GCHQ
Latest
UK may cut Huawei out of 5G networks this year
The UK is reportedly planning to cut Huawei out of its 5G networks in 2020 -- not as part of a gradual phase-out as expected.
UK investigates if cyberattack led to stock exchange outage
UK officials are worried that a London Stock Exchange outage in August wasn't just the glitch that many suspected. Wall Street Journal sources say the GCHQ intelligence agency is investigating the possibility that the failure may have been due to a cyberattack. It's reportedly taking a close look at the associated code, including time stamps, to determine if there was any suspicious activity. The exchange was in the middle of updating its systems when the outage happened, and there's a fear this left systems open to attack.
Apple, Google and others condemn UK plan to view encrypted chats
Major players within the tech industry have long-opposed the idea of government access to users' messages and chat conversations -- now they're continuing the fight with an open letter to GCHQ (the UK's government communication headquarters) lambasting proposals that could allow officials to eavesdrop on encrypted chats.
European Court rules UK surveillance program violated human rights
The European Court of Human Rights (ECHR) is the latest to deem the UK government's mass surveillance program unlawful. Judges ruled the "bulk interception regime" violated the right to privacy and freedom of expression. It said there was "insufficient oversight" over what communications UK agencies were collecting and also noted that there were "inadequate" safeguards for the protection of confidential journalistic sources.
UK collected social media data as part of its mass surveillance
It's no secret that the UK has been engaging in mass surveillance over the past few years. Since Edward Snowden's leaks revealed the extent of their program, the UK's security and intelligence organization GCHQ has been under fire for possible violation of privacy laws, as well as the possibility that too much data had compromised the organization's ability to analyze it fully. Now, Privacy International, a privacy rights group, claims to have documents that show that GCHQ has been collecting social media information on millions of people.
Leaked memo says hackers may have compromised UK power plants
State-sponsored hackers have "probably compromised" the UK's energy industry. A leaked memo from the National Cybersecurity Centre (NCSC) identifies links "from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors." These threats are "known to target the energy and manufacturing sectors," the document says. The memo, obtained by Motherboard and verified by a number of sources, goes on to say that as a result of these connections, "a number of industrial control system engineering and services organisations are likely to have been compromised." The NCSC has neither confirmed nor denied the authenticity of the memo. However, in a statement given to the BBC it said: "We are aware of reports of malicious cyber-activity targeting the energy sector around the globe ... We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK."
Workplace AI makes it all too easy to track you on the job
Artificial intelligence can help you work and even help you find work, but it's now being used to monitor you at work... and that's not entirely a good thing. New Scientist notes that a London firm, StatusToday, recently joined a security accelerator run by the UK's GCHQ intelligence agency. The company's AI uses metadata from your workplace habits (such as the files you access and when you unlock doors) to spot unusual behavior as it happens. If you suddenly download a lot of data or venture into a part of the office you never frequent, the AI can alert the company and ask you what's going on.
The NSA has been listening to in-flight cell phone calls for years
By now, we're all well aware of how good the NSA is at spying on people's communications. But it's still a little surprising to learn that the NSA and the British Government Communication Headquarters (GCHQ) were able to listen in on people's in-flight phone calls as far back as 2005. Le Monde and The Intercept, which has previously broke many stories from Edward Snowden's info on the NSA, say that a secret program called "Southwinds" could gather all cellular communication from commercial air flights, including "voice communication, data, metadata and content of calls."
UK spies paid a New Zealand firm to help tap key internet lines
It's no longer a secret that the UK's GCHQ was expanding its mass surveillance in the years before Edward Snowden's leaks. However, it hasn't really been clear as to who was helping it upgrade its spying campaign... until today. The Intercept and Television New Zealand have obtained documents showing that GCHQ purchased large amounts of "data acquisition" systems and "probes" from Endace, a New Zealand company that specializes in network data recording. The agency wanted to step up its monitoring of high-speed internet cables from 87 10Gbps lines in 2009 to 800 by 2013, and buying loads of Endace technology helped it edge closer to that goal.
UK spies violated privacy laws with bulk data collection
Ever since Edward Snowden's leaks came to light, UK spy agencies have responded to accusations of surveillance overreach with a common boilerplate statement: that their activities are lawful, necessary and proportionate. However, they can't always use that justification any more. The Investigatory Powers Tribunal has ruled that key GCHQ, MI5 and MI6 bulk data collection programs violated privacy protections in the European Convention on Human Rights. Both a Bulk Communications Data effort (which covers data such as visited websites, email metadata and GPS locations) and a Bulk Personal Datasets initiative (covering biographical details like your communications and financial activities) didn't have proper oversight until 2015, when some safeguards came into place. That's particularly damning when BCD was had been in place since 1998, and BPD since 2006.
UK spies tracked Middle East activists with a web link shortener
Intelligence agencies don't always rely on hacks to monitor and influence political events. Motherboard has learned that the UK's GCHQ created its own URL shortener, lurl.me, to both disseminate pro-revolution talk during Iranian and Arab Spring protests as well as track activists. Puppet accounts would use lurl.me to help get around government censorship, while GCHQ would send special links to help identify activists who were otherwise hard to follow. The combination also made it easy to understand the effectiveness of revolutionary campaigns online -- if many people clicked a link and behavior changed, GCHQ would know that its efforts made a difference.
UK spies may have risked lives by collecting too much data
One of the common arguments against mass surveillance is that it could backfire: you might collect so much data that finding crucial info becomes difficult. As it turns out, that's a well-founded theory. A 2010 UK report leaked by Edward Snowden warned that MI5 spies were collecting so much data that there was a real risk of an "intelligence failure" where it would miss info that could save lives. Without enough staff and tools, it simply couldn't handle the sheer glut of raw surveillance content.
US, UK intelligence agencies cracked Israeli drone data
The National Security Agency and the UK's Government Communication Headquarters have been hacking into Israeli drones to observe military operations and areas of interest in the Middle East, according to The Intercept. "Anarchist," as the program was called, saw technicians at a GCHQ facility in Cyprus routinely intercept video feeds over the course of several years, with some of the most telling bits winding up among the documents leaked by Edward Snowden.
Researcher warns of backdoor in GCHQ-developed encryption
The UK government's spy agency stands accused of developing and promoting an encryption standard for voice calls which includes a backdoor, allowing it to conduct "undetectable mass surveillance." The protection is designed for internal software used by the British government, but because it's open-source one security researcher is worried it'll also be adopted by commercial companies. If that happens, the flaw could be exploited by GCHQ and, potentially, hackers to monitor the conversations not just of government employees, but the wider public. Dr Steven Murdoch, a Principal Research Fellow at University College London's Information Security Research Group, is concerned specifically about the way GCHQ's standard handles encryption keys. MIKEY-SAKKE, the security protocol behind the Secure Chorus encryption standard, relies on a set of master keys generated at the service provider level. These are used to protect each call session, but Murdoch says the master private key can also be used to decrypt users' conversations, past and present. "The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers. Also calls which cross different network providers (e.g. between different companies) would be decrypted at a gateway computer, creating another location where calls could be eavesdropped." Such a flaw, Murdoch believes, can be classified as "key escrow." That means a service provider would be able to comply with a British government request for "content," or what was said, during a particular individual or group's conversations. This ability to decrypt is in stark contrast to end-to-end encryption, which puts both public and private keys in the hands of the user. That way, even if a warrant is served, the company is unable to deliver the data in a readable format. A number of apps now offer this protection, including Apple's iMessage. Murdoch says he isn't surprised by the backdoor given GCHQ's responsibility to both monitor and protect the government's communications: "GCHQ designs the encryption technology used by government to prevent unauthorised parties having access to classified information. But GCHQ also wants the ability to examine how this encryption technology is used to investigate suspected leaks whether to companies, the press, or foreign intelligence agencies." The worry now is that the MIKEY-SAKKE protocol will be adopted by companies offering secure voice calls to the public. After all, "government-grade security" sounds like a pretty safe bet. GCHQ, however, is refuting Murdoch's claims. A spokesperson for CESG, GCHQ's Information Security arm (which developed the standard) told Engadget: "We do not recognise the claims made in this paper. The MIKEY-SAKKE protocol enables development of secure, scalable, enterprise grade products."
Germany investigates claims of NSA-backed malware spying
When word got out that both the US' NSA and the UK's GCHQ were likely using purpose-built Regin malware for their spying campaigns, that raised more than a few alarm bells... including in the German government, apparently. The country's prosecutor's office has launched an investigation into a report that Regin infected (and thus monitored) the laptop of a Chancellery division leader. Officials aren't jumping to conclusions yet, but it's easy to guess where their suspicions lie -- the concern is that allies are hacking into the devices of multiple German higher-ups, not just its Chancellor. If the evidence holds up, it could worsen political relationships that have already turned a bit sour. [Image credit: Frank Rumpenhorst/AFP/Getty Images]
UK spy agency snooped on everything users did online -- even porn
We've been well aware that the British spy agency GCHQ was just as guilty as the NSA when it came to overbearing online surveillance, but new documents from former analyst Edward Snowden paint an even more insane picture. The agency's "Karma Police" program (note the irony there) spied on practically everything web users did online, including social media posts and porn habits, The Intercept reports. Just like the NSA, the GCHQ was authorized to sift through metadata (details about specific communications, like the sender and recipient, which doesn't include the message's contents) with little to no oversight. At one point in 2009, the agency used Karma Police to track online radio listening habits for 200,000 people globally, spanning 7 million metadata records, for signs of spreading radical Islamic ideas. It was then able to use those records to connect listeners of a popular Iraqi radio station to their Facebook and Yahoo profiles, as well as specific porn sites they visited.
Recommended Reading: Should we be concerned robots will take our jobs?
Recommended Reading highlights the best long-form writing on technology and more in print and on the web. Some weeks, you'll also find short reviews of books that we think are worth your time. We hope you enjoy the read. Robots Will Steal Our Jobs, But They'll Give Us New Ones by Cade Metz Wired With all the advances in automation and robotic technology, should we be worried that robots will replace us? Well, while they might take some of our jobs, they'll also give us new ones. This piece from Wired offers a look at the future as we learn to live with AI, presenting a strong case that it may not be as dire as the critics predict.
The UK admits to spying on Amnesty International
In June, the Investigatory Powers Tribunal (IPT) ruled that the UK government had illegally spied on two international civil rights groups: the Egyptian Initiative for Personal Rights (EIPR) and the Legal Resources Centre in South Africa. But there was a mix up -- the IPT has now admitted it was Amnesty International, not EIPR, that was subjected to unlawful surveillance. The human rights group was notified via email and has branded the interceptions as outrageous. "How can we be expected to carry out our crucial work around the world if human rights defenders and victims of abuses can now credibly believe their confidential correspondence with us is likely to end up in the hands of the governments?" Salil Shetty, secretary general for Amnesty International said.
UK spy agency found to be conducting unauthorized surveillance... on itself
We're still learning about all the different surveillance tactics and targets of the UK's GCHQ spy agency, but the latest organization found to have been snooped on unnecessarily may surprise you. When it's not spying on civil rights groups, looking for flaws in security software or amassing data on us, the GCHQ is apparently gathering too much intelligence... on itself. The anecdote comes from the annual report of the Intelligence Services Commissioner, who's job it is to make sure all British intelligence agencies are collecting information in a lawful and justified manner. The report doesn't come to any dramatic conclusions -- the commissioner is satisfied they're all behaving appropriately -- but it does note an "administrative error" that resulted in the GCHQ "capturing more information [on its employees] than it was authorised to."
UK spy agency broke rules when it snooped on civil rights groups
The spies at the UK's Government Communications Headquarters may swear that they're obeying the law, but that doesn't mean that everything they're doing is completely above-board. The Investigatory Powers Tribunal has determined that GCHQ broke data retention rules when it spied on civil rights groups in Egypt and South Africa. The agency legally intercepted the communications of these two targets, according to the ruling, but it either kept that data longer than it should have (in the Egyptian circumstance) or didn't follow policies for studying that data (in South Africa).
