Specialists of the Chinese information security company Qihoo 360 have accused the US National Security Agency of using the Quantum tool to attack users in China. Recall that SecurityLab reported on the Quantum operation, directed against users in China and Russia, back in 2014.
According to the Global Times, the system is capable of monitoring and hacking pages in social networks, e-mail and communication information.
This is the second NSA tool reported by Chinese experts in a month. Earlier, China also managed to get hold of the NOPEN spy tool, capable of providing access to sensitive information on the victim’s computer, monitoring and redirecting network traffic, and remotely monitoring a system for spying on objects abroad.
According to an article in the Global Times, its author spoke with one of the employees of Qihoo 360. According to this employee, Quantum is a tool for hacking Facebook, Twitter, YouTube, Amazon, etc. accounts. Users of Chinese social networks like Tencent’s QQ were also key targets for attacks.
The data stolen by the tool from users around the world includes network profiles, account numbers and passwords, corporate and personal documents, databases, data about friends on the Network, communication information, email, real-time data from microphones and device cameras.
The attacks were carried out indiscriminately – even countries cooperating with the United States became their targets, the source claims. According to him, Quantum is the most powerful tool of the NSA. It was created in 2004 and contains several subprojects whose names begin with the word Quantum. In total, nine modules were discovered, including Quantumbot, Quantumhand, Quantumcopper and Quantummackdown (The Intercept reported on these exploits back in 2014 after reviewing NSA documents handed over to journalists by Edward Snowden).
The tool is capable of intercepting national network communications to carry out a series of complex network attacks, including exploiting vulnerabilities, manipulating communications and stealing data. Quantum can intercept the traffic of any Internet user anywhere in the world and remotely implement a backdoor.
An attack using a tool is usually carried out in three stages. First, the attacker chooses the location of the target. According to the secret documentation of the NSA, the attacks are able to position accounts on websites and in email services and determine the addresses of victims.
At the second stage, victims’ accounts and their activity are monitored.
At the third stage, the NSA carries out attacks exploiting vulnerabilities, introducing backdoors into victims’ accounts and stealing large amounts of personal information.