Feeds

Hacking tool 'draws FBI subpoenas'

Nmap author warns users

  • alert
  • submit to reddit

3 Big data security analytics techniques

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.

"I may be forced by law to comply with legal, properly served subpoenas," wrote "Fyodor," the 27-year-old Silicon Valley coder responsible for the post scanning tool, in a mailing list message. "At the same time, I'll try to fight anything too broad... Protecting your privacy is important to me, but Nmap users should be savvy enough to know that all of your network activity leave traces."

Probably the most widely-used freeware hacking tool, Nmap is a sophisticated port scanner that sends packets to a machine, or a network of machines, in an attempt to discern what services are running and to make an educated guess about the operating system. An Nmap port scan is a common prelude to an intrusion attempt, and the tool is popular both with security professionals performing penetration tests, and genuine intruders with mischief in their hearts.

Last year Nmap crept into popular culture when the movie the Matrix Reloaded depicted Carrie-Anne Moss's leather-clad superhacker Trinity performing an Nmap portscan on a power grid computer prior to hacking in.

But success comes with a price, and on Tuesday Fyodor felt the need to broach the "sobering topic" of FBI subpoenas with his users. He advised his most privacy conscious users to use proxy servers or other techniques when downloading the latest version of Nmap if they want to ensure their anonymity.

In a telephone interview, Fyodor said the disclaimer wasn't prompted by any particular incident, and that he'd received "less than half-a-dozen" subpoenas this year. "It's not a huge number, but I hadn't received any before 2004, and so it's a striking new issue," he said.

None of the subpoenas produced anything, Fyodor says, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request has been narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. "They have not made any broad requests like, 'Give me anyone who's visited insecure.org for a certain day,'" he says.

Fyodor theorizes the FBI is investigating cases in which an intruder downloaded Nmap directly onto a compromised machine. "They assume that she might have obtained that URL by visiting the Nmap download page from her home computer," he wrote.

He confesses mixed feelings over the issue. "The side of me that questions authority is skeptical of these subpoenas," he told SecurityFocus. "The other side says, this may be a very serious crime committed ... and if I were the victim of such a crime I would probably want people to cooperate"

Copyright © 2004, SecurityFocus logo

Related stories

Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?
Servers seized by FBI returned - but who wanted what?
How to kill a website with one email

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.