The folks over at Heise/c’t Magazin revealed leaked, classified documents to report on HACIENDA, a GCHQ program to deliver country-wide Internet reconnaissance for so-called “five eyes” nations, including the US (NSA), Canada and Australia. And, as Bruce Schneier points out – its not clear that these documents were from Edward Snowden’s trove of classified NSA materials.
HACIENDA involves the large-scale use of TCP “port” scans to profile systems connected to the Internet, in addition to profiling of enabled applications. According to Heise, which published a classified slide deck. GCHQ claimed to have canvassed 27 countries through the program. A list of targeted services includes ubiquitous public services such as HTTP and FTP, SSH (Secure Shell protocol) and SNMP (Simple Network Management Protocol).
The Heise report, prepared by Julian Kirsch, Christian Grothoff, Monika Ermert, Jacob Appelbaum, Laura Poitras and Henrik Moltke claim that HACIENDA’s goal was to perform active collection and map vulnerable services across a country’s Internet space, not to go after specific targets.
“By preparing for attacks against services offered via SSH and SNMP, the spy agency targets critical infrastructure such as systems used for network operations,” they report.
The database resulting from the scans is then shared with other spy agencies of the Five Eyes: the United States, Canada, United Kingdom, Australia and New Zealand. Five Eyes participants could tap GCHQ to scan a desired country with an e-mail request, the slides reveal.
“Increasingly, innocent computers and networks are becoming collateral damage, as countries use the Internet to conduct espionage and attacks against each other,” Schneier notes. “Not only to these intelligence services want an insecure Internet so they can attack each other, they want an insecure Internet so they can use innocent third-parties to help facilitate their attacks.”
Read more here: NSA/GCHQ: The HACIENDA Program for Internet Colonization | c’t.