UK spies claim broad powers to hack worldwide

By on
UK spies claim broad powers to hack worldwide

Admit to using vulnerabilities for intelligence gathering.

The British government has defended the surveillance activites of its spy agencies, claiming they have broad powers to spy on any person's communications and computers around the world in secret, even when the targets are not under suspicion.

The statement follows a complaint filed against the Government Communications Headquarters (GHCQ), the British signals intelligence agency, last June by a coalition of internet providers in Europe and Korea along with human rights lobby group Privacy International. 

The complaint is currently being investigated by the UK's Investigatory Powers Tribunal (IPT), and the British government has now taken the unusual step of releasing an open response [pdf], defending GCHQ and the agency's actions.

While GCHQ won't acknowledge any one operation in particular as per its "neither confirm nor deny" policy, the agency said it may conduct computer network exploitation (CNE) attacks to obtain intelligence when it believes national interest is at stake.

The open response from GCHQ's lawyers states the agency could embark upon operations similar to those conducted by criminals and hackers:

"CNE operations vary in complexity. At the lower end of the scale, an individual may use someone’s login credentials to gain access to information," the response reads.

"More complex operations may involve exploiting vulnerabilities in software in order to gain control of devices or networks to remotely extract information, monitor the user of the device or take control of the device or network.

"These types of operations can be carried out illegally by hackers or criminals. In limited and carefully controlled circumstances, and for legitimate purposes, these types of operations may also be carried out lawfully by certain public authorities."

The circumstances under which CNE operations are considered helpful to obtain intelligence on individuals deemed as criminals or harmful to national security are broad.

Wanted communications that are not in the course of their transmission and therefore cannot be intercepted can lead to CNE attacks being used by GCHQ, ditto if there is no communications service provider to serve an interception warrant upon.

Furthermore, CNE operations may be used if "a more comprehensive set of the target's communications or data of intelligence interest is required than can be obtained through other means," the open response stated.

Despite former United States National Security Agency contractor Edward Snowden's document leaks to the contrary, lawyers acting for GCHQ vehemently deny that the agency is involved in indiscriminate mass surveillance, and called the allegations "extreme" and "disproportionate."

The open response also states that one of GCHQ's functions by law is "to monitor or interfere with electromagnetic, acoustic and other emissions" in order to glean information.

GCHQ also operates within a legal framework that gives it powers to target unknown people, irrespective of their intelligence interest in Britain.

Domestic spying is subject to warrants, but the warrants do not need to identify targets of surveillance or CNE operations. Nor is it necessary to specify if the target is suspected of, or has committed an offense, the open response claimed.

Information gleaned through hacking could also be disclosed outside GCHQ to unspecified organisations.

Although GCHQ insisted that its operations and activities must remain secret in order to be effective, it took the unusual step of disclosing the draft equipment interference code of practice (EI Code).

The draft EI Code, which had until now been kept secret, sets out practices, procedures and safeguards around intelligence agencies electronic information gathering. 

It was published in February this year by the UK Home Office and is now subject to public consultation.

Copyright © . All rights reserved.

Most Read Articles

Log In

|  Forgot your password?