[Russian Rocket]

Forget targeting an individual computer/user...scan the fukk out the entire country instead


"The Doughnut", the headquarters of the GCHQ. (Image from defenceimagery.mod.uk)

GCHQ is scanning servers in multiple foreign countries for vulnerable ports, according to German newspaper Heise. Using a tool called Hacienda, the intelligence agency seeks to ‘master the internet’ for sources of espionage.
Spanish for estate, Hacienda can port scan all of the servers in a country to provide information on user endpoints and scan for potential vulnerabilities. The ability to port scan is not new, but the scale of its use by government spies, with 27 countries scanned by 2009, has shocked many familiar with the software.

“In 2009, the British spy agency GCHQ made port scans a 'standard tool' to be applied against entire nations,” Heise reports. “Twenty-seven countries are listed as targets of the Hacienda [program].”
The process of scanning entire countries and looking for vulnerable network infrastructure to exploit is consistent with the meta-goal of "Mastering the Internet", which is also the name of a GCHQ cable-tapping program. Targeted protocols include SSH, HTTP and FTP, among others.
Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without indications this will ever be the case. Based on this logic, every device is a target.
The database resulting from the scans is shared with other spy agencies in the UK, US, Canada, Australia and New Zealand. MAILORDER is described in the documents as a secure transport protocol used between the ‘Five Eyes’ spy agencies to exchange collected data.
System and network administrators face the threat of industrial espionage, sabotage and human rights violations created by nation states indiscriminately attacking network infrastructure and breaking into services.
GCHQ says it will not comment on “intelligence matters” but reiterates that everything that it does is done within a strict legal framework. “It is a longstanding policy that we do not comment on intelligence matters,” a GCHQ spokesperson told The Inquirer.
“All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception of Communications and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.
“All our operational processes rigorously support this position,” they added.
British intelligence is permitted to go further in surveillance than similar agencies in other Western countries, according to Edward Snowden. The former NSA contractor believes the powers of the British intelligence establishment are not restricted effectively enough by “law or policy”. The lack of legal restrictions allows UK intelligence services to target more people than is necessary.

[RubberKettle]

Echelon started doing this back in the 80s. Not really online orientated but overall surveillance scheme. Everything online can be found for the right price /motive.

Most likely everything printed about how these type of operations go is so outdated it's not worth reading. What we think the governments are doing is what they were actually doing 5 or even 10 years ago. I wouldn't bet against government having tools to crack 128 bit and possibly even 256 bit encryption. 9 round 256 attack has been around for quite some time so I'm sure they are even closer or have the ability to break.

just my 2 cents if it's important don't store it online put it under your mattress

[Russian Rocket]

just my 2 cents if it's important don't store it online put it under your mattress

totally agree with you here