TLDR: Send spoofed TCP package with HTTP redirect to malicious site right after victim does a GET request.
This attack, while impressive and nifty, would seem to be easily subverted by SSL right?* Yet another example that shows that non-SSL HTTP should be phased out.
* In the ideal situation where users check URL's and the CA system is good enough to keep the NSA out.
Why shouldn't we assume the NSA has subverted the CA system? Why would we all rely on central authority for security if not to support centralized surveillance?
"Why shouldn't we assume the NSA has subverted the CA system?"
Broadly speaking, we should. And that's why there's been a lot of work lately in doing things that either build on or bypass the CA system. For instance, even if you get a valid CA certificate for a site you want to spoof, it still has to be a different certificate, so there's more work on certificate pinning. Sure, that doesn't help if the spoof cert is up the first time a given person visits a site, but it still raises the bar for successfully attacking a site surreptitiously, because anyone who hits the site post-pin will get a big warning, which can be picked up with other things. Now the attack has to be even better targeted.
And there's other work going on lately, and while it may not be immediately visible to the general public because this all takes time, it really seems to me this has all gotten a lot more vigorous over the last year. I don't even think it's all Snowden per se... it seems to me generalized security consciousness has gone up lately, like we passed a critical threshold of people's work feeding back on other people's work and the community as a whole has moved to a new level of effectiveness. It'll still be a while before we really see the changes but I think some changes are coming. (Not Utopia. We've still got a long ways to go. But some general improvements.)
Then you must replace all traffic to that site successfully. The keys for the spoofed and the legitimate certificate will be different. With PFS only traffic with the negotiated key can be decrypted by the browser. Without PFS, the legitimate server will not understand your requests. Quantum Insert is not successful for each request, as stated by the article. Therefore I would assume that at least a few packages of the original server would slip through which then cannot be decrypted or contain an error message of the server. Especially targeted administrators would notice very quickly, I assume (although browsers might suppress those packages silently). Therefore this would work only with a full man-in-the-middle.
I think in general https would work against this particular attack, if you don't accept sites with mixed content (I am not aware of any browser plugin which does suppress plain content on mixed sites).
It has been. If I recall correctly it was revealed even years before Manning and Wikileaks.
As a matter of observation, it is kind of amazing how short of a memory even the internet has. It seem to be a knowledge management issue, i.e., new and evolving information is not contextualized or even related to pertinent past information.
Or they crack or compromise the keys that they need on a per operation bases. Even assuming ubiquitous SSL (or something more decentralized), the keys of a few advertising or web analytics sites would get a lot of coverage.
Creative use of advertising platforms is used you could easily narrow targets down and guarantee that you know exactly what the content is.
Given the episode where stolen Realtek certificates been used for years by a government-made malware, I think we should not be so sure that they can't do that.
A single request going through a bogus certificate emitted by NSA "acquired" CA would be hardly detected.
Or, given the fact that they could indeed broke keys, they could simply do a man-in-the-middle, instead of a man-in-the-side.
Certificate Authorities normally run as software on a box somewhere.
Sometimes they keep this box offline, but they need to keep a sub-CA online somewhere, or they wouldn't be able to issue certificates.
So, a CA private key and public certificate can be compromised in much the same way a single server certificate.
With a CA private key and public certificate, one can easily emit a bogus certificate for *.google.com or any other domain name. If this CA public certificate is trusted by the browser, a user would hardly notice.
Most people who support mass surveillance when asked in surveys only do it because they don't fully understand what's happening. Let's go back to John Oliver's recent show episode where people seem very concerned that the government would have their naked pics - yet they were completely unaware that the government actually does that (as in collecting everything, including their naked pics).
So most people just don't fully (or even partially) grasp the government's surveillance power right now. The media doesn't help here. The media is supposed to inform people about this, but instead either it doesn't talk too much about it, or if it does, the mainstream media is usually pro-mass surveillance (because the powerful friends of the networks are).
While the Snowden leaks were being released, I made a habit of doing a few very general searches to get a sampling of how the events were being reported. I really wish I had taken it a step further and saved regular tables of those observations, because I suspect it could have been made into a very interesting paper.
Most of the time the lazy reprints of an AP/Reuters story.would dominate, as expected. Once and a while - usually after a really import release such as COTRAVELER[1] - the story would happen... and then suddenly everybody is talking about Prism and explaining how it is "just metadata". Any momentum the new story had ended was redirected into topics that were already known. There would be small-time media doing proper reporting, of course, but it was clear who the "big media" worked for.
The media following the orders of those that sign their paychecks isn't really news, but it was very interesting to watch it happen in realtime.
[1] I still believe that COTRAVELER is one of the most important thing we have learned from Snowden, as it builds relationship maps and it doesn't rely on the target performing some specific action such as an HTTP requests that QUANTUM can race. Bonus: it only relies on "metadata".
That's a bit patronizing. Of course it is true that most people who support surveillance don't understand what's happening, but only because most people in general don't understand what's happening. Plenty of us understand what's happening and also support it - anecdotally, at least. Fully understanding is asking for too much, though. I doubt anyone outside of a select few at the NSA fully understand what's happening, and it seems reasonable to guess that they support it.
Are you asking why America (along with most countries) spy? Or why they try to be good at spying?
America spies because it wants information it can't otherwise have. What are Russia's plans in Ukraine? Is Pakistan playing both sides re: Taliban? Can China shoot down a B2 bomber? We want to know and nobody and asking won't help.
Why we allow them to be better at their art is obvious.
I'm not sure why the comments here are focused on how the attack, as that is not the news and was well known for quite some time. This article is about how to thwart the attack.
tl;dr Watch for the site to appear to respond twice with the same sequence number. One of those is the NSA trying to get in ahead of the real site.
This attack has existed in the wild since the mid-1990s; it is literally the reason SSH exists. We didn't call our TCP hijacking tools "quantum inserts" back then, but that's exactly what they were. The only reason we didn't redirect HTTP connections to malicious sites is that in the 1990s, that would have been a waste of time; the r-commands were much lower hanging fruit.
Thanks for the technical link. You gotta love Wired, paraphrasing down to get gems like: “The first TCP packet will be the ‘inserted’ one while the other is from the real server, but will be ignored by the [browser]”.
Are there any details on when Quantum Insert started to be used by the gov? I wonder if the government built it off of the idea shared here: http://www.willhackforsushi.com/presentations/PenTest_Perfec... (See slide 11-14) These slides describe the wifi tool called AirCSRF, which does basically the same attack, but over open wifi.
I completely agree. While theoretically possible to do given full packet captures, it does not scale. IDS/IPS systems are not in a place to operate at this level and keep this much state.
It's more likely that it would be detected based on the nature of the injected malicious data.
"Great Firewall of Belgium only allows ingress traffic from non-Belgian source addresses" wouldn't prevent IP spoofing inside or outside Belgium. Nor would doing it the other way around. If such national firewalls existed in all countries and forced all IP traffic to flow through them, it might help some.
I think this type of attack will be useless if you use DNSCrypt + VPN (encrypted OpenVPN/SSH traffic) not to mention TOR. Also, there is a new type of VPN @ https://www.goldenfrog.com/vyprvpn/chameleon
Tunneling is good if they are targeting you locally, but if they see tunnel data going to a server which is easy to see they'll simply target you at the other end.
Good luck with that when there is thousands of people using the same VPN service, also randomization of IP addresses. However this is only if Evercookie are dealt with. @ http://en.wikipedia.org/wiki/Evercookie Blocking Evercookie blocking is relatively easy now, if you disable JavaScript and use things like NoScript and Random Agent Spoofer. But then also don't forget about the recent VPN's ip leak through WebRTC which can be disabled with setting media.peerconnection.enabled to false If you're paranoid you can also use Qubes or Tails OS.
Hmm I'm not sure if a vpn will protect you from this attack. Your traffic will need to cross out of the vpn somewhere/sometime. Unless you're connecting to a hidden service or something.
It actually depends more on whether you use https on your first connection or not. Because even if the server is set up to only accept https and it tries to redirect you at the first opportunity you'll be vulnerable.
Generally a server configured to use https only will still listen on port 80, and send a 302 to redirect you to it's https version. That redirection can be hijacked by QI.
Well if that true then everyone has much bigger problem. Because then any VPN services becomes useless. It would be nice to see if Fox-IT could do similar tests by using VPN/TOR. But I think that VyperVPN still is the most secure VPN if it really does have this; "Chameleon scrambles OpenVPN packet metadata to ensure it’s not recognizable via deep packet inspection (DPI)"
I wouldn't be too surprised if they're already taking steps to place equipment near major VPN providers. It might actually open up people to being exploited by the NSA using these techniques if they're trying to target someone else using the same VPN provider as collateral damage.
This attack, while impressive and nifty, would seem to be easily subverted by SSL right?* Yet another example that shows that non-SSL HTTP should be phased out.
* In the ideal situation where users check URL's and the CA system is good enough to keep the NSA out.