• About
  • Contact
  • Submit News
Saturday, January 16, 2021
No Result
View All Result
NEWSLETTER
  • Home
  • World
    • Business
    • Economy
    • Politics
    • Geo-Engineering
    • Environment
    • Police State
    • Foreign Policy
  • U.S.
    • Federal Reserve
  • Globalist Agenda
    • Secret Societies
    • World Order
    • The Globalists
  • Health
    • Big Pharma
    • Fluoride
    • Food
    • Gmo’s
    • Vaccines
  • Sci/Tech
    • Space
    • Trans-Humanism
  • More+
    • Ancient Civilizations
    • Astrology
    • Astrotheology
    • Awareness
    • DIY
    • Esoteric
    • Free Energy
    • Hidden History
    • Humanities
    • Infographics
    • Knowledge
    • Religion
    • Spirituality
  • GE TV
  • Home
  • World
    • Business
    • Economy
    • Politics
    • Geo-Engineering
    • Environment
    • Police State
    • Foreign Policy
  • U.S.
    • Federal Reserve
  • Globalist Agenda
    • Secret Societies
    • World Order
    • The Globalists
  • Health
    • Big Pharma
    • Fluoride
    • Food
    • Gmo’s
    • Vaccines
  • Sci/Tech
    • Space
    • Trans-Humanism
  • More+
    • Ancient Civilizations
    • Astrology
    • Astrotheology
    • Awareness
    • DIY
    • Esoteric
    • Free Energy
    • Hidden History
    • Humanities
    • Infographics
    • Knowledge
    • Religion
    • Spirituality
  • GE TV
No Result
View All Result
The Global Elite
No Result
View All Result
Home Knowledge

The Internet Is Now Weaponized, And You Are The Target

by Global Elite News
17 November, 2013
in Knowledge
0
The Internet Is Now Weaponized, And You Are The Target
FacebookTwitter

By now, thanks to Edward Snowden, it is common knowledge and not just conspiracy theory, that every bit of information sent out into the wired or wireless ether is scanned, probed, intercepted and ultimately recorded by the NSA and subsequently all such information is and can be used against any US citizen without a court of law (because the president’s pet secret NISA “court” is anything but). Sadly, in a country in which courtesy of peak social networking, exhibitionism has become an art form, the vast majority of Americans not only could not care less about Snowden’s sacrificial revelations, but in fact are delighted the at least someone, somewhere cares about that photo of last night’s dinner. However, it turns out that far from being a passive listener and recorder, the NSA is quite an active participant in using the internet. The weaponized internet.

Because as Wired reports, “The internet backbone — the infrastructure of networks upon which internet traffic travels — went from being a passive infrastructure for communication to an active weapon for attacks.” And the primary benefactor: the NSA – General Keith Alexander massive secret army – which has now been unleashed against enemies foreign, but mostly domestic.

Enter the QUANTUM program….

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

… which is basically packet injection:

The QUANTUM codename is deliciously apt for a technique known as “packet injection,” which spoofs or forges packets to intercept them. The NSA’s wiretaps don’t even need to be silent; they just need to send a message that arrives at the target first. It works by examining requests and injecting a forged reply that appears to come from the real recipient so the victim acts on it.

The technology itself is actually pretty basic. And the same techniques that work on on a Wi-Fi network can work on a backbone wiretap. I personally coded up a packet-injector from scratch in a matter of hours five years ago, and it’s long been a staple of DefCon pranks.

Traditionally, packet injections has been used mostly for censorship purposes:

The most infamous use of packet injection prior to the Snowden leaks was censorship, where both internet service providers (ISPs) and the Great Firewall of China injected TCP reset packets (RST) to block undesired traffic. When a computer receives one of these injected RST packets, it closes the connection, believing that all communication is complete.

Although public disclosure forced ISPs to stop this behavior, China continues to censor with injected resets. It also injects the Domain Name System (DNS) — the system all computers use to turn names such as “www.facebook.com” into IP addresses — by inserting a fake reply whenever it sees a forbidden name. (It’s a process that has caused collateral damage by censoring non-Chinese internet traffic).

And user identification, especially in making Tor obsolete. That’s right: all users of Tor believing they hide behind the veil of anonymity – you aren’t.

User cookies, those inserted by both advertising networks and services, also serve as great identifiers for NSA targeting. Yet a web browser only reveals these cookies when communicating with such sites. A solution lies in the NSA’s QUANTUMCOOKIE attack, which they’ve utilized to de-anonymize Tor users.

A packet injector can reveal these cookies by replying to an unnoticed web fetch (such as a small image) with a HTTP 302 redirect pointing to the target site (such as Hotmail). The browser now thinks “hey, should really go visit Hotmail and ask it for this image”. In connecting to Hotmail, it reveals all non-secure cookies to the wiretap. This both identifies the user to the wiretap, and also allows the wiretap to use these cookies.

So for any webmail service that doesn’t require HTTPS encryption, QUANTUMCOOKIE also allows the wiretap to log in as the target and read the target’s mail. QUANTUMCOOKIE could also tag users, as the same redirection that extracts a cookie could also set or modify a cookie, enabling the NSA to actively track users of interest as they move across the network — although there is no indication yet that the NSA utilizes this technique.

But all of the above are largely passive interception and surveillance strategies. Where it gets interesting is when the NSA’s mission is…

User Attack

The NSA has a collection of FOXACID servers, designed to exploit visitors. Conceptually similar to Metasploit’s WebServer browser autopwn mode, these FOXACID servers probe any visiting browser for weaknesses to exploit.

All it takes is a single request from a victim passing a wiretap for exploitation to occur. Once the QUANTUM wiretap identifies the victim, it simply packet injects a 302 redirect to a FOXACID server. Now the victim’s browser starts talking to the FOXACID server, which quickly takes over the victim’s computer. The NSA calls this QUANTUMINSERT.

The NSA and GCHQ used this technique not only to target Tor users who read Inspire (reported to be an Al-Qaeda propaganda magazine in the English language) but also to gain a foothold within the Belgium telecommunication firm Belgacom, as a prelude to wiretapping Belgium phones.

One particular trick involved identifying the LinkedIn or Slashdot account of an intended target. Then when the QUANTUM system observed individuals visiting LinkedIn or Slashdot, it would examine the HTML returned to identify the user before shooting an exploit at the victim. Any page that identifies the users over HTTP would work equally well, as long as the NSA is willing to write a parser to extract user information from the contents of the page.

Other possible QUANTUM use cases include the following. These are speculative, as we have no evidence that the NSA, GCHQ, or others are utilizing these opportunities. Yet to security experts they are obvious extensions of the logic above.

HTTP cache poisoning. Web browsers often cache critical scripts, such as the ubiquitous Google Analytics script ‘ga.js’. The packet injector can see a request for one of these scripts and instead respond with a malicious version, which will now run on numerous web pages. Since such scripts rarely change, the victim will continue to use the attacker’s script until either the server changes the original script or the browser clears its cache.

Zero-Exploit Exploitation. The FinFly “remote monitoring” hacking tool sold to governments includes exploit-free exploitation, where it modifies software downloads and updates to contain a copy of the FinFisher Spyware. Although Gamma International’s tool operates as a full man-in-the-middle, packet injection can reproduce the effect. The injector simply waits for the victim to attempt a file download, and replies with a 302 redirect to a new server. This new server fetches the original file, modifies it, and passes it on to the victim. When the victim runs the executable, they are now exploited — without the need for any actual exploits.

Mobile Phone Applications. Numerous Android and iOS applications fetch data through simple HTTP. In particular, the “Vulna” Android advertisement library was an easy target,  simply waiting for a request from the library and responding with an attack that can effectively completely control the victim’s phone. Although Google removed applications using this particular library, other advertisement libraries and applications can present similar vulnerabilities.

DNS-Derived Man-in-the-Middle. Some attacks, such as intercepting HTTPS traffic with a forged certificate, require a full man in the middle rather than a simple eavesdropper. Since every communication starts with a DNS request, and it is only a rare DNS resolver that cryptographically validates the reply with DNSSEC, a packet injector can simply see the DNS request and inject its own reply. This represents a capability upgrade, turning a man-on-the-side into a man-in-the-middle.

One possible use is to intercept HTTPS connections if the attacker has a certificate that the victim will accept, by simply redirecting the victim to the attacker’s server. Now the attacker’s server can complete the HTTPS connection. Another potential use involves intercepting and modifying email. The attacker simply packet-injects replies for the MX (Mailserver) entries corresponding to the target’s email. Now the target’s email will first pass through the attacker’s email server. This server could do more than just read the target’s incoming mail, it could also modify it to contain exploits.

Amplifying Reach. Large countries don’t need to worry about seeing an individual victim: odds are that a victim’s traffic will pass one wiretap in a short period of time. But smaller countries that wish to utilize the QUANTUMINSERT technique need to force victims traffic past their wiretaps. It’s simply a matter of buying the traffic: Simply ensure that local companies (such as the national airline) both advertise heavily and utilize in-country servers for hosting their ads. Then when a desired target views the advertisement, use packet injection to redirect them to the exploit server; just observe which IP a potential victim arrived from before deciding whether to attack. It’s like a watering hole attack where the attacker doesn’t need to corrupt the watering hole.

Can anything be done to prevent the NSA’s internet army from running over a world that spends the bulk of its time in its reaches? Not much:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary. Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

Alas, in the battle against the NSA, the biggest enemy is not the authoritarian state’s Super Big Brother, but apathy itself. It is that war that is by far the most important one, and which America has already lost.

Source: Zero Hedge

0 0 vote
Article Rating

15.5k
SHARES
FacebookTwitterSubscribe
PinterestTumblrLinkedin Reddit DiggStumbleupon PocketVkDeliciousBufferWeiboWhatsappXingFlattrMailPrint

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Global Elite News

Your Source for Alternative News and Information. Deep Independent Journalism About Who Really Controls The World.

Related Posts

Australia Passes Tyrannical Internet Laws
World News

Australia Passes Tyrannical Internet Laws

by TGE News
25 June, 2015
0
Internet Freedom: Nothing lasts forever, say goodbye
U.S. News

Internet Freedom: Nothing lasts forever, say goodbye

by TGE News
26 February, 2015
0
Google Chairman on Obsolete Man: ‘The Internet Will Soon Be Part of You’
Sci-Tech

Google Chairman on Obsolete Man: ‘The Internet Will Soon Be Part of You’

by Global Elite News
19 February, 2015
1
Russian Security Firm Reveals NSA Spyware in Hard Drives Around the World
Police State

Russian Security Firm Reveals NSA Spyware in Hard Drives Around the World

by TGE News
17 February, 2015
1
Davos Elite Predict End of the Internet
Globalist Agenda

Davos Elite Predict End of the Internet

by Global Elite News
24 January, 2015
0
France enacts law allowing govt to snoop on private internet user data
World News

France enacts law allowing govt to snoop on private internet user data

by Global Elite News
31 December, 2014
0
Revealed: How governments can take control of smartphones
Sci-Tech

Revealed: How governments can take control of smartphones

by Global Elite News
26 June, 2014
0
How the NSA is Transforming Law Enforcement
Police State

How the NSA is Transforming Law Enforcement

by Global Elite News
21 May, 2014
0
Load More
Next Post
In the U.S. 49.7 Million Are Now Poor, and 80% of the Total Population Is Near Poverty

In the U.S. 49.7 Million Are Now Poor, and 80% of the Total Population Is Near Poverty

Australia is now officially a police state

Australia is now officially a police state

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
A List of Banks Owned by the Rothschild Dynasty

A List of Banks Owned by the Rothschild Dynasty

19 February, 2013

The History of the ‘House of Rothschild’ (Complete)

24 January, 2013
Wikileaks Is A Rothschild Operation

Wikileaks Is A Rothschild Operation

22 December, 2012
Secrets Of The Elite: Why Forbes’s Rich List Doesn’t Include The Wealthiest Families On The Planet

Secrets Of The Elite: Why Forbes’s Rich List Doesn’t Include The Wealthiest Families On The Planet

19 September, 2015
Wikileaks Is A Rothschild Operation

Wikileaks Is A Rothschild Operation

6
Indisputable Evidence the Boston Marathon Bombing was a Staged Event

Indisputable Evidence the Boston Marathon Bombing was a Staged Event

3

What are the UN’s Agenda 21 and ICLEI?

2
CNN and MSNBC Lose Almost Half Their Viewers in One Year

CNN and MSNBC Lose Almost Half Their Viewers in One Year

2
George Soros Exposed as a Rothschild Agent in the 1990’s

George Soros Exposed as a Rothschild Agent in the 1990’s

1 August, 2018
Son of Frankenstein? UK Body Backs Human Embryo Gene Editing

Son of Frankenstein? UK Body Backs Human Embryo Gene Editing

23 July, 2018
Bolivia Declares ‘Total Independence’ from World Bank and IMF

Bolivia Declares ‘Total Independence’ from World Bank and IMF

24 July, 2017
Globalist and Grey Cardinal Zbigniew Brzezinski Dies at 89

Globalist and Grey Cardinal Zbigniew Brzezinski Dies at 89

28 May, 2017

Connect With Us

Most Read

  • A List of Banks Owned by the Rothschild Dynasty

    A List of Banks Owned by the Rothschild Dynasty

    7 shares
    Share 0 Tweet 0
  • The History of the ‘House of Rothschild’ (Complete)

    100 shares
    Share 0 Tweet 0
  • Wikileaks Is A Rothschild Operation

    4 shares
    Share 0 Tweet 0
  • Secrets Of The Elite: Why Forbes’s Rich List Doesn’t Include The Wealthiest Families On The Planet

    12 shares
    Share 0 Tweet 0
  • George Soros Exposed as a Rothschild Agent in the 1990’s

    2 shares
    Share 0 Tweet 0

Categories

Newsletter

Enter your email address to subscribe to our newsletter and receive notifications of new posts by email.

Join 11,868 other subscribers

RSS Global Elite TV

  • Why Is The Bilderberg 2019 Location Still a Secret?
  • The CFR LOVES Domestic Propaganda!
  • Alan Turing, Cybernetics and the Secrets of Life
  • Dr. Jerry Tennant: Healing the Body’s Electrical Circuitry

Site Links

  • Donate
  • Resources
  • Sitemap
  • The Globalists

About Us

TGE news is here to bring you true documented facts on what’s really happening in the world that you most likely will not see in the controlled mainstream corporate media.

  • About
  • Contact
  • Privacy & Terms
  • Submit News

(OA) 2012-2021 TGE News

No Result
View All Result
  • Home
  • World
    • Business
    • Economy
    • Politics
    • Geo-Engineering
    • Environment
    • Police State
    • Foreign Policy
  • U.S.
    • Federal Reserve
  • Globalist Agenda
    • Secret Societies
    • World Order
    • The Globalists
  • Health
    • Big Pharma
    • Fluoride
    • Food
    • Gmo’s
    • Vaccines
  • Sci/Tech
    • Space
    • Trans-Humanism
  • More+
    • Ancient Civilizations
    • Astrology
    • Astrotheology
    • Awareness
    • DIY
    • Esoteric
    • Free Energy
    • Hidden History
    • Humanities
    • Infographics
    • Knowledge
    • Religion
    • Spirituality
  • GE TV

(OA) 2012-2021 TGE News

0
0
Would love your thoughts, please comment.x
()
x
| Reply