British spy agency scanned for vulnerable systems in 32 countries

donut.gif

British intelligence agency GCHQ used port scanning as part of the “Hacienda” program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed.

The use of so-called port scanning has long been a trusty tool used by hackers to find systems they can potentially access. In top-secret documents published by Heise on Friday, it is revealed that in 2009, GCHQ started using the technology against entire nations.

One of the documents states that full scans of network ports of 27 countries and partial scans of another five countries had been carried out. Targets included ports using protocols such as SSH (Secure Shell) and SNMP (Simple Network Management Protocol), which are used for remote access and network administration.

The results were then shared with other spy agencies in the U.S., Canada, the U.K., Australia and New Zealand. “Mailorder” is described in the documents as a secure way for them to exchange collected data.

Gathering the information is only the first step, according to Heise Online.

The documents also reveal “Landmark,” a program started by the Canadian spy agency CSEC to find what it calls ORBs (Operational Relay Boxes), which are used to hide the location of the attacker when it launches exploits against targets or steals data, Heise said. For example, during an exercise in February 2010, eight groups of three “network exploitation analysts” were able to find 3,000 potential ORBs, which could then potentially be used by CSEC.

“Shocking and sickening”

“It isn’t surprising [the intelligence organizations] were technically able to do this … That they attack people they have no reason to attack and then install malware on their systems to attack even more systems is really shocking and sickening to see. On that I think we can all agree,” said Christian Grothoff, one of the co-authors of the Heise article, in an interview with IDG News Service.

At the Technische Universität München, he has led the development of TCP Stealth, which can help prevent Hacienda and similar tools from identifying systems. The development of TCP Stealth was started during a course on peer-to-peer systems and security that Grothoff taught last year.

TCP Stealth works by adding a passphrase on the user’s device and on the system that needs to be protected.

“For example, if you have remote administration of routers or servers you don’t want that access to be public. You typically have a small group of administrators that are authorized, so between them you share..

Read more: http://www.pcworld.com/article/2466020/british-spy-agency-scanned-for-vulnerable-systems-in-32-countries-german-paper-reveals.html