Friday, December 14, 2012

DIA's New RFI for "Technical Exploitation Support"

Spencer Ackerman at Danger Room has a post called "SpyPhone: Pentagon Spooks Want New Tools for Mobile 'Exploitation'" (available here) that focuses on an interesting new Defense Intelligence Agency (DIA) Request for Information (RFI) up on the Federal Business Opportunities website called "Technical Exploitation Support."

Ackerman's discussion of the RFI begins:
The Pentagon wants to upgrade its spy corps. And one of its first jobs will be finding out what’s on your iPhone.
If the Defense Intelligence Agency (DIA) gets its way, it’ll send an expanded cadre of spies around the world to scope out threats to the U.S. military. And it won’t just be a larger spy team, it’ll be a geekier one. The DIA wants “technical exploitation” tools that can efficiently access the data of people the military believes to be dangerous once their spies collect it.
 Ackerman notes that one of the areas stressed in the RFI is
“captured/seized media.” Think, for instance, of all the flash drives, hard drives and CDs that Navy SEALs seized during the raid that killed Osama bin Laden. Flynn wants to understand both the text they’d contain, through “automation support to enable rapid triage,” and their subtexts or metadata, using “steganography” tools to decipher coded messages and “deep analysis of malicious code/executables.” And that’s on top of “deep hardware exploitation of complex media with storage capacity” and reverse-engineering tools “to discover firmware artifacts.”
The RFI's own summary notes:
The broad objective of this requirement is to provide exploitation capabilities and technical support services to Document and Media Exploitation (DOMEX) programs for the collection and dissemination of intelligence. This objective is completed by acquiring electronic media devices; conduct screening and exploitation of these devices, in addition to translate, analyze, and report on the information/intelligence derived from these devices. Finally reports must be created and database records ingested into local and national databases; both and made readily available to analysts from the tactical to national levels.
The full RFI is available from the website, but as it will eventually disappear from there, I have re-posted it here. Responses are due by January 4, 2013.