British intelligence has conducted port scans on 27 national computers

British intelligence conducted large-scale port scans of 27 national computers in Beijing August 17 Morning News, a number of confidential documents obtained by the German Heise website show that, in 2009, the British Intelligence Department's National Communications Directorate (GCHQ) TCP port scanning is listed as a standard tool for intelligence activities in target countries. In the project code-named Hacienda, a total of 27 countries became the target of GCHQ. These confidential documents do not describe the specific process for assessing the need for large-scale port scans. It is also worth noting that port scans of computers across the country are not whimsical. A port scanning tool called Zmap was deployed in 2013. With just one PC, this port scanning tool can scan all IPv4 addresses in less than 1 hours. The large-scale application of this technology can lead to malicious attacks on servers around the world. The network services listed in these files that are targeted for scanning include HTTP and FTP, as well as common network management protocols such as SSH and SNMP. At the same time, the development of Zmap and other port scanning tools allows anyone to perform complex scans. Therefore, the news of this exposure, shocking is not the use of technology, but the scale of the entire operation. At the same time as the port scan, GCHQ also downloads the welcome information from the scanned server. Such information is a piece of text that typically displays the system and application information of the relevant server, such as the version number. This information is helpful in finding vulnerabilities and attacking them. Such a large scan suggests that this intelligence activity is not directed at specific targets, but rather collects information in a variety of ways to look for loopholes in services. Planning an attack on the SSH and SNMP protocols shows that GCHQ is targeting critical infrastructure, such as network operating systems. There have been reports that GCHQ infiltrated the network of Belgian telecom and Stella. According to the report at the time, if an employee's computer system and network information might be useful, such systems and personnel would be targeted. The documents show that GCHQ also shares information with other members of the Hep Eyes intelligence organization, including the United States, Canada, Australia and New Zealand. In addition, Hep Eyes's intelligence services use mailorder as a secure transport protocol to exchange collected data. (Zhang Fan)