Analyzing Mobile/Cellular DNI in Xkeyscore: Top Secret//Comint//Rel To Usa, Aus, Can, GBR, Nzl//20291123
Analyzing Mobile/Cellular DNI in Xkeyscore: Top Secret//Comint//Rel To Usa, Aus, Can, GBR, Nzl//20291123
Analyzing Mobile/Cellular DNI in Xkeyscore: Top Secret//Comint//Rel To Usa, Aus, Can, GBR, Nzl//20291123
Analyzing
Mobile/Cellular DNI in
XKEYSCORE
May 2009
mvm
m m m
* — DERIVED FROM:N$A/
Mobile DNI
Mobile DNI can be described as people
using their Cell Phone or cellular
technology to access the Internet and
E-mail
There are essentially two "types" of
collection:
> Collection within the GPRS/3G network (i.e Abis
link)
• Collection within the public Internet
(FO R N S AT/F6/S SO/FIS A/etc)
Mobile DNI
Mobile DNI Collect comes in two main types:
HTTP Activity
• HTTP activity comes in two types:
cnn.com Server
iyahoo> seen with machie DD E Show (2) Values 0 2 possible kyahoo> ZCi
IMEI:
MCC:
//20291123
h t t p i c ^ i w n a c cellpl
* * * * * * « * * Itftp.response/Yrtml http:f«|>onse p t tV i
Y! Mail m a i l W c b m a i . y a h o o mnil.W£bmaU/>tthoo
mail wehm.iil y a h o o m a i I / w e b m a i l v a li o o
Y! Mail
m ail w e h m o l - y a h o o mail.Webmail/yohoo
Y! Mail
m a i r w e b m a l L y a h o * m a Il . w e b mall/yah o o
Y! Mall
m ail webmail.yahoo m a 11 W e b m a i l . y . i h o o
Y! Mail
TOP SECRET/,'COMINT/iREL TO USA, AUS, CAN, GBR, NZL
20090506 192654Z [-yahoo- seen with machine EE' 9rvueuh4 ;lr 97 ^yahooE cookie^ 9rvueuh4 sir 97 <^yahc oBc o okie> AP
¿ÜU9ÜÍ06 1926MZ previous IF 9rvueuh4 sir 9' / <yahc oBc o okie> AP
20090506 192654Z client to server 9rvueuh4 sir 97 < yahc oBcookie> AI
20090506 192654Z -yahoo> logged ir. (email) 9ryueuh4 sir 97 <y ahc oBc o okic> AP
20090506 192805Z seen with machine ED 9rvueuh4;lr97<vahooEcookie> 9rvueuh4 sir 97 <yahc oBc ookie> AP
/0090506 192R05Z nl-fint to iftrvp.r 9n?i iei ]h4 sir 97 <yah o oBr o c.ki e> AP
20090506 192305Z previous EP 9rvueuh4 sir 97 <yahc oBc o okie> AI
20090506 192S05Z -yahoo- logged ir. (email) 9rvueuh4 sir 97 <yahc oBc ookie> AI
username • • • • • . v y o h o o mallWelMDillyalioo
uocrnamc I "B'S yahoo moll wcbivial I yahoo niail-Wcbmail.Vfthoo browi>tr-<tll|>l>onc.ii0kla ccllphoiKvwap fingerprint phonc/hokla/gcncrfc m o b i k
Cookie Browser
SP«v»- âa-1, Y-vUn»d8k"Sflii1 !38c5ÂI=I |MokieN72«.07D6.AJ0.1 "Ser =560.2.8 Profited DP-2.0 Configurationj^LDC-l.1
Services ^
Host intLm.yahoo.com
A:cept: textZjavascr.pt, text/ecmascript, appHcation/x-javascnpt, text/html, ap.plicataoii/vndwap.Hhtml z
multipart/mixed, t e x t / v n d w a p . w m l , appHcation/vnd.wap.wmlc, application/vnd.wap.wmlscripti
application/java, application/x-java-archive, text/vnd.sun.j2me.app-descriptor, application/vnd
applic ation/vnd. oma. dm;, content, appLcation/vnd. wap.mms -me s s age. application/vnd. wap. sic,
application/vnd. orna.dd xml, text/javascript, * / *
/
Mobile DNI: Traditional Collection
mm
Cookie: V=1
Y a h o o l o g i n i l l : )
Gender: female, Birth year: 1977. Post.il co<le:|
jb=34|32|9 (Industry: Telecommunications, Job: Network Administrator, Spe
r=ga
lg=ei.-TJS ( Language/content:English )
ind=us I Country: United States )
np=l
ptdil /
domain
2F=CSICKBC YdCKBItdVgYO Y*85MjJ?Bj YyMDczTzQ2TzA-
a=QAE
sk=DAACWI24ft844j7
ks=EAApZl STMfoCuSrWedATmlg—C
d=c SwBTIRYNEFURTFO ekEwT0RNeE9E YyOB YQFRQUTJBZwF UTEZVQ1TTV
F ocgFDTTOlD $ 0 JtVOEÈ 4 GJwATBkVXVF Q v?- -
pgih /
domain yahoo.com
TJser-A^ent: iPhone M a i (5H11)