==== NSA And GCHQ ==== (via @ioerror and Der Spiegel) Inside TAO: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html Part 1: Documents Reveal Top NSA Hacking Unit: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html Part 2: Targeting Mexico: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html Part 3: The NSA's Shadow Network: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need: http://www.spiegel.de/international/world/nsa-secret-toolbox-ant-unit-offers-spy-gadgets-for-every-need-a-941006.html Shopping for Spy Gear: Catalog Advertises NSA Toolbox: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html Interactive Graphic: The NSA's Spy Catalog: http://www.spiegel.de/international/world/a-941262.html Neue Dokumente: Der geheime Werkzeugkasten der NSA: http://www.spiegel.de/netzwelt/netzpolitik/neue-dokumente-der-geheime-werkzeugkasten-der-nsa-a-941153.html NSA-Programm "Quantumtheory": Wie der US-Geheimdienst weltweit Rechner knackt: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltweit-rechner-hackt-a-941149.html Der Spiegel 1 / 2014: https://magazin.spiegel.de/digital/index_SP.html#SP/2014/1/124188114 http://www.spiegel.de/spiegel/index-7629.html TAO slides: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326.html NSA QUANTUM Tasking Techniques for the R&T Analyst: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html Yahoo! user targeting and attack example with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-5.html QUANTUMTHEORY and related QUANTUM programs: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-24.html If you'd like to detect the QUANTUM INSERT, I suggest reading about the race condition details: http://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fotostrecke-105358-15.html Details about the Man-On-The-Side with QUANTUM: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-3.html QFIRE (NSA-Geheimdokumente: "Vorwärtsverteidigung" mit QFIRE), TURMOIL, TURBINE, TURBULENCE: http://www.spiegel.de/fotostrecke/qfire-die-vorwaersverteidigng-der-nsa-fotostrecke-105358.html MARINA: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-15.html More MARINA details: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-21.html Catalog of equipment covering around ~50 programs: http://www.spiegel.de/netzwelt/netzpolitik/interaktive-grafik-hier-sitzen-die-spaeh-werkzeuge-der-nsa-a-941030.html Other slides covering FOXACID and more: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-2.html NSA QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-11.html GCHQ QUANTUMTHEORY capabilities list: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-12.html OLYMPUSFIRE: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-14.html VALIDATOR: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html An overview of all of these articles is available in German: http://www.spiegel.de/netzwelt/netzpolitik/quantumtheory-wie-die-nsa-weltweit-rechner-hackt-a-941149.html Earlier this week, I also recently gave a talk titled "To Protect and Infect: part two" at CCC's 30C3. In the talk I explain a number of these topics - the video is a reasonable complement to the above stories: https://www.youtube.com/watch?v=b0w36GAyZIA There are quite a few news articles and most of them have focused on the iPhone backdoor known as DROPOUTJEEP - they largely miss the big picture asserting that the NSA needs physical access. This is a misunderstanding. The way that the NSA and GCHQ compromise devices with QUANTUMNATION does not require physical access - that is merely one way to compromise an iPhone. Generally the NSA and GCHQ compromise the phone through the network using QUANTUM/QUANTUMNATION/QUANTUMTHEORY related attack capabilities. An example of a vulnerable Apple user is shown: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329-24.html "note: QUANTUMNATION and standard QUANTUM tasking results in the same exploitation technique. The main difference is QUANTUNATION deploys a state 0 implant and is able to be submitted by the TOPI. Any ios device will always get VALIDATOR deployed." They're not talking about Cisco in that slide, I assure you. Details on VALIDATOR: http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326-13.html Welcome to 2014!