icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
18 Aug, 2014 16:06

Masters of the Internet: GCHQ scanned entire countries for vulnerabilities

Masters of the Internet: GCHQ scanned entire countries for vulnerabilities

GCHQ is scanning servers in multiple foreign countries for vulnerable ports, according to German newspaper Heise. Using a tool called Hacienda, the intelligence agency seeks to ‘master the internet’ for sources of espionage.

Spanish for estate, Hacienda can port scan all of the servers in a country to provide information on user endpoints and scan for potential vulnerabilities. The ability to port scan is not new, but the scale of its use by government spies, with 27 countries scanned by 2009, has shocked many familiar with the software.

“In 2009, the British spy agency GCHQ made port scans a 'standard tool' to be applied against entire nations,” Heise reports. “Twenty-seven countries are listed as targets of the Hacienda [program].”

The process of scanning entire countries and looking for vulnerable network infrastructure to exploit is consistent with the meta-goal of "Mastering the Internet", which is also the name of a GCHQ cable-tapping program. Targeted protocols include SSH, HTTP and FTP, among others.

Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without indications this will ever be the case. Based on this logic, every device is a target.

The database resulting from the scans is shared with other spy agencies in the UK, US, Canada, Australia and New Zealand. MAILORDER is described in the documents as a secure transport protocol used between the ‘Five Eyes’ spy agencies to exchange collected data.

System and network administrators face the threat of industrial espionage, sabotage and human rights violations created by nation states indiscriminately attacking network infrastructure and breaking into services.

GCHQ says it will not comment on “intelligence matters” but reiterates that everything that it does is done within a strict legal framework. “It is a longstanding policy that we do not comment on intelligence matters,” a GCHQ spokesperson told The Inquirer.

“All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception of Communications and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.

“All our operational processes rigorously support this position,” they added.

British intelligence is permitted to go further in surveillance than similar agencies in other Western countries, according to Edward Snowden. The former NSA contractor believes the powers of the British intelligence establishment are not restricted effectively enough by “law or policy”. The lack of legal restrictions allows UK intelligence services to target more people than is necessary.

Podcasts
0:00
28:18
0:00
25:17