[ianstallings]

Does anyone know what the QUANTUM attack they refer to is? It doesn't seem like quantum computing on the face of it; It looks like it may be a system used to disrupt traffic on the internet, possibly man in the middle attacks.

Edit: I found a reference to something called a "Quantum Insert" in an article related to GCHQ. They state the following:

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them

http://www.spiegel.de/international/europe/british-spy-agenc...

This might be what they are referring to, or a system that was built for targeting specific individuals.

[berberous]

"To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-on-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks."

Read more here: www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

[rdl]

Can we translate that to something sane? Is it "shorter BGP/more specific route announcement?" Or some kind of MITM by being directly in line? Assuming it is TCP traffic, just being "faster to respond" doesn't help all that much without some other logic.

If I were MITMing with full cooperation of only a subset of a network carrier, I'd probably go for some route announcement tricks; easier to interface with the rest of the organization, and due to lack of filtering internally, not much config change required. Would fail safely (== non-detectably), also, and could potentially be explained away as "oh, shit, some stupid ISP leaked routes".

(I guess you could give bad dns responses, too, and then go from there, but that sounds more detectable at the end user device, which is very undesirable.)

[balabaster]

This is enabled by a very obvious flaw in the CA infrastructure that SSL/TLS is based upon. All it takes is someone with leverage over the top level certificate authority and the DNS servers you use and there's nothing you can do to detect that's what's going on. That's a huge and very obvious flaw in the system that anyone questioning what they can trust on the internet should have spotted a mile away.