The British Government Communications Centre, or in other words the GCHQ, has used artificial pages with spy purposes and they have been similar to those of the social network means just like LinkedIn and the Internet version of Slashdot. This kind of information was published in the German magazine that is called Spiegel.
Those who were monitored by GCHQ were collaborators of the International Organization of Petroleum Exporting Countries, OPEC and the online provider Belgacom. These artificial pages worked as gaining access vehicles, in the internal corporate networks of the above objectives. This GCHQ posting of information technique is called “quantum insert”.
This kind of method, quantum insert, is absolutely perfect for those people who want to have a full access at machines that are really difficult to be reached with the phishing method. It actually works with the help of the hacking method to browsers, as it is a method that is able to have the needed access to almost all web pages to force them to visit other malicious ones.
In this way it is able to distract all users from not visiting the web site that they were about to visit. When the unsuspecting users do it, at the same they download malware that are able to harm their devices to the fullest. This successful method helped the NSA to put more than 300 malicious implants to devices to all over the world only in the year of 2010. The most amazing thing about the specific action is that it still remains undetected.
A company called Fox-IT which is located in Netherlands and its researchers have managed to help to the investigation of the hacking attack against Belgacom. They found out about quantum insert with the help of really useful tools such as Snort, Bro and Suricata. Before Fox-IT tells about their finding in RSA conference they have decide to post to a blog all of the most important details that people need to learn about Snort and in this way they thought that they helped them to be able to detect quantum insert hacking attacks.
After a lot of testing, Fox-IT researchers found something that helped them to detect attacks like that. All they actually did is to do quantum attacks to their own servers and in this way they would be able to analyze the packets and discover a new and easier detection method.
They key of the detection hides to the analysis of the first content as it contains packets that are able to come back to a browser as an answer to its get request. In their blog post the researchers said: “The first TCP packet will be the ‘inserted’ one while the other is from the real server, but will be ignored by the [browser], of course it could also be the other way around; if the QI failed because it lost the race with the real server response.” apart from their blog posts they have also post to their GitHub an article that shows how they did these quantum insert attacks and which were their results.
It is sure that quantum insert attacks are perfect for organisms such as the NSA as it gives it the chance to hack anyone they want without being detected. On the other hand, methods like that make it really difficult for people who want to browse anonymously on the web and express their opinions freely.