QUANTUM THEORY is a program that capitalizes on vulnerabilities within applications and networks using a number of hacking techniques. It includes a variety of sub-program
- QUANTUMBOT โ IRC botnet hijacking
- QUANTUMBISQUIT โ targets that are behind large proxies
- QUANTUMCOOKIE โ forces cookies onto target browsers
- QUANTUMINSERT โ HTML web page redirection to spy agency servers known as FOXACID.
- QUANTUMSQUEEL โ for injection of MySQL databases
- QUANTUMSPIM โ instant messaging hijacking
- QUANTUMDNS โ domain name server (DNS) injection and redirection
- QUANTUMHAND โ exploits the computer of a person who logs into Facebook
- QUANTUMPHANTOM โ hijacks an IP address to redirect to a covert infrastructure
- QUANTUMSKY โ denies access to a webpage using RST Packet Spoofing
- QUANTUMCOPPER โ file upload/download disruption and corruption
- QUANTUMSMACKDOWN โ prevents downloading implants to DoD computers
QUANTUMINSERT requires internet backbone access, the placement of secret servers across key areas of the internet. This is done so that requests to visit web sites can be intercepted before the legitimate server is contacted, which tricks a web browser into visiting a bogus web site on a government server. It uses a well known hacking technique called “man-in-the-middle” MITM attacks. Once a web browser is redirected, malware can be inserted directly into the usersโ computer.
Capabilities:
- HTTP injection
- DNS injection allowing bogus certificates, breaking SSL and redirection of traffic to NSA servers
- Packet-injection to block attacks on government servers by terminating a requested connection
- Plug-in to inject into MySQL connections
Exploitation of:
- Vulnerabilities in network standards
- Vulnerabilities in software, e.g. persistent โpushโ connections from Facebook, where a userโs browser would leave an idle connection open, waiting for a command from the server
Data extraction sources:
- IRC and other botnets
- Web services (e.g. Yahoo, Facebook, Gmail, LinkedIn)
- Peer to Peer networks (Such as TOR)
Combined with other state surveillance tools:
TURBINE โ Internet traffic sifting that shifts data to a variety of databases.
FOXACID โ Spy agency web servers used to redirect Internet traffic (e.g. TOR users)
XKEYSCORE โ search engine for access to content, metadata and real-time tracking and monitoring of website traffic and user activities.
MUSCULAR โ intercepts data going into and out of Google and Yahoo services.
MARINA – metadata repository for Internet traffic.