Jason Walls writes:
The folks over at Fox-IT did an in-depth analysis of one of the NSA's QUANTUM techniques, dubbed INSERT, which take advantage of a long-known TCP vulnerability. The long and short of it:"The injection is done by observing HTTP requests by means of eavesdropping on network traffic. When an interesting target is observed, another device, the shooter, is tipped to send a spoofed TCP packet... For the attack to succeed the packet injected by the shooter has to arrive at the target before the ‘real’ response of the webserver. By exploiting this speed difference or race condition, one can impersonate the webserver."
For the packet capture savvy, Fox-IT also published some pcaps which they have shared with CloudShark (link takes you to the CloudShark summary entry on the attack that links to the annotated pcaps) and made a quick video explaining how it works.