QuantumInsert is an NSA attack described in the Snowden documents. A QuantumInsert is a sophisticated type of Man-In-The-Middle attack. The NSA uses secret servers strategically placed on the internet backbone, codenamed Quantum. These servers intercept traffic to well-known web sites like Google, Yahoo, LinkedIn, Facebook and so forth. The Quantum servers are placed in places that would allow them to react faster to the call for those sites than other servers. The Quantum servers take advantage of this speed to impersonate the server an attack target intends to visit before the real server can react. Thus tricking a target into visiting a FoxAcid server.
Here is an example of how a QuantumInsert attack would be carried out. In this example the government wants to know who is viewing a specific website. The agency would have to place their Quantum server either close to the referring server or the receiving server.
Mary comes along and clicks on the URL for the website. The Quantum server sees the URL request before the website and answers first. The Quantum server passes the call through a FoxAcid server infecting Mary’s computer with malware. For more information on FoxAcid malware see our previous article.
This is a classic Man-In-The-Middle attack. An attack this large would need to have a privileged position on the internet backbone. This would require a partnership with the Telco companies controlling the public internet backbone. Only large government agencies, like the FBI, NSA, MI5 or FSB, would have the resources and clout to do something like this inside a country. For instance the Chinese government does this to block its citizens from reading censored internet content.