The NSA QUANTUM Project (Part 1)
Friday, 01 May 2015
The QUANTUM project was one of the most top-secret ventures of the NSA. During the last months several news
agencies reported on that specific technology. Since ✛ΔO considers the project as one of NSA's most
eminent threats to society until this day, the organization therefore published the present assessment along with an
evaluation of countermeasures.
As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible [1]. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed [2].
The article »Don’t Be Fodder for China’s ‘Great Cannon’« roughly outlined the inner workings of the »Great Firewall« and the »Great Cannon«. It showed that the firewall only prevents access to sites by either blocking or redirecting requests, while the cannon does more and actually injects packets into the stream. That is because to call forth a more complex desired behavior on the machine, where the initial request originated from [3]. Therefore that cannon is more comparable to NSA projects like FOXACID. However both projects are tied together and thus the »Great Cannon« uses the »Great Firewall« to insert packets into the internet backbone to cause a race condition. FOXACID itself is not covered within this article, but the Guardian gave some insights in October 2013 in its article »Attacking Tor« [4].
As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible [1]. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed [2].
The article »Don’t Be Fodder for China’s ‘Great Cannon’« roughly outlined the inner workings of the »Great Firewall« and the »Great Cannon«. It showed that the firewall only prevents access to sites by either blocking or redirecting requests, while the cannon does more and actually injects packets into the stream. That is because to call forth a more complex desired behavior on the machine, where the initial request originated from [3]. Therefore that cannon is more comparable to NSA projects like FOXACID. However both projects are tied together and thus the »Great Cannon« uses the »Great Firewall« to insert packets into the internet backbone to cause a race condition. FOXACID itself is not covered within this article, but the Guardian gave some insights in October 2013 in its article »Attacking Tor« [4].
The QUANTUM project consists out of several attack methods with different aim and complexity to operate on a global
scale. The related article »Deep dive into QUANTUM INSERT« explained that in greater detail. It basically stated that,
depending on the purpose, different attacks can be launched
[5].
Nevertheless the NSA's naming conventions are a bit more complex as a »Spiegel« article indicated. In it QUANTUMTHEORY
and QUANTUMNATION attacks require QUANTUMINSERT as a base foundation. Also the attacks on targets heavily depend on
selectors delivered to the system and provided through database and analysis toolsets like MARINA
[6].
The methods are as follows: QUANTUMSKY sends reset packets to prevent connections (countermeasures: encryption, tunnels / utilize VPN or TOR networks, adjust OS packet handling), QUANTUMCOPPER interrupts file transfers (countermeasures: authentication and encryption, P2P networks), QUANTUMINSERT poses a man-on-the-side attack for redirection (countermeasures: authentication, encryption and integrity-checks), QUANTUMBISQUIT enhances the latter for use with proxies (countermeasures: avoid SOCKS 4/5 proxies, utilize cascaded VPN), QUANTUMDNS redirects/alters DNS requests (countermeasures: encryption/DNScrypt-Proxy + NaCl), QUANTUMBOT performs hijacking of IRC subscribers (countermeasures: server-side 1st layer TLS-encryption, challenge-response authentication, bouncer 2nd layer encryption), QUANTUMHAND attacks/intercepts request of Facebook users (countermeasures: avoid Facebook at all costs, employ user agent ECMAScript blocking). We also heard of QUANTUMCOOKIE, a method to degrade/deny/disrupt access to the TOR network (countermeasures: masquerade packets via VPN, use different access media/channel, connect to a private TOR network).
The attack methods mentioned previously are aimed at sending responses to the original requester, prior to the ones sent out by the real/intended replying server. In general it can be said that it is advisable to enforce authentication, encryption, and integrity wherever possible and to stay away from services like Yahoo, Facebook and LinkedIn. Furthermore the use of dynamic IP addresses and special networks like VPNs, TOR or similar decreases the likelihood of tracking. Finally a hardened unixoid OS like BSD or GNU/Linux and a restricted user agent, protected by an AppArmor or SELinux profile and extended, e.g. by NoScript, impedes tracking and successful implantation of NSA malware [7].
It is paramount with regards to cyber and information security to prevent a successful implantation of NSA malware. An infiltration of IT systems and infrastructure must be avoided at all costs. In this context we can say that multiple countermeasures and high experience in terms of administration is necessary to accomplish that. Administrators, technicians and engineers have got to be be familiar with operating systems, networks and information security and should at least have the equivalent of an ITS (A.A.S.) degree plus several years of experience in the field of information and computer sciences [8]. However even ✛ΔO members are unable to ensure their anonymity and security at all times under the present circumstances. It can therefore be safely assumed that the majority of citizens is not and will not be able in the nearer future to protect themselves adequately.
We eventually conclude that the Internet has been completely and silently militarized and that a massive amount of control over global communications was established. Therefore we agree and also state: »The internet is compromised.« [9]. Nonetheless there are ways to get back some sovereignty and even ways to hit back with weapons, specifically made to combat NSA QUANTUM and FOXACID. This we are going to cover within the next part of our series "The NSA Quantum Project".
The methods are as follows: QUANTUMSKY sends reset packets to prevent connections (countermeasures: encryption, tunnels / utilize VPN or TOR networks, adjust OS packet handling), QUANTUMCOPPER interrupts file transfers (countermeasures: authentication and encryption, P2P networks), QUANTUMINSERT poses a man-on-the-side attack for redirection (countermeasures: authentication, encryption and integrity-checks), QUANTUMBISQUIT enhances the latter for use with proxies (countermeasures: avoid SOCKS 4/5 proxies, utilize cascaded VPN), QUANTUMDNS redirects/alters DNS requests (countermeasures: encryption/DNScrypt-Proxy + NaCl), QUANTUMBOT performs hijacking of IRC subscribers (countermeasures: server-side 1st layer TLS-encryption, challenge-response authentication, bouncer 2nd layer encryption), QUANTUMHAND attacks/intercepts request of Facebook users (countermeasures: avoid Facebook at all costs, employ user agent ECMAScript blocking). We also heard of QUANTUMCOOKIE, a method to degrade/deny/disrupt access to the TOR network (countermeasures: masquerade packets via VPN, use different access media/channel, connect to a private TOR network).
The attack methods mentioned previously are aimed at sending responses to the original requester, prior to the ones sent out by the real/intended replying server. In general it can be said that it is advisable to enforce authentication, encryption, and integrity wherever possible and to stay away from services like Yahoo, Facebook and LinkedIn. Furthermore the use of dynamic IP addresses and special networks like VPNs, TOR or similar decreases the likelihood of tracking. Finally a hardened unixoid OS like BSD or GNU/Linux and a restricted user agent, protected by an AppArmor or SELinux profile and extended, e.g. by NoScript, impedes tracking and successful implantation of NSA malware [7].
It is paramount with regards to cyber and information security to prevent a successful implantation of NSA malware. An infiltration of IT systems and infrastructure must be avoided at all costs. In this context we can say that multiple countermeasures and high experience in terms of administration is necessary to accomplish that. Administrators, technicians and engineers have got to be be familiar with operating systems, networks and information security and should at least have the equivalent of an ITS (A.A.S.) degree plus several years of experience in the field of information and computer sciences [8]. However even ✛ΔO members are unable to ensure their anonymity and security at all times under the present circumstances. It can therefore be safely assumed that the majority of citizens is not and will not be able in the nearer future to protect themselves adequately.
We eventually conclude that the Internet has been completely and silently militarized and that a massive amount of control over global communications was established. Therefore we agree and also state: »The internet is compromised.« [9]. Nonetheless there are ways to get back some sovereignty and even ways to hit back with weapons, specifically made to combat NSA QUANTUM and FOXACID. This we are going to cover within the next part of our series "The NSA Quantum Project".
References:
- ↟ "The Further Democratization of [NSA] QUANTUM"↗. Schneier on Security / B. Schneier. Retrieved 01 May 2015.
- ↟ "The Further Democratization of QUANTUM - C6694411"↗. Schneier on Security / B. Schneier. Retrieved 01 May 2015.
- ↟ "Don't Be Fodder for China's Great Cannon"↗. Krebs on Security / B. Krebs. Retrieved 01 May 2015.
- ↟ "Attacking Tor: how the NSA targets users' online [..]"↗. Guardian News and Media Ltd. / B. Schneier. Retrieved 01 May 2015.
- ↟ "Deep dive into QUANTUM INSERT"↗. FOX IT a.k.a Fox-IT B.V. / L. Haagsma. Retrieved 01 May 2015.
- ↟ "NSA Documents: This way the intelligence takes [..]"↗. SPIEGEL-Verlag R. A. Ltd. & Co. LP / M. Rosenbach, C. Stöcker. Retrieved 01 May 2015.
- ↟ "NSA Documents: This way the intelligence breaks [..]"↗. SPIEGEL-Verlag R. A. Ltd. & Co. LP / J. Breithut. Retrieved 01 May 2015.
- ↟ "Wikipedia - Associate degree"↗. Wikipedia / D. Cullen, J. Pennell, et al. Retrieved 01 May 2015.
- ↟ "The Internet is compromised - A diagnosis after a [..]"↗. A Medium Corporation / Claudio (Doe). Retrieved 01 May 2015.
Last Updated (Friday, 01 May 2015)