How to Detect NSA’s Complex “Quantum Insert” Attacks

 

How to Detect NSA’s Complex “Quantum Insert” Attacks

  In the past, whistleblower Edward Snowden has exposed numerous hacking operations run by the US intelligence agency NSA. Out of all these methods, there’s this one particular method that stood above the other. The Quantum Insert, the man-on-the-side hacking technique, is now known for its complexity and furtiveness. Along with NSA, its British counterpart GCHQ has been using Quantum Insert to hack into the systems that are hard to reach and implant malicious codes and malware in them.

                                                                                      What is Quantum Insert? 

                     As said earlier, Quantum Insert is useful to attack the systems that are out of the reach of phishing attacks. Whenever you will access a particular web page, the attacker will listen to the traffic. Then the attacker breaches in and creates a fake version of the page before the real page responds. 

Now the fake web page collects login information and serves malware into your system without your knowledge.

 

Who can launch a Quantum Insert attack?

      To target someone using Quantum Insert, the attacker needs to be close enough to the target. The attacker could launch such attacks by being present at your ISP or inside your network. This kind of access needs authoritative power that isn’t a big deal for government-sponsored organizations and intelligence services.

How often NSA uses Quantum Insert?

     With the help of this highly sophisticated technique of Quantum Insert, NSA implanted malicious content in 300 computers from all around the world.

Quantum Insert has been successfully used by NSA and GCHQ in the past at various occasions. It was used against the employees of Belgacom, Belgian telecom company and OPEC, the Organization of Petroleum Exporting Countries.

Here’s the real news – How to stop Quantum Insert attack?

     Now Netherlands security company Fox-IT has developed a way to deal with the Quantum Insert attack. “We wanted a better understanding of what Quantum Insert is. We run monitoring services for our customers, and wanted to detect if they were victims of Quantum Insert,” said Joost Bijl, the company’s product manager.

     Fox-IT has built a controlled environment and tested the systems against Quantum Insert attack. Then they looked and studied the characteristics of the network to see if the attack is detectable.

The catch behind detecting a Quantum Insert attack lies in analyzing the content carrying pockets that are received by the browser after GET request. There will be two packets: one from the attacker’s source and other from the legitimate source. During NSA’s attack, the fake packet is inserted in the browser as it has the same sequence number (but different payload).

      Even though the fake packet will have the same sequence number, there will be some significant difference. The researchers at Fox-IT studied the same difference.

     You can read their blog post where they have posted other anomalies to teach you more about the Quantum Insert detection. Links of GitHub repository to show you how they performed Quantum Insert attacks and detected it are also given. Visit the following link for the same.