A Look at the NSA's Most Powerful Internet Attack Tool

realized writes in with a closer look at the NSA's QUANTUM system. "Today QUANTUM packs a suite of attack tools, including both DNS injection (upgrading the man-on-the-side to a man-in-the-middle, allowing bogus certificates and similar routines to break SSL) and HTTP injection. That reasonable enough. But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.) And it allows the NSA to hijack both IRC and HTTP-based criminal botnets, and also includes routines which use packet-injection to create phantom servers, and even attempting (poorly) to use this for defense."

I wonder

all these software engineers that work for nsa/gov , do they have any fucking morals? do they really believe they are securing the world from the evil guys? are they kept at gunpoint? are they just plain stupid? Fail to realize that us, the makers , have all the power is the worst mistake. Plant secret backdoors, failure modes, weaknesses. Be in charge. You don't owe anything to these black suits. Wake fucking up.

Re:I wonder

[epyT-R]

It probably pays well.

Re:I wonder

[Arker]

It depends, if you are an actual employee I understand the pay is not really spectacular. The benefits, however, are outrageous. And these days of course the government has gotten into outsourcing too, and most of their workers are contractors, not employees. The contractors are obviously paid well, and if theoretically they have less job security practically their programs are only set to expand.

Anyway, regardless of position, you could probably make more money in the private sector if you are really motivated to go out and make the next big thing. But this sort of job is about more than compensation. It draws people that really believe in the cause (who eventually become disillusioned, and sometimes become whistleblowers) along with amoral sociopaths that get off on power. Unfortunate that the latter stand a much better chance of being promoted and the former of being waterboarded, seems backwards somehow, but oh well.

Re:I wonder

[tshawkins]

Its the same question that should have been asked of the doctors that assisted with the torture and stress programs, the psychologists that aided and abetted the threats made against detainees families. The aviation engineers that built remote controlled ariel death machines. The lawyers that twisted and bent the law to try to justify all the above. There is a tendancy for professions to remote themselves from the consequences of thier actions, and to adopt both the "obeying orders" and the "if we dont do it, somebody else will" defense. Scumbags the lot of them, there is a very hot place waiting for them all.

Re:I wonder

No mans fool...Church...oops...

Re:I wonder

[UnknownSoldier]

Riiiight, because your faith is magically better then his faith ???

Grow the fuck up and learn some respect for a different perspective / belief.

Re:I wonder

Whats this 'faith' nonsense your on about?

50 years and he still didnt realise what he was believing in --> a fool.

Also why arent you respecting my belief / perspective that 'faithers' are just fools to be laughted at, maybe it's you who needs to grow up.

Re:I wonder

[gIobaljustin]

Riiiight, because your faith is magically better then his faith ???

Rather, my lack of faith is better than his faith.

Grow the fuck up and learn some respect for a different perspective / belief.

Grow the fuck up (Not necessary; just stop being an idiot.) and realize that people don't have to respect other people's bullshit perspectives/beliefs.

Re:I wonder

[ObsessiveMathsFreak]

all these software engineers that work for nsa/gov , do they have any fucking morals? do they really believe they are securing the world from the evil guys? are they kept at gunpoint? are they just plain stupid?

Imagine a fraternity house filled with hundreds of "bro-grammers" looking to impress their peers and outsiders, alongside more socially inept nerds with a superiority complex and a grudge against society for its refusal to pay homage to their obviously superior intellects. The herd is managed by a cadre of MBA/careerist sociopaths with a lust for profit, exploitation and power. The entire operation has been given essentially unlimited budgets, unprecedented resources, and unrestricted access to private industry and the backbone of the net, and finally has been mandated to gather all it can, on whoever it can, by whatever means necessary by an ascendancy whose interests are explicitly opposed to the general public good.

Things have worked out about as well as you'd imagine. The fraternity house has engaged in naked, shameless and destructive criminal behaviour; in effect the NSA has become the largest hacker/cyber-crime organization on the globe. The Rule of Law now has no meaning on the network, or for computers, and society itself has been pushed into a literal sci-fi dystopia of surveillance and state security excess.

And were it not for one single fraternity member who found the courage to turn back and listen to his conscience, we would be spiraling into an even darker scenario at this very moment. Whether we eventually meet this fate is still uncertain.

The NSA is an out of control cyber-criminal gang. It is a matter of time before insiders at the NSA make contact with the criminals who run the banking industry, and at that point western society will probably be ripped apart in an orgy of computer-aided looting, sabotage, fraud, and political suppression. This is what happens when you let the hyenas run the zoo.

Re:I wonder

[VortexCortex]

TL;DR: Even intellectual fools let themselves be divided and conquered. Learn it: Compartmentalization = Evil.

Feed the beast

[reovirus1]

I wonder what this tool will think about my encrypted archive of the proceedings of Congress that I've renamed "The_anarchists_cookbook.zip".

Re:Feed the beast

[Urza9814]

They'll probably just think you're another 13 year old kid about to get himself killed doing something incredibly stupid....

wishful thinking

[Patent+Lover]

Now if they would just use it to actually stop botnets.

Re:wishful thinking

[Burz]

Clearly they have an interest (or conflict of interest) in letting botnets run amok, as it gives them a cover for their own illegal activities.

I fully support this

I'm American and I fully support this. This is exactly what intelligence agencies are for. Nothing in any of these leaks in the linked article suggests these capabilities are being abused. I want my government to be able to pursue foreign intelligence targets with capabilities like these and--in a time where people complain relentlessly about government agencies being ineffective--I'm glad they are able to do this.

Posting anonymously because I've lost too much karma expressing a contrarian opinion on all these Snowden articles. Frankly, I'm more scared of moderators than our government...

Re:I fully support this

[epyT-R]

You know, one of these days, you will be the one arrested and thrown in prison without due process for 'terroristic acts', or some other set of stacked charges that cannot be challenged in court because they're matters of 'national security'. It's people like you that allow wannabe tyrants to bypass civil liberties and seize power in the first place. It is a known fact that the feds are breaking the law to pursue their own political or financial agendas. While it is true that the NSA/CIA were chartered to monitor foreign governments, what they've been up to since then has obviously come up short of expectation. They need reigning in and refocusing. Heads need to roll.

Governments are only ineffective at the things they promised but aren't in the best interests of the high level bureaucrats. Governments are scarily effective at doing whatever it is those in power really want to do. After all, all an employer can do is fire you, but a government can throw you in a box and toss the key.

I fear the federal government more than some 13th century thugs from the middle east. Groupthink is the most powerful religion in existence. bin laden's goal was to get us to do his work for him, to destroy ourselves from within. So far, he's won every battle.

Re:I fully support this

[Concerned+Onlooker]

"All this crying about it being a slippery slope isn't making us any safer."

I don't know anything about slippery slopes, but I do seem to recall a famous quote about something to do with eternal vigilance and freedom.

Re:I fully support this

You may be right, but in my opinion what's wrong with extreme surveillance is that you can get flagged just for searching the internet for knowledge, or you avoid pursuing more knowledge in the fear of being flagged.

An example: you often see in movies that some criminal builds a pipe bomb with instructions found on the web. I've always been curious of knowing if that's really possible, but I never searched that on the web. Notice, I didn't want to build one, just to know if the average crazy man could really do that and be a danger for others.

Another example: whes studying nazism in history, or watching tv documetaries about that, I've always been curious about the book that Hitler wrote, just to know more about the state of mind that made such abomination possible. Again, never dared to search someting about it, not even on wikipedia.

Now my country hasn't got something like NSA, but I think it's only a matter of time, but I challenge any USA citizens to search for such things on the web just for their personal knowledge, without being afraid.

Re:I fully support this

[Kogun]

Your position is common but Machiavellian, and extraordinarily short-sighted.

A primary underlying principal of our government, found throughout the Constitution, is that the processes of justice, law-making, and enforcement must be fair. This same principal does not guarantee fair outcomes. Checks and balances, search warrants, innocent until proven guilty, 5th amendment rights, equal protection clause, etc, are all part of processes designed to protect the innocent and ensure a fair process of enforcement and prosecution of the law. Those processes are full of checks and balances and redress, designed to prevent the exact kinds of abuses the NSA has secretly circumvented.

You are endorsing illegal procedures for all in fear of a handful of terrorists. Anonymous Coward, indeed.

When the government decides, as you have come out in favor, to put aside fair processes in favor of desirable outcomes, it replaces this core principal with "the ends justify the means". In such a Machiavellian guided government, *anything* can be justified. Like assassinating American citizens overseas with drones, spying on millions of Americans, suspension of habeas corpus, stop and frisk, etc.

Your short-shortsightedness ignores the NSA's potential for abuse and the weakening of security for all. You presume the NSA is employing only trustworthy citizens that would not take advantage of their unique powers in order to aid and promote their political affiliations, or enrich themselves through surreptitiously gained information. Evidence already shows your assumption to be wrong, in contradiction to your assertion. If you do not pay attention to the news, perhaps you should research more before posting. But, assume for the moment that there has been no abuse. In your wonderful fantasy of government employees never abusing their powers, why should there be any checks and balances, search warrants, habeas corpus, trials by jury, etc? After all, these things are only necessary if we assume human weakness also affects government employees.

Finally, your anonymous post suggests you may not be real, not interested in exploring the issue, but instead, may be a government astroturfer.

There's nothing these people leave alone.

[pcwhalen]

If you have been on your computer, cell phone or car with EZpass or OnStar: they know a lot about you. Even if you have 7 degrees of separation from the bad guys.

You have to applaud the thoroughness. Misguided patriots, the lot.

Re:Might not be intended for Internet MySQL

[Deep+Esophagus]

I have to wonder, how many national-security-endangering secrets are terrorists storing in a MySQL database?

It is the private sector

[dbIII]

Recent revelations about spying on an Indonesian clove cigarette company for the benefit of US "customers" is one example.
So that's for the private sector. How the customers in the private sector commission the work and pay for it would make an interesting story. Perhaps they pay via political campaign finance? Let's open that can of worms.

boiled frogs, would be my guess as a security prof

[raymorris]

My guess, as a security professional who could have been recruited for a three-letter agency, is that many of them are boiled frogs. There are technical challenges that smart geeks love, plus the whole hacker mystique, but you don't want to be criminal, so you go white-hat, hacking bin Ladin. That adds the whole "international spy" thing into it and maybe you help catch some really bad guys. That would be awesome, spying on al Qaeda. Hmm, if you expanded that technique you could catch a lot of bad guys. So you expand it to log calls to and from Iraq, Afghanistan, and Syria. After a few years, you end up in a place you never would have knowingly sought to go.

Re:I also fully support this

[epyT-R]

This only happens if you're an idiot, like the average libertarian that infests this site.

No. it happens when the law primarily serves the interests of those in power (or their benefactors) instead of individual liberty.

Smart socialists know how to always remain in power.

quite true. The soviet union and north korea are great examples.

The worst people in the world are those that don't know how to socialize with other members of society, and socialization is formally structured in society through a government.

That depends on your definition of 'socialize'. The word's been defined and redefined so many times for so much self serving arrogance, I'm not sure it has a valid objective meaning anymore. These days it's newspeak that really means "compliant with the norms of the group", or "team player", someone who never rocks the boat, even when it's necessary to tell the uncomfortable truth and cause someone to have to save face.

When you people state "I fear and mistrust government", what the rest of us hear is "I fear and mistrust other members of society".

No. Government is its own entity, just like any other group of people. They form hierarchies within hierarchies, complete with their own groupthink and 'mission statements.' Really, they're just the adult versions of highschool cliques, except the stakes are much higher. They share all the same low level hazing, peer-pressure, and passive aggressive politics of their adolescent counterparts. Like students who are or are not a part of these cliques, the bureaucrats of government are a distinctly separate class from everyone else. After awhile, many of them truly believe that they are a cut above everyone else by default. This is a big part of what we're facing today.

Can you explain how you benefit us? Do you think you produce more tax revenue than we pay for you? Do you think the road we paved for you all the way out to your private secluded hideout so you can avoid the rest of society came for free?

Hey, I didn't ask for anyone to spend money on my behalf. You sound like that guy who washes my windshield at a stop light when it doesn't need washing, and then gets upset when I refuse to give him $5. What a citizen typically faces in socialist nations in final stages of collapse goes like this: How do you benefit 'us', citizen? I'm sure it's insufficient compared to what The People have done for you. Report to reeducation camp #119 for 'processing'! I don't think it's that bad yet, but obviously, you are already there. Now that is sad.

Publicly funded roads are a far cry from overt surveillance and psychological manipulation (ie terrorist fear mongering) which are the precursors to extremely large powergrabs. Oh, and I never said I disagreed with public roads. You need to put down the NYT liberal talking points guide.

Is that what you want us to hear from you libertarians? That you're a precious snowflake and that you don't want to do what government tells you to do, because you're a precious snowflake?

No. The precious snowflakes are the ones who think they're owed something from taxpayers because they believe their race, gender, orientation, or some other arbitrary difference, makes them think they are perpetual victims of some paranoid conspiracy they probably picked up from public schooling or the media. The sad part is, many of them probably are victims of this brainwashing. They do make reliable voters, don't they? Gotta love identity politics. If you knew anything about them, you'd know libertarians believe in rule of law, not in identity politics. That means everyone is equal before it; no favoritism. However, they also believe that the laws that are on the books should be rational instead of based on heat of the moment politicking. They understand that when humans are packed into groups, they're pr

Story writer didn't read own story.

[BitterOak]

But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.)

When the author wrote that part of the story, he or she seemed to be unaware of what he or she had just written:

allowing bogus certificates and similar routines to break SSL

By breaking SSL, the NSA has access to SQL queries whether or not they're encrypted.

Hypocrite

[TiggertheMad]

Grow the fuck up and learn some respect for a different perspective / belief.

I believe that god is seventeen giant, 65 foot long orange lizards, all who are named 'Ralph'. They have mile long, glittering prehensile cocks that drag behind them. Ralph^17 will sail invisibly across the sky once per hour, where all humans on the planet must turn to the South, and bow while chanting, 'Rubber Button' for one minute in order to avoid Ralph's divine and righteous wrath. His son is a stop sign three miles south of Yuma, and all who are able must journey to see him once in their life, lest they be dammed to spend Christmas vacation in New Jersey for all eternity. I demand the same respect that these goofy christian mono-godders get, up to and including wording on American money acknowledging Ralph^17's almighty farts. BOW, HEATHENS!

I mock you sir, for failing to respect that some people's perspective and beliefs are that 'invisible shit isn't real, and that you should call out the Emperor as naked when he is'.

You're outraged. Now what?

[i_want_you_to_throw_]

What I have noticed is that there is a story in the media every damn day about the over reach of NSA and arghh..people are outraged. Oh it's horrible, etc etc. Amazingly enough, no one seems to want to do anything about it. Where are those stories? Where is the demand for congressional oversight? We get the NSA we deserve because we the people are doing nothing to reign them in.