MI5 Relies on Hacking

MI5, the UK's domestic spy agency, says it has “relied” on hacking techniques in “the overwhelming majority of high priority investigations" over the past year, according to a government document.

The document is a “factsheet” describing the UK’s hacking powers, released as part of the Draft Investigatory Powers Bill, the nation’s newly proposed surveillance legislation. It says that “Equipment Interference,” (EI) the UK government's term for computer hacking, is “the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”
“[EI] has been instrumental in disrupting credible threats to life, including against UK citizens,” the section on MI5 continues. However, those claims could not be verified by Motherboard. MI5 could not be reached for comment, but a spokesman for the National Crime Agency, which has also been revealed to have EI capabilities, previously told Motherboard that “there is a range of capabilities and techniques available to the NCA."
EI can either be carried out by physically tampering with a person's gadgets, or remotely, the document continues. Approaches vary in complexity, with EI encompassing everything from using login credentials of a target to gain access to a computer, or “remotely installing a piece of software on the device.”
The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect"

The document claims that “the use of this capability by the security and intelligence agencies was avowed in February 2015 through a draft Equipment Interference Code of Practice.”
There is already voluminous evidence that the UK's signal intelligence agency, Government Communications Headquarters (GCHQ), breaks into the computer systems of targets. Motherboard previously reported that the National Crime Agency—essentially the UK's FBI—also has hacking capabilities.
The rest of the document, entitled “Factsheet—Targeted Equipment Interference,” attempts to justify the use of hacking techniques in investigations.
“Equipment Interference is used to secure valuable intelligence to enable the Government to protect the UK from individuals engaged in terrorist attack planning, kidnapping, espionage or serious organised criminality.” The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

Interestingly, the document says that the draft Investigatory Powers Bill, a proposed piece of UK surveillance legislation, “will create a new power to require the assistance of CSPs where necessary, to give effect to equipment interference warrants.” A CSP, or communications service provider, is a company that handles electronic information, such as a telecomm. It is unclear how CSPs are expected to collaborate with the authorities in this context.
In total, the document is vague regarding what EI actually constitutes. As for what information obtained from hacking can be used for, “material derived from equipment interference may be used in evidence,” the document reads.
Motherboard: http://bit.ly/1SIdhav

« The Dark Side of the Fourth Industrial Revolution – and How To Avoid It
EU votes Snowden Human Rights Asylum »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Etisalat and (e&)

Etisalat and (e&)

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.