Menu
British spy agency scanned for vulnerable systems in 32 countries, German paper reveals

British spy agency scanned for vulnerable systems in 32 countries, German paper reveals

Heise Online reveals top-secret details about the GCHQ's 'Hacienda' program

British intelligence agency GCHQ used port scanning as part of the "Hacienda" program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed.

The use of so-called port scanning has long been a trusty tool used by hackers to find systems they can potentially access. In top-secret documents published by Heise on Friday, it is revealed that in 2009, GCHQ started using the technology against entire nations.

One of the documents states that full scans of network ports of 27 countries and partial scans of another five countries had been carried out. Targets included ports using protocols such as SSH (Secure Shell) and SNMP (Simple Network Management Protocol), which are used for remote access and network administration.

The results were then shared with other spy agencies in the U.S., Canada, the U.K., Australia and New Zealand. "Mailorder" is described in the documents as a secure way for them to exchange collected data.

Gathering the information is only the first step, according to Heise Online.

The documents also reveal "Landmark," a program started by the Canadian spy agency CSEC to find what it calls ORBs (Operational Relay Boxes), which are used to hide the location of the attacker when it launches exploits against targets or steals data, Heise said. For example, during an exercise in February 2010, eight groups of three "network exploitation analysts" were able to find 3,000 potential ORBs, which could then potentially be used by CSEC.

"It isn't surprising [the intelligence organizations] were technically able to do this ... That they attack people they have no reason to attack and then install malware on their systems to attack even more systems is really shocking and sickening to see. On that I think we can all agree," said Christian Grothoff, one of the co-authors of the Heise article, in an interview with IDG News Service.

At the Technische Universität München, he has led the development of TCP Stealth, which can help prevent Hacienda and similar tools from identifying systems. The development of TCP Stealth was started during a course on peer-to-peer systems and security that Grothoff taught last year.

TCP Stealth works by adding a passphrase on the user's device and on the system that needs to be protected.

"For example, if you have remote administration of routers or servers you don't want that access to be public. You typically have a small group of administrators that are authorized, so between them you share a passphrase and also add it where they want to connect," Grothoff said.

If the passphrase is incorrect when the connection is started, the system simply doesn't answer, and the service appears to be dead.

For this to work, operating systems and applications have to be upgraded to be able to use TCP Stealth. Linux has already been upgraded and there is a library application developers can use to add TCP Stealth to their software without having to recompile. Windows, Chrome OS and Mac OS haven't been ported to TCP Stealth.

The hope is now that the technology will be standardized by the IETF (Internet Engineering Task Force). A first draft has already been filed with the organization. It was co-authored by Jacob Appelbaum with the Tor project and edited by Holger Kenn from Microsoft in Germany.

"I think there is a chance we can convince people this is necessary," Grothoff said.

Send news tips and comments to mikael_ricknas@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityintrusionAccess control and authenticationDetection / preventionGCHQ

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments