Hackers Discover HACIENDA: Secret Gov Software

 

GNU community members and collaborators have discovered threatening details about a five-country government surveillance program codenamed HACIENDA. Those same “hackers” have already devised & now make openly availiable countermeasures to thwart the illegal spy program.

 

The intelligence agencies of the Canada, United States, United Kingdom, New Zealand & Australia use HACIENDA to map every server in twenty-seven countries, employing a technique known as port scanning. According to documents provided to german news site Heise Online, the agencies shared this map & use it to plan intrusions into the servers. Disturbingly, the HACIENDA system actually hijacks civilian computers to do some of its dirty work, allowing it to leach computing resources & cover its tracks.

 

The documents do not spell out details for a review process or the need to justify such an action. It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC. The massive use of this technology can thus make any server anywhere, large or small, a target for criminal state computer saboteurs.

But this was not enough to stop a team of GNU hackers & their collaborators. After making key discoveries about the details of HACIENDA, Julian Kirsch, Christian Grothoff, Jacob Appelbaum, & Holger Kenn (among others) designed a TCP Stealth system to protect unadvertised servers from port scanning. They revealed this work at the recent annual GNU Hackers’ Meeting in Germany.

System & network administrators now face the threat of industrial espionage, sabotage & human rights violations created by nation-state adversaries indiscriminately attacking network infrastructure & breaking into services. Such an adversary needs little reason for an attack beyond gaining access & is supported by a multi-billion dollar budget, immunity from prosecution, & compelled collaboration by companies from Five Eyes countries. As a result, every system or network administrator should reconsider how their system isp protected against this unprecedented threat & level of coordinated attack. In particular, citizens of countries outside of the Five Eyes have, as a result of these programs have greatly reduced security, privacy, integrity & resilience capabilities.

What is now very real: Spy agencies are using their powers to commandeer Internet systems for power projection. Their actions follow the standard template of cyber-criminal behavior, using reconnaissance through active & passive port scanning to identify potential victims. Given this serious threat, system administrators must improve their defensive posture &, in particular, reduce visibility of non-public services. Patching services do not help against 0-day attacks, and firewalls are simply not be applicable or sufficient.

The consequence of inaction is unsettling… even if you’ve nothing to hide.