MI5 Relies on Hacking

Uploaded on 2015-11-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

MI5, the UK's domestic spy agency, says it has “relied” on hacking techniques in “the overwhelming majority of high priority investigations" over the past year, according to a government document.

The document is a “factsheet” describing the UK’s hacking powers, released as part of the Draft Investigatory Powers Bill, the nation’s newly proposed surveillance legislation. It says that “Equipment Interference,” (EI) the UK government's term for computer hacking, is “the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”
“[EI] has been instrumental in disrupting credible threats to life, including against UK citizens,” the section on MI5 continues. However, those claims could not be verified by Motherboard. MI5 could not be reached for comment, but a spokesman for the National Crime Agency, which has also been revealed to have EI capabilities, previously told Motherboard that “there is a range of capabilities and techniques available to the NCA."
EI can either be carried out by physically tampering with a person's gadgets, or remotely, the document continues. Approaches vary in complexity, with EI encompassing everything from using login credentials of a target to gain access to a computer, or “remotely installing a piece of software on the device.”
The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect"

The document claims that “the use of this capability by the security and intelligence agencies was avowed in February 2015 through a draft Equipment Interference Code of Practice.”
There is already voluminous evidence that the UK's signal intelligence agency, Government Communications Headquarters (GCHQ), breaks into the computer systems of targets. Motherboard previously reported that the National Crime Agency—essentially the UK's FBI—also has hacking capabilities.
The rest of the document, entitled “Factsheet—Targeted Equipment Interference,” attempts to justify the use of hacking techniques in investigations.
“Equipment Interference is used to secure valuable intelligence to enable the Government to protect the UK from individuals engaged in terrorist attack planning, kidnapping, espionage or serious organised criminality.” The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

Interestingly, the document says that the draft Investigatory Powers Bill, a proposed piece of UK surveillance legislation, “will create a new power to require the assistance of CSPs where necessary, to give effect to equipment interference warrants.” A CSP, or communications service provider, is a company that handles electronic information, such as a telecomm. It is unclear how CSPs are expected to collaborate with the authorities in this context.
In total, the document is vague regarding what EI actually constitutes. As for what information obtained from hacking can be used for, “material derived from equipment interference may be used in evidence,” the document reads.
Motherboard: http://bit.ly/1SIdhav

« The Dark Side of the Fourth Industrial Revolution – and How To Avoid It
EU votes Snowden Human Rights Asylum »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

MassMutual Ventures

MassMutual Ventures

Mass Mutual ventures backs companies building category-defining businesses in markets including enterprise software, digital health, cybersecurity, and fintech.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Europol - European Cybercrime Centre (EC3)

Europol - European Cybercrime Centre (EC3)

The European Cybercrime Centre (EC3) was set up by Europol to strengthen the law enforcement response to cybercrime in the EU.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.