Many times, in order to ensure the security of citizens, different governments exercise a power that, for many users, means that the barrier between security and personal freedom has been crossed. More than anything, because there has been a government close to Spain that has been in charge of scanning all the devices that are connected to the Internet of its citizens.
The National Cyber Security Center of the United Kingdom (NCSC), that is, the government security agency of the country, has taken the right to scan all the devices of its citizens that have an Internet connection with a specific purpose: to detect vulnerabilities .
For protection or to spy?
The main objective, as they have assured from the government security agency, is an investigation that has the objective of being able to assess the vulnerability of the citizens of the United Kingdom against the different cyber attacks that are increasingly frequent. And, in addition, to be able to help users who have devices connected to the Internet to know the real state of their cybersecurity.
On this occasion, they have started with basic aspects, that is, with the most common vulnerabilities, to advance little by little until the complexity of the scan increases. Therefore, it must be taken into account that any device that is connected to the Internet within the United Kingdom has been able to be scanned by the NCSC.
And not only this, but, in the statement that the National Cybersecurity Center of the United Kingdom has published, they ensure that “we collect and store all the data that a service returns in response to a request.” So any information that is sent once a device is connected to a web server, such as HTTP responses, will be collected.
To do this, they have used tools that were hosted in the cloud and two IP addresses (18.171.7.246 and 35.177.10.231). In this way, by repeating the same thing over and over again, they can learn whether or not there are possible vulnerabilities in the different devices connected to the network.
Personal information
Although the tools that are responsible for scanning devices connected to the Internet are designed to collect the minimum amount of information necessary to check if there is any vulnerability during the scan, the truth is that it may be the case that they obtain personal information from their users.
However, if any personal or sensitive data is collected, the NCSC confirms that “we will take steps to delete the data and prevent it from being collected again in the future.” More than anything, because HTTP requests, for example, have been capped in order to limit the entry of personal data within HTTP responses.
Of course, there is an important detail and that is that, from the NCSC, they give the option for users to contact them so that they do not analyze the servers they have. They will only have to send them by email a list with the IP addresses that they want to exclude from this activity.