One of the documents leaked by Edward Snowden indicates that the NSA uses "man in the middle" attacks to hijack your interactions with Google servers. Here's how such attacks work, and how to protect your browsing.
Tech website Techdirt appears to have been the first to notice the reference to the attack, which appeared on a slide which aired during a Brazilian newscast. A section of that slide is below.
The diagram shows a number of requests for Google webpages coming into a router (the three arrows at lower left). Coming into the router from the very bottom is the NSA's request to route data from the surveillance target to a "static route" — in other words, somewhere besides Google. Once the requests reach the router, most head up to the "legitimate Google server," at top. But the target's traffic takes a detour, heading through the server labeled "MITM" before going on to the Google server.
"MITM," of course, stands for "man in the middle." The NSA inserts itself between the target and where the target is trying to get. It is the man in the middle. It's as though you were sending a package to a friend, but the NSA told the mailman to bring it to their offices first. They look at it, repackage it, and send it on to its final destination. To extend that analogy, it's also like you decided to send your package via certified mail, requesting a signature once the package arrives. What the NSA is doing, in essence, is signing your friend's name.
The Atlantic Wire spoke by phone with the Electronic Frontier Foundation's Micah Lee, who previously helped us put together our guide to hiding from the NSA.