Information Security News
On Saturday the New York Times reported that “senior American officials briefed on the investigation” confirmed a hack of the White House’s unclassified network last year. The breach "was far more intrusive and worrisome than has been publicly acknowledged,” officials said, telling the Times that the perpetrators were likely Russians with ties to the government, if not with direct backing from Russia.
The White House’s classified network, on which message traffic from President Obama’s Blackberry is kept, was not breached, but e-mails he sent to the unclassified network from that device (as well as e-mails sent from that network to him) were obtained.
The Times noted that many senior staffers have two computers in their offices: "one operating on a highly secure classified network and another connected to the outside world for unclassified communications.” The most highly secure material shared between "the White House, the State Department, the Pentagon, and intelligence communities" is kept on a system called Joint Worldwide Intelligence Communications System (JWICS), which was not breached. JWICS also gives access to the front-end for XKeyscore, a system that collects, manages, and processes the massive amounts of data collected by the NSA.
The Dutch company Fox-IT has revealed a detailed information about Quantum Insert Attack. HTML Redirection attack by injecting malicious content into a specific TCP session. A session is selected for injection based on selectors, such as a persistent tracking cookie that identifies a user for a longer period of time.
The attack can be done by sniffing an HTTP request then the attacker will spoofed a crafted HTTP response. In order to craft a spoofed HTTP response the attacker should know the following:
Once the packet is spoofed a race condition will occur, if the attacker win the race then he/she would response to the victim with malicious content instead of the legitimate one.
Performing Quantum Insert attack require that the attacker can monitor the traffic and have very fast infrastructure to win the race condition.
To detect Quantum Insert we should look for the following:
http://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.