Among all of the NSA hacking operations exposed by whistleblower Edward Snowden over the last two years, one in particular has stood out for its sophistication and stealthiness. Known as Quantum Insert, the man-on-the-side hacking technique has been used to great effect since 2005 by the NSA and its partner spy agency, Britain’s GCHQ, to hack into high-value, hard-to-reach systems and implant malware.
Quantum Insert is useful for getting at machines that can’t be reached through phishing attacks. It works by hijacking a browser as it’s trying to access web pages and forcing it to visit a malicious web page, rather than the page the target intend to visit. The attackers can then surreptitiously download malware onto the target’s machine from the rogue web page.
Quantum Insert has been used to hack the machines of terrorist suspects in the Middle East, but it was also used in a controversial GCHQ/NSA operation against employees of the Belgian telecom Belgacom and against workers at OPEC, the Organization of Petroleum Exporting Countries. The “highly successful” technique allowed the NSA to place 300 malicious implants on computers around the world in 2010, according to the spy agency’s own internal documents—all while remaining undetected.
But now security researchers with Fox-IT in the Netherlands, who helped investigate that hack against Belgacom, have found a way to detect Quantum Insert attacks using common intrusion detection tools such as Snort, Bro and Suricata.
http://www.wired.com/2015/04/researchers-uncover-method-detect-nsa-quantum-insert-hacks/
[Related]: https://www.schneier.com/blog/archives/2015/05/detecting_quant.html
(Score: -1, Troll) by Anonymous Coward on Tuesday May 05 2015, @05:17AM
You don't know it now, but you will be reelecting The Obama. It makes no difference who you think you vote for. Every vote is a vote for Obama. Now go out and vote, stupid motherfuckers. Obama Forever!!
(Score: 3, Touché) by isostatic on Tuesday May 05 2015, @01:35PM
You don't know it now, but you will be reelecting The Obama. It makes no difference who you think you vote for. Every vote is a vote for Obama. Now go out and vote, stupid motherfuckers. Obama Forever!!
For someone with that much control he's not done a very good job with it. Probably a good thing if he gets re-elected them, imagine what a competent super-villan could do?
(Score: 1) by anubi on Tuesday May 05 2015, @06:07AM
Wireshark is quite configurable... I wonder what kind of setup it would need to detect this kind of stuff?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1) by pvanhoof on Tuesday May 05 2015, @10:52AM
Look for duplicate sequence numbers
(Score: 3, Funny) by FatPhil on Tuesday May 05 2015, @07:47AM
I would elaborate, but I have to come from the shops to sell some food using money I lent to the bank.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday May 05 2015, @10:29AM
Most attackers don't write their malware themselves, so they first download it.
However I expect them to download it in a way that they don't get infected themselves. ;-)
(Score: 2) by isostatic on Tuesday May 05 2015, @09:03AM
I picture thing involving entangled photos or collapsing waves. This looks like a simple MITM attack. Why is it called "quantum"?
(Score: 2, Interesting) by Farkus888 on Tuesday May 05 2015, @10:29AM
We call it that because that is what the NSA called their program that does it. Why they called it that is beyond me.
(Score: 0) by Anonymous Coward on Tuesday May 05 2015, @10:35AM
Maybe their quantum computing project stalled, and they were sick to always have to answer "badly" when being asked about how their quantum stuff is progressing. So they named this thing "quantum" so that when asked about the progress of their quantum project they could always answer "the project is doing great". ;-)
(Score: 2) by isostatic on Tuesday May 05 2015, @10:41AM
Perhaps the data harvested from the machines is stored on Quantum LTO tapes?
(Score: 0) by Anonymous Coward on Tuesday May 05 2015, @04:30PM
But as soon as you picture those photos, you destroy the entanglement!