‘Secret services conduct large-scale port scans in Hacienda program’

Spread the love

Five Western secret services, including the NSA and GCHQ, carry out large-scale port scans in the so-called Hacienda program. The port scans to look for vulnerable servers would be performed in 27 countries.

The German tech site Heise Online reports this on the basis of documents that would come from a number of Western secret services. The documents describe the Hacienda program. Hacienda would perform port scans covering entire countries. Internet-connected computers in at least 27 countries are said to have been identified as potential targets via port scans, but Heise has not released the names of the countries concerned. Port scans are said to have been partially performed in five other countries.

The Hacienda program would be led by the NSA together with four sister organizations with which it works closely within the so-called five eyes program. It concerns the secret services in Australia, Canada, the United Kingdom and New Zealand.

According to the documents, Hacienda uses the nmap port scanning tool. Any vulnerable servers are stored in a database. According to the authors of the article, including investigative journalist Jacob Appelbaum and documentary filmmaker Laura Poitras, the Hacienda program shows that the Western secret services are not purposeful, but ubiquitously collect data about vulnerable systems without any control.

Documents from the Canadian CSIS describe how the five eyes services in certain cases take over vulnerable systems in other countries to serve as so-called operational relay boxes. For example, in February 2010 more than three thousand systems were acquired that could be used for carrying out attacks. The execution of port scans is also highly automated by the secret services and the databases are synchronized with each other.

The authors of the article argue that citizens and companies can take technical measures in an attempt to keep the secret services away from them. One of the possibilities would be port knocking: a server does not respond to a tcp syn-request, unless a special tcp packet is sent. However, a better mechanism would be tcp stealth, an IETF standard that uses an authorization token when creating a tcp handshake. Tcp stealth would be very difficult to detect and also prevent man-in-the-middle attacks such as replay attacks. Furthermore, the drafters call on the Internet community to develop and apply more secure network protocols.

You might also like