You are on page 1of 14

TOP SECRETI/511/REL USA, AUS, CAN, GBR, NZL

What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
Target
SSOSite
Yahoo's
Web Server
................................................

. .

4
SPIEGEL ONLINE
TOP SECRET//SU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
1. Target! ogs into his
Yahoo account
Target
Internet Router
SSOSite
Yahoo's
Web Server
:::: ........... .. l
. . . . . - . . . .
4
SPIEGEL ONLINE
TOP SECRET/JSU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
1. Targetlogs into his
Yahoo account
Target
Internet Router
SSOSite
2. sso site sees !he
QUANTUM tasked Yahoo
selector 's packet and forwards
it to TAO's FOXACID Server
Yahoo's
Web Server
I .
. ' . . . . . . . . .
4
SPIEGEL ONLINE
TOP SECRET//SU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
Target
Internet Router
SSOSite
4. Yahoo server receives the
packet requesting email content
Yahoo's
Web Server
TAO I= OX ACID
Server
3. I=OXACID injects a I=OXACID uri
into the packet and sends it back to
the targers computer
: : : : . . . _ . . . ~ I "
W I " e ' '
4
SPIEGEL ONLINE
TOP SECRET//511/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
X+----
Target
5. FOXACID packet beats the
Yahoo packet back to the
end int
SSOSite
Yahoo's
Web Server
TAO !=OX ACID
Server
I
. , . - - . . .. .
4
SPIEGEL ONLINE
TOP SECRET//SU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
x.,_ __ _
Target
6. The targefs Yahoo webpage is
loaded but in 1he background the
FOXACID URLioads which
redirects to 1he FOXACID Exploit
Server SSOSite
Yahoo's
Web Server
TAOFOXACID
Server
t
~ = = ....... '4al.! II ~ I I
. ' . -- . - ... .
4
SPIEGEL ONLINE
TOP SECRET//SU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
Target
X+----
SSOSite
Yahoo's
Web Server
TAOFOXACID
Server
7. If the browser is exploi table
and the PSP is safe, FOXACID
deploys a Stage 1 implant back
to the target
::::'W- '4 a 'I.! I I ~ I
W I " e ' '
4
SPIEGEL ONLINE
TOP SECRETI/SU/REL USA, AUS, CAN, GBR, NZL
What is QUANTUM?
QUANTUM Generic Animation - High Level of How It Works
X+----
Target
Yahoo's
Web Server
Target Implanted!
SSOSite
TAO I=OXACID
Server
7. If the browser is exploi table
and the PSP is safe, I=OXACI 0
deploys a Stage 1 implant back
..,. ________________ to_tr target
: : : : . . . _ 4 . ~ II ~ I I
. ' . . - . . . . . .
4
SPIEGEL ONLINE
TOP SECRET//COMINT/IREL TO USA, FVEY
QUANTUM Capabilities - NSA
(TS//SI!IREL) NSA QUANTUM has the greatest success against <yahoo>, <facebook>,
and Static IP Addresses. New QUANTUM realms are often changing, so check the GO
QUANTUM wiki page or the QUANTUM SpySpace page to get more up-to-date news.
NSA QUANTUM is capable of targeting the following realms:
1Pv4_public mailruMrcu
alibabaForumUser msnMaiiToken64
doubleclickiD qq
emaiiAddr facebook
rocketmail simbarUuid
hiSUid twitter
hotmaiiCID yahoo
linkedin yahooBcookie
mail ymail
mailruMrcu youTube
msnMaiiToken64 WatcheriD
~ = = ~ . . . _ . . ~ ~ ,. . .. .. . ..
TOP SECRET//COMINT//REL TO USA, FVEY 5
SPIEGEL ONLINE
TOP SECRET//COMINT/IREL TO USA, FVEY
QUANTUMTHEORY- GCHQ
If a Partnering Agreement Form (PAF} is set up with GCHQ for
the CNO project, then the R& T Analyst can utilize GCHQ
QUANTUMTHEORY to include additional capabilities such as:
ALIBABA AOL
BEBO EMAIL DOUBLE CLICK
- -
FACEBOOK CUSER GOOGLE PREFID
GMAIL HIS
HOTMAIL LINKEDIN
MAIL RU MICROSOFT MUID
- -
MICROSOFT ANONA RAMBLER
RADIUS SIMS.AR
TWITTER YAHOO B
YAHOO_L!Y YANDEX_EMAIL
YOUTUBE IP Address
More information on:
If you cannot get t o the link t ry: http:// _
,. . .. .. . ..
TOP SECRET//COMINT//REL TO USA, FVEY 16
SPIEGEL ONLINE
TOP SECRET/ICOMINT/IMR
VALIDATOR
VALIDA TOR is a pan of a backdoor access system under the FOXACID project The
VA LTDA TOR is a dienl:/server-based system that provides unique backdoor access to
personal computers of targets of national interest, including but not limited to terrorist
targets. VALIDA TOR is a small Trojan implant used as a back door against a variety of
targeted Windows systems, which can be deployed remotely or via hands on access to
any Windows box from Windows 98 through Windows Server 2003. The LP is on-line
24/7 and tasking is ' queued', that is, jobs sit in a queue waiting for the target to 'call
home', then the job(s) are sent one at a time to the target for it to process them.
Comm<t.nds are Put a file, get a file, Put, then execute a file, get system infonnation,
change VALIDA TOR ID, and Remove itself. VALIDA TOR's are deployed to targeted
systems and contact their Listening Post (LP) (each VALIDA TOR is given a specific
unique ID, specific JP address to call home to it's LP); SEPT analysts validate the target 's
identity and location (USSID-18 check), then provide a deployment list to Olympus
operators to load a more sophisticated Trojaru implant (currently OLYMPUS, future
UNITED RAKE). An 01 YMPUS operator then queue up commaods for the specific
VALIDA TOR ID's given by SEPI. Process repeats itself. Once target is hooked with the
more sophisticated implant, VALIDA TOR operators tend to cease. On occasion,
operators are instructed by SEPT or the SWO to have VA IDA TOR delete itself.
SPIEGEL ONLiNE
OLYMPUSFIRE
OL YMPUSFIRE is an exploitation system that uses a software implant on a
Microsoft Windows based target PC to gain complete access to the targeted PC. The
target, when connected to tl1e Internet, will contact a Listening Post (LP) located at an
NSNUSSS facilities, wbicb is online 24/ 7, aod get its commands automatically.
These commands include directory listings, retrieving files, performing netmaps, etc.
The results of the commands are then returned to the LP, where the data is collected
and forwarded to CES and analysis and production elements.
ONTARGET
COVERT
CONNECTIVITY
SPIEGEL ONLINE