To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target’s browser to visit a Foxacid server.
A very in-depth article on how the NSA is exploiting the Tor network. One part I loved:
The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target’s technical sophistication, the value of the exploit, and other considerations.
In other words they use their best attacks against the highest value targets, because should those attacks become known, they can no longer use those attacks.
I like to think about it like lock picking. If you get caught breaking into a building, it’s best for you long term (as a person who breaks into buildings, and not legally speaking) to have been found out as picking a lock. If you have the key to the door, without permission, you probably don’t want that known — because then they change the key, when the defense against picking a lock is not as clear cut.
Likewise if you have a master key, it’s better to be caught with a non-master key. “Oh, we just change one lock, not all the locks — he doesn’t have a master key.” That’s the same thinking with the NSA exploits — it is riskier to never use the master key, but safer (for the viability of your long-term exploits) if you never get caught with a master key.