SC-074: Quantum Computing Defense — Harvest-Now-Decrypt-Later Response¶
Scenario Overview¶
| Field | Detail |
|---|---|
| ID | SC-074 |
| Category | Cryptography / Quantum Threat / Financial Services |
| Severity | Critical |
| ATT&CK Tactics | Collection, Credential Access, Exfiltration |
| ATT&CK Techniques | T1040 (Network Sniffing), T1557 (Adversary-in-the-Middle), T1020 (Automated Exfiltration), T1114.002 (Email Collection: Remote), T1530 (Data from Cloud Storage) |
| Target Environment | Global financial institution, inter-bank payment networks, PKI infrastructure, encrypted communications archives |
| Estimated Impact | Discovery that a nation-state has been stockpiling encrypted traffic for 3+ years; exposure risk for 12 million customer records, interbank payment messages, and executive communications upon future quantum decryption |
Narrative¶
Meridian Global Bank (MGB), a fictional multinational financial institution headquartered in New York with operations in 38 countries, processes over $2.1 trillion in daily transactions across SWIFT, FedWire, and internal payment networks. MGB's infrastructure relies extensively on RSA-2048 and ECDSA P-256 for TLS, code signing, and inter-system authentication, with an estimated 47,000 digital certificates deployed across its global network.
In February 2026, MGB's Threat Intelligence team receives a classified briefing from the Financial Sector ISAC (FS-ISAC) indicating that a nation-state threat actor group designated CIPHER DRAGON has been conducting a large-scale harvest-now-decrypt-later (HNDL) campaign targeting major financial institutions since at least 2023. Intelligence indicates CIPHER DRAGON has been passively intercepting and archiving encrypted TLS traffic transiting key internet exchange points and submarine cable landing stations, with the intent to decrypt the archived traffic once cryptographically relevant quantum computers (CRQCs) become available.
MGB's investigation reveals evidence of traffic mirroring at a colocation facility in Frankfurt where MGB operates a major data center. Network forensics identifies that optical splitters were installed on fiber links carrying MGB's inter-data-center traffic between the Frankfurt facility (10.200.1.0/24) and the London office (10.200.50.0/24). The splitters were diverting copies of all encrypted traffic to collection servers at 198.51.100.44 and 198.51.100.45, operated by an entity masquerading as a legitimate CDN provider ("GlobalEdge Networks" — a fictional front company).
This scenario follows MGB's discovery, risk assessment, and post-quantum cryptography (PQC) migration as they race to protect current and future communications from the quantum threat.
Attack Flow¶
graph TD
A[Phase 1: Passive Collection Infrastructure<br/>Optical splitters on inter-DC fiber links] --> B[Phase 2: Traffic Harvesting<br/>3+ years of encrypted TLS traffic archived]
B --> C[Phase 3: Discovery<br/>FS-ISAC intelligence briefing]
C --> D[Phase 4: Investigation<br/>Physical inspection + network forensics]
D --> E[Phase 5: Impact Assessment<br/>Cryptographic inventory + data classification]
E --> F[Phase 6: PQC Algorithm Selection<br/>NIST PQC standards evaluation]
F --> G[Phase 7: Hybrid Migration<br/>Deploy hybrid classical+PQC key exchange]
G --> H[Phase 8: Validation & Monitoring<br/>Cryptographic agility testing]Phase Details¶
Phase 1: Passive Collection Infrastructure (2023 — Historic)¶
ATT&CK Technique: T1040 (Network Sniffing)
CIPHER DRAGON establishes passive collection infrastructure at strategic network interception points. The operation is entirely passive — no packets are injected, no connections are modified — making detection extremely difficult through conventional network security monitoring. The threat actor gains physical access to colocation facilities by establishing "GlobalEdge Networks" as a legitimate tenant in shared data center spaces.
# Simulated physical interception setup (educational only)
# Attacker infrastructure at Frankfurt colocation facility
# Optical tap configuration (passive — no signal degradation detectable)
Fiber pair: MGB-FRA-DC1 ↔ MGB-LON-DC2
Tap location: Meet-me room, rack F-14, patch panel PP-07
Tap type: Passive optical splitter (70/30 split)
70% → Original destination (MGB London)
30% → Collection server (198.51.100.44)
# Collection server specs
Server: Dell PowerEdge R750 (disguised as CDN edge node)
Storage: 480 TB raw (4x Petabytes over 3 years with compression)
Network: 100 Gbps capture interface
Software: Custom pcap archiver with TLS session metadata indexing
Location: Rack C-22, GlobalEdge Networks cage
# Traffic captured (estimated volumes over 3 years):
# - Inter-DC replication: ~2.1 PB
# - SWIFT/payment messages: ~340 TB (TLS-wrapped)
# - Executive email (Exchange): ~89 TB
# - VPN tunnels (IPsec): ~1.4 PB
Phase 2: Traffic Harvesting at Scale (2023-2026)¶
ATT&CK Technique: T1020 (Automated Exfiltration)
Over three years, CIPHER DRAGON archives approximately 4.2 petabytes of encrypted traffic. The collection infrastructure includes automated indexing that catalogs TLS session metadata — server certificates, cipher suites, key exchange parameters — without decrypting the traffic. This metadata index allows future prioritized decryption once quantum capabilities are available.
# Simulated traffic archive metadata index (educational only)
{
"collection_id": "HNDL-MGB-FRA-2024-Q3",
"date_range": "2024-07-01 to 2024-09-30",
"total_sessions": 847293441,
"total_size_tb": 412.7,
"cipher_suite_breakdown": {
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 0.42,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 0.31,
"TLS_RSA_WITH_AES_256_GCM_SHA384": 0.15,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": 0.09,
"other": 0.03
},
"key_exchange_vulnerability": {
"RSA_static_key": 0.15,
"ECDHE_P256": 0.73,
"ECDHE_P384": 0.12
},
"priority_targets_identified": [
"swift-gw.mgb-fra.example.com (SWIFT gateway)",
"mail.mgb.example.com (Exchange Online proxy)",
"vpn-fra.mgb.example.com (GlobalProtect VPN)"
],
"note": "15% of sessions use static RSA key exchange — vulnerable to retroactive decryption without quantum. Remaining 85% use ephemeral key exchange — requires CRQC."
}
Static RSA Key Exchange — Immediate Risk
15% of MGB's TLS sessions used static RSA key exchange (no forward secrecy). This traffic is vulnerable to retroactive decryption using classical computing if the RSA private key is ever compromised — no quantum computer needed. This finding elevates the urgency of the response.
Phase 3: Discovery via Intelligence Briefing¶
In February 2026, MGB receives an FS-ISAC alert based on signals intelligence shared by partner government agencies. The alert identifies GlobalEdge Networks as a front company and provides indicators including the collection server IP ranges (198.51.100.0/24) and physical descriptions of the optical tap equipment.
# Simulated FS-ISAC intelligence alert (educational only)
FS-ISAC TLP:AMBER Alert — FSI-2026-0247
Subject: Nation-State HNDL Campaign Targeting Financial Sector
Date: 2026-02-14
SUMMARY:
A nation-state actor (tracked as CIPHER DRAGON) has been conducting
passive optical interception of encrypted traffic at major colocation
facilities in Frankfurt, London, Singapore, and New York since Q1 2023.
INDICATORS:
- Front company: GlobalEdge Networks GmbH (Frankfurt)
- Collection IPs: 198.51.100.44, 198.51.100.45
- Physical indicator: Passive optical splitters (Corning brand,
model OptiTap, modified with non-standard housing)
- Data center facilities: [REDACTED], Frankfurt; [REDACTED], London
RECOMMENDED ACTIONS:
1. Physical inspection of fiber paths in shared colocation facilities
2. Cryptographic inventory — identify non-PFS cipher suites
3. Begin post-quantum cryptography migration planning
4. Engage law enforcement for physical evidence preservation
Phase 4: Investigation and Confirmation¶
MGB's Physical Security and Network Forensics teams conduct inspections at the Frankfurt colocation facility and confirm the presence of unauthorized optical splitters on two of MGB's inter-data-center fiber pairs.
# Simulated investigation timeline (educational only)
[2026-02-15 08:00] Physical security team dispatched to Frankfurt DC
[2026-02-15 11:30] Optical splitter identified on fiber pair FRA-LON-01
Location: Meet-me room, rack F-14, patch panel PP-07
Type: Passive 70/30 optical coupler
Evidence preserved: Chain of custody initiated
[2026-02-15 14:15] Second splitter found on fiber pair FRA-NYC-03
Location: Meet-me room, rack F-14, patch panel PP-09
[2026-02-15 16:00] Network forensics confirms:
- No active network intrusion detected (attack was purely passive)
- No malware on MGB systems
- Exposure limited to data-in-transit (not data-at-rest)
[2026-02-16 09:00] Law enforcement notified; FBI and BKA engaged
[2026-02-16 14:00] GlobalEdge Networks cage inspected under warrant
- Collection servers seized (4 servers, ~480 TB storage each)
- Servers appear wiped — encrypted partitions, no accessible data
Phase 5: Cryptographic Impact Assessment¶
ATT&CK Technique: T1530 (Data from Cloud Storage — risk assessment of stored encrypted data)
MGB conducts a comprehensive cryptographic inventory to assess the scope of exposure. The assessment covers all cryptographic implementations across the enterprise to determine what data is at risk of future quantum decryption.
# Simulated cryptographic inventory results (educational only)
Meridian Global Bank — Cryptographic Impact Assessment
Assessment Date: 2026-02-20
Assessor: MGB Cryptography Center of Excellence
CERTIFICATE INVENTORY:
Total certificates: 47,213
RSA-2048: 31,847 (67.4%)
RSA-4096: 8,293 (17.6%)
ECDSA P-256: 5,891 (12.5%)
ECDSA P-384: 1,182 (2.5%)
TLS CONFIGURATION AUDIT:
Servers supporting PFS (ECDHE/DHE): 85%
Servers with static RSA key exchange: 15% ← CRITICAL
TLS 1.3 adoption: 34%
TLS 1.2 (PFS cipher suites): 51%
TLS 1.2 (non-PFS cipher suites): 15% ← CRITICAL
DATA CLASSIFICATION OF EXPOSED TRAFFIC:
Category | Volume | Sensitivity | Quantum Risk
SWIFT payment messages | 340 TB | Critical | HIGH (regulatory)
Executive communications | 89 TB | High | HIGH (M&A data)
Inter-DC replication | 2.1 PB | Mixed | MEDIUM
Customer transactions | 1.4 PB | High | HIGH (PII/PCI)
VPN tunnels | 280 TB | Medium | MEDIUM
QUANTUM TIMELINE ASSESSMENT:
Conservative estimate (CRQC capable of breaking RSA-2048): 2030-2035
Aggressive estimate: 2028-2030
Data sensitivity lifetime: 10-25 years (regulatory retention)
VERDICT: Data exposed today will likely still be sensitive when CRQCs arrive
Phase 6: PQC Algorithm Selection¶
MGB's Cryptography Center of Excellence evaluates NIST Post-Quantum Cryptography standards for deployment across the enterprise.
# Simulated PQC algorithm evaluation matrix (educational only)
Algorithm | Type | Use Case | Key Size | Performance | Decision
ML-KEM-768 | Lattice (KEM) | Key exchange | 1,184 B | Fast | SELECTED
ML-KEM-1024 | Lattice (KEM) | Key exchange | 1,568 B | Moderate | HIGH-SECURITY
ML-DSA-65 | Lattice (Sig) | Digital sigs | 1,952 B | Fast | SELECTED
ML-DSA-87 | Lattice (Sig) | Digital sigs | 2,592 B | Moderate | HIGH-SECURITY
SLH-DSA-128s | Hash-based | Code signing | 64 B | Slow | BACKUP
FN-DSA-512 | Lattice (Sig) | Certificates | 897 B | Fast | EVALUATION
HYBRID STRATEGY (recommended):
Key Exchange: X25519 + ML-KEM-768 (hybrid — classical + PQC)
Signatures: ECDSA P-384 + ML-DSA-65 (hybrid — classical + PQC)
Rationale: Hybrid approach protects against both classical and quantum
attacks. If PQC algorithm is broken, classical fallback remains.
Phase 7: Hybrid PQC Migration¶
MGB implements a phased migration to hybrid post-quantum cryptography, prioritizing the highest-risk systems identified during the impact assessment.
# Simulated PQC migration roadmap (educational only)
PHASE 1 — Immediate (Weeks 1-4): Eliminate non-PFS cipher suites
[x] Disable TLS_RSA_* cipher suites on all external-facing servers
[x] Enforce TLS 1.2+ with ECDHE/DHE key exchange minimum
[x] Rotate all RSA private keys on systems in affected colocation
Impact: Eliminates classical retroactive decryption risk for 15% of traffic
PHASE 2 — Short-term (Months 1-3): Deploy hybrid TLS on critical systems
[ ] SWIFT gateway: X25519Kyber768 hybrid key exchange
[ ] Executive email: Hybrid TLS for Exchange transport
[ ] VPN concentrators: IKEv2 with hybrid PQC key exchange
[ ] Internal CA: Issue hybrid certificates (ECDSA + ML-DSA)
# Example: nginx hybrid TLS configuration (educational)
# Requires OpenSSL 3.5+ with PQC provider
ssl_protocols TLSv1.3;
ssl_conf_command Groups X25519MLKEM768:X25519:P-384;
ssl_certificate /etc/pki/hybrid/mgb-swift-gw-hybrid.pem;
ssl_certificate_key /etc/pki/hybrid/mgb-swift-gw-hybrid.key;
PHASE 3 — Medium-term (Months 3-12): Enterprise-wide PQC deployment
[ ] All TLS endpoints migrated to hybrid cipher suites
[ ] PKI hierarchy re-issued with hybrid certificates
[ ] Code signing migrated to ML-DSA-65
[ ] Key management systems updated for PQC key sizes
PHASE 4 — Long-term (Year 1-3): Full PQC transition
[ ] Remove classical-only cipher suites
[ ] Hardware security modules (HSMs) upgraded for PQC
[ ] Third-party/vendor PQC readiness verification
[ ] Regulatory compliance validation (PCI DSS, SOX, GDPR)
Phase 8: Validation and Cryptographic Agility¶
MGB establishes ongoing validation and cryptographic agility capabilities to ensure resilience against future cryptographic threats.
# Educational example: Cryptographic agility scanner
import ssl
import socket
from datetime import datetime
def scan_tls_endpoint(host, port=443):
"""Assess TLS configuration for quantum readiness"""
context = ssl.create_default_context()
results = {
'host': host,
'scan_time': datetime.utcnow().isoformat(),
'quantum_ready': False,
'findings': []
}
try:
with socket.create_connection((host, port), timeout=5) as sock:
with context.wrap_socket(sock, server_hostname=host) as ssock:
cipher = ssock.cipher()
version = ssock.version()
# Check for PQC hybrid key exchange
if 'MLKEM' in cipher[0] or 'Kyber' in cipher[0]:
results['quantum_ready'] = True
results['findings'].append('PQC hybrid key exchange detected')
elif 'ECDHE' in cipher[0] or 'DHE' in cipher[0]:
results['findings'].append('Forward secrecy present but no PQC — migrate')
else:
results['findings'].append('CRITICAL: No forward secrecy — immediate action')
results['cipher_suite'] = cipher[0]
results['tls_version'] = version
except Exception as e:
results['error'] = str(e)
return results
# Example (synthetic data):
# scan_tls_endpoint("swift-gw.mgb.example.com", 443)
Detection Opportunities¶
Identifying HNDL Collection Activity¶
| Detection Point | Method | Indicator |
|---|---|---|
| Physical layer | Optical time-domain reflectometry (OTDR) | Unexpected signal attenuation or reflection events on fiber paths |
| Physical layer | Regular data center audits | Unauthorized equipment in meet-me rooms or shared cages |
| Network layer | NetFlow/IPFIX analysis | Traffic volume anomalies suggesting mirrored flows |
| TLS monitoring | Certificate transparency logs | Rogue certificates for organization domains |
| Threat intelligence | ISAC/government briefings | Attribution reports identifying collection infrastructure |
Cryptographic Inventory Monitoring¶
# KQL — Identify non-PFS TLS sessions (educational)
TLSSessionLogs
| where TimeGenerated > ago(7d)
| where CipherSuite startswith "TLS_RSA_"
| where CipherSuite !contains "DHE" and CipherSuite !contains "ECDHE"
| summarize Count=count(), DistinctServers=dcount(ServerIP) by CipherSuite
| where Count > 100
| sort by Count desc
# SPL — Monitor PQC migration progress (educational)
index=tls_logs sourcetype=tls_handshake
| eval pqc_status=case(
match(cipher_suite, "MLKEM|Kyber"), "quantum_ready",
match(cipher_suite, "ECDHE|DHE"), "pfs_classical",
true(), "no_pfs_critical")
| stats count by pqc_status, server_name
| sort -count
Lessons Learned¶
Key Takeaways
-
Harvest-now-decrypt-later is a present-day threat — Organizations do not need to wait for quantum computers to exist before acting. Data encrypted today with classical algorithms may be decrypted in the future. The time to migrate is now.
-
Forward secrecy is the minimum baseline — Static RSA key exchange must be eliminated immediately. Even without quantum computing, compromise of a single RSA private key exposes all past sessions.
-
Cryptographic agility is essential — Organizations must be able to rapidly swap cryptographic algorithms across their infrastructure. Hardcoded cipher suites and monolithic crypto implementations are liabilities.
-
Hybrid PQC deployment reduces risk — Deploying hybrid classical+PQC key exchange protects against both classical and quantum attacks. If a PQC algorithm is later found vulnerable, the classical component provides a safety net.
-
Physical security is cybersecurity — Passive optical interception bypasses all software-based security controls. Physical access audits, OTDR monitoring, and colocation security assessments are critical for organizations with sensitive data flows.
-
Data sensitivity outlives infrastructure — Financial, health, and government data often has regulatory retention periods of 10-25+ years, well within optimistic CRQC timelines.
MITRE ATT&CK Mapping¶
| Technique ID | Technique Name | Phase |
|---|---|---|
| T1040 | Network Sniffing | Collection |
| T1557 | Adversary-in-the-Middle | Collection |
| T1020 | Automated Exfiltration | Exfiltration |
| T1114.002 | Email Collection: Remote Email Collection | Collection |
| T1530 | Data from Cloud Storage | Collection |