Reports say eBay port scanning incoming visitors. Why?

Bleeping Computer has released a report that shows eBay is utilizing port scanning on website visitors. According to Lawrence Abrams, the report’s author, the port scanning is conducted by a check.js script. The script in question performs the following operations during the port scan, according to the report:

A script will run that performs a local port scan of your computer to detect remote support and remote access applications... Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more... The script performs these scans using WebSockets to connect to, which is the local computer, on the specified port.

Bleeping Computer was tipped off about eBay’s port scanning by Jack Rhysider of DarkNetDiaries. and also Nullsweep, with the latter source publishing an article investigation. Port scanning tends to have malicious implications, as penetration testers (white hat hackers) and cybercriminals (black hat hackers) both look for attack vectors with it, white hats to defend it and black hats to exploit it.  While the fact that eBay is scanning ports is a cause for concern, Nullsweep even goes so far as to say in their own post that the activity “may fall on the wrong side of the law.”

Upon further analysis by Bleeping Computer, Rhysider, and Nullsweep, it appears that eBay is conducting the scans to detect malicious actors. The specific targets of the scans all consist of Windows remote access programs that can be leveraged to make fraudulent purposes. Upon being contacted by Bleeping Computer, eBay gave a vague response:

Our customers’ privacy and data remains a top priority. We are committed to creating an experience on our sites and services that is safe, secure, and trustworthy.

The fact that these port scans are being done arbitrarily without customer knowledge, regardless of their intention, raises a serious legal issue. eBay may very well be trying to protect themselves and customers, but the fact remains that unauthorized port scanning is considered malicious by most authorities.

There is no explicit law against it, but there is a reason why hackers use the practice in their active data-gathering phase. It is an escalation of attack methodology, and rarely is this done for good. eBay should tread carefully here.

Featured image: Wikipedia / Coolcaesar

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Review: Identity verification solution Specops Secure Service Desk

Specops Secure Service Desk is an innovative solution for positively identifying a user who calls…

3 hours ago

Apple Silicon: What it means for the world of personal computing

Apple is moving away from Intel processors to use its own Apple Silicon processors to…

7 hours ago

RAID 0 vs. RAID 1: When to use each level and why

Two of the most popular RAID levels for improving performance are RAID 0 and RAID…

10 hours ago

Got cybersecurity tools? Good. Got too many? That may be a problem

Strength in numbers may not apply to cybersecurity tools. In fact, using too many tools…

1 day ago

Getting started with System Center Operations Manager

System Center Operations Manager can monitor your IT resources, but the tool is only as…

1 day ago

Microsoft 365 administration: Creating DNS records for email security

Microsoft 365 administration has many facets, but none is more important than configuring email. Here’s…

1 day ago