Slashdot Mirror

← Back to Stories (view on slashdot.org)

Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool

Posted by timothy on from the small-island-nation-with-a-lot-of-curiosity dept.

Advocatus Diaboli writes with this excerpt from Heise: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail. Also from the article: The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration) (Figure 4). Given that in the meantime, port scanning tools like Zmap have been developed which allow anyone to do comprehensive scans, it is not the technology used that is shocking, but rather the gargantuan scale and pervasiveness of the operation.

10 of 58 comments (clear)

  1. And we're surprised why? by BitZtream · · Score: 4, Insightful

    So basically this is an article about the intelligence agencies using the same tricks criminals and security specialists in the industry have been using for years?

    Let me show you my shocked face ... :|

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    1. Re:And we're surprised why? by pjt33 · · Score: 5, Interesting

      Well, if we use the same kind of accounting principles that were used to try to extradite Gary McKinnon, this is an article about an intelligence agency causing potentially billions of pounds/dollars/euros of damage to computers, 99%+ of which were not "legitimate targets" for a black bag job. It may not be a surprise, but it's still rather embarrassing.

    2. Re:And we're surprised why? by Archtech · · Score: 2

      No, no, no! You've got it all wrong! When private individuals do such things, they are terrorists, saboteurs, or thieves. But when governments do them, it's perfectly in order - they are only doing what all governments do.

      "Il est défendu de tuer; tout meurtrier est puni, à moins qu’il n’ait tué en grande compagnie, et au son des trompettes".
      ("It is forbidden to kill; therefore all murderers are punished unless they kill in large numbers to the sound of trumpets").

      - Voltaire

      --
      I am sure that there are many other solipsists out there.
  2. Re:Isn't this exactly what a spy agency DOES? by Mashiki · · Score: 2

    It's not so much of them "spying" it's more so "were they doing it legally." And if not, who inside the organization and government is going to pay for the travesty. It seems to me that in the UK, the government wishes to throw the social contract not only in the dirt, but shit on it, burn both, and then piss on the ashes.

    --
    Om, nomnomnom...
  3. Re:Phew by Antique+Geekmeister · · Score: 2

    > I'm glad that was made clear, us nerds know very little about IT in reality

    I'm afraid that you're quite right. Many of our nerd friends and colleagues keep their SSH private keys un-passphrase-protected on backups and on NFS shares or removable media, we leave defaults in place for SNMP access. Moreover, a majority of the companies I've worked with in the last 10 years rely on their external firewalls to protect their internal networks from monitoring. This is even though people with VPN and laptop access connect to those internal networks all the time.

    More generally, the Windows admins and most developers don't generally need to or try to understand how other protocol works. They click a few boxes on their configuration tools, they read a Google how-to, and that's the extent of their review. They don't bother to ready the man pages or do an "snmpwalk" because they don't _have_ to.

    And it's not just the Windows admins or software developers. I spent an hour on Thursday walking a senior Linux administrator through SNMP. He'd never realized that SNMP was the core tool for scanning remote network devices. I could explain why, but that's a separate post.

  4. We are surprised because... by Kludge · · Score: 4, Insightful

    We are surprised because these are our governments spending our tax payer dollars to find exploits in computers in foreign countries that have done us no wrong. While you may have no scruples about this sort of thing, most of the rest of us are offended when something is done in our names that we would never stand having done to us.

    1. Re:We are surprised because... by CrimsonAvenger · · Score: 2
      A phrase you might be searching for (or not) is "national technical means".

      It's the enforcement mechanism in a great many treaties involving things like, oh, nuclear weapons development, for instance.

      In case it's not obvious, "national technical means" is more or less synonymous with "spying". Yes, we can't actually count on people we make treaties with abiding by the treaties absent some enforcement mechanism. So we spy on them to make sure they do.

      And yes, this may involve spying on perfectly innocent civilians in the process. It's not like the other fellow's secret projects are going to be marked secret_nuclear_project.gov after all....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    2. Re:We are surprised because... by AmiMoJo · · Score: 3, Interesting

      It's not about looking for people with sensitive information. They know who the nuclear scientists are and go after them more directly. What this mass port scanning is aimed at is finding vulnerable PCs and turning them into bots that serve up exploits.

      One favourite tactic GCHQ likes to use is to spoof a site and server up a malware infested version, or at least one they can monitor more easily. They use other people's computers to do it, because they can't install their own hardware in the network centres of target countries.

      It's not just that they spy on everyone indiscriminately, they actually hijack innocent people's computers and use them to break the law in foreign countries. Clearly anyone who owns a computer should be concerned that GCHQ, a government agency with considerable funding, resources and access to zero day vulnerabilities may wish to use their property for criminal activity.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Re:Isn't this exactly what a spy agency DOES? by Electricity+Likes+Me · · Score: 3, Interesting

    It's a freaking port scan. It is not a denial of service attack. It is not remotely illegal and any private citizen is legally allowed to exactly the same and many researchers do without any need for special permissions.

    This article could not possibly be any more pathetically sensationalist.

  6. Why? by PPH · · Score: 2

    Bulk port scanning is something I'd expect criminals to do looking for vulnerable systems to exploit. Its not going to tell you anything about the use of that system or the motives of its owners unless you install some sort of exploit. The only thing this will reveal is the possible presence of certain peer-to-peer apps that use well known ports.

    I'd expect the intelligence agencies to develop a list of likely terrorists and then concentrate on breaking into their systems. This looks like GCHQ has given up on al Qaida and is chasing file sharers full time. Public funds expended to protect the Disney companies property. When can I expect the local police department to pay two officers to guard my old pickup truck parked in my driveway every night?

    --
    Have gnu, will travel.