Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The Further Democratization of QUANTUM
Crypto-Gram ^ | 05/15/2015 | Bruce Schneier

Posted on 05/15/2015 1:18:02 PM PDT by zeugma

From my book Data and Goliath:

...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the Internet's defenses, the NSA has worked to ensure that *anyone* can use packet injection to hack into computers.

And that's true. China's Great Cannon uses QUANTUM. The ability to inject packets into the backbone is a powerful attack technology, and one that is increasingly being used by different attackers.

I continued:

Even when technologies are developed inside the NSA, they don't remain exclusive for long. Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools.

I could have continued with "and the next day's homework assignment," because Michalis Polychronakis at Stony Book University has just assigned building a rudimentary QUANTUM tool as a homework assignment. It's basically sniff, regexp match, swap sip/sport/dip/dport/syn/ack, set ack and push flags, and add the payload to create the malicious reply. Shouldn't take more than a few hours to get it working. Of course, it would take a lot more to make it as sophisticated and robust as what the NSA and China have at their disposal, but the moral is that the tool is now in the hands of anyone who wants it. We need to make the Internet secure against this kind of attack instead of pretending that only the "good guys" can use it effectively.

End-to-end encryption is the solution. Nicholas Weaver wrote:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.
Encryption doesn't just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.
There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but it's one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

Yes.

And this is true in general. We have one network in the world today. Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy. That's our choice, with the Internet, with cell phone networks, with everything.

QUANTUM
http://www.theguardian.com/world/2013/oct/04/...
http://www.wired.com/2014/03/quantum
https://medium.com/@botherder/...
http://www.spiegel.de/fotostrecke/...
http://www.spiegel.de/fotostrecke/...

Chinese government use of packet injection:
http://www.icir.org/vern/papers/...

Hacking Team sells packet injection:
https://citizenlab.org/2014/08/...
https://firstlook.org/theintercept/2014/08/15/...
https://firstlook.org/theintercept/2014/10/30/...

Packet injection hacker tool:
http://airpwn.sourceforge.net/Airpwn.html

China's Great Cannon:
https://www.schneier.com/blog/archives/2015/04/...

Packet injection homework assignment:
https://www3.cs.stonybrook.edu/~mikepo/CSE508/hw/...

Nicholas Weaver:
http://www.wired.com/2013/11/...

The democratization of cyberattack:
https://www.schneier.com/blog/archives/2015/03/...


TOPICS: Business/Economy; Constitution/Conservatism; Government
KEYWORDS: surveilancestate
More info on the surveilance state and how it is adversely affecting us all.
1 posted on 05/15/2015 1:18:02 PM PDT by zeugma
[ Post Reply | Private Reply | View Replies]

To: zeugma; Lazmataz
"It's basically sniff, regexp match, swap sip/sport/dip/dport/syn/ack, set ack and push flags, and add the payload "

Who else here actually understood this sentence?

2 posted on 05/15/2015 1:20:52 PM PDT by Mr. K (Palin/Cruz - to defeat HilLIARy/Warren)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mr. K

I did but then again, I am an internet engineer (CCIE) and have patents in cryptography.


3 posted on 05/15/2015 1:25:40 PM PDT by taxcontrol
[ Post Reply | Private Reply | To 2 | View Replies]

To: zeugma

The bigger question is...why do we have to expend so much effort to protect ourselves from a country with Most Favored Nation status, the beneficiary of 3 decades of us laying down in the road so they can run over us?

Well at least they did give us back the P-3.

Big of them.

How ‘bout we just tell them the next container ship of crap goes down in Long Beach harbor and that’s the end of that?


4 posted on 05/15/2015 1:27:04 PM PDT by Regulator
[ Post Reply | Private Reply | To 1 | View Replies]

To: Regulator

Bookmark


5 posted on 05/15/2015 1:35:14 PM PDT by publius911 (If you like Obamacare, You'll LOVE ObamaWeb.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Regulator

“How ‘bout we just tell them the next container ship of crap goes down in Long Beach harbor...”

It would be very interesting to know the true percentage of that “crap” our nation has become dependent upon, that we no longer can obtain or produce, in sufficient quantity, here at home or from other sources. I suspect they have us between a rock and a hard place at this point.


6 posted on 05/15/2015 1:36:04 PM PDT by Carthego delenda est
[ Post Reply | Private Reply | To 4 | View Replies]

To: Mr. K

Eunuchs, I mean Unix people.


7 posted on 05/15/2015 1:43:07 PM PDT by ifinnegan
[ Post Reply | Private Reply | To 2 | View Replies]

To: Carthego delenda est
I suspect they have us between a rock and a hard place at this point

Probably true, but that's a little pain we gotta go thru to get back to the independence we once had.

8 posted on 05/15/2015 1:47:36 PM PDT by Regulator
[ Post Reply | Private Reply | To 6 | View Replies]

To: ifinnegan

Now Now

Mustn’t be catty


9 posted on 05/15/2015 1:48:14 PM PDT by Regulator (Even If It's True....)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Mr. K
Who else here actually understood this sentence?

It's partially unix-speek and network speak. If you're interested in playing with this stuff it would probably take you about half an hour to learn enough to be pretty dangerous given the step-by-step instructions available for a lot of this.

10 posted on 05/15/2015 1:58:08 PM PDT by zeugma (Are there more nearby spiders than the sun is big?)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Regulator
Mustn’t be catty

you could be notty.

A couple of weeks ago, I was looking at my syslogs on my primary workstation and saw a bunch of error messages the looked 'interesting' that had references to something "notty".

I'm like "notty"? What the hell is that. A little searching found the term. What they are talking about was that there was "no tty" available for a process. (A "tty" goes way back to the days of hard-wired dumb terminals and accoustic couplers it's another way of saying "terminal", be it a network terminal, or a physical console)

If they'd bothered to include the space, or an "_" between the 'no' and the 'tty', I'd have known what it was talking about immediately.  Perhaps I should have anyway, because there is a process called "getty" relates to a process that spawns console processes. Learn something new every day I guess...

Since it's silly time on Friday, I have a conundrum for the nerds here...

Why is it that when you kill a process, it's the opposite from when you execute it?

:-)

 

 

11 posted on 05/15/2015 2:09:05 PM PDT by zeugma (Are there more nearby spiders than the sun is big?)
[ Post Reply | Private Reply | To 9 | View Replies]

To: zeugma

Hack them?


12 posted on 05/15/2015 2:27:09 PM PDT by TBP (Obama lies, Granny dies.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

bkmk


13 posted on 05/15/2015 2:37:46 PM PDT by Sergio (An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

LOL

That’s OK, completely understand the perplexion! (is that a word?!)

And I’m from the days of _TTY’s ...so it’s .NOT. shocking...:^)


14 posted on 05/15/2015 2:39:23 PM PDT by Regulator (I Miss My VT100)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Mr. K

Aka “man in the middle” (or something similar)


15 posted on 05/15/2015 2:52:07 PM PDT by The Duke (Azealia Banks)
[ Post Reply | Private Reply | To 2 | View Replies]

To: zeugma
Why is it that when you kill a process, it's the opposite from when you execute it?

I don't know. Sometimes you just need to shutdown and take a kernel dump.

16 posted on 05/15/2015 3:02:36 PM PDT by DeFault User
[ Post Reply | Private Reply | To 11 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson