Title: QUANTUMTHEORY

Release Date: 2014-03-12

Document Date: 2010-01-01

Description: This presentation from the 2010 SIGDEV Conference describes the contribution made by GCHQ to the development of Quantum techniques: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.

Document: TOP SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

SIGDEV: Discovery in the Cyber Ag>

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U) Classification of Presentation

D This presentation is classified:

TOP SECRET II COMINT II REL TO USA, FVEY II 20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U) What IS QUANTUMTHEORY

(U//FOUO) Nothing to do with “Quantum Computing”

D (S//SI//REL) Protocol injection technique

D Passive
D Active

D (S//REL) Not Man-in-the-Middle

D But can be used to gain that position

D (S//REL) Man-on-the-Side

(S//REL) Mostly Low Latency... mostly

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U) Man on the Side?

Low Side

High Side



TURBINE®

NS AW

TURBINE Gig

ROC

Operator

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(C) Components of QUANTUM Architecture

D (S//REL) TURMOIL

(or LPT, LPT-D, what else can you kludge for tipping... cough.. NINJANIC)
—j—r Passive Sensor

D (S//REL) TURBINE

" Active Mission Logic of Remote Agents

» (C//REL) ISLANDTRANSPORT

" Messaging Fabric

D (S//REL) SURPLUSHANGER

" High->Low diodes

» (S//REL) STRAIGHTBIZARRE or DAREDEVIL

" Implant / Shooter

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(C) Legacy QUANTUMTHEORY techniques

D (TS//SI//REL) QUANTUMINSERT
D HTML Redirection

D (TS//SI//REL) QUANTUMSKY
D HTML/TCP resets

D (TS//SI//REL) QUANTUMBOT

D IRC botnet hijacking

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U) New Hotness

D (TS//SI//REL) QUANTUMBISCUIT

D Redirection based on keywork
D Mostly HTML Cookie Values

D (TS//SI//REL) QUANTUMDNS

D DNS Hijacking
D Caching Nameservers

D (TS//SI//REL) QUANTUMBOT2

D Combination of Q-BOT/Q-BISCUIT for web based
Command and controlled botnets

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U) Experimental

D (TS//SI//REL) QUANTUMCOPPER
c File download disruption

D (TS//SI//REL) QUANTUMMUSH

n Virtual HUFFMUSH / Targeted Spam Exploitation

" (TS//SI//REL) QUANTUMSPIM
n Instant Messaging (MSN chat, XMPP)

" (TS//SI//REL) QUANTUMSQUEEL

D Injection into MySQL persistent database connections

D (TS//SI//REL) QUANTUMSQUIRREL

D Truly covert infrastructure, be any IP in the world

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(U//FOUO) QUANTUMDEFENSE

Shooter

j Anysite.co
¥1 m C2

TAO C2

malware

mirrors

anysite.com C

Cnnnent to senis.

rptnrn nMs an^wpr 1 9 < A

DNS query any NIPRNET IP Address

O

TARGET SPACE

Booked





Implant

Comma

nd &

Control

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY//20320108

(C) Where/What can you QUANTUM

(S//SI//REL) Menwith Hill Station (USJ-759, USJ-759A,...)

“ Operational: Q-INSERT, Q-SKY, Q-DNS, Q-BISCUIT, Q-BOT
» Tested: Q-COPPER, Q-SQUIRREL, Q-BOT2

D (S//SI//REL) Misawa AFB (USF-799,...)

" Operational: Q-INSERT

D (S//SI//REL) INCENSOR (DS-300) - with help from GCHQ

“ Operational: Q-BOT, Q-BISQUIT, Q-INSERT
» Tested: Q-SQUEEL, Q-SPIM

D (TS//SI//REL) NIPRNET Gateways

" Operational: Q-DNS

D (S//SI//REL) Coming Soon....

“ SMOKEYSINK
D SARATOGA

TOP SECRET//COMINT//REL TO USA, FVEY//20320108



qt room in LINKUP
DL QUANTUM HELP

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh