QUANTUM THEORY, The Intercept, slide #3.
QUANTUM THEORY is a programme that capitalises on vulnerabilities within applications and networks using a number of hacking techniques. It includes a variety of sub-programmes such as [ELE01, INT02]:
In the case of QUANTUMINSERT, for example, the programme relies upon the placement of secret servers across key areas of the Internet backbone [SCH01]. This is done so that requests to visit web sites can be intercepted before the legitimate server is contacted, which tricks a web browser into visiting a bogus web site on a government server. It uses a well known hacking technique called “man-in-the-middle” attacks. However, the government agencies have an added capacity of conducting “man-on-the-side” attacks that require access to the Internet backbone. Once a web browser is redirected, malware can be inserted directly into the users’ computer.
TURBINE – Internet traffic sifting that shifts data to a variety of databases.
FOXACID – Spy agency web servers used to redirect Internet traffic (e.g. TOR users) [GUA01].
XKEYSCORE – search engine for access to content, metadata and real-time tracking and monitoring of website traffic and user activities.
MUSCULAR – intercepts data going into and out of Google and Yahoo services.
MARINA – metadata repository for Internet traffic.
QUANTUM made headlines when it was uncovered that GCHQ was behind the Belgacom cyber attack conducted under the codename “Operation Socialist” [SPI01]. The company provides telecommunications access to the European Commission, the European Council and the European Parliament. GCHQ used QUANTUMINSERT to target Belgacom employees, redirecting them to websites that would implant malware onto their computers which could then be used to manipulate those machines. The technique was also used by GCHQ to compromise users of LinkedIn [SPI02].
Spy agencies maintain a library of exploits, each based on a different vulnerability in a system [GUA01].
Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/search?q=quantum
Guardian (GUA)
1) http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
Intercept (INT)
1) https://firstlook.org/theintercept/document/2014/03/12/nsa-gchqs-quantumtheory-hacking-tactics
2) https://firstlook.org/theintercept/document/2014/03/12/one-way-quantum
Schneier (SCH)
1) https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
Spiegel (SPI)
1) http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html
2) http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html
Wired (WIR)
1) http://www.wired.com/2014/03/quantum