QUANTUMINSERT "wide stack" covert network communication

[coderman@gmail.com (coderman)]

it looks like this is called QFIRE / MIDDLEMAN (CovNet?)
 http://cryptome.org/2013/12/nsa-qfire.pdf

of particular note you'll see that this unclassified (high risk side)
TAO Covert Network is accessed within a NSA SCIF via a "highly
constrained" *cough* VMWare ESX server instance (ala NetTop for
back-end) which is then colocated at bare metal and/or directly guest
bridged to the SCSnet / NSAnet / *secret networks.

.
.
.

one day i'll have more to say about this!
(i encourage the leakers to beat me to it ;)



--end-top-post--
On Tue, Nov 26, 2013 at 9:03 PM, coderman <coderman@gmail.com> wrote:
> in the discussion regarding well positioned injection points on the
> backbone (QUANTUMINSERT) i have not yet seen discussion of using these
> well positioned injection points for covert network connections.
>
> consider that you are eavesdropping on return path for a given
> un-used, high address space of a third party (a lot of that 15.0.0.0/8
> is idle :)
>
> consider that you can inject arbitrary packets into the egress for
> same net block (even if upstream, still sufficient to match route).
>
> you can now establish a covert TCP connection appearing to come from
> the high space of 15.0.0.0/8, of which HP only sees the returning
> (encrypted) martians. (and this assumes they're even watching!)
>
> this "wide stack" approach provides cover via multitudes of idle
> address spaces of third parties, while the actual communicators are
> hidden.
>
>
>
> anxiously awaiting the details on how this is used...
>
> *sacrifices chickens to the "Snowden Release Gatekeepers" (TM)*