[cryptography] Which encryption chips are compromised?

coderman coderman at gmail.com
Thu Dec 12 20:55:56 EST 2013


On Thu, Dec 12, 2013 at 5:17 PM, coderman <coderman at gmail.com> wrote:
> ...
> triggering is active, observable (potentially), and usually
> re-playable.  the only "delivered payloads", ala
> EGOTISTICAL*/ERRONEOUS*, appear to be for confirmation pinging or
> identification, and memory resident forensic/exfiltration run locally
> on the host.  even the slides you link to note the OPSEC concerns of
> "adversarial actors" (i think that's us on this list?)


correction: persistence after reboot also has been stated to be
performed, though optional.  per Bruce's write up[0],
1. target identified (at endpoint or observable mid-point)
2. QUANTUM INSERT redirect to FoxAcid server
3. FoxAcid picks loader exploit according to: target value, exploit
value, target skill, other factors.
4. Loader exploit delivered to target
5. confirm success?  if no, abort.
6. With loader active, run two basic first pass payloads:
7. Collect configuration information (apps, registry, settings, etc.)
8. Collect location information
9. Escalate to persistent infection, run arbitrary other plugins, etc.


in any case, this is more consumer endpoint focused.  not applicable
to embedded VPN/HTTPS devices.



0. Bruce Schneier's attacking Tor article for the Guardian:
 http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity


More information about the cryptography mailing list