Another QUANTUMINSERT Attack Example
Der Spiegel is reporting that the GCHQ used QUANTUMINSERT to direct users to fake LinkedIn and Slashdot pages run by—this code name is not in the article—FOXACID servers. There’s not a lot technically new in the article, but we do get some information about popularity and jargon.
According to other secret documents, Quantum is an extremely sophisticated exploitation tool developed by the NSA and comes in various versions. The Quantum Insert method used with Belgacom is especially popular among British and US spies. It was also used by GCHQ to infiltrate the computer network of OPEC’s Vienna headquarters.
The injection attempts are known internally as “shots,” and they have apparently been relatively successful, especially the LinkedIn version. “For LinkedIn the success rate per shot is looking to be greater than 50 percent,” states a 2012 document.
Slashdot has reacted to the story.
I wrote about QUANTUMINSERT, and the whole infection process, here. We have a list of “implants” that the NSA uses to “exfiltrate” information here.
Leave a comment