MI5 Relies on Hacking

Uploaded on 2015-11-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

MI5, the UK's domestic spy agency, says it has “relied” on hacking techniques in “the overwhelming majority of high priority investigations" over the past year, according to a government document.

The document is a “factsheet” describing the UK’s hacking powers, released as part of the Draft Investigatory Powers Bill, the nation’s newly proposed surveillance legislation. It says that “Equipment Interference,” (EI) the UK government's term for computer hacking, is “the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”
“[EI] has been instrumental in disrupting credible threats to life, including against UK citizens,” the section on MI5 continues. However, those claims could not be verified by Motherboard. MI5 could not be reached for comment, but a spokesman for the National Crime Agency, which has also been revealed to have EI capabilities, previously told Motherboard that “there is a range of capabilities and techniques available to the NCA."
EI can either be carried out by physically tampering with a person's gadgets, or remotely, the document continues. Approaches vary in complexity, with EI encompassing everything from using login credentials of a target to gain access to a computer, or “remotely installing a piece of software on the device.”
The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect"

The document claims that “the use of this capability by the security and intelligence agencies was avowed in February 2015 through a draft Equipment Interference Code of Practice.”
There is already voluminous evidence that the UK's signal intelligence agency, Government Communications Headquarters (GCHQ), breaks into the computer systems of targets. Motherboard previously reported that the National Crime Agency—essentially the UK's FBI—also has hacking capabilities.
The rest of the document, entitled “Factsheet—Targeted Equipment Interference,” attempts to justify the use of hacking techniques in investigations.
“Equipment Interference is used to secure valuable intelligence to enable the Government to protect the UK from individuals engaged in terrorist attack planning, kidnapping, espionage or serious organised criminality.” The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

Interestingly, the document says that the draft Investigatory Powers Bill, a proposed piece of UK surveillance legislation, “will create a new power to require the assistance of CSPs where necessary, to give effect to equipment interference warrants.” A CSP, or communications service provider, is a company that handles electronic information, such as a telecomm. It is unclear how CSPs are expected to collaborate with the authorities in this context.
In total, the document is vague regarding what EI actually constitutes. As for what information obtained from hacking can be used for, “material derived from equipment interference may be used in evidence,” the document reads.
Motherboard: http://bit.ly/1SIdhav

« The Dark Side of the Fourth Industrial Revolution – and How To Avoid It
EU votes Snowden Human Rights Asylum »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Global Secure Solutions (GSS)

Global Secure Solutions (GSS)

Global Secure Solutions is an IT security and risk consulting firm and authorised ISO training partner for the PECB.

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

C5 Capital

C5 Capital

C5 Capital is a specialist investment firm that exclusively invests in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space.

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange is a new initiative dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.