SKYNET is a behaviour profiling programme that attempts to identify “interesting travel patterns”, including how often a person travels and to where [SKYNET-02, Slide13]. Specifically, the programme aims to identify “courier-like travel patterns” [SKYNET-02, Slide20].
It achieves this by analysing mobile phone metadata that reveals both location and communication data from bulk call records [INT01]. Using this metadata SKYNET looks for patterns amongst different people who use phones in similar ways [SKYNET-02, Slide2].
For this programme “call data is acquired from major Pakistani telecom providers” but the technical means for obtaining the data is not divulged in the slides [INT01]. It uses a cloud computing technology to store and analyse Call Data Records (CDRs) from Pakistani Telecoms uploaded to an NSA cloud [SKYNET-01, Slide6]. Analysis of the data examines [SKYNET-02, Slide3]:
- Pattern of life
- Social network
- Travel behaviour
This is done using geospatial, geotemporal, pattern-of-life and travel analytics [SKYNET-01, Slide3]. Specifically, by identifying a mobile phone’s IMSI or International Mobile subscriber Identity [SKYNET-01, Slide13]. This number is a unique identification associated with all mobile phones on a cellular network. It is stored as a 64-bit field and is sent by the phone to the network [TFA01].
Behaviours SKYNET attempts to identify include [INT01]:
- Who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month?
- Who does the traveler call when he arrives?”
- “Excessive SIM or handset swapping,”
- “Incoming calls only,”
- “Visits to airports,”
- “Overnight trips”
- Mobile phone metadata storage and analysis
- Pattern-of-life analysis
- Travel analysis
- Social network analysis
- Mobile phone metadata
- Global System for Mobile Communications (GSM)
- International Mobile Subscriber Identity (IMSI)
DEMONSPIT – dataflow of Call Data Records (CDRs) from Pakistan [SKYNET-01, Slide6]
MAINWAY – collection of telephone metadata
Layers of operation:
The SKYNET programme collected 55 million cell phone records from Pakistan to identify ‘interesting’ or ‘suspect’ behaviours [INT01].
Questions are being raised about the “method of identifying terrorist targets based on metadata” [INT01] because it may identify false positives especially when it comes to the activities of journalists who seek to contact terrorists. In particular an Al Jazeera journalist, Ahmad Muaffaq Zaidan was singled out as someone whose “movements and calls mirrored those of known Al Qaeda couriers” [INT01].
- MIT Lincoln Labs [SKYNET-01, slide 3]
- Harvard [SKYNET-01, slide 3]:
- Pakistan Telecoms (unnamed) [SKYNET-01, slide 6]
2) SKYNET01 – https://firstlook.org/theintercept/document/2015/05/08/skynet-applying-advanced-cloud-based-behavior-analytics/
3) SKYNET02 – https://firstlook.org/theintercept/document/2015/05/08/skynet-courier/
Tech Faq (TFA)