from the still-working-on-making-a-Palantir dept.
GCHQ are a bunch of over-achievers, save for one achievement: reporting the security flaws they discover in order to get them fixed. Instead, their hacking capabilities have substantially increased:
The UK has substantially increased its hacking capabilities in recent years, an official report says. This includes the ability to attack other country's communications, weapons systems and even infrastructure. The details were revealed in the annual report of the Intelligence and Security Committee, which oversees the work of intelligence agencies. It said GCHQ had "over-achieved", creating double the number of new offensive cyber-capabilities expected.
The report said GCHQ's allocation of effort to develop hacks had increased "very substantially" from 2014. The programme of developing the capabilities is divided into three tranches and GCHQ said that it had just finished the first. "We... actually over-achieved and delivered [almost double the number of] capabilities [we were aiming for," an official from the agency told the committee. The details of the successes are classified in the public version of the report.
GCHQ is also upgrading its supercomputers, an effort referred to as Project Golf:
Project GOLF (£***m over ten years) is a project to enhance the supercomputing capacity that supports much of GCHQ's work. GCHQ has told us that this project is particularly critical, as it predicts that "projected mission needs will exceed existing data centre capacity limits in ***". GCHQ noted that its relationship with the US brought significant benefits ***. GCHQ has reported that this project *** is on track to be fully operational in early 2018.
Here are the annual reports (2016-2017 PDF).
Related: How GCHQ Manipulates Online Opinion
UKs Cyber Emergency Response Unit to Launch
Court Rules UK-US Surveillance Data Sharing was Illegal
GCHQ Tried to Track Web Visits of "Every Visible User on Internet"
GCHQ Tells CEOs They Won't Rat Out Data Breaches
Related Stories
nobbis writes "In an article entitled 'How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations' Glenn Greenwald publishes training material from the Snowden archive that illustrates how GCHQ uses "cyber-offensive techniques against people who have nothing to do with terrorism or national security threats", for example against "Hacktivism".
These techniques include disseminating deception on-line and harming the reputations of their targets with a honey trap , a blog from a purported victim of the target, or 'changing their photos on social media sites'. Similarly companies are discredited by leaking of confidential information, or posting negative information on appropriate forums. The covert agents' play book includes infiltration, false flag, disruption and sting operations.
When questioned GCHQ replied "It is a longstanding policy that we do not comment on intelligence matters""
lhsi writes:
In a move to combat cyber-attacks, the UK has a new Team on the way:
The UK Computer Emergency Response Team (CERT-UK) will be unveiled on the 31st March, and will work on developing the UK's cyber resilience to state-sponsored and criminal attacks on critical systems, including those controlling the national energy supply and within government departments, according to the Cabinet Office.
Neil Cassidy, former cyberdefence lead at government supplier Qinetiq, was made deputy director of operations. Andrew Whittaker, a former Foreign Office crisis management expert, was given the overall deputy director role.
The government has been co-ordinating with law enforcement bodies and the various industry-specific CERTs, including those based out of GCHQ and the Centre for the Protection of National Infrastructure, over the last year on creating an effective response unit.
One of the key participants was the new National Cyber Crime Unit (NCCU), launched in October 2013, as part of the National Crime Agency. Kevin Williams, head of partnership engagement at the NCCU, said there had been 'really good engagement' thus far with CERT-UK, which will be based at an as-yet undisclosed London location.
Common Dreams reports:
In the latest vindication of NSA whistleblower Edward Snowden, a UK [court] ruled on [February 6] that the British government violated human rights law by failing [until December 2014] to safeguard some aspects of its intelligence-sharing operations.
The Investigatory Powers Tribunal found that the Government Communications Headquarters (GCHQ) accessed information obtained by the National Security Agency (NSA) without sufficient oversight, violating Articles 8 and 10 of the European convention on human rights. According to Reuters , "The tribunal's concern, addressed in the new ruling, was that until details of how GCHQ and the NSA shared data were made public in the course of the court proceedings, the legal safeguards provided by British law were being side-stepped."
The Guardian adds, "The ruling appears to suggest that aspects of the operations were illegal for at least seven years--between 2007, when the Prism intercept [program] was introduced, and 2014."
Article 8 guarantees the right to privacy; Article 10 protects free expression.
[...]IPT's decision marks the first time [in its entire 15-year existence] that the highly-secretive court has been known to ever rule against any of the UK's intelligence services.
If you used the World Wide Web anytime after 2007, the United Kingdom's Government Communications Headquarters (GCHQ) has probably spied on you. That's the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called "Karma Police"—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the "world's biggest" Internet data-mining operation, intended to eventually track "every visible user on the Internet."
Karma Police—apparently named after the Radiohead song—started as a program to track individuals listening to Internet streaming audio "radio stations" as part of a research project into how radicals might "misuse" Internet radio to spread their messages. Listeners to streams that included Islamic religious content were targeted for more data collection in an effort to identify their Skype and social media accounts. The program gradually grew with its success. According to GCHQ documents, by 2009 the program had stored over 1.1 trillion "events"—Web browsing sessions—in its "Black Hole" database. By 2010, the system was gathering 30 billion records per day of Internet traffic metadata. According to another GCHQ document, that volume grew to 50 billion per day by 2012.
I'm sure none of are really surprised by this, but I'm curious... How many of you (if any) are tunneling all their traffic through VPN providers to get around this monitoring?
The new National Cyber Security Centre [NCSC] is pitching itself to CEOs as a friendly government organisation which won't get the regulators involved after data breaches.
Those gathered this morning on the 18th floor of 125 London Wall heard one of the NCSC's deputy directors address CEOs on how they should lead their businesses' recovery from cyber attacks—and it was primarily by contacting NCSC, a part of GCHQ. [Government Communications Headquarters]
Peter Yapp, the deputy director for the incident management directorate, explained how his role worked: "If something [regarding a cyber incident and your company] breaks in the press, I'll get a call from someone in government," he said, and he would be expected to explain what the incident meant.
"If you haven't phoned me and told me about it, I will phone you," stated Yapp.
"It is worth telling me about the most serious incidents," he told his audience, acknowledging that these were difficult to define, before comforting them: "We do not tell the ICO [Information Commissioner's Office] what you tell us."
If the government doesn't know, and the public doesn't know, there's no problem.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @01:27AM (1 child)
Who would have thought that?, I cannot believe people did not recognize the threat of poor political activists sooner, obviously MI6 (WTF is GCHQ?) needs more money
(Score: 0) by Anonymous Coward on Friday December 22 2017, @06:05AM
Pounds, not dollars, and there's literally a link to what GCHQ is at the start of the summary for oblivious Americans.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @01:37AM
Finally. Someone to neutralize 'murkin white terrorists.
(Score: 2) by Arik on Friday December 22 2017, @02:13AM (2 children)
If laughter is the best medicine, who are the best doctors?
(Score: 2) by takyon on Friday December 22 2017, @02:54AM (1 child)
What would you call it? Vulnerability hoarding?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Arik on Friday December 22 2017, @04:32AM
Thank you.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday December 22 2017, @05:08AM
That also has to do with it, but I think you have better things to do with your mouths than talk