Bruce Schneier has written about The Further Democratization of QUANTUM, the NSA's program for packet injection:
...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the Internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.
And now it's become a homework assignment:
Michalis Polychronakis at Stony Book has assigned building QUANTUM as a homework assignment. It's basically sniff, regexp match, swap sip/sport/dip/dport/syn/ack, set ack and push flags, and add the payload to create the malicious reply. Shouldn't take more than a few hours.
The assignment is due May 1st.
(Score: 5, Insightful) by mtrycz on Saturday April 25 2015, @09:28PM
It's good to always keep your assignments rooted in reality, with real-world examples.
People are more motivated than with the usual proof-of-concept assignments. And as a cool bonus, you get to quintify just how much work would go into (a basic version of) the hack. Cool!
In capitalist America, ads view YOU!
(Score: 4, Insightful) by Whoever on Saturday April 25 2015, @10:15PM
Why does the President assign these old warhorses to run the NSA?
The NSA has put a lot of effort into offensive capabilities and failed repeatedly in its defensive role.
In traditional warfare, it is often true that the best form of defence is an attack. But attacks across the Internet don't work like that -- an attack is unlikely to disrupt your opponent's ability to attack you as it would in conventional warfare.
These old warhorses don't appear to understand that, at the NSA, they are fighting a different type of war. They are the wrong type of people to assign to lead the NSA. Of course, looking at the military's procurements, one might think that the Generals and Admirals are still preparing for yesterday's war in other areas -- buying a small number of ultra high-tech weapons to fight low-tech opponents. Or perhaps they did not even learn from yesterday's war: for example in WWII, the allies overwhelmed Germany with a larger number of cheaper (but individually less effective) weapon systems.
(Score: 4, Informative) by Anonymous Coward on Saturday April 25 2015, @11:42PM
Read about the history of the NSA for your answers. I recommend the book "The Puzzle Palace" for a very thorough history. The short version is every branch of the military demands a piece of the intelligence pie but all the good crypto guys aren't inclined to be military types. Thus a compromise was made where it is a split system with brass on top. That position was historically a cushy one to pad the pension for a few years before retirement. Things have changed somewhat due to 9/11 and the goldrush of intelligence funding but the original deal to have old greyhair leadslingers lead the show has stayed in place.
(Score: 0) by Anonymous Coward on Saturday April 25 2015, @10:23PM
I don't know why it all gets dumped on the NSA's feet. He says the Chinese have been doing it. Why didn't they build up the Internet defenses? Or why didn't Hacking Team build it up either? Or why didn't all the other countries using this form of attack not build up the Internet defenses to save us all? There are hacker tools available. Why not blame Kaspersky and others for not protecting us? What a load of shit.
(Score: 3, Informative) by CRCulver on Saturday April 25 2015, @10:44PM
(Score: 3, Interesting) by Anonymous Coward on Saturday April 25 2015, @11:45PM
The first time I heard (and used) packet injection was in the '90s. Up until 2006 the NSA did actively try to help secure things. Then they went silent and stopped updating some of the best hardening guides available at the time. Now we have this. I don't even have a speculative idea why, but something happened in 2005 or 2006 that changed US citizens and organizations from something worth protecting to the enemy that needs to be attacked.
(Score: 3, Informative) by Fauxlosopher on Sunday April 26 2015, @02:21PM
Sorry, no sale. Between beasties like Echelon (1971) and Carnivore (1997), it's been obvious for a good long while now that fedgov spy agencies have not been the friend of the little US citizen.
(Score: 2) by isostatic on Sunday April 26 2015, @02:39PM
The American presidnet kills far more people than all the Mafia bosses combined, so the difference in outrage is clear, and not in the way you describe.
(Score: 2) by maxwell demon on Sunday April 26 2015, @07:31AM
Imagine two findings:
Finding 1: A Mafia boss shot someone.
Finding 2: The American president shot someone.
Which one would you think give the greater outrage? Can you tell why?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Insightful) by arslan on Monday April 27 2015, @02:34AM
I'd say Finding 3: The American president had an affair. The reason would be it makes entertaining news and there's no collateral damage.
As a non-American, I find it very interesting that of all the things a President can be sacked, having an affair was the one that actually got realized.
I suppose the only factions involved in Bill's affair were his private parts and Monica's, and tangentially Hillary's pride. So the witch hunt was easily executed. On the other hand any other shady work done in running the country would not be so easy given there are typically all sorts of factions involved that stand to bear losses as collateral damage, so its better to sweep everything under the carpet or hide it in some entertaining dog and pony show.
(Score: 2) by Yog-Yogguth on Wednesday April 29 2015, @08:23AM
Someone has already pointed out that packet injection [wikipedia.org] has been a known threat for a long time (over two decades at the very least), so if it's true that the NSA actually worried the most about QUANTUM at the time then it seems unlikely to be because it uses packet injection and indeed it doesn't have to be since QUANTUM is about a lot more than that [wikipedia.org].
The NSA worrying could easily be misdirection or pure coincidence anyway, and even so Schneiers general point still stands even if the specific example turns out to be a bad choice (or not, who knows why Schneier chose it).
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))