Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look at the NSA's Most Powerful Internet Attack Tool

Posted by samzenpus on from the big-gun dept.

realized writes in with a closer look at the NSA's QUANTUM system. "Today QUANTUM packs a suite of attack tools, including both DNS injection (upgrading the man-on-the-side to a man-in-the-middle, allowing bogus certificates and similar routines to break SSL) and HTTP injection. That reasonable enough. But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.) And it allows the NSA to hijack both IRC and HTTP-based criminal botnets, and also includes routines which use packet-injection to create phantom servers, and even attempting (poorly) to use this for defense."

6 of 154 comments (clear)

  1. I wonder by Anonymous Coward · · Score: 5, Insightful

    all these software engineers that work for nsa/gov , do they have any fucking morals? do they really believe they are securing the world from the evil guys? are they kept at gunpoint? are they just plain stupid? Fail to realize that us, the makers , have all the power is the worst mistake. Plant secret backdoors, failure modes, weaknesses. Be in charge. You don't owe anything to these black suits. Wake fucking up.

    1. Re:I wonder by tshawkins · · Score: 5, Interesting

      Its the same question that should have been asked of the doctors that assisted with the torture and stress programs, the psychologists that aided and abetted the threats made against detainees families. The aviation engineers that built remote controlled ariel death machines. The lawyers that twisted and bent the law to try to justify all the above. There is a tendancy for professions to remote themselves from the consequences of thier actions, and to adopt both the "obeying orders" and the "if we dont do it, somebody else will" defense. Scumbags the lot of them, there is a very hot place waiting for them all.

  2. wishful thinking by Patent+Lover · · Score: 5, Insightful

    Now if they would just use it to actually stop botnets.

    1. Re:wishful thinking by Burz · · Score: 5, Interesting

      Clearly they have an interest (or conflict of interest) in letting botnets run amok, as it gives them a cover for their own illegal activities.

  3. I fully support this by Anonymous Coward · · Score: 5, Funny

    I'm American and I fully support this. This is exactly what intelligence agencies are for. Nothing in any of these leaks in the linked article suggests these capabilities are being abused. I want my government to be able to pursue foreign intelligence targets with capabilities like these and--in a time where people complain relentlessly about government agencies being ineffective--I'm glad they are able to do this.

    Posting anonymously because I've lost too much karma expressing a contrarian opinion on all these Snowden articles. Frankly, I'm more scared of moderators than our government...

    1. Re:I fully support this by epyT-R · · Score: 5, Insightful

      You know, one of these days, you will be the one arrested and thrown in prison without due process for 'terroristic acts', or some other set of stacked charges that cannot be challenged in court because they're matters of 'national security'. It's people like you that allow wannabe tyrants to bypass civil liberties and seize power in the first place. It is a known fact that the feds are breaking the law to pursue their own political or financial agendas. While it is true that the NSA/CIA were chartered to monitor foreign governments, what they've been up to since then has obviously come up short of expectation. They need reigning in and refocusing. Heads need to roll.

      Governments are only ineffective at the things they promised but aren't in the best interests of the high level bureaucrats. Governments are scarily effective at doing whatever it is those in power really want to do. After all, all an employer can do is fire you, but a government can throw you in a box and toss the key.

      I fear the federal government more than some 13th century thugs from the middle east. Groupthink is the most powerful religion in existence. bin laden's goal was to get us to do his work for him, to destroy ourselves from within. So far, he's won every battle.