Leaked Documents: GCHQ Made Port-Scanning Entire Countries a Standard Spy Tool 58
Advocatus Diaboli writes with this excerpt from Heise: Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations. Twenty-seven countries are listed as targets of the HACIENDA program in the presentation, which comes with a promotional offer: readers desiring to do reconnaissance against another country need simply send an e-mail.
Also from the article:
The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration) (Figure 4). Given that in the meantime, port scanning tools like Zmap have been developed which allow anyone to do comprehensive scans, it is not the technology used that is shocking, but rather the gargantuan scale and pervasiveness of the operation.
Re: (Score:1)
They are not trying to set up their Boxees.
Re: (Score:2)
Well somebody set up us the boxee, captain!
Phew (Score:1)
SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration)
I'm glad that was made clear, us nerds know very little about IT in reality.
Re: (Score:3)
> I'm glad that was made clear, us nerds know very little about IT in reality
I'm afraid that you're quite right. Many of our nerd friends and colleagues keep their SSH private keys un-passphrase-protected on backups and on NFS shares or removable media, we leave defaults in place for SNMP access. Moreover, a majority of the companies I've worked with in the last 10 years rely on their external firewalls to protect their internal networks from monitoring. This is even though people with VPN and laptop acc
Re: (Score:1)
You know, not to tangent off (oh wait this is slashdot) but this reminds me of a little soapbox I go on a lot lately:
I dropped out of high school and taught myself how to use Linux, which taught me computing because I'm a reasonably clever human who finds things interesting and the command line is a layer of abstraction closer to the computing than a Windows UI.
As I got some chops up from playing around with making websites for my guitar lessons and running various other services for my little LEGO camp bus
Re: (Score:3)
It's not so much of them "spying" it's more so "were they doing it legally." And if not, who inside the organization and government is going to pay for the travesty. It seems to me that in the UK, the government wishes to throw the social contract [wikipedia.org] not only in the dirt, but shit on it, burn both, and then piss on the ashes.
Re:Isn't this exactly what a spy agency DOES? (Score:4, Interesting)
It's a freaking port scan. It is not a denial of service attack. It is not remotely illegal and any private citizen is legally allowed to exactly the same and many researchers do without any need for special permissions.
This article could not possibly be any more pathetically sensationalist.
Re: (Score:1)
Security researchers are required to get written consent before port scanning for an audit.
So you can see why this sounds like a massive endeavor following no ethical rules.
Whether it's as bad as it sounds... meh... but really, it is quite contrary to all one would hold ethical.
Re: (Score:1)
It is not remotely illegal and any private citizen is legally allowed to exactly the same and many researchers do without any need for special permissions.
That's a bit like saying it is OK to break into peoples' houses because it is legal to enter into someones house when they give you permission, and they are essentially the same thing, right?
Your logic is beyond broken. It is incredibly illegal to commit any type of computer fraud, including brute force attacks (which includes port scanning), unless you have explicit permission before doing so.
Re: (Score:2)
No. No it isn't, and literally every single thing you wrote is either factually wrong, or completely unrelated to what I was saying.
Re: (Score:2)
And we're surprised why? (Score:5, Insightful)
So basically this is an article about the intelligence agencies using the same tricks criminals and security specialists in the industry have been using for years?
Let me show you my shocked face ... :|
Re: (Score:2)
Re: (Score:2)
Re:And we're surprised why? (Score:5, Interesting)
Well, if we use the same kind of accounting principles that were used to try to extradite Gary McKinnon, this is an article about an intelligence agency causing potentially billions of pounds/dollars/euros of damage to computers, 99%+ of which were not "legitimate targets" for a black bag job. It may not be a surprise, but it's still rather embarrassing.
Re: (Score:3)
No, no, no! You've got it all wrong! When private individuals do such things, they are terrorists, saboteurs, or thieves. But when governments do them, it's perfectly in order - they are only doing what all governments do.
"Il est défendu de tuer; tout meurtrier est puni, à moins qu’il n’ait tué en grande compagnie, et au son des trompettes".
("It is forbidden to kill; therefore all murderers are punished unless they kill in large numbers to the sound of trumpets").
- Voltaire
We are surprised because... (Score:5, Insightful)
We are surprised because these are our governments spending our tax payer dollars to find exploits in computers in foreign countries that have done us no wrong. While you may have no scruples about this sort of thing, most of the rest of us are offended when something is done in our names that we would never stand having done to us.
Re: (Score:2)
The idea behind a spy agency is to catch em before they do wrong. Really all alliances and agreements in international politics are matters of convenience, not moral obligation.
Re: (Score:3)
It's the enforcement mechanism in a great many treaties involving things like, oh, nuclear weapons development, for instance.
In case it's not obvious, "national technical means" is more or less synonymous with "spying". Yes, we can't actually count on people we make treaties with abiding by the treaties absent some enforcement mechanism. So we spy on them to make sure they do.
And yes, this may involve spying on perfectly innocen
Re:We are surprised because... (Score:4, Interesting)
It's not about looking for people with sensitive information. They know who the nuclear scientists are and go after them more directly. What this mass port scanning is aimed at is finding vulnerable PCs and turning them into bots that serve up exploits.
One favourite tactic GCHQ likes to use is to spoof a site and server up a malware infested version, or at least one they can monitor more easily. They use other people's computers to do it, because they can't install their own hardware in the network centres of target countries.
It's not just that they spy on everyone indiscriminately, they actually hijack innocent people's computers and use them to break the law in foreign countries. Clearly anyone who owns a computer should be concerned that GCHQ, a government agency with considerable funding, resources and access to zero day vulnerabilities may wish to use their property for criminal activity.
Re: (Score:2)
Re: (Score:2)
Well, I'm sure that the military has all sorts of contingency plans.
Re: (Score:2)
We are surprised because...
dude, the gchq are spies. what do you think they were doing? What surprises you about this?
Re: (Score:2)
most of the rest of us are offended when something is done in our names that we would never stand having done to us.
But I like being screwed!
Ya (Score:2)
It seems like the press has run out of new interesting things to report with regards to spy agencies, so rather than do some informed discussion on the stories or something, they are digging for shit.
Yes, we know, spy agencies spy. That is their purpose, that is the reason they get funding. If this shocks you then you've had your head in the sand. Now if you think governments shouldn't have spy agencies, ok, but that is a different argument (and you might want to look in to why they do). But acting all surp
Re: (Score:2)
Not that surprising, but still worth confirming so that we can defend against it.
It's also confirmation that there is a cyber cold war going on, with countries actively probing each others defences and running an arms race in cyber security.
Re: (Score:2)
Word! When I got my ADHD diagnosis from finnish health care system I felt so ass-raped and abused I still can't sleep without crying.
The scale isn't that impressive (Score:1)
There are faster ways to scan large address blocks - at least for TCP. We used a customized form of stateless scanning based on scanrand almost 10 years ago that could do the "usual suspects" across an entire 10/8 block off a single Linux machine in the space of about 8 hours. This was in a corporate environment much of the space was >=1G but also covered lower speed international routes. The 8 hrs was a balance between performance and network impact so could have been reduced.
Government waste (Score:2)
Wasted time and money, but hardly shocking or evil.
Every IP address exposed on the Internet is constantly scanned.
Why? (Score:3)
Bulk port scanning is something I'd expect criminals to do looking for vulnerable systems to exploit. Its not going to tell you anything about the use of that system or the motives of its owners unless you install some sort of exploit. The only thing this will reveal is the possible presence of certain peer-to-peer apps that use well known ports.
I'd expect the intelligence agencies to develop a list of likely terrorists and then concentrate on breaking into their systems. This looks like GCHQ has given up on al Qaida and is chasing file sharers full time. Public funds expended to protect the Disney companies property. When can I expect the local police department to pay two officers to guard my old pickup truck parked in my driveway every night?
Welcome to 1999 (Score:1)
nmap as a "hacking" tool reveals such an old mindset. Back then the prize was finding a service, which was inevitably not locked down or was easily compromisable. Nowadays even basic installs are secure thanks to sane package managers and distributions. The old "find an old version of sendmail and open a shell" tricks don't work.
Re: (Score:2)
People like you are the people, whose mailservers spam the rest of us.
Port sentry (Score:2)
Port Sentry is your friend :)
A. The Sentry tools provide host-level security services for the UNIX platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis.
It can also automatically respond to scans by blocking the originating hosts.
I have been using it continuously since the 1990's
http://sentrytools.sourceforge... [sourceforge.net]
Server security still sucks (Score:2)
I would estimate that in the last decade, any host visible on the Internet has gotten between 10 and 100 full port-scans per year, and most not from these people but other criminals.
So let me say this clearly: If a port-scan is a risk for your server, you should
a) Fix the damned thing already!
b) If you cannot, stop administrating systems when you have no clue how to do it!
Hell, in many countries port-scans are even perfectly legal.