Title: POISONNUT

Release Date: 2014-12-28

Description: This undated page from NSA’s internal WikiInfo describes POISONNUT, “the Virtual Private Network Attack Orchestrator (VAO)”: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.

Document: POISONNUT - Wikiinfo

The accredited security level of this system is: TOP SECRET//SI-GAMMA/TALENT KEYHOLP//nRmv/PRnPiN/BFi inn/RPi rn tt*;4 fvfv *

TOP SECRETJ/SI//REL TO USA, FVEY (u) POISONNUTAdminibaK

(S//REL) POISONNUT

This Project page has moved to the: CES 2P
PIQ Wiki

Contents

■ 1 (U) Overview

■ 2 (U) Development Process and Standards

■ 3 (U) History

■ 4 (U) Current Architecture

■ 4.1 (U) Testing/Integration

■ 4.2 (U) Developer Resources

■ 5 (U) Future

■ 6 (U) Contact Info

■ 6.1 (U) Related Wiki Pages

■ 7 (U) References

■ 8 (U) See also

(U) Overview

(URN info: alias

This page is registered as

go pnut

This application makes use of the
Java Java programming language.

(TS//SI//REL) POISONNUT, also known as the Virtual Private Network Attack Orchestrator (VAO), is a message driven cryptologic
exploitation service for VPNs with the main focus on IPSec. Currently, the list of POISONNUT clients includes TURMOIL,
WEALTHYCLUSTER and the TEe. Each POISONNUT client can connect to POISONNUT using 1SLANDTRANSPORT. Once
connected to POISONNUT, clients send and receive XML messages encrypted using ISLANDH1DEAWAY.

(U) Development Process and Standards

(U//FOUO) POISONNUT follows the LONGHAUL Development Process which uses the NSA Way.

(U) History

(TS//S1//REL) The VPN Attack Orchestrator (VAO) has existed in various configurations since 2003. Originally developed as a
standalone application by the Network Security Products branch, the later became a key crypt application integrated with
corporate collection frameworks such as WC2 andTURMOIL. As of 2006, the Heritage VAO, as it is now known, was stood up inside
of a JBoss server. In November 2008, a new development effort was stood up in order to increase the throughput and stability of
the VAO. The new VAO system, under the cover term POISONNUT, has a major development milestone scheduled for September
2009. POISONNUT is the first component which will be available under the LONGHAUL project. This new development is being
undertaken by developers in the T342P and the S31243 VPN Team.

VAO Graphic

(U) Current Architecture

1 of 2

POISONNUT - Wikiinfo

(U//FOUO) The POISONNUT system is composed of several components. Each component is composed of one or more products. A
description of our business model for POISONNUT is available: here.

(U//FOUO) These are the high level components for the POISONNUT system:

TS//SI//REL

(TS//REL) Components High Level Design

(U) Testing/Integration

■ VALIANTSURF / POISONNUT Integration Notes
(U) Developer Resources

■ (U) VAO Developers Calendar / Meeting Notes

■ (TS//REL) VPN Metrics

(U) Future

- (U) VAO Client

(U) Contact Info

(U//FOUO) POISONNUT Development Team email alias

(U//FOUO) Jabber Chat Room:_______

(U//FOUO) LONGHAUL JSignout group
(U//FOUO) Developer A/L

(U) Related Wlkl Pages

(U//FOUO) LONGHAUL I
(U//FOUO) SCARLETFEVER I

[_toe_Parent Project

■ a Sibling LONGHAUL Project

(U) References

■ (C//REL) PICARESQUE information about Virtual Private Network Attack Orchestrator

(U) See also

■ List

■ Experts

from

Categories: Applications using Java | URN | VPN | POISONNUT | TechExp projects | Decryption systems | LONGHAUL

Derived From: SI Classification Guide, 02-01, Dated: 20060711
and NSAfCSSM 1-52, Dated: 20070108

___________________________________________________________________________________________________________________________________Declassify On: 2032010S

TOP SECRET//SI//REL TO USA, FVEY

2 of 2


e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh