⤫ Kununu Ե Twitter Ƀ Tip Us?
The NSA QUANTUM Project (Part 1)
Friday, 01 May 2015
The QUANTUM project was one of the most top-secret ventures of the NSA. During the last months several news agencies reported on that specific technology. Since ✛ΔO considers the project as one of NSA's most eminent threats to society until this day, the organization therefore published this assessment along with an evaluation of countermeasures.

As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible [1]. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed [2].

The article »Don’t Be Fodder for China’s ‘Great Cannon’« roughly outlined the inner workings of the »Great Firewall« and the »Great Cannon«. It showed that the firewall only prevents access to sites by either blocking or redirecting requests, while the cannon does more and actually injects packets into the stream. That is because to call forth a more complex desired behavior on the machine, where the initial request originated from [3]. Therefore that cannon is more comparable to NSA projects like FOXACID. However both projects are tied together and thus the »Great Cannon« uses the »Great Firewall« to insert packets into the internet backbone to cause a race condition. FOXACID itself is not covered within this article, but the Guardian gave some insights in October 2013 in its article »Attacking Tor« [4].
The QUANTUM project consists out of several attack methods with different aim and complexity to operate on a global scale. The related article »Deep dive into QUANTUM INSERT« explained that in greater detail. It basically stated that, depending on the purpose, different attacks can be launched [5]. Nevertheless the NSA's naming conventions are a bit more complex as a »Spiegel« article indicated. In it QUANTUMTHEORY and QUANTUMNATION attacks require QUANTUMINSERT as a base foundation. Also the attacks on targets heavily depend on selectors delivered to the system and provided through database and analysis toolsets like MARINA [6].

The methods are as follows: QUANTUMSKY sends reset packets to prevent connections (countermeasures: encryption, tunnels / utilize VPN or TOR networks, adjust OS packet handling), QUANTUMCOPPER interrupts file transfers (countermeasures: authentication and encryption, P2P networks), QUANTUMINSERT poses a man-on-the-side attack for redirection (countermeasures: authentication, encryption and integrity-checks), QUANTUMBISQUIT enhances the latter for use with proxies (countermeasures: avoid SOCKS 4/5 proxies, utilize cascaded VPN), QUANTUMDNS redirects/alters DNS requests (countermeasures: encryption/DNScrypt-Proxy + NaCl), QUANTUMBOT performs hijacking of IRC subscribers (countermeasures: server-side 1st layer TLS-encryption, challenge-response authentication, bouncer 2nd layer encryption), QUANTUMHAND attacks/intercepts request of Facebook users (countermeasures: avoid Facebook at all costs, employ user agent ECMAScript blocking). We also heard of QUANTUMCOOKIE, a method to degrade/deny/disrupt access to the TOR network (countermeasures: masquerade packets via VPN, use different access media/channel, connect to a private TOR network).

The attack methods mentioned previously are aimed at sending responses to the original requester, prior to the ones sent out by the real/intended replying server. In general it can be said that it is advisable to enforce authentication, encryption, and integrity wherever possible and to stay away from services like Yahoo, Facebook and LinkedIn. Furthermore the use of dynamic IP addresses and special networks like VPNs, TOR or similar decreases the likelihood of tracking. Finally a hardened unixoid OS like BSD or GNU/Linux and a restricted user agent, protected by an AppArmor or SELinux profile and extended, e.g. by NoScript, impedes tracking and successful implantation of NSA malware [7].

It is paramount with regards to cyber and information security to prevent a successful implantation of NSA malware. An infiltration of IT systems and infrastructure must be avoided at all costs. In this context we can say that multiple countermeasures and high experience in terms of administration is necessary to accomplish that. Administrators, technicians and engineers have got to be be familiar with operating systems, networks and information security and should at least have the equivalent of an ITS (A.A.S.) degree plus several years of experience in the field of information and computer sciences [8]. However even ✛ΔO members are unable to ensure their anonymity and security at all times under the present circumstances. It can therefore be safely assumed that the majority of citizens is not and will not be able in the nearer future to protect themselves adequately.

We eventually conclude that the Internet has been completely and silently militarized and that a massive amount of control over global communications was established. Therefore we agree and also state: »The internet is compromised.« [9]. Nonetheless there are ways to get back some sovereignty and even ways to hit back with weapons, specifically made to combat NSA QUANTUM and FOXACID. This we are going to cover within the next part of our series "The NSA Quantum Project".
Last Updated (Friday, 01 May 2015)


  2016-10-07  ☀  16:00 UTC




  ᐊ 1&1 INTR. AG  CDN


  Should ✛ΔO engage more
  in counter-intelligence?
⚫ Yes, there is a need for such operations.
⚫ No, because it may be very dangerous.


Press Cmd or Ctrl + D
Press Cmd or Ctrl + D


  Visitors: 581.000+ ℮


  25 Years of Linux



  Code Of Arms: Frankfurt


  Facility: open and operating
©  2003 - 2017   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.04.010 R 1 on ✛ΔO LXCMS v1.1