Recent Der Spiegel coverage about the NSA and GCHQ
Hi, I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll enjoy them. Inside TAO: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-e... Part 1: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-e... Part 2: Targeting Mexico: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-e... Part 3: The NSA's Shadow Network: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-e... NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need: http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers... Shopping for Spy Gear: Catalog Advertises NSA Toolbox: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors... Interactive Graphic: The NSA's Spy Catalog: http://www.spiegel.de/international/world/a-941262.html Neue Dokumente: Der geheime Werkzeugkasten der NSA: http://www.spiegel.de/netzwelt/netzpolitik/neue-dokumente-der-geheime-werkze... NSA-Programm "Quantumtheory": Wie der US-Geheimdienst weltweit Rechner knackt: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltwei... Der Spiegel 1 / 2014: https://magazin.spiegel.de/digital/index_SP.html#SP/2014/1/124188114 http://www.spiegel.de/spiegel/index-7629.html TAO slides: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... NSA QUANTUM Tasking Techniques for the R&T Analyst: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... Yahoo! user targeting and attack example with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... QUANTUMTHEORY and related QUANTUM programs: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... If you'd like to detect the QUANTUM INSERT, I suggest reading about the race condition details: http://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fot... Details about the Man-On-The-Side with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... QFIRE (NSA-Geheimdokumente: "Vorwärtsverteidigung" mit QFIRE), TURMOIL, TURBINE, TURBULENCE: http://www.spiegel.de/fotostrecke/qfire-die-vorwaersverteidigng-der-nsa-foto... MARINA: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... More MARINA details: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... Catalog of equipment covering around ~50 programs: http://www.spiegel.de/netzwelt/netzpolitik/interaktive-grafik-hier-sitzen-di... Other slides covering FOXACID and more: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... NSA QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... GCHQ QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... OLYMPUSFIRE: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... An overview of all of these articles is available in German: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltwei... Earlier this week, I also recently gave a talk titled "To Protect and Infect: part two" at CCC's 30C3. In the talk I explain a number of these topics - the video is a reasonable complement to the above stories: https://www.youtube.com/watch?v=b0w36GAyZIA There are quite a few news articles and most of them have focused on the iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture asserting that the NSA needs physical access. This is a misunderstanding. The way that the NSA and GCHQ compromise devices with QUANTUMNATION does not require physical access - that is merely one way to compromise an iPhone. Generally the NSA and GCHQ compromise the phone through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack capabilities. An example of a vulnerable Apple user is shown: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdien... "note: QUANTUMNATION and standard QUANTUM tasking results in the same exploitation technique. The main difference is QUANTUNATION deploys a state 0 implant and is able to be submitted by the TOPI. Any ios device will always get VALIDATOR deployed." They're not talking about Cisco in that slide, I assure you. Details on VALIDATOR: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i... Welcome to 2014! The truth is coming and it can't be stopped, Jacob
On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:
... I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll enjoy them.
second only to BULLRUN drop; thank you!
... OLYMPUSFIRE:
http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i...
off by one error; this is "VALIDATOR" the OLYMPUSFIRE doc is at: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i...
... There are quite a few news articles and most of them have focused on the iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture asserting that the NSA needs physical access. This is a misunderstanding. The way that the NSA and GCHQ compromise devices with QUANTUMNATION does not require physical access - that is merely one way to compromise an iPhone. Generally the NSA and GCHQ compromise the phone through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack capabilities.
thank you as well for this clarification. keep it up :) best regards,
coderman:
On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:
... I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll enjoy them.
second only to BULLRUN drop; thank you!
The BULLRUN story was good but it really needs to be expanded. I find it frustrating that the story wasn't better supported by documents.
... OLYMPUSFIRE:
http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i...
off by one error; this is "VALIDATOR"
Whoops - thanks!
the OLYMPUSFIRE doc is at: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-i...
I'm curious if anyone has yet spotted which well known programs are tied to OLYMPUSFIRE? I'd guess you probably figured it out, if it is possible to link it?
... There are quite a few news articles and most of them have focused on the iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture asserting that the NSA needs physical access. This is a misunderstanding. The way that the NSA and GCHQ compromise devices with QUANTUMNATION does not require physical access - that is merely one way to compromise an iPhone. Generally the NSA and GCHQ compromise the phone through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack capabilities.
thank you as well for this clarification. keep it up :)
The QUANTUM programs are extremely powerful but largely because our systems are so weak. Imagine if the NSA informed Apple and helped them to fix their products rather than sabotaging American companies? All the best, Jacob
--On Friday, January 03, 2014 1:12 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
coderman:
On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum <jacob@appelbaum.net> wrote:
... I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll enjoy them.
second only to BULLRUN drop; thank you!
The BULLRUN story was good but it really needs to be expanded. I find it frustrating that the story wasn't better supported by documents.
... OLYMPUSFIRE:
http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdie nst-internetkonten-fotostrecke-105326-13.html
off by one error; this is "VALIDATOR"
Imagine if the NSA informed Apple and helped them to fix their products rather than sabotaging American companies?
actually, that's the only useful thing do. 'sabotage' fucking american companies - companies that, for starters, should never have been 'trusted', at all.
All the best, Jacob
Yeah, good luck with that. On Jan 2, 2014, at 6:16 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
actually, that's the only useful thing do.
'sabotage' fucking american companies - companies that, for starters, should never have been 'trusted', at all.
Al Billings albill@openbuddha.com http://makehacklearn.org
participants (5)
-
Al Billings -
coderman -
grarpamp -
Jacob Appelbaum -
Juan Garofalo