
GNU hackers discover HACIENDA government surveillance - lelf
https://fsf.org/blogs/community/gnu-hackers-discover-hacienda-government-surveillance-and-give-us-a-way-to-fight-back
======
userbinator
I believe a civilian has portscanned the whole Internet before via the same
thing:
[http://internetcensus2012.bitbucket.org/paper.html](http://internetcensus2012.bitbucket.org/paper.html)

I don't get all the fuss about portscanning is either - anything connected to
the Internet will be subjected to packets sent to it because the Internet is
public; if you don't want others, government or otherwise, to know that
there's a machine present at an IP, then it should be your responsibility to
configure it so it doesn't reply.

~~~
papaf
There was a lot of noise when the Heise story was released with people
concentrating on the use of nmap and saying that using nmap is not shocking.

For me the disturbing thing was the pipeline - nmap, fingerprint, identify
weak systems and then compromise those systems. Those compromised systems are
then used for further surveillance or attacks.

Before the Heise story, I naively believed that this sort of automated attack
was only done by organised crime.

~~~
stalcottsmith
> Before the Heise story, I naively believed that this sort of automated
> attack was only done by organised crime

You were correct.

------
e40
_Disturbingly, the HACIENDA system actually hijacks civilian computers to do
some of its dirty work, allowing it to leach computing resources and cover its
tracks._

Yeah, that is disturbing, and it should be made illegal.

~~~
ganeumann
I think it's already illegal.

~~~
alex_duf
Agreed, it's just that there's no tribunal to bring the case to.

~~~
hadoukenio
So does it set a precedent that the humble citizen is able to do it without
legal ramifications?

~~~
deciplex
In a sense, yes. There will be ramifications, of course, but they are entirely
extralegal.

It's best not to think of the Five Eyes as being nations of laws.

~~~
joe_the_user
Seeing this intelligent if pessimistic post downvoted without comment makes me
sad for Hacker's News.

------
lotsofmangos
We are bored in the city, there is no longer any Temple of the Sun. Between
the legs of the women walking by, the dadaists imagined a monkey wrench and
the surrealists a crystal cup. That’s lost. We know how to read every promise
in faces — the latest stage of morphology. The poetry of the billboards lasted
twenty years. We are bored in the city, we really have to strain to still
discover mysteries on the sidewalk billboards, the latest state of humor and
poetry:

    
    
        Showerbath of the Patriarchs
        Meat Cutting Machines
        Notre Dame Zoo
        Sports Pharmacy
        Martyrs Provisions
        Translucent Concrete
        Golden Touch Sawmill
        Center for Functional Recuperation
        Saint Anne Ambulance
        Café Fifth Avenue
        Prolonged Volunteers Street
        Family Boarding House in the Garden
        Hotel of Strangers
        Wild Street
    

And the swimming pool on the Street of Little Girls. And the police station on
Rendezvous Street. The medical-surgical clinic and the free placement center
on the Quai des Orfèvres. The artificial flowers on Sun Street. The Castle
Cellars Hotel, the Ocean Bar and the Coming and Going Café. The Hotel of the
Epoch.

And the strange statue of Dr. Philippe Pinel, benefactor of the insane, fading
in the last evenings of summer. Exploring Paris.

And you, forgotten, your memories ravaged by all the consternations of two
hemispheres, stranded in the Red Cellars of Pali-Kao, without music and
without geography, no longer setting out for the hacienda where the roots
think of the child and where the wine is finished off with fables from an old
almanac. That’s all over. You’ll never see the hacienda. It doesn’t exist.

The hacienda must be built.

[http://www.bopsecrets.org/SI/Chtcheglov.htm](http://www.bopsecrets.org/SI/Chtcheglov.htm)

~~~
jonstewart
[http://en.wikipedia.org/wiki/Ivan_Chtcheglov](http://en.wikipedia.org/wiki/Ivan_Chtcheglov)

~~~
ivain
And the original French version is here:

[http://debordiana.chez.com/francais/is1.htm#formulaire](http://debordiana.chez.com/francais/is1.htm#formulaire)

------
ck2
Good luck port scanning ipv6 at random.

I really hope all this some day is just some horrible chapter in a book that
remembers how governments used to spy on their own citizens and how crazy that
seems to everyone "now".

~~~
coldtea
Governments are either kept honest by a vigilant population of actual citizens
(instead of people only interested in their personal affairs _) or are mostly
a tool for the rich and powerful to maintain a favorable order.

(The only third alternative to a government for the multitudes and a
government for the rich is the direct rule of the rich and powerful without or
with minimal government, as in the calls for "deregulation" which seldom favor
the average Joe).

(_) What the ancients of the Athenian democracy used to call "idiots". The
word comes from "idiotis", the term for someone not caring to participate in
public affairs and policy decisions -- and literaly means "private".

~~~
innguest
> as in the calls for "deregulation" which seldom favor the average Joe

Can you give an example of deregulation that doesn't favor the average Joe? I
can't think of one.

~~~
mikeyouse
Deregulation in the sense of removing price controls and barriers to entry is
typically good for everyone, examples include airlines and craft beer brewing.

Deregulation in the sense of stripping very specific regulations designed to
prevent exploitation are typically good for the owners of capital and bad for
everyone else. Examples include the Depository Institutions Deregulation and
Monetary Control Act (Led to Savings & Loan calamity), the Gramm Leach Bliley
Act (Led to GFC), California's attempts to deregulate the energy market (Led
to Enron and the energy crisis). It's easy to imagine many more scenarios
where industries could be deregulated that would cause massive harm to most of
society -- virtually all environmental controls fall into this category.

Some of those scenarios could have been prevented if _more_ facets had been
deregulated, but they weren't so we lost trillions of dollars in real value
and drove debt through the roof.

[http://en.wikipedia.org/wiki/Depository_Institutions_Deregul...](http://en.wikipedia.org/wiki/Depository_Institutions_Deregulation_and_Monetary_Control_Act)

[http://en.wikipedia.org/wiki/Gramm-Leach-
Bliley_Act](http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act)

[http://en.wikipedia.org/wiki/California_electricity_crisis](http://en.wikipedia.org/wiki/California_electricity_crisis)

~~~
innguest
I see what you and shiven mean. I agree those _partial_ deregulations are bad.
I say partial because that's not what I usually mean by "deregulation".
"Stripping very specific regulations" is just that, just another law being
passed, that flips some switch on or off.

When I asked for examples I thought we were talking about total deregulation
(I previously thought _deregulation_ was a binary thing - either something is
regulated or it isn't at all) but I see it is used in other senses (although
it is a bit perplexing to me).

> Some of those scenarios could have been prevented if more facets had been
> deregulated

Exactly this.

------
canistr
Ironically Jacob Appelbaum, allegedly an investigative journalist who reported
this issue, is responsible for this project on GitHub that does exactly the
same thing:

[https://github.com/ioerror/blockfinder](https://github.com/ioerror/blockfinder)

~~~
codemac
I disagree.

I don't see where blockfinder is actually reaching out and pinging servers to
see what's up where. blockfinder seems to be downloading well known data
sources as to where IPs are. The project the government is being accused of
doing is essentially running a distributed nmap along with geo information.

~~~
canistr
But Blockfinder is returning a full list of IPs of which you _could_ perform
nmap scans upon.

That's one step away from HACIENDA.

~~~
mobiplayer
This gets even worse. I've heard Jacob has a computer with Internet access.
Now that's like two steps away only from HACIENDA.

Terrifying.

------
glenda
I can't really take much more of this... What is their goal?

~~~
csandreasen
Gathering foreign intelligence. It's not like their overarching mission is a
huge secret.

[http://www.nsa.gov/about/mission/index.shtml](http://www.nsa.gov/about/mission/index.shtml)

~~~
glenda
At the expense of the sanity and security of those who the foreign
intelligence is meant to protect?

This is an obvious abuse with extreme existential consequences.

Sort of reminds of this book I read as a kid:
[http://en.wikipedia.org/wiki/Momo_(novel)#Plot_summary](http://en.wikipedia.org/wiki/Momo_\(novel\)#Plot_summary)

~~~
csandreasen
I think the assaults on your sanity are likely more the result of
sensationalized/incomplete reporting. The biggest issue I have with most of
the Snowden reporting is that if the article doesn't outright jump to
assumptions that aren't supported by the source material, they usually have
unanswered questions and written in such a way that would cause the reader to
jump to the worst possible conclusion. I'm not sure on the entirety of what's
actually going on, but the only hard facts I can gleam from the original
article[1] are: 1) GCHQ has an nmap/zmap-like tool (not surprising) 2) the
various intelligence agencies hack their targets (not surprising) 3) they
apparently gain control of relays to obscure their tracks (potentially
disconcerting, but makes sense...) 4) the only criteria that was discussed was
the fact that the relays can't be located in Five-Eyes countries (Slide 18).

Bruce Schneier made a couple of observations on the slide decks[2]:

 _24 people were able to identify "a list of 3000+ potential ORBs" in 5-8
hours. The presentation does not go on to say whether all of those computers
were actually infected._

...

 _The slides never say how many of the "potential ORBs" CSEC discovers or the
computers that register positive in GCHQ's "Orb identification" are actually
infected_

Despite this, the article authors have no problem tossing in assertions not
made in their source material, such as: _" these spy agencies try to attack
every possible system they can, presumably as it might provide access to
further systems. Systems may be attacked simply because they might eventually
create a path towards a valuable espionage target, even without actionable
information indicating this will ever be the case."_ or _" Thus, system and
network administrators now face the threat of industrial espionage, sabotage
and human rights violations created by nation-state ad- versaries
indiscriminately attacking network infrastructure and breaking into
services."_ Heck, as far as I can tell they apparently threw in Slide 9-16
(what appears to generic description of network hacking) solely so that they
could include the phrase _" The NSA presentation makes it clear that the
agency embraces the mindset of criminals."_ (Neglecting to mention that the
supposed "tools to support this criminal process" are a Wireshark dump of an
ICMP ping response [Slide 14], what looks to be an FTP session labelled "Iraqi
Ministry of Finance" showing an attempt at brute forcing the administrator
account [Slide 15], and a screenshot of a freshly opened cmd.exe [Slide 16])

If the average person reads through this without looking at the text
critically, they're going to walk away thinking "holy crap, they're hacking
everyone!", which would indeed be terrifying. The problem is that the evidence
needed to reach that conclusion isn't actually there. Nothing is shown
regarding any actual process for selecting hosts to use as relays, or any
actual number of hosts that they hack into. One commenter on the Schneier
article[3] points out that they can't just indiscriminately gain control of
hosts - the host isn't necessarily going to be reliable and the chances of
them getting caught increase quickly as the number of hacked hosts increases.
Nor do they mention if there is any effort to assess the potential political
damage that may arise from the target selection. I'd be pretty pissed if I
found out that my laptop was being covertly used to hack on their behalf, but
on the other end of the scale I don't care if some random open SMTP server in
Nigeria is being used by the NSA to spy on North Korea.

[1] [http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-
Program...](http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-
Internet-Colonization-2292681.html)

[2]
[https://www.schneier.com/blog/archives/2014/08/nsagchqcesc_i...](https://www.schneier.com/blog/archives/2014/08/nsagchqcesc_inf.html)

[3]
[https://www.schneier.com/blog/archives/2014/08/nsagchqcesc_i...](https://www.schneier.com/blog/archives/2014/08/nsagchqcesc_inf.html#c6676883)

~~~
papaf
_Nothing is shown regarding any actual process for selecting hosts to use as
relays, or any actual number of hosts that they hack into_

To quote parts of figure 18 in the Heise story:

CSECS Operational Relay Box (ORB) ... subsequently used for exploits... 2/3
times a year, 1 day focused effort to acquire as many new ORBs as possible in
as many non 5-Eyes countries as possible.

I interpret this as "hack many hosts as possible in a given short timeframe".

~~~
csandreasen
But it's still not a number - how many are actually being hacked in this
manner? Hundreds? Thousands? Millions? Five? There's not enough context given
to tell. That picture on slide 18 with all of the redactions just below the
quote you cite shows 63 egg-shaped (or maybe "orb" shaped?) icons with various
colored halos and warning symbols next to them. If I were to make an educated
guess based on that slide, I'd guess that CSEC controls a total of 63 relays.
If I only read the article, I'd assume several orders of magnitude more.

The point that I was trying to make in my earlier comment is that when we read
an article like that we tend to instinctively ask more questions, and if the
answers to our questions aren't there we tend to make assumptions. Depending
on both our own biases and the biases of the author presenting the
information, our assumptions are often way off the mark (in either direction).

Here's some questions I would pose to the authors of that article that aren't
answered:

How many hosts are being hacked?

Who owns the hosts being hacked? Have the authors taken steps to inform the
owners? If not, what is the reason they chose not to?

What are those hosts normally used for and by whom? What is the scale of the
privacy implications associated with NSA/GCHQ/CSEC using this host?

What criteria are considered when they select a host to hack to use as a
relay?

------
clayrab
Why would they need to use a botnet for a simple portscan?

------
click170
It bugs me that tap to zoom doesn't work on this site.

