Tag: GCHQ

GCHQ publishes advice on supply chain attacks

GCHQ buildingThe National Cyber Security Centre (NCSC), which is part of GCHQ,  published new guidance to help organisations effectively assess and gain confidence in the cyber security of their supply chains.

It follows a significant increase in cyber-attacks resulting from vulnerabilities within supply chains in recent years, including some high-profile incidents such as the SolarWinds attack.

The guidance, which can be found here, is designed to help medium and larger organisations effectively assess the cyber risks of working with suppliers and gain assurance that mitigations are in place.

Supply chain attacks can cause far-reaching and costly disruption, yet the latest government data shows just over one in ten businesses review the risks posed by their immediate suppliers (13 percent), and the proportion for the wider supply chain is just seven per cent.

UK spooks can spy on anyone anywhere

GCHQ buildingThere has been a gasp of horror after it was announced that US spooks wanted the power to spy on anyone, anywhere – but it turns out that their British counterparts have been doing that already.

The UK, granted similar powers to its own intelligence services and is now revealing it.

According to Privacy International , the British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justifed to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.

The admission was was made in what the UK government calls its “Open Response” to court cases started last year against GCHQ.

Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of “intelligence targets”, GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security.

The intelligence services are allowed to exploit communications networks in covert manoeuvres that severely undermine the security of the entire internet. This was how GCHQ hacked into Belgacom using the malware Regin, and targeted Gemalto, the world’s largest maker of SIM cards used in countries around the world.

Many people had assumed that this was the case. But court cases against the UK’s GCHQ are ferreting out numerous details that were previously secret. This shows the value of the strategy, and suggests it should be used again where possible.

 

GCHQ builds a very British supercomputer

logoBritish spooks have built themselves a new supercomputer made by connecting Blackberry Pis all made in Britain.

GCHQ, the UK equivalent of the NSA, has created a 66 Raspberry Pi cluster called the Bramble for “educational” purposes. It is not clear what those education purposes are, but you are unlikely to need a supercomputer to make a dry martini, or do your seven times table.

The spooks had an internal competition to invent something and three, unnamed, GCHQ technologists decided that other Pi clusters were too ad-hoc. They set created a cluster that could be reproduced as a standard architecture to create a commodity cluster.

The basic unit of the cluster is a set of eight networked Pis, called an “OctaPi” – one thing you have to admit is that the Raspberry Pi. The size of the OctaPi was dictated by the need to make the unit reasonable from the point of view of size, power consumption, cooling and so on. The Pis are driven by power over ethernet (PoE) to reduce the wiring and each one has an LED display.

Each OctaPi can be used standalone or hooked up to make a bigger cluster. In the case of the Bramble a total of eight OctaPis makes the cluster 64 processors strong.

There are two head control nodes, which couple the cluster to the outside world. Each head node has one Pi, a wired and WiFi connection, realtime clock, a touch screen and a camera.

All of the Pis are model Bs, but changing to a B2 would make the cluster a lot more powerful and cost about the same.

Rather than just adopt a standard cluster application like Hadoop, OctaPi’s creators decided to develop their own. The software to manage the cluster is now based on Node.js, Bootstrap and Angular.

The Bramble was shown off at the recent Big Bang Fair held in Birmingham, UK, which was aimed at getting children interested in science and engineering.

According to the press release: “The initial aim for the cluster was as a teaching tool for GCHQ’s software engineering community… The ultimate aim is to use the OctaPi concept in schools to help teach efficient and effective programming. Watch this space for more details!”

British and US spooks stole SIM card keys

james_bond_movie_poster_006Spies from the US and the UK hacked into the internal computer network of the largest manufacturer of SIM cards in the world and stole encryption keys used to protect the privacy of mobile phones.

According to the latest release from the Edward Snowden cache, the hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.

It all happened in 2010 when GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s mobiles, including both voice and data.

Gemalto, a multinational firm incorporated in the Netherlands, makes chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

It makes two billion SIM cards a year and with the stolen encryption keys, intelligence agencies could monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

British spies mined the private communications of unwitting engineers and other company employees in multiple countries.

Apparently, Gemalto did not notice and still cannot work out how it was done.

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ access.

GCHQ rapped over US links

GCHQ buildingThe agency that is watching you watching me has been criticised for hiding how it shared data with the USA.
The Investigatory Powers Tribunal (IPT) said that before it changed its rules last December, GCHQ breached human rights law, as embodied in the European Convention of Human Rights.
Last December, GCHQ said that it usually needed a warrant to share information with the US security services.
But before it made this disclosure, the IPT said that the soliciting, storing and transmission by UK authorities of private communications of people here and obtained by the US authorities contravened either articles eight or 10 of the European Convention.
Article 8 relates to privacy while article 10 refers to the right of freedom of expression.
The Home Office said in a statement that the UK government is committed to transparency.

 

New Snowden documents released

Edward_SnowdenJacob Appelbaum and Laura Poitras have just published another massive collection of classified records obtained by Edward Snowden.

Many of them, published on Der Spiegel , show that the National Security Agency and its allies are methodically preparing for future wars carried out over the internet.

Der Spiegel reports that the intelligence agencies are working towards the ability to infiltrate and disable computer networks — potentially giving them the ability to disrupt critical utilities and other infrastructure.

The NSA and GCHQ think they’re so far ahead of everyone else, they’re making jokes about it.
One of the major themes from the new documents involves the ability of Five Eyes intelligence agencies to exploit the methods of its adversaries — efforts to “steal their tools, tradecraft, targets, and take.” The NSA calls this impressive capability “fourth party collection” which sounds like a 1970’s prog rock band.

NSA and GCHQ have cracked jokes about it in top-secret slide decks. In an NSA presentation titled “fourth party opportunities,” the first slide references Daniel Day-Lewis’ “I drink your milkshake” monologue from the 2007 film There Will Be Blood.  Der Spiegel says that a NSA unit traced an attack on the Department of Defence back to China and covertly listen in on future Chinese spying efforts, including one digital infiltration of the United Nations.

GCHQ can exploit “leaky mobile apps” using a tool called “BADASS.” In it, the spy agency walks through its ability to glean personal information from metadata sent between users’ devices and mobile ad networks and analytics firms.

This is data that’s not supposed to contain personally identifiable information. Several slides are titled “Abusing BADASS for Fun and Profit.” One slide boasts: “We know how bad you are at Angry Birds.”

Der Spiegel commented: “It’s absurd: as they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead.”

Internet spying proves useless to GCHQ

dn_dr_no_foto_sean_connery_james_bond_les_ambassadeurs_morland_cigarette_AA_01_01aFor all the internet spying that GCHQ has been doing, it does not appear to be helping it in its primary job of tracking down serious criminals and terrorists.

According to the Daily Telegraph, GCHQ has lost track of some of the most dangerous crime lords and has had to abort surveillance on others.

The spooks are blaming the fact that  Edward Snowden revealed their tactics, although, they pretty much would say that that anyway.

One major drug smuggling gang has been able to continue flooding the UK with Class A narcotics unimpeded for the last year after changing their operations, moaned the spooks.

More intense tracking of others has either been abandoned or not started because of fears the tactics are now too easy to spot and will force the criminals to “go dark” and be lost sight of completely.

They have also been stuffed up because telecoms companies are no longer grassing up customers and are refusing to hand over evidence on the likes of drug smugglers or fraudsters because they do not pose a “direct threat to life”.

“We have specific evidence of where key targets have changed their communication behaviour as a direct result of what they have read.

Apparently gangs have moved to more secure forms of communication or moved entirely on to the dark web where it is far harder to track them. However GCHQ seems to want people to believe that serious criminals were not using the dark web before Snowden and that James Bond can only get into Internet places which can be searched by Google.

All that major drug smuggling network did to make it become invisible is to change a few lines of code in its web-pages which stopped its actions being seen by search engines.

Intelligence officers are now electing not to order deeper surveillance on targets, in the hope of gaining sufficient evidence to prosecute them, because they fear it could alert them to the fact they are being watched.

Of course GCHQ’s answer to the problem is to bring in even more internet spying because that worked so well before.

GCHQ head hits out at IT companies

GCHQ buildingThe newly appointed head of spy outfit GCHQ has said computer companies like Facebook and Twitter are not doing enough to help security services catch criminals and terrorists.

Robert Hannigan went a little further than that and accused technology outfits of being “command and control networks for terrorists and criminals”.

The Islamic State, for example, used the web as a channel to promote itself, frighten people and radicalise new recruits.

Hannigan said: “But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.”

He also criticised the security of communications saying that encryption methods which were once the domain of nation states are now commonplace.  For example, Apple and Google include encryption in their mobile operating systems as a way of protecting people’s security and privacy.

He wants the tech companies to provide more support.

British spooks can spy without a warrant

james_bond_movie_poster_006British spooks have been using the systems set up by the US National Security Agency to spy on everyone without a warrant.

The agreement between the NSA and GCHQ means that the internet and phone data of Americans is in the hands of the Brits without legal oversight.

The data, once obtained, can be kept for up to two years. GCHQ was forced to reveal that it can request and receive vast quantities of raw, unanalysed data collected from foreign governments it partners with during legal proceedings in a closed court hearing in a case brought by various international human-rights organisations, including Privacy International, Liberty UK, and Amnesty International.

It is well known that the NSA and GCHQ share intelligence data with one another, as part of a long-standing surveillance partnership, but this is the first time the British government has disclosed that it does not require a warrant to access data collected and maintained by its American chums. This flies in the face of statements made by an oversight committee of the British Parliament in July of last year.

At the time, Parliament was told that “in each case where GCHQ sought information from the US, a warrant for interception, signed by a minister, was already in place.”  Clearly GCHQ forgot to mention mass data which it mines for data.

Anonymous takes the Nintendo

urinalsNever mind pouring buckets of ice on your head, a group of Anonymous protestors have been literally taking the wee when it comes to complaining about British spying.

A video has been posted online that appears to show activists from the We Are Anonymous group drinking their own urine in protest at GCHQ.

The police refused to accept a potty full of urine on behalf of GCHQ so activists ceremoniously drank it.

People taking part in the four-day-long peaceful protest were warned by the long arm of the law that they were not allowed to take snaps of GCHQ spies as they popped inside for a meeting with Moneypenny and M.

Activists who are angry at reports that GCHQ and its American sister agency NSA have developed large programmes of mass surveillance of phone and internet traffic, organised the protest over the weekend.

Gloucestershire Police told protesters that there was a small matter of legality standing in the way of them snapping pictures of staff based at Cheltenham.

Other than the potty protest, the rest of the weekend was a bit of a damp squib. The protest got off to a slow start yesterday with confusion over when the protests would take place and only a handful of people turned up.

 

GCHQ uses internet as a toy

chamberThe British spy agency GCHQ has developed tools to seed the internet with false information.

According to security writer Glenn Greenwald  the British spooks have the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplify” sanctioned messages on YouTube, and censor video content judged to be “extremist.”

GCHQ’s capabilities were found amongst documents provided by NSA whistleblower Edward Snowden.  The British even use a trick to connect two unsuspecting phone users together in a call.

The software tools were built by backroom boffins working for GCHQ’s Joint Threat Research Intelligence Group (JTRIG). It appears to be a clear indication that the British are using  propaganda and internet deception. We have seen already the use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

However the GCHQ document called “JTRIG Tools and Techniques” https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/ shows just what sort of skulduggery the British are up to online.

According to Greenwald, the document us designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and “serves as a sort of hacker’s buffet for wreaking online havoc”.

ISPs sue the spooks over network spying

snowdenISPs from the US, UK, Netherlands and South Korea with campaigners Privacy International are to sue UK spooks GCHQ for attacking their networks.

According to the BBC, it is the first time that GCHQ has faced such action and is based on allegations about government snooping made by whistleblower Edward Snowden.

What appears to have got the ISP’s goat is attacks which were outlined in a series of articles in Der Spiegel.  They claim that the Intercept, were illegal and “undermine the goodwill the organisations rely on”.

They say that Belgian telecommunications company Belgacom was targeted by GCHQ and infected with malware to gain access to network infrastructure

GCHQ and the US National Security Agency, where Snowden worked, had a range of network exploitation and intrusion capabilities, including technique that injected data into existing data streams to create connections that will enable the targeted infection of users,

The ISPs claim that the intelligence agencies used an automated system, codenamed Turbine, that allowed them to scale up network implants

German internet exchange points were targeted, allowing agencies to spy on all internet traffic coming through those nodes.

Eric King, deputy director of Privacy International, said that the widespread attacks on providers and collectives undermine the trust everyone put on the internet and greatly endangers the world’s most powerful tool for democracy and free expression.

The ISPs involved in the action are UK-based GreenNet, Riseup (US), Greenhost (Netherlands), Mango (Zimbabwe), Jinbonet (South Korea), May First/People Link (US)and the Chaos Computer Club (Germany).

GCHQ insists that all its work was conducted in accordance with a strict legal and policy framework which ensures that its activities were “authorised, necessary and proportionate.”