QUANTUMINSERT "wide stack" covert network communication
in the discussion regarding well positioned injection points on the backbone (QUANTUMINSERT) i have not yet seen discussion of using these well positioned injection points for covert network connections. consider that you are eavesdropping on return path for a given un-used, high address space of a third party (a lot of that 15.0.0.0/8 is idle :) consider that you can inject arbitrary packets into the egress for same net block (even if upstream, still sufficient to match route). you can now establish a covert TCP connection appearing to come from the high space of 15.0.0.0/8, of which HP only sees the returning (encrypted) martians. (and this assumes they're even watching!) this "wide stack" approach provides cover via multitudes of idle address spaces of third parties, while the actual communicators are hidden. anxiously awaiting the details on how this is used... *sacrifices chickens to the "Snowden Release Gatekeepers" (TM)*
it looks like this is called QFIRE / MIDDLEMAN (CovNet?)
http://cryptome.org/2013/12/nsa-qfire.pdf
of particular note you'll see that this unclassified (high risk side)
TAO Covert Network is accessed within a NSA SCIF via a "highly
constrained" *cough* VMWare ESX server instance (ala NetTop for
back-end) which is then colocated at bare metal and/or directly guest
bridged to the SCSnet / NSAnet / *secret networks.
.
.
.
one day i'll have more to say about this!
(i encourage the leakers to beat me to it ;)
--end-top-post--
On Tue, Nov 26, 2013 at 9:03 PM, coderman
in the discussion regarding well positioned injection points on the backbone (QUANTUMINSERT) i have not yet seen discussion of using these well positioned injection points for covert network connections.
consider that you are eavesdropping on return path for a given un-used, high address space of a third party (a lot of that 15.0.0.0/8 is idle :)
consider that you can inject arbitrary packets into the egress for same net block (even if upstream, still sufficient to match route).
you can now establish a covert TCP connection appearing to come from the high space of 15.0.0.0/8, of which HP only sees the returning (encrypted) martians. (and this assumes they're even watching!)
this "wide stack" approach provides cover via multitudes of idle address spaces of third parties, while the actual communicators are hidden.
anxiously awaiting the details on how this is used...
*sacrifices chickens to the "Snowden Release Gatekeepers" (TM)*
On Wed, Jan 1, 2014 at 3:40 AM, coderman
it looks like this is called QFIRE / MIDDLEMAN (CovNet?) http://cryptome.org/2013/12/nsa-qfire.pdf
here this type of comms is called: QUANTUMSQUIRREL http://cryptome.org/2014/03/nsa-gchq-quantumtheory.pdf perhaps due to joint GCHQ/NSA effort """" Experimental: QUANTUMSQUIRREL - Truly covert infrastructure, be any IP in the world """" --- selected-slides --- # Components of QUANTUM Architecture: TURMOIL - (or LPT, or LPT-D, what else can you kludge for tipping ... cough.. NINJANIC) - Passive Sensor TURBINE - Active Mission Logic of Remote Agents ISLANDTRANSPORT - Messaging Fabric SURPLUSHANGER - High -> Low diodes STRAIGHTBIZARRE or DAREDEVIL - Implant / Shooter --- # Legacy QUANTUMTHEORY techniques QUANTUMINSERT - HTML Redirection QUANTUMSKY - HTML/TCP resets QUANTUMBOT - IRC botnet hijacking --- # New Hotness QUANTUMBISCUIT - Redirection based on keyword - Mostly HTML Cookie Values QUANTUMDNS - DNS Hijacking - Caching Nameservers QUANTUMBOT2 - Combination of Q-BOT/Q-BISCUIT for web based Command and controlled botnets --- # Experimental QUANTUMCOPPER - File download disruption QUANTUMMUSH - Virtual HUFFMUSH / Targeted Spam Exploitation QUANTUMSPIM - Instant Messaging (MSN chat, XMPP) QUANTUMSQUEEL - Injection into MySQL persistent database connections QUANTUMSQUIRREL - Truly covert infrastructure, be any IP in the world
participants (1)
-
coderman