Well probably they control a CA authority and can issue certificates at leasure. They seem to mimic completely the real site, or the Quantum Insert is a proxy server. Anyway once it get's to the client or proxy the information is in cleartext, so can be modified as much as they want and sent trough to the end client computers. There were big articles in the Belgian press today explaining how they hacked the Belgacom network. They created a Quantum Insert on Linkedin and infected the computers of 3 Belgacom staff members. Once they had control over the 3 staff member computers (2011 - probably still Windows xp in this government agency) they received the login information to the servers and network switches easily by spying telnet and ftp traffic - the staff members directly telnetted to critical components of the Belgacom core network. From there on they could upload their own code in the network switches and control everything including eavesdropping on mobile communications of any mobile number within Europe transiting trough the Belgacom network.
Techdirt has not posted any stories submitted by Jan Peeters.
Re:
Well probably they control a CA authority and can issue certificates at leasure. They seem to mimic completely the real site, or the Quantum Insert is a proxy server. Anyway once it get's to the client or proxy the information is in cleartext, so can be modified as much as they want and sent trough to the end client computers. There were big articles in the Belgian press today explaining how they hacked the Belgacom network. They created a Quantum Insert on Linkedin and infected the computers of 3 Belgacom staff members. Once they had control over the 3 staff member computers (2011 - probably still Windows xp in this government agency) they received the login information to the servers and network switches easily by spying telnet and ftp traffic - the staff members directly telnetted to critical components of the Belgacom core network. From there on they could upload their own code in the network switches and control everything including eavesdropping on mobile communications of any mobile number within Europe transiting trough the Belgacom network.