Enter the QUANTUM program….The Internet Is Now Weaponized, And You Are The Target -
Global Research Report
By now, thanks to Edward Snowden, it is common knowledge and not just conspiracy theory, that every bit of information sent out into the wired or wireless ether is scanned, probed, intercepted and ultimately recorded by the NSA and subsequently all such information is and can be used against any US citizen without a court of law (because the president’s pet secret NISA “court” is anything but).
Sadly, in a country in which courtesy of peak social networking, exhibitionism has become an art form, the vast majority of Americans not only could not care less about Snowden’s sacrificial revelations, but in fact are delighted the at least someone, somewhere cares about that photo of last night’s dinner.
However, it turns out that far from being a passive listener and recorder, the NSA is quite an active participant in using the internet.
The weaponized internet.
Because as Wired reports, “The internet backbone — the infrastructure of networks upon which internet traffic travels — went from being a passive infrastructure for communication to an active weapon for attacks.”
And the primary benefactor: the NSA – General Keith Alexander massive secret army – which has now been unleashed against enemies foreign, but mostly domestic.
http://www.zerohedge.com/news/2013-11-15/internet-now-weaponized-and-you-are-target
Enter the QUANTUM program….
User Attack
The NSA has a collection of FOXACID servers, designed to exploit visitors. Conceptually similar to Metasploit’s WebServer browser autopwn mode, these FOXACID servers probe any visiting browser for weaknesses to exploit.
All it takes is a single request from a victim passing a wiretap for exploitation to occur. Once the QUANTUM wiretap identifies the victim, it simply packet injects a 302 redirect to a FOXACID server. Now the victim’s browser starts talking to the FOXACID server, which quickly takes over the victim’s computer. The NSA calls this QUANTUMINSERT.
The NSA and GCHQ used this technique not only to target Tor users who read Inspire (reported to be an Al-Qaeda propaganda magazine in the English language) but also to gain a foothold within the Belgium telecommunication firm Belgacom, as a prelude to wiretapping Belgium phones.
One particular trick involved identifying the LinkedIn or Slashdot account of an intended target. Then when the QUANTUM system observed individuals visiting LinkedIn or Slashdot, it would examine the HTML returned to identify the user before shooting an exploit at the victim. Any page that identifies the users over HTTP would work equally well, as long as the NSA is willing to write a parser to extract user information from the contents of the page.
Other possible QUANTUM use cases include the following. These are speculative, as we have no evidence that the NSA, GCHQ, or others are utilizing these opportunities. Yet to security experts they are obvious extensions of the logic above.
HTTP cache poisoning. Web browsers often cache critical scripts, such as the ubiquitous Google Analytics script ‘ga.js’. The packet injector can see a request for one of these scripts and instead respond with a malicious version, which will now run on numerous web pages. Since such scripts rarely change, the victim will continue to use the attacker’s script until either the server changes the original script or the browser clears its cache.
Zero-Exploit Exploitation. The FinFly “remote monitoring” hacking tool sold to governments includes exploit-free exploitation, where it modifies software downloads and updates to contain a copy of the FinFisher Spyware. Although Gamma International’s tool operates as a full man-in-the-middle, packet injection can reproduce the effect. The injector simply waits for the victim to attempt a file download, and replies with a 302 redirect to a new server. This new server fetches the original file, modifies it, and passes it on to the victim. When the victim runs the executable, they are now exploited — without the need for any actual exploits.
Mobile Phone Applications. Numerous Android and iOS applications fetch data through simple HTTP. In particular, the “Vulna” Android advertisement library was an easy target, simply waiting for a request from the library and responding with an attack that can effectively completely control the victim’s phone. Although Google removed applications using this particular library, other advertisement libraries and applications can present similar vulnerabilities.
DNS-Derived Man-in-the-Middle. Some attacks, such as intercepting HTTPS traffic with a forged certificate, require a full man in the middle rather than a simple eavesdropper. Since every communication starts with a DNS request, and it is only a rare DNS resolver that cryptographically validates the reply with DNSSEC, a packet injector can simply see the DNS request and inject its own reply. This represents a capability upgrade, turning a man-on-the-side into a man-in-the-middle.
One possible use is to intercept HTTPS connections if the attacker has a certificate that the victim will accept, by simply redirecting the victim to the attacker’s server. Now the attacker’s server can complete the HTTPS connection. Another potential use involves intercepting and modifying email. The attacker simply packet-injects replies for the MX (Mailserver) entries corresponding to the target’s email. Now the target’s email will first pass through the attacker’s email server. This server could do more than just read the target’s incoming mail, it could also modify it to contain exploits.
Quantum of pwnness: How NSA and GCHQ hacked OPEC and others
Telecom companies gave intel agencies ability to reroute targets’ traffic.
Documents provided by former National Security Agency contractor Edward Snowden have revealed that the NSA and its partner, Great Britain’s GCHQ, have done a whole lot more than just passively monitor what passes over the Internet. Using their surveillance tools, the intelligence agencies have been able to identify and target individuals at organizations of interest—not just suspected terrorist cells.
The latest target of these “tailored access” efforts to come to light is OPEC, the Organization of Petroleum Exporting Countries. Brazil’s Petrobras, Belgium’s Belgacom, and many others have been targeted as well, based on documents provided by Snowden. According to a report in Der Spiegel, the NSA and GCHQ have had access to OPEC’s internal networks and systems since January of 2008, allowing the NSA to provide intelligence on individual members of OPEC and the countries’ negotiations and tactics. As with the GHCQ hack of engineers at Belgian telecom provider Belgacom, the infiltration of OPEC took advantage of partnerships with international telecommunications providers to reroute Internet traffic to and from targeted users within the organization, including Saudi Arabia’s OPEC governor, through network equipment controlled by the intelligence agencies. That allowed the NSA and GCHQ to perform “man-in-the-middle” attacks that let them install malware onto the target computers and gain access to OPEC’s internal network—even gaining administrative privileges for the network and access to file servers.
The attack, called a “Quantum insert,” is just part of an arsenal of network monitoring and attack tools that the NSA and GCHQ have created that have essentially turned the global Internet into a weapons system that can scan for, identify, target, and attack nearly anyone of interest who connects to Internet services across borders.
DB
- See more at: http://globalresearchreport.com/2013/11/17/enter-the-quantum-program-the-internet-is-now-weaponized-and-you-are-the-target/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+globalresearchreport+(Global+Research+Report)#sthash.xSwLEaiN.Hjvd7MfU.dpuf