They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a ???race condition??? between the NSA server and the legitimate website.