I'll quote the slides: 1. (R)econaissance 2. (I)nfection 3. (C)ommand And Control 4. (E)xfiltration

They're litterally running nmap for the reconnaissance part but I believe the "heinous" qualifier apply to the rest of the plan, which according to figure 18 consists in acquiring "as many new ORBs as possible in as many non 5-Eyes countries as possible". Unless I'm reading it wrong, they describe how they try to pwn as many machines as possible outside of Australia, Canada, New Zealand, the United Kingdom and the United States.

I think they may have been referring to the tools used to identify security vulnerabilities and exploit them after the initial port scanning. Probably just variants on Nessus / OpenVAS / Metasploit / etc. at a guess.

I agree with you though, The existence of nmap, Nessus etc. isn't the problem. These tools help the state of security over time. The fact that the governments of the world are so paranoid that they feel they need to try to automatically compromise the majority of internet facing devices in the world is a problem.

"They are using a tool I know, therefore it's ok"

One need not use nmap to understand that their reconnaissance is of information already considered public information.

The only way a reasonable person could write this comment is if they didn't know what nmap did.

The only way a reasonable person would correct his comment is if he though mislabelling nmap as heinous is of any importance with regards to the heinous nature of the whole operation.

Yes, that's about right.

I know what nmap is, and its not the tool I was referring to .. the entire program (a 'tool for governments') is the object of my ire.