Title: What is HACIENDA

Release Date: 2014-08-15

Description: This undated GCHQ presentation describes the agency’s HACIENDA system, capable of port scanning entire countries, which became a standard tool in 2009 available to all FIve Eyes partners: see the Heise article The HACIENDA Program for Internet Colonization, 15 August 2014.

Document: Abbildung01-dc8cb7bf5376218d.png:
What is HACIENDA?

• Data reconnaissance tool developed by
the CITD team in JTRIG

• Port Scans entire countries

- Uses nmap as port scanning tool

- Uses GEOFUSION for IP Geolocation

- Randomly scans every IP identified for that
country

UK TOP SECRET STRAP1
TOP SECRET//COMINT//REL FVEY

Abbildung02-6b01394b0be0086e.png:
Countries

• Completed partial scans of 5 additional
countriesAbbildung03-07abce3ee1863e4b.png:
Tasking & Access

UK TOP SECRET STRAP1

TOP SECRET//COMINT//REL FVEYAbbildung04-64d4254cbde88a8e.png:
Ports

Pulls back hostname, banners,
application names and port status
Gathers additional information for.

-21 (ftp): directory listing

- 80 (http): content of main page

- 443 (https): content of main page

- 111 (rpc): results of rpcinfo

Q/\C=

UK TOP SECRET STRAP1
TOP SECRET//COMINT//REL FVEYAbbildung07-7a4e9f24e3b280b6.png:
The Results...

• All stored in JTRIG3s internal database

• Available in GLOBAL SURGE

- NAC’s Network Knowledge Base Prototype

• Transferred by MAILORDER to

- CSEC
-DSD

- NSA NTOC

UK TOP SECRET STRAP1
TOP SECRET//COMINT//REL FVEYAbbildung08-6bb47473ef0955e7.png:
How is it used?

CNE

-ORB Detection
-Vulnerability Assessments
SD

- Network Analysis
-Target Discovery

UK TOP SECRET STRAP1

TOP SECRET//COMINT//REL FVEY

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh