A Simple Guide to GCHQ's Hacking Powers

Uploaded on 2015-03-30 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW


We now know a lot more about GCHQ's hacking operations and the details haven't come from Edward Snowden. New documents released by the government and privacy advocates have given us the first official glimpse of how GCHQ operates, with its hacking and encryption weakening operations confirmed for the first time.

The details come from three new documents:

1. The Intelligence and Security Committee's (ISC) Report into the UK's security services.

2. The government's open response to the ISC report.

3. Documents from secret court proceedings released by Privacy International.

But what does all this new information mean? Below we answer the key questions beginning with what hacking powers does GCHQ have?

The spy agency has the power to hack into phones, computers and communications networks and is legally justified to hack anyone, according to privacy experts. GCHQ can also hack anyone, anywhere in the world, even if they are not suspected of any crime. Court documents released by Privacy International show GCHQ can carry out hacking on "individuals who are not intelligence targets in their own right". The privacy charity, which has launched legal action against the UK government and GCHQ, claims this allows GCHQ to hack people who are not targets.

The ISC report also shows for the first time that GCHQ uses security vulnerabilities, including zero-days, which use previously unknown weaknesses to attack software, for its operations. And what does GCHQ have to say about this? The spy agency says Privacy International's claims that its operations are unregulated are "simply untrue". 

A spokesperson for the spy agency said its operations were subject to "rigorous oversight", adding that its "operational processes rigorously support this position". GCHQ was unable to respond to individual issues raised due to its policy of not commenting on intelligence matters.
The agency's Edgehill decryption program, revealed in documents released by Edward Snowden, revealed ambitions to crack encryption used by 15 major Internet companies and 300 virtual private networks (VPNs) by 2015. Cryptography experts have warned that such operations risked weakening online security for everyone.
 
Wired:

« Anonymous vs ISIS: the ongoing skirmishes of #OpISIS
Threat Lessons from Sony and Anthem »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.