Feeds

Hacking tool 'draws FBI subpoenas'

Nmap author warns users

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.

"I may be forced by law to comply with legal, properly served subpoenas," wrote "Fyodor," the 27-year-old Silicon Valley coder responsible for the post scanning tool, in a mailing list message. "At the same time, I'll try to fight anything too broad... Protecting your privacy is important to me, but Nmap users should be savvy enough to know that all of your network activity leave traces."

Probably the most widely-used freeware hacking tool, Nmap is a sophisticated port scanner that sends packets to a machine, or a network of machines, in an attempt to discern what services are running and to make an educated guess about the operating system. An Nmap port scan is a common prelude to an intrusion attempt, and the tool is popular both with security professionals performing penetration tests, and genuine intruders with mischief in their hearts.

Last year Nmap crept into popular culture when the movie the Matrix Reloaded depicted Carrie-Anne Moss's leather-clad superhacker Trinity performing an Nmap portscan on a power grid computer prior to hacking in.

But success comes with a price, and on Tuesday Fyodor felt the need to broach the "sobering topic" of FBI subpoenas with his users. He advised his most privacy conscious users to use proxy servers or other techniques when downloading the latest version of Nmap if they want to ensure their anonymity.

In a telephone interview, Fyodor said the disclaimer wasn't prompted by any particular incident, and that he'd received "less than half-a-dozen" subpoenas this year. "It's not a huge number, but I hadn't received any before 2004, and so it's a striking new issue," he said.

None of the subpoenas produced anything, Fyodor says, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request has been narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. "They have not made any broad requests like, 'Give me anyone who's visited insecure.org for a certain day,'" he says.

Fyodor theorizes the FBI is investigating cases in which an intruder downloaded Nmap directly onto a compromised machine. "They assume that she might have obtained that URL by visiting the Nmap download page from her home computer," he wrote.

He confesses mixed feelings over the issue. "The side of me that questions authority is skeptical of these subpoenas," he told SecurityFocus. "The other side says, this may be a very serious crime committed ... and if I were the victim of such a crime I would probably want people to cooperate"

Copyright © 2004, SecurityFocus logo

Related stories

Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?
Servers seized by FBI returned - but who wanted what?
How to kill a website with one email

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.