Forgot your password?
typodupeerror
Government The Internet United Kingdom

Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool 58

Posted by timothy
from the small-island-nation-with-a-lot-of-curiosity dept.
Advocatus Diaboli writes with this excerpt from Heise: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail. Also from the article: The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration) (Figure 4). Given that in the meantime, port scanning tools like Zmap have been developed which allow anyone to do comprehensive scans, it is not the technology used that is shocking, but rather the gargantuan scale and pervasiveness of the operation.
This discussion has been archived. No new comments can be posted.

Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool

Comments Filter:
  • by pjt33 (739471) on Saturday August 16, 2014 @09:08AM (#47684103)

    Well, if we use the same kind of accounting principles that were used to try to extradite Gary McKinnon, this is an article about an intelligence agency causing potentially billions of pounds/dollars/euros of damage to computers, 99%+ of which were not "legitimate targets" for a black bag job. It may not be a surprise, but it's still rather embarrassing.

  • by Electricity Likes Me (1098643) on Saturday August 16, 2014 @10:16AM (#47684301)

    It's a freaking port scan. It is not a denial of service attack. It is not remotely illegal and any private citizen is legally allowed to exactly the same and many researchers do without any need for special permissions.

    This article could not possibly be any more pathetically sensationalist.

  • by AmiMoJo (196126) * <mojo@woCURIErld3.net minus physicist> on Saturday August 16, 2014 @07:12PM (#47686273) Homepage

    It's not about looking for people with sensitive information. They know who the nuclear scientists are and go after them more directly. What this mass port scanning is aimed at is finding vulnerable PCs and turning them into bots that serve up exploits.

    One favourite tactic GCHQ likes to use is to spoof a site and server up a malware infested version, or at least one they can monitor more easily. They use other people's computers to do it, because they can't install their own hardware in the network centres of target countries.

    It's not just that they spy on everyone indiscriminately, they actually hijack innocent people's computers and use them to break the law in foreign countries. Clearly anyone who owns a computer should be concerned that GCHQ, a government agency with considerable funding, resources and access to zero day vulnerabilities may wish to use their property for criminal activity.

The Universe is populated by stable things. -- Richard Dawkins

Working...