in the discussion regarding well positioned injection points on the backbone (QUANTUMINSERT) i have not yet seen discussion of using these well positioned injection points for covert network connections. consider that you are eavesdropping on return path for a given un-used, high address space of a third party (a lot of that 15.0.0.0/8 is idle :) consider that you can inject arbitrary packets into the egress for same net block (even if upstream, still sufficient to match route). you can now establish a covert TCP connection appearing to come from the high space of 15.0.0.0/8, of which HP only sees the returning (encrypted) martians. (and this assumes they're even watching!) this "wide stack" approach provides cover via multitudes of idle address spaces of third parties, while the actual communicators are hidden. anxiously awaiting the details on how this is used... *sacrifices chickens to the "Snowden Release Gatekeepers" (TM)*