The U.K. intelligence agency says a new project scanning the British internet for vulnerable systems is just a case of it attempting to boost national levels of cybersecurity.
The National Cyber Security Centre – a public-facing component of signals intelligence agency Government Communications Headquarters – disclosed the scanning project in a Tuesday blog post.
“We’re not trying to find vulnerabilities in the U.K. for some other, nefarious purpose. We’re beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we’re doing,” wrote Ian Levy, NCSC technical director.
The project will scan networked systems throughout the United Kingdom at regular intervals to detect vulnerabilities. The idea is to collect data to quantify risk exposure and respond to shocks such as a widely-exploited zero day vulnerability.
The NCSC says it will use cloud-hosted tools that connect to IP addresses assigned to scanner.scanning.service.ncsc.gov.uk. Specifically, 126.96.36.199 and 188.8.131.52.
To address the privacy concerns, the NCSC says it will avoid collecting personal information. Data collected from the users will include HTTP response including headers from web servers. For other services, it will hold on to “data that is sent by the server immediately after a connection has been established or a valid protocol handshake.”
Network administrators can opt-out by emailing their IP address to the agency, it says.
Scanning the internet for vulnerabilities, of course, is hardly an original activity. Hackers and cybersecurity companies have silently being doing so for decades. In 2014, cybersecurity researcher Rob Graham unveiled a tool he dubbed masscan capable of scanning the entire internet within minutes.
“The internet is pretty small, it’s only 4 billion addresses,” he told session of the Def Con conference in Las Vegas. “You will find hackable systems within minutes.”