Have you Whonix guys seen this yet???
NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT - Martin Peck
An official US Court Document mentions a NSA TAO exploit specific to Whonix Qubes.
Andrew kyboren@riseup.net posted the reference to this on the qubes users mailing list on December 2 2014.
https://groups.google.com/forum/#!topic/qubes-users/scnymQUgQqQ
Just FYI, this is the first mention I've seen of Qubes in documents filed in any US court: http://cryptome.org/2014/12/peck-roark-affidavit.pdf (page 7; note that to the best of my knowledge, the context is entirely hypothetical).Affidavit filed in support of this motion:
http://cryptome.org/2014/11/roark-087.pdf.This case is likely familiar to many, but those who have not heard of it
are likely to find its history very interesting. The docket is
partially available here:
Roark v. United States 6:2012cv01354 | US District Court for the District of Oregon | Justia –
those with PACER accounts are encouraged to use their $15 free credit to
upload these public-domain documents with RECAP
(https://www.recapthelaw.org/) so all may enjoy their right to public
access.Andrew
HERE IS THE JUICY PART THAT MENTIONS A WHONIX QUBES NSA EXPLOIT PROGRAM…
On page 7 of this affidavit by Martin R. Peck on November 26 2014…
EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.
The footnote references to this tor2web page…
https://sunshineeevvocqr.tor2web.org/bigsun/astext/dcc2e8c54a747831..c105093fd3adc8c
Or go to the direct onion page…
http://sunshineeevvocqr.onion/bigsun/astext/dcc2e8c54a747831..c105093fd3adc8c
It repeats the same text as the court case document…
dcc2e8c54a747831..c105093fd3adc8c EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.
A copy of the page code…
[code]
dcc2e8c54a747831..c105093fd3adc8c | BigSun BODY { font-family: sans-serif; background-color: #FFF; color: #000; } P, LI { margin: 3px 9px 3px 9px; } TH, DT { font-weight: bold; } H1, H2, H3, H4, H5, H6 { margin-top: 1.2em; text-align: left; font-size: x-large; font-weight: 1100; text-shadow: 1px 1px 1px #444; height: 1.1em; background-color: #FFF; padding: 3px 3px 5px 9px; border-width: 3px 3px 3px 3px; border-color: #DDD; border-style: solid; } H6 { text-align: center; } PRE { margin-top: 1.5em; margin-bottom: 1.5em; font-size: x-small; font-family: "Andale Mono", "Courier New", monospace; letter-spacing: -0.01em; color: #003300; background: #f2f2f2; line-height: 1.2em; padding: 0px 8px 0px 12px; } a { color: #222; text-decoration: none; font-weight: bold; } a:link { color: #355; text-decoration: none; font-weight: bold; } a:hover { color: #355; text-decoration: underline; font-weight: bold; } a:active, a.active { color: #355; text-decoration: underline; font-weight: bold; }dcc2e8c54a747831..c105093fd3adc8c
[/code]EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer
Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.
Available in raw text form at this onion page…
http://sunshineeevvocqr.onion/bigsun/raw/dcc2e8c54a747831..c105093fd3adc8c
EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.
Extra info for journalistic interest…
Oregon US District Court: Roark v. United States, Case No.: 6:12-CV-01354-MC
Diane Roark email address in court documents…
Additional documents I could find about this Diane Roark case…
http://www.wired.com/images_blogs/threatlevel/2012/08/roark.pdf
http://cryptome.org/2014/10/roark-risen.htm
A paste of a few key page archives I took from the sunshineeevvocqr.onion site…
https://pastebin.mozilla.org/7807327
WHONIX QUBES ANALYSIS…
This court case in Oregon USA is about Diane Roark, the former NSA oversight committee member turned NSA whistleblower, who is currently suing the United States Government.
She was raided at her home by the FBI along with similar raids and punishments of people she was connected to, including J.K. Wieb, William Binney, Ed Loomis, Thomas Drake.
Diane Roark, NSA whistleblower, seems to be on the side of privacy and anti-mass surveillance.
Martin R. Peck, software engineer, has created this BigSun automated redaction system, which he has offered to provide to the NSA.
BigSun - NLP system for SIGINT and FOUO semantic analysis - http://sunshineeevvocqr.onion
A sample input of text for Martin Peck’s NLP auto redaction system offered to the NSA is this…
dcc2e8c54a747831..c105093fd3adc8c EGOTISTICALSHALLOT was created in 2014 by Tailored Access Operations as a QUANTUMTHEORY Computer Network Exploitation component effective against hardened Whoonix Qubes users on the Tor Network.
The affidavit mentions that this sample text was being demonstrated in a fictional redaction example.
Some key questions remains for the Whonix and Qubes communities…
Where did this text come from?
Did this Martin Peck make this NSA EGOTISTICALSHALLOT exploit codename up himself? Or did he pull it from another existing source?
This one sample input of text (dcc2e8c54a747831…c105093fd3adc8c) is just 1 of over 50,000+ sample input texts being used in his current test system.
Full sample input text ID lists…
http://sunshineeevvocqr.onion/bigsun/corpora/Global
http://sunshineeevvocqr.onion/bigsun/raw/69888b283d9dcf92..cec6405ab722661
I searched a handful of his different sample input texts and they largely seem to be from existing actual texts on the internet.
One person couldn’t generate this many differing sample inputs of text and the text doesn’t seem auto generated by a machine.
The text about the NSA TAO EGOTISTICALSHALLOT exploit against Whonix Qubes seems written with real NSA knowledge.
The all caps EGOTISTICAL prefixed codename matches the other NSA “EGOTISTICALGIRAFFE” exploit program that specifically targets Tor users…
A “shallot” is a term for some type of onion vegetable, as a reference to Tor…
This exploit of Whonix Qubes claims to be a part of QUANTUMTHEORY Computer Network Exploitation, which would be consistent with the actual NSA QUANTUMTHEORY program…
“What is QUANTUMTHEORY”
“Protocol injection”
“Man-on-the-Side”
This text accurately matches up QUANTUMTHEORY with the NSA TAO group (Tailored Access Operations) which often focuses on targeted attacks against end-point machines (0days eccetera).
“QUANTUMTHEORY can be used only if a TAO Project is set up”
“The biggest difference is QUANTUMTHEORY deploys a stage1 implant called VALIDATOR (soon to be COMMONDEER)”
“VALIDATOR is a part of a backdoor access system under the FOXACID project. The VALIDATOR is a client/server-based system that provides unique backdoor access to personal computers”
The mentioned creation date of 2014 also looks accurate as far as matching when your Whonix group started working with the Qubes group to co-develop your software together.
Maybe this Martin Peck, software engineer, is just a fan or user of Whonix and Qubes and was being creative by dreaming up this EGOTISTICALSHALLOT exploit?
Maybe he copied this text from some other existing source, seemingly like he did with the other 50,000+ sample texts for his BigSun system built for the NSA?
It would be good for the Whonix and Qubes people to learn more about the source of this EGOTISTICALSHALLOT project codename mentioned in US Government NSA whistleblower court case document, and if it is ultimately for real, and if so how Whonix and Qubes is currently being compromised.
Maybe Diane Roark or Martin Peck could provide the Whonix and Qubes people some clarity on the source of this NSA EGOTISTICALSHALLOT Whonix Qubes exploit reference that has been placed in their court documents and NSA purposed software system?