Feeds

Hacking tool 'draws FBI subpoenas'

Nmap author warns users

  • alert
  • submit to reddit

Protecting against web application threats using SSL

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org.

"I may be forced by law to comply with legal, properly served subpoenas," wrote "Fyodor," the 27-year-old Silicon Valley coder responsible for the post scanning tool, in a mailing list message. "At the same time, I'll try to fight anything too broad... Protecting your privacy is important to me, but Nmap users should be savvy enough to know that all of your network activity leave traces."

Probably the most widely-used freeware hacking tool, Nmap is a sophisticated port scanner that sends packets to a machine, or a network of machines, in an attempt to discern what services are running and to make an educated guess about the operating system. An Nmap port scan is a common prelude to an intrusion attempt, and the tool is popular both with security professionals performing penetration tests, and genuine intruders with mischief in their hearts.

Last year Nmap crept into popular culture when the movie the Matrix Reloaded depicted Carrie-Anne Moss's leather-clad superhacker Trinity performing an Nmap portscan on a power grid computer prior to hacking in.

But success comes with a price, and on Tuesday Fyodor felt the need to broach the "sobering topic" of FBI subpoenas with his users. He advised his most privacy conscious users to use proxy servers or other techniques when downloading the latest version of Nmap if they want to ensure their anonymity.

In a telephone interview, Fyodor said the disclaimer wasn't prompted by any particular incident, and that he'd received "less than half-a-dozen" subpoenas this year. "It's not a huge number, but I hadn't received any before 2004, and so it's a striking new issue," he said.

None of the subpoenas produced anything, Fyodor says, either because they sought old information that had already been deleted from his logs, or because the subpoenas were improperly served. In every case the request has been narrowly crafted, usually directed at finding out who visited the site in a very short window of time, such as a five minute period. "They have not made any broad requests like, 'Give me anyone who's visited insecure.org for a certain day,'" he says.

Fyodor theorizes the FBI is investigating cases in which an intruder downloaded Nmap directly onto a compromised machine. "They assume that she might have obtained that URL by visiting the Nmap download page from her home computer," he wrote.

He confesses mixed feelings over the issue. "The side of me that questions authority is skeptical of these subpoenas," he told SecurityFocus. "The other side says, this may be a very serious crime committed ... and if I were the victim of such a crime I would probably want people to cooperate"

Copyright © 2004, SecurityFocus logo

Related stories

Indymedia server grab - Home Office knew, but isn't telling
Indymedia: the tale of the servers 'nobody' seized
Indymedia seizures: a trawl for Genoa G8 trial cover-up?
Servers seized by FBI returned - but who wanted what?
How to kill a website with one email

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.