(U//FOLIO) QUANTUMTIEORY...F2Oft) Si evelopment Conference SIGDEV: Discovery in the Cyber Age 91....

F2Oft) Si • evelopment Conference

SIGDEV: Discovery in the Cyber Age 91.

TOP SECRET8COMINTI/REL TO USA, FVEY1/20320108

(U//FOLIO) QUANTUMTIEORY

(UHFOU0); name redacted S32X

mli■=111■10■.-

TOP SECREMCOMINTIIREL TO USA, FVEY1120320108

TOP SECRETIICOMINVIREL TO USA, FVEY//20320108

__00 0r1H5

TOP SECRETHCOMINT/IREL TO USA, FVEY/120320108

(U) Classification o res e nt at o n

■ This presentation is classified:

TOP SECRET 11 COMINT 11 REL TO USA, FVEY // 20320108

TOP SEC RET/ICOMINT/IREL TO USA, FVEY/120320108

(U) What is QUANTUMTHEORY • (U/iFOU0) Nothing to do with "Quantum Computing"

■ (S//SI//REL) Protocol injection technique • Passive • Active

■ (SHREL) Not Man-in-the-Middle ■ But can be used to gain that position

■ (SHREL) Man-on-the-Side

■ (SHREL) Mostly Low Latency... mostly 7okk

VO' Iry a

M H S

TOP SECRETi/COMINVIREL TO USA, FVEY//20320108

ROC Operator

TOP SECRETHCOMINT/IREL TO USA, FVEY1120320108

747 mpo TRAFFICTH1EF

MHS

TURBINE GUI

A? tilk el VF RaliS

TOP SECRETIICOMINTi/REL TO USA, FVEY//20320108

Low Side

High Side


(C) Components of QUANTUM Architecture ■ (SHREL) TURMOIL

■ (or LPT, LPT-D, what else can you kludge for tipping... cough.. N1NJANIC) ■ Passive Sensor

■ (S//REL) TURBINE ■ Active Mission Logic of Remote Agents

■ (C//REL) ISLANDTRANSPORT ■ Messaging Fabric

■ (SHREL) SURPLUSHANGER ■ High-›Low diodes

■ (SHREL) STRAIGHTBIZARRE or DAREDEVIL ■ Implant / Shooter

)4111r., . mr

19.11 HS -

TOP SECRETIICOMINVIREL TO USA, FVEY//20320108

TOP SEC RET/ICOMINT/IREL TO USA, FVEY//20320108

(C) Legacy QUANTUMTHEORY techniques ■ (TS//SI//REL) QUANTUMINSERT

• HTML Redirection

■ (TS//SI//REL) QUANTUMSKY • HTML/TCP resets

■ (TS//SI//REL) QUANTUMBOT • IRC botnet hijacking

I • Ir‘.

M1-1S

TOP SECREP/COMINVIREL TO USA, FVEY//20320108

TOP SEC RETHCOMINT/IREL TO USA, FVEY//20320108

(U) New otness ■ (TS//SI//REL) QUANTUMBISCUIT

• Redirection based on keywork ■ Mostly HTML Cookie Values

■ (TS//SI//REL) QUANTUMDNS • DNS Hijacking ■ Caching Nameservers

■ (TS//SI//REL) QUANTUMBOT2 ■ Combination of Q-BOT/Q-BISCUIT for web based

Command and controlled botnets

TOP SECREP/COMINVIREL TO USA, FVEY//20320108

TOP SEC RETHCOMINT/IREL TO USA, FVEY/120320108

■ (TS//SI//REL) QUANTUMCOPPER • File download disruption

■ (TS//SI//REL) QUANTUMMUSH • Virtual HUFFMUSH / Targeted Spam Exploitation

■ ( -1SHSIHREL) QUANTUMSPIM • Instant Messaging (MSN chat, XMPP)

■ (1-SHSIHREL) QUANTUMSQUEEL • Injection into MySQL persistent database connections

■ (TSIISIHREL) QUANTUMSQU1RREL • Truly covert infrastructure, be any IP in the world,

th0 -141V TOP SECREP/COMINVIREL TO USA, FVEY//20320108

Anysite.co), in C2 malware =

nn

TOP SECRETIICOMINVIREL TO USA, FVEY//2-0320108

DNS query any NIPRN

TARGET SPACE

P ddress 3 2 0 - „ I

TAO Shooter

IS Blocked 111 ot,4 Fo

Ser

NIPRNET

TAO C2 mirrors anysite.com C2

Command Sent

TOP SECRETHCOMINT/IREL TO USA, FVEY//20320108

(U//FOLIO) QUANTUMDEFENSE


at can you

VW.

Ml-IS •

TOP SECRETfiCOMINVREL TO USA, FVEY/720320108

• (Si/SCI/REL.) Menwith Hill Station (UUSJ-759 3 USJ-759A,...) ■ Operational: 0-INSERT, 0-SKY, 0-DNS, 0-BISCUIT, Q-BOT ■ Tested: 0-COPPER, 0-SQUIRREL, Q-BOT2

• (SHSIIIREL) Misawa AFB (USF-799...) ■ Operational: ()INSERT

• (SHSIHREL) INCENSOR (DS-300) — with help from GCHQ ■ Operational: Q-BOT, Q-BISQUIT, 0-INSERT ■ Tested: Q-SQUEEL, Q-SPIM

• (TSIISIHREL) NIPRNET Gateways ■ Operational: Q-DNS

■ (Si/SIHREL) Coming Soon.... ■ SMOKEYSINK ■ SARATOGA

elk 111-15

TOP SECRETWCOMINT1/REL TO USA, FVEY//20320108

Questions?

contact info redacted

TOP SECRETHCOMINTHREL TiO USA, FVEY1/20320108

Date post:	15-Sep-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

(U//FOLIO) QUANTUMTIEORY...F2Oft) Si evelopment Conference SIGDEV: Discovery in the Cyber Age 91....

Documents