ers •-•

I-. 5!.

.g--

r.75,4a7130,

360/f.11 care rtmocgjia

d..-1-.^51-xoetisar

—aer_<VaniXr}

. Equtwaleet 1M 5 *IP

,I II'ne I of 1 Frier Tkin0 .... Leioul pefaut) Ne11kielze Seve - To-A 31.4tes . LO ecr Cctriplete

❑ AppilEann Entity A Entity 1■OBOrnallom<g06911 e>

.113£1.1al.COhlr.c0:146 -:-

•- (Vahlia

:44371N1c:arnIC9DK1/9

(514neUser

Rao:

(TS//SUIREL) You can do

this by clicking on the selector, scroll down to Selector Profile, and click Range.

ForietIrd CcretArIx .<= 22

kevetse ContacbR

...I Sent PLIC55.30C6'

Recebred nes4at.Tes: - 29

tagrnp; ‹=

IgEmords.

Whdore 91:11rdinutes)

Day (-14- p2Hokas)

Verir (-1 Year)

*KM- PITON"

5!Iezbar ditals

911 icivaiisdgt AnalytIcs

Chuts

Ov:Id To Inquiry

Usef Atilinay

FV.Mnre Event 0

Navel Detail

F■ nd In

TOP SECREVISIIIREL USA, AUS, CAN, GBR, NZL

1

■

1Papriv.slent ION; .%

• POVe 1 et/ 1

1:7; Appac.totl.an IR • .41...Vettp 141.•

r11-1.1R y

New <google> selector

.43' rim; inProis L I ntR {1>tleit-t1 •

tr"tV A. r fa

(TS/iSII/IREL) Since mail.com<google> is a new selector, you will want to do a Marina Selector Profile query on it to see if there are additional accounts associated to the target, Remember NSA QUANTUM cannot target the ‹google> selector.

111 SPIEGEL ONLINE

Selector PireIle Search

5eletirs Prone

511:1• Ch Selector probe [ Agrnal.ciamcgcogisA

-

Stark Ditio 20111110 I-9 BD: Mr CC End Datig 20120210 23.50:59 3 1.46e!Lfri.2

Seim:tars birdy

Ye5.temday

Acid 4 Remove Conlage [1:1Bntif ilE1

This Weep

lrput Last Wed.( Ream

4iggrialLcan gingle Parater s This Month

skyp eMailticen

goo*

skypisMairciken

Parameters

Paramaters

Firterrieters

Lag Month 3 Day

2 Days

3 EtiY5'

10§1grnautccra

skypcMaiTcken Ptserrnkers 5 DM.

• bays &JEN& MoIradE■1=1111:1 - 5144.p eMafliniteri Parane;tus 14 Days

152grnall.corn 40041e Paharivtati:. 1,15nith

_ Quick Add: ! tritEe.:re or wale sisleitlaira seriaratipj by canmes end I errter .

1"forokis •6 imnths

.1yea.

Authority 19It ers

0. hi!!

E1 •

TOP SECRET/ISIBREL USA, AU S, CAN, GBR, NZL

, (TSIISIHREL) Change the query to search for the fast 3 Months and click SUBMIT

SPIEGEL ONLINE

3

All Unique Selectors Found From Both Searches: <yatioo> (Known Selector

@gmail.corri<google, (New Selector) <yahocrBcookie> (New Selector)

4acebook> (New Selector)

TOP SECRETUSUIREL USA, AUS, CAN, GBR, NZL

I.

(TS1/51fiREL) Once the query finishes, look at the Equivalent IDs section and make note of any new <yahoo>, <hotnnail>, <yahooBcookie>, and <facebook> selectors and do the same process to identify additional selectors.

Equivalent IDE. 26

i 1 Page I of 1 iar FAIN Nona) Lorarl Visualize h - Soy r rE5 - Twig Enrichniriz... Wangar Nava. rapparae

1=1 Application

Entity A

& t1 > .c• Activity Entity B

WWI

z El er.."1

el".113 4 ❑ slial

5 ❑ 0.10

6 El: EMall

7 ❑

Emal

8 M erwt3i

1-1 1,1

LO El 0431

I] la-um

12 ❑

IEI451

L5 ❑ elcla i

Atagn5i.cor cCrocke:. ,

-r-Va/Dcrnal.cam<CPEr.cde)

weitrol-vAnqIcagic>

alirrga-C.?Ir':i1W9leCP

Egicrnal.t.arr.qpcoe>

ncrinad_cm-no3 cie5.

@Tr.-34. or. ,croe.> i .yerk..>

Jicram.i.o.r.--ccrcogle>

cEnzebgck.:-

Klynal.t6eteigl*:,

'kacrt.M-"+"*E6Itt)

has cIG6o, Fh6#

has d5ciay na74

di§cgay naml

hos &Oay Ramo

1 1...4V4rf

has at

has de.fday wa=ll

hes display name

ha af•rd

hcr-, pi

rew.serre.....th

hexaked

d

New Facebook Selector I

t AFAI

-ckste balk

-''.0111116411411 cir'e-Suc*

IIMI=III_Vxyroilk.

12 SPIEG EL ONLINE

Search 41uAkye Llser..Ma once (Federated:I)

41 1_1 RiCenit

UserPteseritn

F•rtlif&tecl)

MGCI-IQ Presence Viant liry JP Arklre

%Wall P.Parfe.

31,101Calga;

Start Oath.

Reskrid Lard Nike. Only;

Pactback ID

End Due; 20130401 201=19 013:130;03 M:55:551 C•ays

Mutant Broth. Clutionis

Endur&I"PL2111 1;1.1:kW1 TOW!

INehgethea Roe;

trinigence 'taint ta-am:

I I Stant

If you have OVSC1700, check this box to search GCHQ databases

516E41" Dei•elr_prrelt

open mew lAirclatkk 1;71

TOP SECRETUSHIREL USA, AUS, CAN, GBR, NZL

1 (TS/./SIIIIREL) Once you have a list of your selector(s), you will want to look at each one

separately to check for the likelihood of successfully exploiting your target via NSA QUANTUM. We are checking to see if the target itself is seen at US- and if it is active.

2 (TS/./SIIIREL) First we want to run a Marina Active User/Presence (Federated) search on

<facebook> for the past 14 days.

E•Gci-iQ i'p;*EventINEiFii tG iFi4

9 _J.Arich:ry Saliketers

2r l_iEkUNS &Ad O. R. to °wear IEF Erman e I LcftrT

_40 Chartr

Li Kris diertn• KNOW. ENtfakklahl I WertlFler 11-1).1i 0 I:; PSC Faceboulc

I :Prtildo

• (c•Wilikkllij Quick ANC •- •••• • • •• - • - k•••••clars sepreroet1 tae.nee eircl ist wee

!...! SptrklePcm

• ..:'Uste ActlxIte (SelectorAdentker A.

enable Any Poelm!

Autlipinit-v Filters

Add Rearcrwer

Autlalty

_ wirkichba.

.. ,faichU;hogi

V

13 SP I EGEL ONLINE

) TOP SECRETBSIBREL USA, AUSI CAN, GBR, NZL

(TSI/SIIIIREL) You will either have results or not have results. The key is to look at the SIGAD for the results and if the SIGAD is capable of doing QUANTUM then you most likely have a vulnerable target! To check for SIGADs that NSA and GCHQ QUANTUM can target, type GO QUANTUM in your browser. If GCHQ QUANTUM is needed, then work with your IR&T Analyst to follow the appropriate steps on the wiki to set up a PAP.

(TSIISIIIREL) You will want to look at the Marina results and make note of the most frequent SIGAD/IP CIDR for each Active User/Presence (Federated) query

1) Selector a) SIGAD

b) Active User IP cop - The CDR will be added to the TLN's Whitelist.

-A TLN's Whitelist is a list containing the IF CIDRs your target uses. It is where the

FOXACO server will only continue with exploitation if the external IP Address of the targetiredirection is on the Whitelist for the TLN your R&T Analyst requests.

14 SPIEGEL ONLINE

tL U11:21 2

Activity

Tasked fur Survey

Technique; Q UAPITUIMNATIONfr.

Tasked: 2013 -Jan-29

Last Attempt: 2013-Fib-19 (success.)

TOP SECRETPCOMINTM E I- TO USA, FVEY

Is My Selector Tasked for UANTUM?

If you sent your IT ana yst a selector to task for QUANTUMTHEORY and you want to see if it has been tasked yet, you can enter the selector in Target Profiler and if you see "tasked for survey" and the Technique to be QUANTUMTHEORY or QUANTUMNATION then it is tasked! You can also see when the last FOXACID redirection took place.

<yahoo> r.

P-aked

Tasked for Survey

Technique: VIATITUMTHEORY

saikedi 21912-1;41-26

Teri Last Attempts 21013-Ma r • 01 Owl) °Mai

Cia tasked

C

Ta

O F O I

• v<yahoo> Sena erodif 1013-P i•-U1 11:11:2; 1 Er

for siarq e y

A ethritY

TOP SECR ET/TCOMINTM E TO USA, EVE Y

16 SPIEGEL ONLINE

<facebook> retlil.tervti 21131a-Fliti-22_13:5).::() 4 IT

ea • YUlnerabIlttles

V.0 ' Vuirrarabie log Owenturn 0(12 davi ego) Urner PkgentFrilyzill1415.11) (iPad; CPU CS 5_0_1 roc... K) ApplaWr6Ki16/5a4.46 OKI-MAL irk ■ ciihrclg) Vftrzi.orLi5,1 Whabilmi54405

f r 7 4

TOP SECRETIICOMINTMEL TO USA, FVEY

UANTUMNATION QUANTUMNATION use new TAO CNE tradecraft and automation to drive broad scale initial access, specifically an SSG cloud-analytic to identify selectors in SSA] passive collection that are viable for end-point access, and the use of lightweight CNE implants to obtain initial access and survey data delivered to the TOPI offices via corporate SIGINT repositories. For More Information on QUANTUMNATION check the QUANTUMNATION wiki page

Target Profiler now shows if a selector is vulnerable to a QUANTUM exploit. If your target is valid for QUANTLIMNATION, A "Vulnerable" link in Target Profiler will appear. Simply click the link that sends an email to request QUANTUMNATlON tasking.

Note: QUANTUMNATION and standard QUANTUM tasking results in the same exploitation technique, The main difference is QUANTLIMNATION deploys a stage 0 implant and is able to be submitted by the TOPI. Any ios device will always get VALIDATOR deployed.

TOP SECRUilCOMINT,NREL TO USA, EVE Y

17 SPIEGEL ONLINE

TOP SECRETUSUIREL USA, AUS, CAN, GBIR, NZL

(TSI/SIUREL) Once you have a selector, SIGAD, and IP CIDR, you are ready to start the process for a FOXACID TLN and Tag request.

4 (TSIISII/REL) Depending on the teams, either an IREET analyst or the Branch Chief can create a TLN (Twisty Lobby Number), Contact your Branch Chief for information on creating a TLN for each selector you want to target,

(TSIISIOREL) Note: You will need 1 TLN and 1 FOXACID Tag per selector you task with QUANTUM.

lB SPI EG EL ONLINE

TOP SECRET/IV/MEL USA, AUS, CAN, GBR, NZL

Step 8: (TV/SI/MEL) Once you have a TLN, you will need to submit a FORA ID Tag request. (TV/SI/MEL) Go to titcpE:( nsalcgi pint and fill out the appropriate information in the top and within the body of the ticket update this information accordingly. Here is an example:

CT or Non-CT Non-CT Second Party/Partnering: No countryIRegigniType: in=m

RSA Target: No Type of Op: QUANTUM

WPTT: No Project Name;

TLN 12345 Insert Your TLN

IP Range: "1 Insert Your Active User IP CIOR WHITELIST

MAC Addresses' Unknown

Payload Requested: Val Start Date: 20130401 POC

IvISQ Support: No

19 SPI EG EL ONLINE

TOP SECRETHSUIREL USA, AUS, CAN, GBR, NZL

(1Si/81/MEL) Once the ticket is completed, you will receive an email with the FOXACID Tag for your TLN.

4 (T51/SUIREL) Go to hops:// .nsa.ic.gov, fEndex.php and fill out the appropriate information in the form to task your selector and tag for QUANTUM,

4 (T51/SUIREL) Once your selector is tasked for QUANTUM you will see the status changed to complete.

(TS//31/1REL) The last step it to monitor the TLN in FOISEARCH https:h .nsa - :ir to look for redirections and update the plugins or WHITELIST if needed.

(TsiisiIIREL) De-task your QUANTUM request when you hook your target]

20 SPIEGEL ONLINE

TOP SECRETIISUIREL USA, AUS, CAN, GBR, NJZL

-1 if you have any questions or comments about this presentation, please send an email to atIMIrnsalc.gov

21 SPIEGEL ONLINE