A Look at the NSA's Most Powerful Internet Attack Tool

realized writes in with a closer look at the NSA's QUANTUM system. "Today QUANTUM packs a suite of attack tools, including both DNS injection (upgrading the man-on-the-side to a man-in-the-middle, allowing bogus certificates and similar routines to break SSL) and HTTP injection. That reasonable enough. But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.) And it allows the NSA to hijack both IRC and HTTP-based criminal botnets, and also includes routines which use packet-injection to create phantom servers, and even attempting (poorly) to use this for defense."

Re:I wonder

[Arker]

It depends, if you are an actual employee I understand the pay is not really spectacular. The benefits, however, are outrageous. And these days of course the government has gotten into outsourcing too, and most of their workers are contractors, not employees. The contractors are obviously paid well, and if theoretically they have less job security practically their programs are only set to expand.

Anyway, regardless of position, you could probably make more money in the private sector if you are really motivated to go out and make the next big thing. But this sort of job is about more than compensation. It draws people that really believe in the cause (who eventually become disillusioned, and sometimes become whistleblowers) along with amoral sociopaths that get off on power. Unfortunate that the latter stand a much better chance of being promoted and the former of being waterboarded, seems backwards somehow, but oh well.