QUANTUM is a SIGINT program Architecture that capitalises on vulnerabilities within applications and networks using a number of hacking techniques and was developed by NSA Office of Tailored Access Operations

QUANTUM relies on a compromised router that duplicates internet traffic, typically HTTP requests, so that they go both to the intended target and to an NSA site (indirectly). The NSA site runs FOXACID software which sends back exploits that load in the background in the target web browser before the intended destination has had a chance to respond (it's unclear if the compromised router facilitates this race on the return trip).

Prior to the development of QUANTUM technology, FOXACID software made spear-phishing attacks the NSA referred to as spam. If the browser is exploitable, further permanent "implants" (rootkits etc.) are deployed in the target computer, e.g. OLYMPUSFIRE for Microsoft Windows, which give complete remote access to the infected machine. This type of attack is part of the Man-In-The-Middle attack family, though more specifically it is called man-on-the-side attack. It is difficult to pull off without controlling some of the Internet backbone.

The NSA creates "fingerprints" that detect HTTP requests from the Tor network to particular servers. These fingerprints are loaded into NSA Government Data Store systems like XKEYSCORE, a bespoke collection and analysis tool that NSA boasts allows its analysts to see "almost everything" a target does on the Internet.

Components of QUANTUM#


Government Surveillance

More Information#

There might be more information for this subject on one of the following: