GCHQ port scans 32 countries to find servers it can hack and use in attacks

By Graeme Burton
19 Aug 2014 View Comments
GCHQ Cheltenham

Spy agency GCHQ has been routinely scanning internet-connected servers in 27 countries in a bid to find insecure systems that it can compromise.

GCHQ has been using port-scanning programmes since 2009 under its Hacienda programme, according to documents published by Germany's c't magazine.

Further reading

According to security expert Bruce Schneier, it's unclear whether or not the documents are from the trove of data stolen by US National Security Agency (NSA) whistleblower Edward Snowden.

The documents indicate that GCHQ "randomly scans every IP identified for that country" and conducts partial scans on five others. However, the report blanks out the 32 countries affected.

While port scanning is not unusual, the scale and indiscriminate nature of the operation conducted by GCHQ is. It also indicates that GCHQ considers itself above the law, given that it would appear to be searching out any servers to hack not based on operational necessity.

According to c't magazine, the documents show that GCHQ uses Hacienda for "vulnerability assessment, network analysis and target discovery", and to detect "operational relay boxes" – servers it can use to hide the source of its attacks.

The Hacienda programme gathers data on all insecure servers, including host name, system and application information, port status, and directory listings. It also profiles the machines concerned, including browser, operating system and its patch status. This information is also shared with the US, Canada, Australia and New Zealand – the UK's partners in the Five Eyes spying programme.

The magazine claims that Hacienda is part of GCHQ's £1bn programme of "Mastering the Internet", which has the explicit aim of attacking and compromising every internet-connected system that it can.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

39 %
26 %
14 %
21 %