[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT - Martin Peck

Have you Whonix guys seen this yet???


NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT - Martin Peck


An official US Court Document mentions a NSA TAO exploit specific to Whonix Qubes.

Andrew kyboren@riseup.net posted the reference to this on the qubes users mailing list on December 2 2014.

https://groups.google.com/forum/#!topic/qubes-users/scnymQUgQqQ

Just FYI, this is the first mention I've seen of Qubes in documents filed in any US court: http://cryptome.org/2014/12/peck-roark-affidavit.pdf (page 7; note that to the best of my knowledge, the context is entirely hypothetical).

Affidavit filed in support of this motion:
http://cryptome.org/2014/11/roark-087.pdf.

This case is likely familiar to many, but those who have not heard of it
are likely to find its history very interesting. The docket is
partially available here:
http://dockets.justia.com/docket/oregon/ordce/6:2012cv01354/108333
those with PACER accounts are encouraged to use their $15 free credit to
upload these public-domain documents with RECAP
(https://www.recapthelaw.org/) so all may enjoy their right to public
access.

Andrew


HERE IS THE JUICY PART THAT MENTIONS A WHONIX QUBES NSA EXPLOIT PROGRAM…

On page 7 of this affidavit by Martin R. Peck on November 26 2014…

EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.

The footnote references to this tor2web page…

https://sunshineeevvocqr.tor2web.org/bigsun/astext/dcc2e8c54a747831..c105093fd3adc8c

Or go to the direct onion page…

http://sunshineeevvocqr.onion/bigsun/astext/dcc2e8c54a747831..c105093fd3adc8c

It repeats the same text as the court case document…

dcc2e8c54a747831..c105093fd3adc8c EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.

A copy of the page code…

[code]

dcc2e8c54a747831..c105093fd3adc8c | BigSun BODY { font-family: sans-serif; background-color: #FFF; color: #000; } P, LI { margin: 3px 9px 3px 9px; } TH, DT { font-weight: bold; } H1, H2, H3, H4, H5, H6 { margin-top: 1.2em; text-align: left; font-size: x-large; font-weight: 1100; text-shadow: 1px 1px 1px #444; height: 1.1em; background-color: #FFF; padding: 3px 3px 5px 9px; border-width: 3px 3px 3px 3px; border-color: #DDD; border-style: solid; } H6 { text-align: center; } PRE { margin-top: 1.5em; margin-bottom: 1.5em; font-size: x-small; font-family: "Andale Mono", "Courier New", monospace; letter-spacing: -0.01em; color: #003300; background: #f2f2f2; line-height: 1.2em; padding: 0px 8px 0px 12px; } a { color: #222; text-decoration: none; font-weight: bold; } a:link { color: #355; text-decoration: none; font-weight: bold; } a:hover { color: #355; text-decoration: underline; font-weight: bold; } a:active, a.active { color: #355; text-decoration: underline; font-weight: bold; }

dcc2e8c54a747831..c105093fd3adc8c

EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer
Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.

[/code]

Available in raw text form at this onion page…

http://sunshineeevvocqr.onion/bigsun/raw/dcc2e8c54a747831..c105093fd3adc8c

EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.

Extra info for journalistic interest…

Oregon US District Court: Roark v. United States, Case No.: 6:12-CV-01354-MC

Diane Roark email address in court documents…

gardenofeden@wvi.com

Additional documents I could find about this Diane Roark case…

http://cryptome.org/2014/10/roark-risen.htm

A paste of a few key page archives I took from the sunshineeevvocqr.onion site…

https://pastebin.mozilla.org/7807327


WHONIX QUBES ANALYSIS…

This court case in Oregon USA is about Diane Roark, the former NSA oversight committee member turned NSA whistleblower, who is currently suing the United States Government.

She was raided at her home by the FBI along with similar raids and punishments of people she was connected to, including J.K. Wieb, William Binney, Ed Loomis, Thomas Drake.

Diane Roark, NSA whistleblower, seems to be on the side of privacy and anti-mass surveillance.

Martin R. Peck, software engineer, has created this BigSun automated redaction system, which he has offered to provide to the NSA.

BigSun - NLP system for SIGINT and FOUO semantic analysis - http://sunshineeevvocqr.onion

A sample input of text for Martin Peck’s NLP auto redaction system offered to the NSA is this…

dcc2e8c54a747831..c105093fd3adc8c EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.

The affidavit mentions that this sample text was being demonstrated in a fictional redaction example.

Some key questions remains for the Whonix and Qubes communities…

Where did this text come from?

Did this Martin Peck make this NSA EGOTISTICALSHALLOT exploit codename up himself? Or did he pull it from another existing source?

This one sample input of text (dcc2e8c54a747831…c105093fd3adc8c) is just 1 of over 50,000+ sample input texts being used in his current test system.

Full sample input text ID lists…
http://sunshineeevvocqr.onion/bigsun/corpora/Global
http://sunshineeevvocqr.onion/bigsun/raw/69888b283d9dcf92..cec6405ab722661

I searched a handful of his different sample input texts and they largely seem to be from existing actual texts on the internet.

One person couldn’t generate this many differing sample inputs of text and the text doesn’t seem auto generated by a machine.

The text about the NSA TAO EGOTISTICALSHALLOT exploit against Whonix Qubes seems written with real NSA knowledge.

The all caps EGOTISTICAL prefixed codename matches the other NSA “EGOTISTICALGIRAFFE” exploit program that specifically targets Tor users…

A “shallot” is a term for some type of onion vegetable, as a reference to Tor…

This exploit of Whonix Qubes claims to be a part of QUANTUMTHEORY Computer Network Exploitation, which would be consistent with the actual NSA QUANTUMTHEORY program…


“What is QUANTUMTHEORY”
“Protocol injection”
“Man-on-the-Side”

This text accurately matches up QUANTUMTHEORY with the NSA TAO group (Tailored Access Operations) which often focuses on targeted attacks against end-point machines (0days eccetera).


“QUANTUMTHEORY can be used only if a TAO Project is set up”
“The biggest difference is QUANTUMTHEORY deploys a stage1 implant called VALIDATOR (soon to be COMMONDEER)”

“VALIDATOR is a part of a backdoor access system under the FOXACID project. The VALIDATOR is a client/server-based system that provides unique backdoor access to personal computers”

The mentioned creation date of 2014 also looks accurate as far as matching when your Whonix group started working with the Qubes group to co-develop your software together.

Maybe this Martin Peck, software engineer, is just a fan or user of Whonix and Qubes and was being creative by dreaming up this EGOTISTICALSHALLOT exploit?

Maybe he copied this text from some other existing source, seemingly like he did with the other 50,000+ sample texts for his BigSun system built for the NSA?

It would be good for the Whonix and Qubes people to learn more about the source of this EGOTISTICALSHALLOT project codename mentioned in US Government NSA whistleblower court case document, and if it is ultimately for real, and if so how Whonix and Qubes is currently being compromised.

Maybe Diane Roark or Martin Peck could provide the Whonix and Qubes people some clarity on the source of this NSA EGOTISTICALSHALLOT Whonix Qubes exploit reference that has been placed in their court documents and NSA purposed software system?


No, thanks for bringing it up to attention!

[hr]

For anyone who also wants to dig into this. Few minor notes:

http://cryptome.org/2014/12/peck-roark-affidavit.pdf contains a type. Using [font=courier]Whoonix[/font] rather than [font=courier]Whonix[/font].

Martin Peck

[hr]

Would you like to dig this up some more?

  • write on tor-talk mailing list
  • qubes mailing list
  • whonix-devel mailing list
  • cc me
  • cc Diane Roark
  • cc Martin Peck

I’d be interested to see their comments on this.

Thanks for posting on the list, EGOTISTICALSHALLOT!

https://lists.torproject.org/pipermail/tor-talk/2014-December/035861.html

Interesting…

Thank you for notifying us of this.

Will be interested to see if this can be verified with the source.

Results were Martin R. Peck (coderman@gmail.com) claimed that he is the original author of the text that mentioned the EGOTISTICALSHALLOT NSA exploit and that it was a purely made up fictitious example of his own thinking.

https://lists.torproject.org/pipermail/tor-talk/2014-December/035861.html

Tor community, Martin Peck, Diane Roark..

Whonix Qubes has been called out in a US Gov court document of a NSA
related whistleblower case of Diane Roark, inside a recent affidavit
of Martin Peck’s.

Quote:

“EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations
as a QUANTUMTHEORY Computer Network Exploitation component effective
against hardened Whoonix Qubes users on the Tor Network.”

Extensive details of this instance have been documented here…

https://www.whonix.org/forum/index.php/topic,805.0.html

Would Martin Peck or Diane Roark please promptly inform the community
of the known origins of this NSA EGOTISTICALSHALLOT text written in
their documents, and any knowledge of its authenticity as being real
or fake.

And if anyone else has any additional information regarding this
EGOTISTICALSHALLOT mention-/-codename-/-program then please contribute.

Thx

https://lists.torproject.org/pipermail/tor-talk/2014-December/035862.html

On 12/6/14, EGOTISTICALSHALLOT wrote:

“This fictional example is constructed to convey some similarities to
parts of reporting in the public knowledge base.”

“Fictional Input Document”

With a link to an actual example,
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

where the source document, “'Peeling back the layers with Egotistical
Giraffe” is referenced.

hope that clears things up. best regards,

https://lists.torproject.org/pipermail/tor-talk/2014-December/035863.html

On 12/6/14, EGOTISTICALSHALLOT wrote: > > And if anyone else has any additional information regarding this > EGOTISTICALSHALLOT mention-/-codename-/-program then please contribute.

other useful resources for non-fictional codenames / projects,



a good write up putting these pieces in context,
https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_programs.html
and
https://robert.sesek.com/2014/10/nsa_s_eci_compartments.html

best regards,

https://lists.torproject.org/pipermail/tor-talk/2014-December/035865.html

> "This fictional example is constructed to convey some similarities to > parts of reporting in the public knowledge base." > > ... > > "Fictional Input Document" > > ... > > With a link to an actual example, > > http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption > > where the source document, "'Peeling back the layers with Egotistical > Giraffe" is referenced. > > > hope that clears things up. best regards,

Thanks for the reply and info.

Unfortunately it does not clear the matter up, as these “fictional”
and “EGOTISTICALGIRAFFE” perspectives were known and considered here
already…

https://www.whonix.org/forum/index.php/topic,805.0.html

But maybe we can clear this matter up right now with a few quick and
honest questions…

Are you coderman the Martin R. Peck of the mentioned affidavit and
BigSun application?

Did you personally dream up and write this EGOTISTICALSHALLOT codename
and quoted text about a TAO exploit specific to Whonix Qubes? Are you
the original author of this or was it copied from another source?

“EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations
as a QUANTUMTHEORY Computer Network Exploitation component effective
against hardened Whoonix Qubes users on the Tor Network.”

If you are indeed the original author, what personally compelled you
towards specifically choosing Whonix Qubes as a TAO exploit example
and highlighting Whonix Qubes as a prime example in your NLP system
offering to the NSA?

If you are not the original author, what is the original source
reference where this quoted text was copied from?

“EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations
as a QUANTUMTHEORY Computer Network Exploitation component effective
against hardened Whoonix Qubes users on the Tor Network.”

Given the alarming nature of where the text showed up (US Court), who
it was being offered to (NSA), and what this “fictional” text
specifically made a claim of (TAO exploit of Whonix Qubes), we are
just wanting to be 100% clear on understanding and cleaning this
matter up.

Thx

https://lists.torproject.org/pipermail/tor-talk/2014-December/035866.html

On 12/7/14, EGOTISTICALSHALLOT wrote: > ... > Unfortunately it does not clear the matter up, as these "fictional" > and "EGOTISTICALGIRAFFE" perspectives were known and considered here > already.. > > https://www.whonix.org/forum/index.php/topic,805.0.html

thanks for pointing out the thread. there are more questions there, as
you ask below.

Are you coderman the Martin R. Peck of the mentioned affidavit and
BigSun application?

Patrick worked it out; i am indeed the same.
(apologies for the typo; this document was in flux hours before the
deadline to submit. Qubes should have been Qubes OS as well.)

Did you personally dream up and write this EGOTISTICALSHALLOT codename
and quoted text about a TAO exploit specific to Whonix Qubes? Are you
the original author of this or was it copied from another source?

i am the author, and as stated, there are two examples of information
in the document. one about programs/projects that do exist, meaning
the information is fully supported multiple times in the “public
knowledge base”.

and this alternate example which is similar, but fictional, and thus
results in only partial support in the public knowledge base.

this “public knowledge base” and BigSun system is a much longer
discussion. i originally started on this work back in spring for a
different purpose; see cypherpunks “datamine the Snowden files”
discussion. the application to redaction and evaluating claims of
sensitivity evolved later, and specifically to assist Diane with her
case.

If you are indeed the original author, what personally compelled you
towards specifically choosing Whonix Qubes as a TAO exploit example
and highlighting Whonix Qubes as a prime example in your NLP system
offering to the NSA?

Whonix on Qubes OS represents defense in depth unlike any other
system. as such, it is a likely target, like Tails and the Tor Browser
before it.

being a likely target, it made a good candidate for description of a
fictitious exploit for the purposes of this partial support example.

a better example would be to compare a classified document with a
unique attack, and never leaked, against the public knowledge base.

this would demonstrate only partial support because it contains
information that has not been made public. for obvious reasons, the
alternative of constructing a fictitious example to demonstrate
partial support was used.


some other comments from that thread:

“The mentioned creation date of 2014 also looks accurate as far as
matching when your Whonix group started working with the Qubes group
to co-develop your software together.”

the specific date was chosen because of the affidavit being this year.
if Whonix Qubes OS had started in 2013, i would still have used 2014
in the example.


and:

“Maybe this Martin Peck, software engineer, is just a fan or user of
Whonix and Qubes and was being creative by dreaming up this
EGOTISTICALSHALLOT exploit?”

i am a fan of many things, but as described above, this example was
chosen for being a good candidate to demonstrate partial support in
the public knowledge base.

best regards,

Great to hear that you got to the bottom of this and it was confirmed as fake.

Thank you for pursuing it!

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]