HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Attacking 'Tor': How the ... » Reply #4

Response to Indi Guy (Original post)

Fri Oct 4, 2013, 02:19 PM

4. More interesting from the article is FoxAcid and Quantum servers

To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access"
.

According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.

The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.

However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.

FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious.


To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

Cannot reply in locked threads

Back to OP Alert abuse Link to post in-thread

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 17 replies Author Time Post
Indi Guy Oct 2013 OP
JDPriestly Oct 2013 #1
Indi Guy Oct 2013 #2
Indi Guy Oct 2013 #14
cosmicone Oct 2013 #3
nebenaube Oct 2013 #5
Indi Guy Oct 2013 #6
nebenaube Oct 2013 #7
Indi Guy Oct 2013 #16
LineReply More interesting from the article is FoxAcid and Quantum servers
Jesus Malverde Oct 2013 #4
azurnoir Oct 2013 #11
Indi Guy Oct 2013 #12
Name removed Oct 2013 #8
rhett o rick Oct 2013 #9
LineLineNew Reply .
Cooley Hurd Oct 2013 #13
Indi Guy Oct 2013 #10
Jesus Malverde Oct 2013 #15
Turborama Oct 2013 #17
Please login to view edit histories.