QuantumFilament is a codename I give to a group of cyber operators (“hackers”) breaking into home and office routers. Monitoring this group since June 2015, my honeypots have recorded what they do and how they do it. This blog will present some of the findings to date. Research is ongoing, and the blog will be updated when appropriate. What routers does QuantumFilament (QF for short) break into, and how? What do they do with their access? How sophisticated are they? Has anything been done about them? Future posts will start to answer these questions, and present the evidence. I also hope this blog will be a platform to discuss the wider arena of network forensics, packet analysis and research.
A little bit about me. I have worked in cyber security for 10 years, after graduating from Georgia Tech. I started in government positions, and I am currently a network intrusion analyst for CrowdStrike. However, the research presented in this blog is independent. In 2012, I earned the GIAC Security Expert certification, one of the more rigorous, rare and time consuming certifications in the cyber field.
I am open to collaboration on this or similar projects. For security considerations, you may use this GPG key to contact me.
This blog is not intended to start a cyber war. Watching hackers–humans–exploit the Internet, its trust and design, to break into innocent people’s devices, and use the devices to do other things, can seem frustrating. But looking from one perspective, blaming hackers for the unsafe and hostile traffic on the Internet (and its consequences) is like blaming the weather during a hurricane, or blaming the HIV virus for what it does. Perhaps one day some creative scientists can control the weather and defeat the HIV virus. Until then, people just need to be prepared, and stay as safe as possible. Similarly, hackers doing bad are out there, and will be doing their thing for the foreseeable future. The hackers doing bad learn, share information in the underground, and look for new ways to gain access, and new ways to get what they want (largely money and information.) The rest of us can’t directly stop the hackers, any more than we can redirect a hurricane. But what we can do is to study them, learn from them, share information about them, with the goal of staying safe. This is what this research project and blog is about.
A couple notes on terminology. The word hacker has two common uses, and I think at this point both uses are equally legitimate. The more common meaning of the word hacker in the media (and even outside the media) is a person that breaks into other computers. An alternative definition is people who study computer systems, to learn about them, including how to break the system. This second group of hackers, however, does not break into innocent people’s systems without permission. The goal is the learning. The satisfaction for this second group is derived from the discovery and the study, the thrill of the hunt and exploration. The QuantumFilament group is undoubtedly in the first group of hackers, breaking into unsuspecting people’s devices and stealing the resources. I consider myself in the second group. I saw what was going on, and dedicated myself to learning, researching, studying the first group. And finally, the term QuantumFilament (QF) refers to both the group doing the breaking-and-entering, as well as the research project to study them. The meaning should be clear from context.
So, over the next days, get ready for a story.