GCHQ Admits £1b Investment in Cyber Security “Hasn’t Worked”

Over the last five years, UK intelligence service GCHQ has spent nearly £1 billion on its cyber security initiative, but the civil servant in charge of the program has admitted, “the bottom line is it hasn’t worked.”

Alex Dewedney, Director of Cyber Security for CESG (Communications-Electronics Security Group) – a division within GCHQ – told the audience at the RSA security conference in San Francisco last week that, in order to fight cyber security threats to businesses, services, and governments, GCHQ needs more manpower, not money.

“I think the best way to sum up the challenge we face is that while we’ve done a lot over the past five years and spent quite a lot of money as a government, particularly in those years of austerity we’ve been through, the bottom line is it hasn’t worked,” Dewedney said, according to Computing.

“[People believe that] if we keep doing that, then somehow it will magically cause improvement to happen. That approach by itself is not sufficient,” he added. “We can’t just pass information on threats to businesses and tell them to go and deal with it themselves.”

Chancellor of the Exchequer George Osborne has, despite a fiscal policy of austerity, announced plans to double GCHQ’s cyber security budget to £1.9 billion by 2020, but Dewedney thinks that throwing money at the problem is the wrong approach, saying that it’s “not so much a money issue as it is a human resources issue.”

One place that the government should be spending money, argues Dewedney, is on upgrading IT systems. “Not […] spending money on fixing legacy IT issues […] is killing us.”

“I’ve tried to make this argument to my bosses that surely you have to start [with legacy] before you try to do anything more sophisticated,” he said. “But the response has been ‘I’m not spending cyber security programme money to subsidise other departments’ IT budgets’.”

GCHQ Hacking Deemed Legal by Tribunal

Today it has been announced that computer and smartphone hacks used by the intelligence agency GCHQ are legal according to the UK’s Investigatory Powers Tribunal. The inquiry was launched after the extents of the agency’s hacking was uncovered by whistleblower Edward Snowdon, which led to GCHQ revealing that they had agents hack into devices both within the UK and aboard.

At the conclusion of the inquiry, the senior judges on the panel ruled that they were satisfied that GCHQ’s ability to forcefully gain access to devices in order to gather intelligence was striking a proper balance between safeguarding the privacy of individuals and the ability to investigate crime and protect the public. Understandably, Privacy International, the civil liberties group who launched the investigation said they were “disappointed” with the outcome and would continue to combat state-sponsored hacking.

GCHQ’s hacking efforts were reported to the tribunal as covering computers, smartphones, servers, routers and more. They were told that it was possible for the hackers to remotely enable microphones and cameras, log keyboard input, install malware, track locations and even copy documents from target devices. Currently, the only restrictions on hacking in place are laid out in the Home Office’s code of practice for hacking, or “equipment interference”, which is set to be expanded as part of the Government’s Investigatory Powers bill which is currently being drafted. These documents dictate that a warrant must be issued before any hacks can take place. The judges agreed that these codes had the right balance between the “urgent need for the Intelligence Agencies to safeguard the public and the protection of an individual’s privacy and/or freedom of expression”. These restrictions did not exist when the investigation was originally launched, however, which brings GCHQ’s previous actions into question.

Once again, the cyber security and privacy of citizens are under threat from government agencies, who strive to increase their own power and supposedly the safety of their people at the cost of their freedom. While in future GCHQ’s hacking is expected to be kept in check by codified legal rules, the fact that their previous actions were ruled to be lawful could set a dangerous precedent if a security agency tried to take advantage of the circumstance to work outside these laws.

GCHQ-Developed Encryption System Has Built-In Backdoor

A security researcher has discovered that a telephone encryption system developed by UK intelligence agency GCHQ contains a backdoor that can be exploited by anyone who has its master key. Steven J. Murdoch, a Royal Society University Research Fellow in the Information Security Research Group of University College, found that the MIKEY-SAKKE protocol, based on the Secure Chorus encryption standard, can be bypassed using the private master key to decrypt and collect call data in bulk.

“The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk,” writes Murdoch, “and an irresistible target for attackers. Also calls which cross different network providers (e.g. between different companies) would be decrypted at a gateway computer, creating another location where calls could be eavesdropped.”

The existence of an encryption form that allows intelligence services to decrypt and access data comes as no surprise since the UK – in the form of both Prime Minister David Cameron and MI5 Director-General Andrew Parker – have declared war on end-to-end encryption as it prevents their mass surveillance efforts.

“GCHQ designs the encryption technology used by government to prevent unauthorised parties having access to classified information,” Murdoch added. “But GCHQ also wants the ability to examine how this encryption technology is used to investigate suspected leaks whether to companies, the press, or foreign intelligence agencies.”

Ex-NSA Director Warns UK Snooper’s Charter Will Kill People

The former Technical Director of the NSA has warned that should the UK Investigatory Powers Bill – nicknamed the Snooper’s Charter – pass into law that it will result in the deaths of innocent people. Bill Binney says that the sheer quantity of information that GCHQ analysts will be forced to sift through will actually distract them from protecting citizens, leaving the country more vulnerable to attack.

“It is 99 per cent useless,” Binney said in a letter to MPs leaked by human rights group Liberty (via InfoSecurity). “Who wants to know everyone who has ever looked at Google or the BBC?  We have known for decades that that swamps analysts,” adding that mass surveillance “costs lives, and has cost lives in Britain because it inundates analysts with too much data.”

While mass surveillance data has proved useful in the aftermath of, say, the World Trade Center attacks, to provide further background on the perpetrators, Binney argues that the act of collecting that data makes such an attack more likely to slip through the net.

“The net effect of the current approach is that people die first, even if historic records sometimes can provide additional information about the killers (who may be deceased by that time),” Binney wrote. “The alternative approach based on experience is to use social networks as defined by metadata relationships and some additional rules to smartly select data from the tens of terabytes flowing by.  This focused data collected around known targets plus potential developmental targets and represented a much smaller set of content for analysts to look through.”

Binney, who left the NSA in 2011 in protest at its mass surveillance program and became a whistleblower, will be speaking to MPs at the Joint Committee today (6th January) about the ineffectiveness of GCHQ’s BLACK HOLE data collection system which will support the IP Bill.

Image courtesy of The Independent.

NSA and GCHQ Worked Together to Hack Juniper Firewalls

Spies from the UK intelligence services worked with the US National Security Agency to hack firewalls developed by top internet security firm Juniper Networks, according to documents leaked by NSA whistleblower Edward Snowden. GCHQ, wanting to crack Juniper’s encryption, specifically sought help from the NSA for that task, Russia Today reports. A series of secret documents, dating back to 2011, show that the pair were complicit in targeting Juniper – an industry leader in firewall technology in certain parts of the world – to compromise its systems.

The first document, entitled “Assessment of Intelligence Opportunity – Juniper”, outlines how GCHQ and NSA targeted Juniper in order to maintain its mass surveillance programs without being impeded.

“The threat comes from Juniper’s investment and emphasis on being a security leader,” the document reads. “If the SIGINT community falls behind, it might take years to regain a Juniper firewall or router access capability if Juniper continues to rapidly increase their security.”

The documents also shed light on why Juniper specifically was chosen as GCHQ’s prey: its firewalls are popular in countries Pakistan, Yemen, and China, all of which are of great interest to US and UK intelligence.

Snowden himself commented on the story, tweeting that the story had seemingly been suppressed by US news outlets.

GCHQ Releases Open-source Spy Tool on GitHub

Open source surveillance has changed the ball game somewhat after British Intelligence security service GCHQ has created an account on well-known code repository site, and one of the fairly recent targets of China’s Great Cannon attack tool, GitHub.

What has exactly been created? It’s an open sourced tool by the name of “Gaffer”, which according to Google is a British slang term for boss; anyway, the tool is written in Java and according to the tools official GitHub page, is a framework that simplifies the storage of “large-scale graphs in which the nodes and edges have statistics such as counts, histograms and sketches,” not exactly Spectre, but hey ho.  The tool has been primarily developed as a graph database with the aim of offering the capability to retrieve data on nodes of interest.

Below is a summary of the tool and its key features

  • Allow the creation of graphs with summarised properties within Accumulo with a very minimal amount of coding.
  • Allow flexibility of statistics that describe the entities and edges.
  • Allow easy addition of new types of nodes and edges.
  • Allow quick retrieval of data on nodes of interest.
  • Deal with data of different security levels – all data has a visibility, and this is used to restrict who can see data based on their authorizations.
  • Support automatic age-off of data.

Gaffer is being distributed under the Apache 2.0 licence which allows you and me to modify and distribute the code in any way, as long as the original copyright notice and disclaimer are preserved.

For those who are excited about updates to this tool, anyone? The official GitHub page for this tool also announces that Gaffer 2 is in development and aims to “create a more general framework that offers the best of Gaffer with improvements”

It will be rather worthwhile to follow this tool through various developments and applications to see how it’s being utilized in the wider world; it would not surprise me if it’s in the news very soon.

Image courtesy of theregister

GCHQ Releases Christmas Card Brainteaser

GCHQ is the UK’s intelligence monitoring agency which collects data in the interests of national security. In recent times, the organization has come under a great deal of scrutiny for abusing their powers via the Tempora computer system. This system was used to buffer internet communication extracted for fibre-optic cables. As as result, the system can access individual’s data without any trace being left or making service providers suspicious. The UK’s obsession with surveillance is a worrying trend and some critics argue GCHQ isn’t acting in a democratic manner.

In the run up to festive season, GCHQ has decided to release a Christmas card designed to test people’s cryptography skills:

From the offset, you can see how baffling this brainteaser is and GCHQ has set a very difficult challenge. For those of you struggling, (most of us), here’s some advice from the organization:

“In this type of grid-shading puzzle, each square is either black or white. Some of the black squares have already been filled in for you.”

“Each row or column is labelled with a string of numbers. The numbers indicate the length of all consecutive runs of black squares, and are displayed in the order that the runs appear in that line. For example, a label “2 1 6” indicates sets of two, one and six black squares, each of which will have at least one white square separating them.”

This is certainly an interesting way to gauge the reasoning skills of the general population and I wouldn’t be surprised if a member of the public managed to solve the entirety of GCHQ’s challenges. Perhaps, this is seen as a recruitment drive, and successful entries could be offered a role at the organization.

Have you managed to work out the first puzzle yet?

GCHQ Could Be Fined For Latest Series Of Job Adverts

GCHQ are known for their presence within the UK as the cyber spies, the first and last defence against digital threats within the UK. In recent years though they have not had the best image, with incidents like being given permission to spy on politicians, recommending users store their passwords in software and do away with remembering them and breaching human rights with their internet surveillance. Their latest issue may be something a little more low-tech, with their latest job adverts possibly resulting in them being fined.

Hackney council has stated that they will fine and ask that GCHQ clean up their advertisements as they didn’t have permission to create the advert in Shoreditch.

https://twitter.com/JamesLiamCook/status/664064611642163200/photo/1

Featuring a pun on their name, combined with a web address, the adverts were created by using a technique called reverse graffiti. This means that instead of applying paint or another material atop the surface, you use a stencil and a power washer to remove and clean off the top layer of dirt, resulting in a white depiction of your stencil.

The adverts have also been spotted in Manchester, Birmingham, Wolverhampton and Leeds.  GCHQ claim that they were led to believe that Hackney Borough Council had an issue with clean graffiti on street furniture, not pavements.

If only they had a copy of the email that people sent with this information…

Tor Exit Nodes Hit by Large-Scale DDoS Attacks From the UK

Several operators have reported that their Tor exit nodes have been hit by large-scale DDoS attacks originating in the UK. While some abnormalities have been written off by users as “graph glitches”, the attacks have coincided with the disappearance of the Abraxas Marketplace, which has made some users quite edgy.

An anonymous operator posted to Pastebin:

“Hi, I am the operator of several exit nodes and would like to stay anonymous due to the nature of the given attacks. Since Thursday (05.11.2015 1800 UTC) I have seen large DDoS attacks on each of my exit nodes from a common /16 source. The attacks originate from UK.”

The same operator, under the username dipsh1t, later posted more details to the /r/DarkNetMarket subreddit, writing, “[Attacks are occurring at an] Interval of about 30min. A whole bunch of IPs at 20mbit/s hitting hard for 5min. And then a small amount of nodes hitting hard at around 100mbit/s per IP. They’re both TCP and UDP, primarily UDP. All nodes look identical (nmap).”

If these attacks are both legitimate and being launched by the UK, it comes a week after the launch of a new task force by UK intelligence service GCHQ to police the ‘dark web’. “An NCA and GCHQ co-located Joint Operations Cell (JOC) opens officially today,” a National Crime Agency press release from 6th November reads. “The unit brings together officers from the two agencies to focus initially on tackling online child sexual exploitation.”

 

Paris Attackers Allegedly Used PS4s and PSN to Communicate

In a development that is likely to place more pressure on the technology sector, reports are coming out that the perpetrators of the recent Paris attacks used Sony PS4s to communicate and coordinate their attack. This comes after authorities have taken away the PS4s from the attackers homes and Belgian home affairs minister has said that the PS4 was chosen due to its difficulty to track.

Games and consoles have always been on the radar for authorities in monitoring suspects. After all, Edward Snowden revealed that the NSA and GCHQ had agents embedded into MMORPG World of Warcraft and Second Life in order to monitor suspects. XBox Live was monitored and part of the reason many were hesitant about the always on functions of the new consoles and the once mandatory Kinect.

At that time, PSN, the Sony’s Playstation Network was not mentioned as a target for monitoring. If it turns out the PS4 was used, authorities will likely start looking into PSN communications as well. Given the myriad number of ways players can communicate with each other in game, the large volume of communications and the importance of context, whether or not extra monitoring would help remains to be seen.

Snooper Charter Powers are Increasingly Worrying

Security is one thing, from a virus on your phone or PC to a coordinated breach and remote access that compromises your computer. While we may not want to believe them, they are the things that happen more than anyone would want and as such, people are employed to look out for any risks and report and maybe even fix them. Security researchers are essential in the world where our digital security is as important to many as locking your door. So what does the new law that the UK government want enforced mean for you? For one it’s more than often known as the Snooper Charter, and its powers could be a problem for security researchers and even you.

The typical process for security researchers upon finding a backdoor, something that can give anyone access to your system, is to check your findings with colleagues and make sure that it is, in fact, a security risk, then to alert your client, normally the creator of the software or the owner of it at least. They then report it, get a fix out and then you can reveal to the world that they need to update in order to receive this fix.
Under the snooper charter, though, even so much as revealing a backdoor could be punishable with up to 12 months in jail or a fine. For someone who spends their life finding these flaws, the risk of you exposing one created by the government, could put you not only out of a job but also out of work for good.

If that wasn’t enough, intercepting information, equipment interference (hacking) and retaining communications data would also be protected under gag orders, including those for bulk communications data collection, such as all the emails sent from your home IP.

Granting access to all your information, without having to provide anything for scrutiny. This is made all the worse by that fact that even in talking to your MP, to prove someone innocent of a crime they were falsely accused for or even in the court when you’re being charged using this information, it would become illegal to even disclose that these tactics were used to obtain the information.

With these powers and the charter as it is, not only would the government and agencies have abilities to access and obtain information with little oversight, but you would be unable to discuss or reveal that these activities even took place.

GCHQ Given Consent to Spy on Politicians

There has been a great deal of criticism directed at GCHQ by privacy advocates regarding the data collection of citizens. Despite being morally outrageous, the body defended their actions and claimed it was within the confines of the law. In addition to these powers, GHCQ can snoop on members of Parliament but there is a legal ambiguity due to the Harold Wilson Doctrine. The original document directed the security services to opt out of phone tapping for MPs and Peers. As a result, various politicians have attempted to use this document and oppose GCHQ’s legal role to observe their data.

However, the Investigatory Powers Tribunal (IPT) dismissed these concerns and reiterated GCHQ’s legal right to listen into the communications of politicians. Clearly, some parliamentary members are quite upset and feel GCHQ’s behavior infringes on their civil liberties. While I am completely opposed to the widespread snooping scheme, why should politicians evade the law while ordinary citizens are monitored? Arguably, politicians have closer links to sensitive data and could leak it to other countries.

Whatever the case, it seems GCHQ’s powers have been legitimized further and the UK’s big brother society continues to be on the rise.

Thank you The Register for providing us with this information.

GCHQ Claims Longer Passwords Are Unnecessary

GCHQ is a government body which monitors communication in the UK and protects the security of its citizens. While the organization remains fairly aloof, it has come under a great deal of scrutiny in lieu of the Edward Snowden revelations. GCHQ and the Centre for the Protection of National Infrastructure compiled a report entitled “Password guidance: simplifying your approach”. This piece of documentation recommends users to opt for a password manager instead of long and overly complicated passwords:

“Complex passwords do not usually frustrate attackers, yet they make daily life much harder for users.”

Although, professional hackers are still capable of infiltrating any kind of software:

“like any piece of security software, they are not impregnable and are an attractive target”.

Nigel Hawthorn from security company Skyhigh Networks argued:

“The security industry is awash with password advice, but much of it is contradictory or simply not suited to modern working. The result – passwords still puzzle many. GCHQ’s latest advice is refreshingly to the point and covers some of the most pressing issues facing UK businesses and employees today.”

The question is, do you trust GCHQ’s advice given their less-than-admirable behaviour in recent years? Ideally, you should set a different password for each service to avoid every aspect of your being disrupted during a hack. Although, it can be quite difficult to remember passwords as various sites set specific stipulations for the characters used. Hopefully, fingerprint recognition and other methods will replace passwords in the near future.

Thank you The Guardian for providing us with this information.

Whistleblower Who Posted Sensitive Materials to 4Chan Not Taken Seriously

A former employee of Australia’s Department of Defense, who held fellow countryman Julian Assange up as an idol, posted sensitive materials he stole from the workplace to 4chan, where no one took him seriously (and called him “newf*g”, presumably). 21-year-old Michael Scerba uploaded documents related to the Five Eyes spying program – which is an initiative that combines the surveillance powers of the NSA (US), GCHQ (UK), CSEC (Canada), ASD (Australia), and GCSB (New Zealand) and has existed since the end of the Second World War – to 4chan in October 2012. The post had only 14 replies, described by Scerba as “a bunch of ‘fake and gay’ remarks”. Classy guy, sounds like he would have fit in well there.

At the time, Scerba said of his leak, “I release(sic) what I feel should be in the media: bombings, civilian deaths, actions of the ‘terrorists’ that just aren’t reported in the media.” As his 4chan post didn’t hit in quite the way Scerba has hoped, it was unlucky for him that one of the few people to see it was an employee of Australia’s intelligence service, who then alerted authorities.

Scerba’s materials were genuine, though, and the now 25-year-old is facing a Supreme Court trial in Australia for accessing and leaking confidential information. Since the trial will feature confidential information as evidence, making at least some of the process private, with documents related to the case to be destroyed 28 days after the end of the hearing, which has stirred civil rights activists into quite the frenzy.

Thank you Engadget for providing us with this information.

NSA Surveillance Program Operating For a Very Long Time

NSA operations have been going on a long, long, long, long time, that is according to the latest revelations by both Edward Snowdon and also by a report from The Intercept, NSA/GCHQ’s top secret surveillance program “Project Echelon” has been spying on the US allies, enemies, and its citizens for last 50 years. It’s being called the first-ever automated global mass surveillance system.

A British investigative journalist by the name of Duncan Campbell wrote a magazine article in 1988 about the existence a surveillance program by the name of Echelon, which is essentially a giant and automated surveillance dragnet that indiscriminately intercepted phone and Internet data from communications satellites. This technique was a precursor to today’s tapping of undersea fibre optic cables by survey non-military targets; these include governments, organizations and businesses in virtually every corner of the world.

In 2000, the European Parliament appointed a committee to investigate the program which lead to the outcome of the same old “The NSA played by the rules” mantra. How do you sum these latest revelations up? A foreign affairs directorate special adviser managed it perfectly by concluding the following,

In the final analysis, the “pig rule” applied when dealing with this tacky matter: “Don’t wrestle in the mud with the pigs. They like it, and you both get dirty.”

If anyone attempts to challenge these practises then both parties will be slandered into oblivion, the only difference is, the good guy always looks worst. I am not surprised by these revelations because frankly, who the hell can be after so much has been leaked out. I also think there is now more than surveillance at stake, but the underpinning of democracy which is looking weaker by the day.

This is also where GCHQ and the NSA look stupid, if they are able to track everyone all of the time, how come the likes of Osama Bin Laden managed to hide for so long? How come there are many criminals, illegal activities and an escalation in gun violence in the US within a world which is perceived to be more under surveillance? After all, the perpetrator of the Charleston church shootings wrote a manifesto which was easily accessible online, if the words “It was obvious that George Zimmerman was in the right” does not look slightly psychopathic, then nothing will.

Thank You fossbytes and The Intercept for providing us with this information.

Amnesty International Tracked By UK Goverment

Amnesty International is an organisation dedicated to promoting human rights and defends victims who have been abused. They have recently forayed into the world of digital rights, with the release of an Anti-spyware programme  designed to track down and alert you to common signs that your computer may be observed or accessed remotely. Ironically, the latest news is that members of Amnesty International have been observed by GCHQ (the Governmental branch within the UK that overlooks digital security).

On Wednesday, Amnesty International announced they received an email outlining that their information had been intercepted, accessed and recorded. The time frame that this information was obtained from and stored from has yet to be disclosed. The revelation was revealed by the Investigatory Powers Tribunal (IPT), who are in charge of monitoring and making sure that government agencies follow the policies involved in surveillance. Following from these investigations Amnesty International has requested that the IPT hold a public hearing into the claims, allowing for the scope and detail of the surveillance to be revealed in the open.

With the scope of the surveillance unknown and the detail unclarified to both the public and Amnesty International itself, it’s hard to disagree that there should be more open and public discussions when it comes to the level that digital surveillance is used (even illegally).

Thank you Amnesty International for the information and the image.

Government Looking for Exploits in Anti-Virus Software to Use Against You

Snowden’s latest leaked documents point to government agencies such as the NSA and GCHQ taking an interest in tracking user activity and spying on networks. However, to do that, they have to get one piece of software out-of-the-way; the anti-virus. This also seems to link with an earlier incident at Kaspersky Lab, where their headquarters was hacked by an unknown and well-equipped group.

The government agencies are said to be using a process named Software Reverse Engineering to gain access to vulnerabilities still present in current anti-virus products. One of the latest warrants GCHQ wants to approve, according to The Intercept, even states that Kaspersky poses a threat to its SRE program.

Other methods of intercepting and gaining access to anti-virus software databases consist of finding and exploiting employee emails that work in anti-virus companies. In addition, user PCs are targeted for HTTP requests sent to anti-virus headquarters, containing relevant security vulnerabilities found by their anti-virus suites.

To support the above claim, The Intercept also came across a GCHQ presentation where it shows that around 100 million malware events are flagged daily by the government agencies. The same approach might be found in every government agency, so at least we get another peek at what’s going on and how ’secure’ we are.

In the end, is targeting and ‘cracking open’ anti-virus software really a good solution? From my point of view, the GCHQ should hire Kaspersky Lab to design their network security if they are as good as they say they are. What do you think?

Thank you TechCrunch and The Intercept for providing us with this information

Astoria: The New NSA-Beating Tor Client

International intelligence agencies, such as the US National Security Agency (NSA), may have developed the ability to peel back the layers of The Onion Router network some time ago, but hackers and activists are determined to preserve their anonymity, developing a new Tor client that even the NSA can’t crack. The Astoria client should pose government spies their biggest challenge yet.

Astoria allows users to mask their identities by passing traffic between an encrypted middle relay and exit relay circuit, routed through 6,000 network nodes. With other Tor clients, anonymity can be compromised though “timing attacks”; gaining control over the entry and exit relays, with 58% of Tor circuits vulnerable to such attacks. Astoria reduces that number of vulnerabilities from 58% to 5.8%.

Included within the Astoria client is an algorithm designed to predict and counter relay attacks, patching vulnerabilities before they can be exploited. The client is thus able to always create the most secure circuit while balancing performance. Though “timing attacks” – commonly used by the NSA and GCHQ to crack Tor anonymity – can never be protected against entirely due the way Tor is constructed, Astoria makes it as difficult as possible for them to succeed.

“In addition to providing high-levels of security against such attacks, Astoria also has performance that is within a reasonable distance from the current Tor client,” Astoria’s developers write. “Unlike other AS-aware Tor clients, Astoria also considers how circuits should be built in the worst case—i.e., when there are no safe relays that are available. Further, Astoria is a good network citizen and works to ensure that the all circuits created by it are load-balanced across the volunteer driven Tor network.”

Astoria is not yet available for download, only being revealed in a research paper by its developers, but it is expected to be released soon.

Thank you The Daily Dot for providing us with this information.

UK Government Changes Law Covering Digital Surveillance

Edward Snowden exposed a world which some speculated, but few publically acknowledged. A world where every piece of information we send, be it through phone or computer, is monitored and recorded among thousands of others all searching for that one thing. The public has since been in an up cry about it, asking if it was even legal due to the severe invasion of privacy it entailed in order to do the most basic monitoring without legally requesting permission from a judge. From the use of the stingrays to intercept mobile communication, to the ruling stating that the mass collection of phone data in America was illegal, the law and digital monitoring has been at heads for a while now. The UK government has a simple answer, change the law.

GCHQ is the UK government’s digital branch in charge of monitoring electronic communications. It would seem that the Computer Misuse Act, one of the biggest pieces of legislation regarding hacking and the legality of using computers to access networks, was quietly rewritten on the 3rd of March 2015. The change in the legislation would essentially make the intelligence services exempt from legal action regarding hacking because they would be exempt from the legal areas outlining what is legal hacking.

Several large companies, including internet and communication services, filed complaints back in 2014 stating that the GCHQ’s activities would be considered unlawful under the Computer Misuse Act and that there was no legal authority that could be used to make their practices in line with the law.  This is a problem, especially given that hacking is an invasion of privacy, something considered a fundamental human right.

The legislation involved is called the Serious Crime Bill 2015, and came into effect on the 3rd May 2015, only two months after it was quietly passed amongst government groups without any public consultation. So not only does GCHQ now have the ability to hack people, they are practically immune to legal action regarding this (even though they have been found to be in breach of several sections of Law), this also means however that all current cases against GCHQ would be rendered null given that they now covered under a separate law. Also given that the code has not be subject to parliamentary process such as debates or discussions the changes have effectively rendered their illegal practises legal and their control over hacking (even those who have not been found as a threat to national security or suspected in a crime) exempt from legal process in what is turning out to be the biggest threat to the rights and laws of the 21st Century.

What do you think of this? I will refrain from commenting for fear that this post will be intercepted and my communications monitored. Personally, I really dislike that they have done this.

Thank you Privacy International for providing us with this information.

Image Courtesy of Reuters.

UK Government Exempt From Laws Making Hacking Illegal

The UK government has adapted existing anti-hacking laws to allow British intelligence and security agencies to legally hack and launch cyber attacks, according to campaigners.

Human rights watchdog organisation Privacy International was in the process of launching legal action against the UK government for unlawful spying by use of hacking and cyber attacks until Parliament changed the law in order to protect themselves. The change not only protects existing actions, but also “grants UK law enforcement new leeway to potentially conduct cyber attacks within the UK,” according to Privacy International. While Privacy International still intends to bring a case against the UK government for its actions, it will now be launched on the basis of “hypothetical facts”.

This marks the second time that the UK has rewritten online surveillance laws to protect its interests: back in February, a revised code of practice for GCHQ gave “UK spy agencies sweeping powers to hack targets, including those who are not a threat to national security nor suspected of any crime,” Privacy International said.

“The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ’s hacking operations is disgraceful,” Eric King, deputy director of Privacy International, said.

“Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate.”

“Instead, the government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar, without proper parliamentary debate.”

Last week, GCHQ began recruiting hackers, seeking those who could engage in “computer network operations against terrorists, criminals and others posing a serious threat to the UK”.

Thank you The Independent for providing us with this information.

UK Intelligence Confirms They Can Break into Any System, Anywhere, For ANY Reason

There have been talks that the FBI will soon have permission to break into computers anywhere on the planet. However, it comes to no surprise that the UK is following the same approach, having granted similar authority to its Intelligence Services. However, the biggest surprise is that the UK Government openly admitted it has the power and liberty to do so.

The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

This comes as a response to its ‘Open Response’ followed the court cases filed against GCHQ last year. This is what the Intelligence Services revealed, according to Privacy International:

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of “intelligence targets”, GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.

In addition to the latter, the GCHQ openly admits and tells how it was able to hack into Gemalto’s SIM network, a story which was deemed as controversial last year.

The intelligence services assert the right to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. The deployment of such powers is confirmed by recent news stories detailing how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world’s largest maker of SIM cards used in countries around the world.

The important part about this is not the actual information, but the fact that bringing court cases against the GCHQ has revealed more details which were previously kept as a secret. This apparently shows how effective this strategy is and how it could reveal even more secrets in the future, should it be used again.

Thank you TechDirt for providing us with this information

University of Toronto Creates Online Database of Leaked Snowden Documents

The University of Toronto, in partnership with Canadian Journalists for Free Expression (CJFE), has created an online searchable database of every document leaked by NSA whistleblower Edward Snowden that has been subsequently been published in the media. The Snowden Digital Surveillance Archive aims to “provide a tool that would facilitate citizen, researcher and journalist access to these important documents.”

Edward Snowden, a former NSA data analyst, leaked documents related to massive and pervasive illegal global surveillance programs run by the US National Security Agency (NSA) in conjunction with UK intelligence service GCHQ.

The CJFE is an organisation that “monitors, defends and reports on free expression and access to information in Canada and abroad.” The creation of the Snowden Archive is part of its remit to promote “free media as essential to a fair and open society” and the “free expression rights of all people”.

“We are extremely proud to launch the Snowden Archive as a tool for Canadians, and the world, to better understand the scope and scale of mass surveillance programs,” said CJFE Executive Director Tom Henheffer in a press release. “We believe this tool is just the start of many important stories to come, and hope this will help the public engage in conversation about government surveillance practices.”

The archive allows users to search by the following criteria:

  • Agency that created the document in question;
  • Journalist and media outlet that first broke the story from the document;
  • Full text of the document;
  • Keywords, surveillance program names and more.

Source: Canadian Newswire

UK MPs Call to Recruit Mumsnet Members as Spies

Senior MPs in the UK have called for agencies like the MI6, MI5 and GCHQ to use websites like Mumsnet to recruit spies. The remarks come as part of calls to increase the number of middle-aged women and mothers working in intelligence. The Intelligence and Security Committee made the conclusions in a report, that said females make up only 19% of those in Senior positions within the MI6, MI5 and GCHQ.

The thing that has turned heads though, is the fact that Mumsnet might be a place mothers could be recruited as spies. Will GCHQ really monitor the Mumsnet forums to find the next ‘M‘? Maybe. Justine Roberts, the CEO of Mumsnet didn’t directly respond to the suggestion, other than to say “I’m afraid I’m unable to comment as I have an urgent appointment with a rock in St. James’s Park.”

So, if you’re a kid, keep an eye on your mother if ever she’s on Mumsnet, she might just be protecting our borders from Russian spies.

Source: BBC News

Snowden: US and UK Spies Hacked SIM Card Manufacturer

It’s been reported that spies from both the UK and the US hacked into a SIM card company. The information, once again coming from Edward Snowden, details efforts to steal codes that allowed the spies to eavesdrop on communications between phones and cell towers.

The company in question, Gemalto, produces SIM cards in 85 countries and chances are your SIM card was made by them. The hack provided the codes required to decrypt pretty much any communications between mobile phones.

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. The Intercept

The hack is unprecedented as it meant that GCHQ and the NSA had essentially given themselves the ability to capture any mobile communications from the air. Gemalto says that they “take this publication very seriously”.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data,” – Gemalto

Source: BBC News

Privacy International Will Find Out if GCHQ Spied On You

Privacy International, one of the human rights groups that brought a case against UK intelligence agency GCHQ for unlawful surveillance, has launched a new campaign to enquire on your behalf as to whether you were illegally spied on by the intelligence outfit.

To submit to Privacy International’s enquiry, all you need to do is enter your details here. The organisation will collate all details it receives and forward them to the Investigatory Powers Tribunal – the body that ruled GCHQ’s actions unlawful – for comparison against its records. The request is permitted through the European Convention for Human rights, specifically Article 8 (‘right to respect for personal and family life’) and Article 10 (‘right to freedom of expression and information’).

Deputy Director of Privacy International, Eric King, said:

“The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place. There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”

Source: The Next Web

GCHQ Breached Human Rights with Mass Internet Surveillance, Rules Court

The Investigatory Powers Tribunal (IPT), Britain’s most secretive court, has ruled that British intelligence operations regarding internet mass surveillance were unlawful. GCHQ, the UK’s intelligence and security agency, has been found in breach of human rights laws. The unlawful information that GCHQ was in possession of came from the NSA, via its Prism information intercept programme.

The IPT posted an order to its website on Friday, reading, “The regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities … contravened Articles 8 or 10” of the European convention on human rights (ECHR). Article 8 is the right to private and family life, while article 10 protects freedom of expression.

The initial challenge against GCHQ and the NSA came from a coalition of civil liberty groups, including Liberty and Privacy International.

“For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law,” said Eric King, deputy director of Privacy International. “Today’s decision confirms to the public what many have said all along – over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing programme that has affected millions of people around the world.”

“We must not allow agencies to continue justifying mass surveillance programmes using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today’s decision is a vindication of his actions.”

“But more work needs to be done. The only reason why the NSA-GCHQ sharing relationship is still legal today is because of a last-minute clean-up effort by the government to release previously secret ‘arrangements’. That is plainly not enough to fix what remains a massive loophole in the law, and we hope that the European court decides to rule in favour of privacy rather than unchecked state power.”

“We now know that, by keeping the public in the dark about their secret dealings with the NSA, GCHQ acted unlawfully and violated our rights,” added James Welsh, legal director for Liberty. “That their activities are now deemed lawful is thanks only to the degree of disclosure Liberty and the other claimants were able to force from our secrecy-obsessed government.”

“But the intelligence services retain a largely unfettered power to rifle through millions of people’s private communications – and the tribunal believes the limited safeguards revealed during last year’s legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European court of human rights.”

A spokesperson for GCHQ responded to the ruling, saying, “We are pleased that the court has once again ruled that the UK’s bulk interception regime is fully lawful. It follows the court’s clear rejection of accusations of ‘mass surveillance’ in their December judgement.”

Source: The Guardian