This attack looks like something else though, judging by the numbers they are attacking. I speculate:
- They have fake certificates from trusted authorities for some major sites, and use MITM attacks to serve up fake pages with them. We know that GCHQ loves doing the latter, so it's a question of working out which certificate authorities have been compromised and deleting them. We can also potentially defend against this by using more certificate pinning and warnings which certificates change unexpectedly, as well as distributed certificate checks (to make sure the one you get is the same one everyone else gets).
- They capture a lot of encrypted data but don't decrypt all of it. They store the data and crack it later if it seems interesting. Much of the cracking probably relies on flaws in the implementation of the encryption - small RSA keys, bad PRNGs (we know that the NSA compromised at least a few of them) and the like. They seem to have massive amounts of computing power available too, which is hardly surprising given what we know of their budget and data centres (really supercomputing centres dedicated to violated your privacy and various laws).