back to article Revealed ... GCHQ's incredible hacking tool to sweep net for vulnerabilities: Nmap

For the past five years, British spying nerve-center GCHQ has been port scanning internet-connected computers in 27 countries – in a exhaustive hunt for systems to potentially exploit. That bombshell comes amid fresh leaks detailing the dragnet surveillance programs operated by the Five Eyes nations: America, UK, Canada, …

  1. Oh Homer
    Childcatcher

    So GCHQ is breaking the law

    The Computer Misuse Act 1990 (plus amendments) in the UK, local laws in whatever countries it's hacking in, and various international treaties.

    Admittedly pointing out that GCHQ is breaking the law is about as futile as pointing out that Israel is committing genocide. Laws are farcical without the means to enforce them.

    1. Anonymous Coward
      Anonymous Coward

      Re: So GCHQ is breaking the law

      Those that are behind Israel and Palestine are committing genocide...... (There fixed that for you.)

      Neither the Israelis nor the Palestinians have the means to go to war without "extreme" financial/material help from "third" parties who are mysteriously never named..... cough, cough[insert large nation here]cough, cough.

      Back on subject : Governments make the laws they don't follow them.... Law abiding people are what the government need you to be in order that you remain within their control.

      1. amanfromMars 1 Silver badge

        Re: So GCHQ is breaking the law

        Those that are behind Israel and Palestine are committing genocide...... (There fixed that for you.) ….. Anonymous Coward

        Howdy, AC,

        If one assumes that GCHQ knows who is behind and lurking in the shadows facilitating the likes of genocide and conflicts for puppets battling in the colours of an Israel and Palestine, is one to assume that be condonation and support for such actors and then are they themselves [GCHQ] despicably compromised in acts of unpleasant conspiracy and covered in the inglorious guilt of joint enterprise? Or would they be more likely to claim and be believed to be in blissful ignorance of, and have zero lead in, such information and intelligence and activity ….. and then be both practically and virtually useless as a Novel Post Modern Future Builder and Intelligence Service Provider in Sublime InterNetworking Times/Quite Surreal Spaces?

        1. Anonymous Coward
          Anonymous Coward

          Re: So GCHQ is breaking the law

          Howdy amfM1,

          The great Puppet Masters play a very subtle game whereby the puppets [GCHQ etc] may or may not be aware that they are part of a game. As long as the media's portrayal remains superfluos then the Puppet Masters willl continue to remain unseen behind the multitude of curtains behind which they lie.

          The great Puppet theatre is a context and the war and killing mere acts within piece.

          In order to win in the Game of Puppets [World politics, finance, power] there is a requirement for a continual condition of unrest. It is a prop used as a reminder of the man's feebleness when stood against the great Puppet Machine.

          As long as we continue to pay for our tickets then the theatre will continue to play......

          1. amanfromMars 1 Silver badge

            Oh such madness, to follow a hacked to the core folly, and not realise.....

            .... the principals at virtual source will be revealed to cyberspace management

            Quite so, Anonymous Coward. I concur. And it appears that there be a no longer so great Puppet Master exercising the down vote option to our conversation, without so much as clue provided as to reason for the "disagreement", although shining the bright light of undeniable truth on such matters is always the only prime excuse to warrant such attention. Or, as can be the case, one who hasn't a clue about how things were and/or are done and are now being done in Halcyon Ways and in these Sublime InterNetworking of Thing 0Day Days.

            It would appear to be a very smart move, and no tall order at all in these days of novel ways and fabless wwwcommunication to/in/through/from/with network sysadmin everywhere, to offer another, and even several other much more attractive and beneficial continual conditions of reinforcing rest to destroy the notion and motion that man's feebleness is there to be abused and exploited by an obviously intellectually challenged and unimaginative and ill chosen few.

            :-) A little too heavy do you think, for an Indiegogo or a Kickstarter, or just what is needed and what any Head AIDoctor in a Strange LOVE Order would Order and ProScribe and Deliver Free with Strings of Virtual Prescriptions/Repeat Cyber Medicine.

            One would be forced to admit and accept, that should the opportunity be missed by current incumbent Puppet Master Players to assist in such new leading ways with rapidly expanding and ever more powerfully overwhelming and controlling means and memes, then is their Intelligence Supply Provider a Colossus of a Fraud Cloaked in a Market of Ponzis Trading Impossible Dreams via the Destructive Dark Knight and Evil Force Root Route. And that be an Epic Catastrophic Failure in anyone's language and world.

            Do El Regers imagine that idling information and/or supercharged turbo boosting chatter and nowhere near crazy intelligence share here on/in this forum, is phished and closely monitored by the System and their systems which may be programmed and heavily into such things, for signs of .......... well, signs of whatever the radical fundamentalists, who be allegedly monitoring and failing so spectacularly to properly mentor everything, would be looking for and/or be quite rightly worrying themselves about because of the very real likelihood and near future inevitability of their past ignorant and arrogant folly for Global Command and Universal Control being General Knowledge and Breaking Mainstream Worldwide News?

            The posit[s] here is[are] Yes. And that would then require of the System to do something radically major and fundamentally positive, and pretty darn quick, if it wants its leaders and close cohorts to survive in the Changes ahead.

            1. Anonymous Coward
              Anonymous Coward

              Re: Oh such madness, to follow a hacked to the core folly, and not realise.....

              The closing comments is probably what the Puppet Masters should ponder upon most because I imagine that changes will indeed come and when they do the theater will receive a radical overhaul....

        2. Mystic Megabyte
          Pirate

          Re: So GCHQ is breaking the law

          >is one to assume that be condonation

          It be the nation of condos

      2. Matt Bryant Silver badge
        Facepalm

        Re: Absolute Claptrap Re: So GCHQ is breaking the law

        ".....cough, cough[insert large nation here]cough, cough...." Qatar is not a large nation. And I suggest you also go look up the legal definition of genocide as the closest you would get is HAMAS's charter, which is more a declaration of intent than actual genocide.

        Nmap has been around for a lot longer than five years, as has the alleged use of it by the 5i's agencies. Why people are surprised that such a common tool be used by the spooks is amusing - why not? It does what is needed and is such a common tool that detection by the target of its use would raise no suspicions of secret squirrel involvement.

        1. Oh Homer
          Headmaster

          Re: "surprised"

          Actually no, I'm not in the least bit surprised that GCHQ is breaking the law, and I never claimed to be. Fascist regimes tend to do that, after all. I'm merely stating the obvious, while noting the futility of stating the obvious. It's a very British thing that seems to confuse the hell out of Yanks, which is one of the other reasons we do it. It also tends to elicit responses indicating support or opposition for whatever thing it is we're complaining about, thus allowing us to easily identify who the dicks are, and add them to The List of people who will be lined up and shot when the revolution comes.

    2. Peter2 Silver badge

      Re: So GCHQ is breaking the law

      Of course GCHQ is breaking the law. Their methods of "discrediting" a target previously released are in blatant violation of the 1215 Magna Carta which states that. We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land".

      Your required to have a court order or enabling law. None exists for what they were doing, hence those activities are illegal.

      The issue is that nobody is actually able to stand up to them, which is a bit troubling and raises an old, nay ancient question. Quis custodiet ipsos custodes?

  2. Alan Brown Silver badge

    Misdirection

    "These banners are useful because they typically declare the version number and name of the software, which can be used to look up exploits for known vulnerabilities in the code."

    3 tactics are used on the receiving side for this kind of thing

    #1: Substitute the banner for a generic one

    #2: Honeypots - swap in a banner of something with known vulnerabilities and log what happens next.

    #3: For added shits and giggles, you can give someone a sandboxed virtual environment to break into and then monitor every single thing they do.

    nmapping the internet is a fast way of attracting attention, no matter how stealthy you might think you are.

    1. Adam 1

      Re: Misdirection

      >nmapping the internet is a fast way of attracting attention, no matter how stealthy you might think you are.

      You are right, but I highly doubt that the port scan is happening directly. They would already have a botnet which would do their dirty work.

      /applies tin foil

      I am sure when they managed to take over the cryptolocker C&C servers they just shut them down without pushing their own malware into hundreds of thousands of machines.

    2. Fibbles

      Re: Misdirection

      nmapping the internet is a fast way of attracting attention, no matter how stealthy you might think you are.

      If you scan everyone then your actual target becomes obfuscated.

      1. Kane
        Black Helicopters

        Re: Misdirection @ Fibbles

        "If you scan everyone then your actual target becomes obfuscated"

        Unless everyone is your target?

    3. Anonymous Coward
      Anonymous Coward

      Re: Misdirection

      The NSA may want to educate the GCHQ about why passive attacks are the best attacks, they should eavesdrop on the target machine using their monitoring infrastructure instead of nmap which would raise red flags all round with any competent network admin.

  3. GrumpyOldBloke

    Beat them to it

    I don't need no stinking GCHQ malware. I've got adobe flash installed!

  4. Gary F

    Is this supposed to be news? Gosh, spying organisation does port scans!

    Is the headline "GCHQ's incredible hacking tool" supposed to be sarcasm? If it wasn't meant to be then it should. Port scanning and taking note of returned headers. Yes, that's outrageous. I'm sure GCHQ are employing people who bring better tools to the table than that if they're responsible in some way for protecting British interests.

    1. Anonymous Coward
      Anonymous Coward

      The trouble with sarcasm

      Is your comment supposed to be sarcasm? Particularly the last sentence: "... employing people who bring better tools to the table ...".

      Hard to tell, innit.

    2. Anonymous Coward
      Anonymous Coward

      "protecting British interests" and wheat exactly are they?

      I assume you're a very low level grunt, posting something like that.

  5. Anonymous Coward
    Anonymous Coward

    Im pretty certain...

    Port scanning is not illegal in the UK.

  6. Anonymous Coward
    Anonymous Coward

    While I'm at it

    Who approved the GCHQ architectural design? You'd have thought they'd have made a bit less of a munitions target.

    1. phuzz Silver badge
      Black Helicopters

      Re: While I'm at it

      There's supposed to be a lot of underground spaces under the doughnut. In fact, local legend has it that there is/was a tunnel from the old Oakley site on the other side of town to Benhall (where the doughnut is now), which was used to transport equipment when they consolidated everything to the Benhall site.

      Of course, the most specific information I've ever heard is "yeah, there's loads of tunnels under there".

  7. Anonymous Coward
    Anonymous Coward

    Nmap Scanning

    I only today swapped AngryIP Scanner for the Nmap (ZenMap utility)

    Thought I could scan MY network legally!

  8. Anonymous Coward
    Anonymous Coward

    A thought

    In the old days, policemen on the beat (yes, before the Panda car) would test the door handles of shops and warehouses they passed.

    If any was unlocked, it would be reported to the owner.

    In this modern age perhaps it would be better for us, if one of our domestic agencies knocked (figuratively) on British business doors to say "Sorry to bother you sir, but did you know you left your router's port open last night. You might want to do something about that."

    Just a thought

    "Evening all"

  9. John Smith 19 Gold badge
    Gimp

    They are like f**king cockroaches.

    And yes the injection of malware to another computer system is illegal under UK law unless you whisper the magik incantation "national security."

    In which case it isn't.

  10. Anonymous Coward
    Anonymous Coward

    I'm an old-school hacker from the 80s ..

    and out of principle, I would *never* serve up a correct - or even possible - banner.

    1. Nick Ryan Silver badge

      Re: I'm an old-school hacker from the 80s ..

      Read a website somewhere where they listed the most amusing, shocking or clever twists delivered in place of standard banners. Can't find it now, but there some real gems on there...

  11. MyffyW Silver badge
    Linux

    Not Shocked

    Of course they use nmap. They probably use ping and tracert at sometime in their working day. The really interesting bit is what else they use - if it's an etch-a-sketch were probably in trouble.

  12. WereWoof
    Black Helicopters

    I had the U.S. Navy do this to me, from Naples, I was half expecting Gibbs et al to appear at my front door.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like