Title: QUANTUMTHEORY
Release Date: 2014-03-12
Document Date: 2010-01-01
Description: This presentation from the 2010 SIGDEV Conference describes the contribution made by GCHQ to the development of Quantum techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.
Document: TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
SIGDEV: Discovery in the Cyber Ag>
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) Classification of Presentation
D This presentation is classified:
TOP SECRET II COMINT II REL TO USA, FVEY II 20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) What IS QUANTUMTHEORY
(U//FOUO) Nothing to do with “Quantum Computing”
D (S//SI//REL) Protocol injection technique
D Passive
D Active
D (S//REL) Not Man-in-the-Middle
D But can be used to gain that position
D (S//REL) Man-on-the-Side
(S//REL) Mostly Low Latency... mostly
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) Man on the Side?
Low Side
High Side
♦
TURBINE®
NS AW
TURBINE Gig
ROC
Operator
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(C) Components of QUANTUM Architecture
D (S//REL) TURMOIL
(or LPT, LPT-D, what else can you kludge for tipping... cough.. NINJANIC)
—j—r Passive Sensor
D (S//REL) TURBINE
" Active Mission Logic of Remote Agents
» (C//REL) ISLANDTRANSPORT
" Messaging Fabric
D (S//REL) SURPLUSHANGER
" High->Low diodes
» (S//REL) STRAIGHTBIZARRE or DAREDEVIL
" Implant / Shooter
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(C) Legacy QUANTUMTHEORY techniques
D (TS//SI//REL) QUANTUMINSERT
D HTML Redirection
D (TS//SI//REL) QUANTUMSKY
D HTML/TCP resets
D (TS//SI//REL) QUANTUMBOT
D IRC botnet hijacking
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) New Hotness
D (TS//SI//REL) QUANTUMBISCUIT
D Redirection based on keywork
D Mostly HTML Cookie Values
D (TS//SI//REL) QUANTUMDNS
D DNS Hijacking
D Caching Nameservers
D (TS//SI//REL) QUANTUMBOT2
D Combination of Q-BOT/Q-BISCUIT for web based
Command and controlled botnets
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U) Experimental
D (TS//SI//REL) QUANTUMCOPPER
c File download disruption
D (TS//SI//REL) QUANTUMMUSH
n Virtual HUFFMUSH / Targeted Spam Exploitation
" (TS//SI//REL) QUANTUMSPIM
n Instant Messaging (MSN chat, XMPP)
" (TS//SI//REL) QUANTUMSQUEEL
D Injection into MySQL persistent database connections
D (TS//SI//REL) QUANTUMSQUIRREL
D Truly covert infrastructure, be any IP in the world
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(U//FOUO) QUANTUMDEFENSE
Shooter
j Anysite.co
¥1 m C2
TAO C2
malware
mirrors
anysite.com C
Cnnnent to senis.
rptnrn nMs an^wpr 1 9 < A
DNS query any NIPRNET IP Address
O
TARGET SPACE
Booked
Implant
Comma
nd &
Control
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
(C) Where/What can you QUANTUM
(S//SI//REL) Menwith Hill Station (USJ-759, USJ-759A,...)
“ Operational: Q-INSERT, Q-SKY, Q-DNS, Q-BISCUIT, Q-BOT
» Tested: Q-COPPER, Q-SQUIRREL, Q-BOT2
D (S//SI//REL) Misawa AFB (USF-799,...)
" Operational: Q-INSERT
D (S//SI//REL) INCENSOR (DS-300) - with help from GCHQ
“ Operational: Q-BOT, Q-BISQUIT, Q-INSERT
» Tested: Q-SQUEEL, Q-SPIM
D (TS//SI//REL) NIPRNET Gateways
" Operational: Q-DNS
D (S//SI//REL) Coming Soon....
“ SMOKEYSINK
D SARATOGA
TOP SECRET//COMINT//REL TO USA, FVEY//20320108
qt room in LINKUP
DL QUANTUM HELP