Title: WILLOWVIXEN and SECONDDATE

Release Date: 2014-03-12

Document Date: 2012-01-01

Description: This extract from a 2012 NSA presentation demonstrates how conventional phishing attacks (like WILLOWVIXEN) have become deprecated in the agency’s offensive arsenal in favour of more sophisticated techniques like Quantum: see the Intercept article How the NSA Plans to Infect ‘Millions’ of Computers with Malware, 12 March 2014.s

Document: TOP SECRET//COMINT//NOFORN

FOXACID these days...

• XSS is becoming less and less viable with each passing day. It’s just
too hard to develop and too easy to circumvent. Because of this (and
other technical/OPSEC issues), the bulk spam mission is becoming
less and less viable as well.

• The new exploit hotness is Quantum. Certain Quantum missions have
a success rate as high as 80%, where spam is less than 1%.

• So, as spam and in-line XSS slowly fade away, the new exploit
development push is for those utilizing MitM or MotS capabilities, as
well as many other very unique techniques.

• Bottom line - if we can get the target to visit us in some sort of web
browser, we can probably own them. The only limitation is the “how”.

TOP SECRET//COMINT//NOFORN

TOP SECRET//COMINT//NOFORN

WILLOWVIXEN

WILLOVWIXEN is a technique that permits exploitation by
having the target browse to a website by clicking on a link in
an email that we sent. The WILLOVWIXEN server receives
the contact from the target and performs a redirection.

Target WILLOWVIXEN Intended Site

TOP SECRET//COMINT//NOFORN

TOP SECRET//COMINT//NOFORN

SECONDDATE

• SECONDDATE is an exploitation technique that takes advantage of
web-based protocols and man-in-the-middle (MitM) positioning.

• SECONDDATE influences real-time communications between client
and server and can quietly redirect web-browsers to FA servers for
individual client exploitation.

• This allows mass exploitation potential for clients passing through
network choke points, but is configurable to provide surgical target
selection as well.

TOP SECRET//COMINT//NOFORN


e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh