“This revelation adds to the growing list of ways that the NSA is believed to snoop on ostensibly private online conversations. In what appears to be a slide taken from an NSA presentation that also contains some GCHQ slides, the agency describes ‘how the attack was done’ on ‘target’ Google users. NSA employees log into an internet router—most likely one used by an internet service provider or a backbone network. (It’s not clear whether this was done with the permission or knowledge of the router’s owner.) Once logged in, the NSA redirects the ‘target traffic’ to an ‘MITM,’ a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination.”
http://www.motherjones.com/politics/2013/09/flying-pig-nsa-impersonates-google