Bleeping Computer has released a report that shows eBay is utilizing port scanning on website visitors. According to Lawrence Abrams, the report’s author, the port scanning is conducted by a check.js script. The script in question performs the following operations during the port scan, according to the report:
A script will run that performs a local port scan of your computer to detect remote support and remote access applications… Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more… The script performs these scans using WebSockets to connect to 127.0.0.1, which is the local computer, on the specified port.
Bleeping Computer was tipped off about eBay’s port scanning by Jack Rhysider of DarkNetDiaries. and also Nullsweep, with the latter source publishing an article investigation. Port scanning tends to have malicious implications, as penetration testers (white hat hackers) and cybercriminals (black hat hackers) both look for attack vectors with it, white hats to defend it and black hats to exploit it. While the fact that eBay is scanning ports is a cause for concern, Nullsweep even goes so far as to say in their own post that the activity “may fall on the wrong side of the law.”
Upon further analysis by Bleeping Computer, Rhysider, and Nullsweep, it appears that eBay is conducting the scans to detect malicious actors. The specific targets of the scans all consist of Windows remote access programs that can be leveraged to make fraudulent purposes. Upon being contacted by Bleeping Computer, eBay gave a vague response:
Our customers’ privacy and data remains a top priority. We are committed to creating an experience on our sites and services that is safe, secure, and trustworthy.
The fact that these port scans are being done arbitrarily without customer knowledge, regardless of their intention, raises a serious legal issue. eBay may very well be trying to protect themselves and customers, but the fact remains that unauthorized port scanning is considered malicious by most authorities.
There is no explicit law against it, but there is a reason why hackers use the practice in their active data-gathering phase. It is an escalation of attack methodology, and rarely is this done for good. eBay should tread carefully here.
Featured image: Wikipedia / Coolcaesar