New Information on the NSA's QUANTUM Program

There's a new (overly breathless) article on the NSA's QUANTUM program, including a bunch of new source documents. Of particular note is this page listing a variety of QUANTUM programs. Note that QUANTUMCOOKIE, "which forces users to divulge stored cookies," is not on this list.

I'm busy today, so please tell me anything interesting you see in the comments.

I have written previously about QUANTUM.

Posted on March 12, 2014 at 12:55 PM • 13 Comments

Comments

staphMarch 12, 2014 4:15 PM

I noticed in one of the quantum programs that it mentioned the use of large proxies can present a hurdle to tracking a given person's communication down to the source. Aadditionally, it appears that there are targets of the NSA that do not have sufficiently unique internet traffic behavior to fingerprint by those means.

PBFAMarch 12, 2014 10:42 PM

Swing and a miss for pando. 'Resistance is futile' is always a suspect message. NSA can spy en masse - on idiots. When NSA and their FBI script kiddies took tormail down, they didn't get moi because I did only two stupid lazy things and not four. Now we all do fewer stupid lazy things. NSA can get lots and lots of soft targets or a very few hard targets. So the answer, to pickpockets or frotteurs or peeping Toms or NSA or any similar kind of sneak predation, is don't be the soft target.

FigureitoutMarch 13, 2014 12:19 AM

PBFA
--Lol, yeah the FBI only has a few actual good investigators (still not good enough to actually hide their presence from me). I'm wondering though how you evade CCTV on stoplights, buildings, and increasing all sidewalks/roads in cities. I have messed w/ facial recognition before but I don't want my face to get stuck like that lol. That *is* spying; and how easy to put a wifi router (or bluetooth in a suitcase which I confirmed on the side of a road) exploiting an encrypted firmware bug in a smartphone.

My experience though is, if you make yourself a pretty hard, fairly obnoxious target; the psychos get obsessed w/ you and probably make up reasons to continue criminal acts or just do it anytime you leave a place unattended.

CrysisMarch 13, 2014 8:02 AM

Eric Filiol just withdrew his cansecwest talk because gov agencies freaked out.

Presentation about TPM leaking keys if used for FDE, I'll try to go to that though I've never bothered to use TPM and assumed it was full of bugs, hardware manufacturer backdoors and badly designed.

Clive RobinsonMarch 13, 2014 8:44 AM

@ Figureitout,

    I'm wondering though how you evade CCTV on stoplights, buildings, and increasing all sidewalks/ roads in cities.

The first thing to note is a camera can only see what you chose to reveal to it in it's presence.

So step one is not to be in a cameras locality or field of view. To be able to do this means knowing where the cameras are, which generaly means first looking for them to locate them, which is not that easy. But it is also self defeating because the "looking" process tends to stand out as "suspicious activity".

So step two is to know what a cameras weakness is and play to those not it's strengths and this is possibly the better way to go.

No matter how cheap the camera hardware is they are expensive to instal, maintain and operate, thus they are actually quite scarce items in reality and those that pay for them generaly want to get the best value for money they can. This means they are usually positioned to get what the owner considers maximum benifit. Thus at "choke points" or high up to give maximal coverage of an open space. And this has consiquences on their utility. As a rough rule of thumb the sensors in all cameras have limitations due to mass production methods and the laws of physics which for single sensor cameras defines the trade off between sensitivity and resolution [1] which in turn effects the optics used to foucus the light onto the sensor which gives another trade off between resolution and field of view. That is the greater the field of view the less the resolution, which brings in another trade off, when it comes to wide area coverage, the general trade off is to put in stearable cameras with variable magnification optics to zoom in on a point of focus. And this is a major Achiles heel of CCTV, which also makes it expensive to use as it requires a human operator currently.

Humans as we know have many failings, not the least of which is the ability to concentrate especialy on images that are "busy" and or of low contrast and brightness. This often causes camera operators to zoom in much further than required to reduce the busyness of the image.

Another failing of humans is what our "monkey brains" tell our concious minds. If you look at a list of human basic needs you will find that they effect camera operators, so what the monkey brain considers a threat, sex, etc potential are going to grab the operators attention.

From this it can be seen that you want to avoid places that are "choke points" where cameras are fixed field of view and often direct to recording equipment and not humans and you also want to avoid "quiet times" when you are more likely to be the only point of intrest to an operator.

You should also consider times when light levels are low and images "busy" in terms of lots of shadow and bright spots such that the contrast range is high to the camera causing the contrast to be turned down. Likewise inclemant weather causes image issues so are times when operators are going to be less effective. For instance wind blowing garbage around creates a "busy" image which operators monkey brains will be distracted towards.

Basic army training manuals will tell you about shape, shadow, shine, colour, contrast, movment, etc that if used carefully will push you away from the forground and into the background. If you don't trigger the monkey brain in a busy environment that is triggering it, then you are effectivly invisable to the monkey brain and thus the concious mind unless specificaly focused already.

[1] This is one of the reasons multiple sensor cameras to be used from drones etc are being developed and deployed. However these multi sensor cameras cause other problems not least of which is the bandwidth required in both communications and storage [2].

[2] One solution to bandwidth issues often touted is compression, the reality of this is if you reduce bandwidth you either lose information or concurancy at some point depending on how "busy" the image is.

FigureitoutMarch 14, 2014 12:11 PM

Clive Robinson
--Yes, I know but a camera pointed straight at you on a road is going to capture your face; you can't avoid that besides wearing make-up etc.

One little weakness of cameras, during the night, they get overwhelmed by headlights and flash your brights and they can get false readings on traffic numbers. I've tested it; and observed new cop car lights (wayy to bright) held up a light so long I almost just ran thru it.

You basically just described a tactic in how to move drugs "in plain sight".

Sorry, I have no interest in army manuals, I'm a civilian and never joining the army.

ditymuffinzMarch 15, 2014 2:45 PM

@Figureitout

I have messed w/ facial recognition before

whats the outcome?

Sorry, I have no interest in army manuals, I'm a civilian and never joining the army.
i have. which manuals exactly have i to seek?

BuckMarch 15, 2014 8:08 PM

@ditymuffinz

There's no denying that the United States Army is super serious when it comes to research and development, and I've no doubt these manuals have seen their fair share of field testing (through multiple iterations)... The two that I have on dead trees are excellent written examples of easy-to-read technical explanations, accompanied with clear & detailed diagrams:

FIRST AID FOR SOLDIERS (FM 21-11, 30 June 1976)
Distribution: Active Army, ARNG, USAR: To be distributed in accordance with DA Form 12-11A, requirements for First Aid for Soldiers (Qty rqr block no. 161).
Full text links: https://archive.org/details/milmanual-fm-21-11-first-aid-for-soldiers
And
SURVIVAL (FM 21-76, October 1970)
This manual contains copyrighted material
Amazon link: http://www.amazon.com/gp/aw/d/0967512395 (https not available)
Being as they're primarily funded by taxpayer money and have additional non-military benefits, I believe many of them are probably in the public domain... Obviously this doesn't seem to be true for all of them, but archive.org has plenty more available in their entirety as well:
https://archive.org/search.php?query=%22Department%20of%20the%20Army%22
Or you may prefer to start closer to the source:
Official Department of the Army Publications and Forms
http://armypubs.army.mil/ (https not available)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.