British spy agency scanned for vulnerable systems in 32 countries, German paper reveals

Heise Online reveals top-secret details about the GCHQ's 'Hacienda' program

British intelligence agency GCHQ used port scanning as part of the "Hacienda" program to find vulnerable systems it and other agencies could compromise across at least 27 countries, German news site Heise Online has revealed.

The use of so-called port scanning has long been a trusty tool used by hackers to find systems they can potentially access. In top-secret documents published by Heise on Friday, it is revealed that in 2009, GCHQ started using the technology against entire nations.

One of the documents states that full scans of network ports of 27 countries and partial scans of another five countries had been carried out. Targets included ports using protocols such as SSH (Secure Shell) and SNMP (Simple Network Management Protocol), which are used for remote access and network administration.

The results were then shared with other spy agencies in the U.S., Canada, the U.K., Australia and New Zealand. "Mailorder" is described in the documents as a secure way for them to exchange collected data.

Gathering the information is only the first step, according to Heise Online.

The documents also reveal "Landmark," a program started by the Canadian spy agency CSEC to find what it calls ORBs (Operational Relay Boxes), which are used to hide the location of the attacker when it launches exploits against targets or steals data, Heise said. For example, during an exercise in February 2010, eight groups of three "network exploitation analysts" were able to find 3,000 potential ORBs, which could then potentially be used by CSEC.

"It isn't surprising [the intelligence organizations] were technically able to do this ... That they attack people they have no reason to attack and then install malware on their systems to attack even more systems is really shocking and sickening to see. On that I think we can all agree," said Christian Grothoff, one of the co-authors of the Heise article, in an interview with IDG News Service.

At the Technische Universität München, he has led the development of TCP Stealth, which can help prevent Hacienda and similar tools from identifying systems. The development of TCP Stealth was started during a course on peer-to-peer systems and security that Grothoff taught last year.

TCP Stealth works by adding a passphrase on the user's device and on the system that needs to be protected.

"For example, if you have remote administration of routers or servers you don't want that access to be public. You typically have a small group of administrators that are authorized, so between them you share a passphrase and also add it where they want to connect," Grothoff said.

If the passphrase is incorrect when the connection is started, the system simply doesn't answer, and the service appears to be dead.

For this to work, operating systems and applications have to be upgraded to be able to use TCP Stealth. Linux has already been upgraded and there is a library application developers can use to add TCP Stealth to their software without having to recompile. Windows, Chrome OS and Mac OS haven't been ported to TCP Stealth.

The hope is now that the technology will be standardized by the IETF (Internet Engineering Task Force). A first draft has already been filed with the organization. It was co-authored by Jacob Appelbaum with the Tor project and edited by Holger Kenn from Microsoft in Germany.

"I think there is a chance we can convince people this is necessary," Grothoff said.

Send news tips and comments to mikael_ricknas@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Detection / preventionintrusionsecurityAccess control and authenticationGCHQ

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mikael Ricknäs

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?