British SIGINT agency vows to integrate artificial intelligence into its operations

GCHQBRITAIN’S GOVERNMENT COMMUNICATIONS HEADQUARTERS, one of the world’s most advanced signals intelligence agencies, has published a position paper that vows to embrace artificial intelligence in its operations. For over 100 years, GCHQ, as it is known, has been in charge of spying on global communications on behalf of the British state, while protecting the government’s own communications systems from foreign espionage. In a report published on Thursday, the agency says it intends to use artificial intelligence (AI) to detect and analyze complex threats, and to fend against AI-enabled security challenges posed by Britain’s adversaries.

The report, entitled “Pioneering a New National Security: The Ethics of AI”, includes a foreword by GCHQ Director, Jeremy Fleming. Fleming was a career officer of the Security Service (MI5) until he became head of GCHQ in 2017. In his introductory note he argues that “technology and data” are engrained in the structure of GCHQ, and that AI has “the potential […] to transform [the agency’s] future operations”. The report acknowledges that GCHQ has been using AI for some time for functions including intelligence collection and automated translation. But the ability of AI to distinguish patterns in large sets of data in seconds, which would normally take humans months or years to detect, offers a transformational potential that should not be overlooked, it posits.

Security-related applications of AI are endless, says the report. They include measures against online child exploitation —for instance by detecting the methods used by child sex abusers to conceal their identities across multiple online platforms. Another potentially revolutionary application would be mapping global drug- or human-trafficking networks, by analyzing up-to-the-minute financial transactions and money-laundering activities around the world. Illicit activities that take place in the so-called “dark web” could also be mapped and monitored by AI systems, according to the report.

The report also states that GCHQ will seek ways to promote AI-related research and development in the United Kingdom. Its goal will be to establish bridges with industry by funding start-up ventures in AI, it states. Lastly, GCHQ will seek to formulate an ethical code of practice in AI, which will include best-practice guidelines, and will purposely recruit a diverse personnel of engineers, computer and data scientists. Future reports will tackle emerging technologies such as computational science and synthetic biology, among many others, the GCHQ report concludes.

Author: Joseph Fitsanakis | Date: 26 February 2021 | Permalink

British SIGINT agency criticized for ‘vanity project’ that went 83% over budget

GCHQBRITAIN’S SIGNALS INTELLIGENCE AGENCY has been severely criticized in a report for undertaking a pointless “vanity project” that exceeded its allocated funds by 83 percent and needlessly cut into its operational budget. The agency, known as the Government Communications Headquarters (GCHQ) is responsible for collecting signals intelligence (SIGINT) and protecting the information systems of the British government and Armed Forces.

In 2015, the country’s Conservative government announced the establishment of the National Cyber Security Centre (NCSC), under the GCHQ, whose mission would be to protect Britain from cyber-espionage, cyber-terrorism and cyber-sabotage, among other cyber-security goals. Soon after the announcement was made, the then-Chancellor of the Exchequer, George Osborne, appointed a planning committee whose chief priority was to decide where to house the NCSC. The decision was made to house it in London, rather than the GCHQ’s Cheltenham base in southwestern England, so as to place it in close proximity to government and business centers.

But the planning committee rejected an initial plan to house the NCSC in Canary Wharf, one of London’s primary business districts, located on the Isle of Dogs. The reasons were that Canary Wharf is not close to the Palace of Westminster —Britain’s seat of government— and that Canary Wharf would be “very unpopular” with NCSC personnel. Instead, the committee chose Nova South, a luxury building situated near London’s Victoria station, which is one of the world’s most expensive urban areas. The government’s National Security Adviser, Mark Lyall Grant, rejected the Nova South option, arguing it would be too costly without adding any real benefits to the NCSC’s operations. But in May of 2016 Osborne overruled Grant’s decision and unilaterally decided to house the NCSC at Nova South.

Now a report (.pdf) from the British Parliament’s Intelligence and Security Committee has described Osborne’s role in the decision-making process as “highly unsatisfactory”, and his choice to house the NCSC at Nova South as “unacceptable”. According to the report, Osborne viewed the NCSC’s location as “a pet project” that prioritized image over cost and operational effectiveness. The result was that the NCSC housing project “considerably over-shot the funds originally allocated”, by over 80 percent. What is worse, according to the report, the money shortfall has been affecting the GCHQ’s operational budget by nearly £3 million ($4 million) a year since 2016.

Author: Joseph Fitsanakis | Date: 20 November 2020 | Permalink

UK spy agency to launch offensive cyber operation against anti-vaccine propaganda

GCHQ

BRITAIN’S SIGNALS INTELLIGENCE AGENCY is preparing to launch a major offensive cyber operation against state-sponsored propaganda aimed at undermining research on the COVID-19 vaccine. According to the London-based Times newspaper, which published the information about the purported cyber operation, it will be aimed mostly against disinformation campaigns coming out of Russia.

The alleged disinformation campaigns appear to be targeting research taking place at Oxford University, which seeks to create an effective vaccine against the novel coronavirus. A main theme in these campaigns promotes the claim that the vaccine will turn those who take it in to chimpanzees. Dozens of memes around this theme are said to have flooded Russian social media websites, with English-language translations making the rounds on Facebook, Twitter and Instagram.

The Times reports that the British government considers shutting down the alleged Russian disinformation campaign a strategic priority, which grows in significance the closer British scientists get to their goal of creating a successful vaccine against the pandemic. London has therefore ordered the British Army’s 77th Brigade, which specializes in information operations, to launch an online campaign that will counter deceptive narratives about a potential vaccine against the coronavirus.

Whitehall has also mobilized the Government Communications Headquarters (GCHQ), Britain’s signals intelligence agency, which focuses on cyber-security, to launch offensive operations against the sources of the disinformation, says The Times. The paper cites a government source as saying that the spy agency will be using tools originally developed to monitor and incapacitate websites and other online platforms used by the Islamic State for recruitment.

According to the paper, the operational mandate of the 77th Brigade and GCHQ prevents them from tackling disinformation and misinformation originating from ordinary social media users, rather than state agencies. Additionally, the offensive cyber campaign cannot target websites that are based in Britain’s so-called Five Eyes allies, namely Australia, New Zealand, Canada and the United States. Instead, British spies are required to notify their Five Eyes counterparts, so they can take action instead.

Author: Joseph Fitsanakis | Date: 09 November 2020 | Permalink

COVID-19 is changing the map of cyber-crime activity, says British spy agency

GCHQ - IA

THE CYBER-SECURITY BRANCH of Britain’s signals intelligence agency has said in a new report that the coronavirus pandemic is changing the map of cyber-crime by illicit actors, including state-sponsored hackers. The unclassified report was released on Tuesday by the National Cyber Security Centre (NCSC), which is the cyber-security branch of the Government Communications Headquarters (GCHQ). Founded over a century ago, the GCHQ is responsible for, among other things, securing the communications systems of the British government and the country’s armed forces.

In its latest Annual Review, the NCSC warns that “criminals and hostile states” are exploiting the COVID-19 pandemic in order to challenge the national security of Britain and its allies. In an introductory note included in the report, NCSC director Jeremy Fleming says that the balance of cyber-threats has changed in 2020 as a result of the pandemic. According to the report, British cyber-security agencies saw a 10% rise in serious cyber-threat incidents in 2020. More than a third of these incidents were related to COVID-19, and many targeted Britain’s healthcare sector.

The report suggests that attacks against the British National Healthcare Service and vaccine research facilities constitute a rapidly emerging cyber-espionage risk. The majority of these attacks were carried out by state-sponsored actors, including Advanced Persistent Threat (APT) 29, which is also known as “Cozy Bear” and “The Dukes”. According to Western intelligence services, APT29 is a Russian state-sponsored cyber-espionage outfit, which has been known to target facilities involved in the development of coronavirus-related vaccines.

Other cyber-threat actors have no connections to foreign governments, but are instead motivated by profit. The NCSC said it had managed to disrupt over 15,000 campaigns by cyber-criminals to use coronavirus as a bait in order to trick unsuspecting Internet users into downloading malicious software or providing personal information online. Some cyber-criminal networks contacted clinics and other businesses who were in desperate need of personal protective equipment, coronavirus testing kits, and even purported cures against the virus, said the NCSC. Some of these unsuspecting victims were offered fictitious quantities of coronavirus-related equipment, which were never delivered.

Author: Ian Allen | Date: 05 November 2020 | Permalink

News you may have missed #904

Al-Qaeda AfghanistanUN report says Afghan Taliban still maintain ties with al-Qaida. The Taliban in Afghanistan still maintain close ties with the al-Qaida terror network, despite signing a peace deal with the United States in which they committed to fight militant groups, a UN report said. The U.N. committee behind the report said several significant al-Qaida figures were killed over the past months but a number of prominent leaders of the group, once led by Osama bin Laden, remain in Afghanistan. The report said they maintain links with the feared Haqqani network, an ally of the Taliban, and still play a significant role in Taliban operations.

Britain’s SIGINT agency sees workload spike amid COVID-19 vaccine hunt. Britain is one of the leading countries developing a COVID-19 vaccine with Oxford University and Imperial College London at the forefront, along with Sinovac in China. Whoever develops it first will reap billions from global sales, making research information highly valuable. This is having a major impact on the workload of the Government Communications Headquarters (GCHQ), its director, Jeremy Fleming, said last week.

Indian IT firm spied on politicians and Investors around the world. New Delhi-based BellTroX InfoTech offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years. During that time, the firm targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

British spy agency calls Trump’s espionage claim ‘utterly ridiculous’

GCHQThe Government Communications Headquarters (GCHQ), Britain’s primary signals-intelligence agency, has called claims by United States President Donald Trump that it spied on his election campaign “utterly ridiculous”. President Trump’s allegations are not new. They apparently rest on claims made in March 2017 by a Fox News commentator, that the GCHQ spied on Trump on orders of then-US President Barack Obama. The claim was repeated on March 17 at the White House by Sean Spicer, Trump’s then-press secretary, who said that Obama had used the GCHQ to spy on Trump so as to evade American privacy laws. At the time, Spicer’s claim prompted an angry response from the British government in London and from the British spy agency itself. In a rare public comment, GCHQ called the allegations “utterly ridiculous”.

This past Wednesday, the US president appeared to repeat his claim that GCHQ had spied on his election campaign, via a post on the popular social networking platform Twitter. Responding to a reiteration of the claim on the conservative cable television channel One America News Network, Trump tweeted “WOW! It is now just a question of time before the truth comes out, and when it does, it will be a beauty!”. The president’s tweet appeared just hours after the British government confirmed that Trump had been invited for a four-day state visit to the United Kingdom in June. The visit is believed to include a meeting with British Prime Minster Theresa May and dinner with Queen Elizabeth II at Buckingham Palace.

Following Trump’s tweet, the US newsmagazine Newsweek contacted GCHQ with a request for a response to the US president’s allegation. A GCHQ spokesperson referred the newsmagazine to the agency’s 2017 statement, and repeated: “The allegations that GCHQ was asked to conduct ‘wire tapping’ against the then president-elect are nonsense. They are utterly ridiculous and should be ignored”. It is extremely rare for GCHQ —one of Britain’s most secretive and publicity-shy agencies— to respond publicly to stories in the media. Late on Wednesday, British Foreign Affairs Secretary Jeremy Hunt said that the invitation to President Trump to visit London would not be rescinded, and insisted that Britain’s “special relationship” with the US remained “intact”.

Author: Joseph Fitsanakis | Date: 25 April 2019 | Permalink

New clues may help locate lost intelligence files from 1938 French-British-Nazi pact

Neville Chamberlain Nearly 2,000 missing British intelligence files relating to the so-called Munich Agreement, a failed attempt by Britain, France and Italy to appease Adolf Hitler in 1938, may not have been destroyed, according to historians. On September 30, 1938, the leaders of France, Britain and Italy signed a peace treaty with the Nazi government of German Chancellor Adolf Hitler. The treaty, which became known as the Munich Agreement, gave Hitler de facto control of Czechoslovakia’s German-speaking areas, in return for him promising to resign from territorial claims against other countries, such as Poland and Hungary. Hours after the treaty was formalized, British Prime Minister Neville Chamberlain arrived by airplane at an airport near London, and boldly proclaimed that he had secured “peace for our time” (pictured above). Contrary to Chamberlain’s expectations, however, the German government was emboldened by what it saw as attempts to appease it, and promptly proceeded to invade Poland, thus firing the opening shots of World War II in Europe.

For many decades, British historians researching the Munich Agreement have indicated the absence of approximately 1,750 intelligence reports dating from May to December 1938. The missing files cover the most crucial period immediately prior and immediately after the Munich Agreement. They are believed to contain transcripts of German and other foreign diplomatic communications, which were intercepted by the Government Code and Cypher School (GC&CS), Britain’s signals intelligence agency at the time. In 1947, the documents were passed on to the GC&CS’s successor agency, the Government Communications Headquarters (GCHQ). But they subsequently disappeared, giving rise to numerous theories as to how and why. Some historians have theorized that the documents were deliberately destroyed by British officials shortly after the end of World War II. The move allegedly aimed to protect Britain’s international reputation and prevent a possible exploitation by the Soviet Union, which sharply criticized the West’s appeasement of Hitler in the run-up to the war. Another popular theory is that they were destroyed by senior civil servants connected to the Conservative Party —to which Chamberlain belonged— in order to prevent the opposition Labour Party from capitalizing on what many saw as a betrayal of British interests in September 1938 by the Conservative administration in London.

For a long time, the GCHQ’s official historians have strongly contested the view that the documents were deliberately destroyed. Now, according to The Independent newspaper, historians have found that the missing documents were still listed in GCHQ archive indexes in as late as 1968, a full 30 years after the Munich Agreement was signed. At that time it is believed that the files were temporarily transferred to another British government department in order to be used as references in an internal report about the Munich Agreement. It is very likely, some historians now say, that the documents were simply never returned to GCHQ. It is therefore possible that they may be stored in the archives of the Foreign and Commonwealth Office or the Ministry of Defence. This new clue, according to The Independent, substantially lessens the possibility that the documents may have been removed or destroyed for political reasons.

Author: Joseph Fitsanakis | Date: 01 October 2018 | Permalink

Britain launched first-ever military-style cyber campaign against ISIS, says spy chief

Jeremy FlemingFor the first time in its history, the United Kingdom has launched its first-ever military-style cyber campaign against an adversary, according to the director of the country’s primary cyber security agency. The target of the campaign was the Islamic State, the militant Sunni Muslim group that is also known as the Islamic State of Iraq and Syria (ISIS). The existence of the all-out cyber war was announced last week by Jeremy Fleming, the newly appointed director of the Government Communications Headquarters (GCHQ), Britain’s signals intelligence organization. Fleming, a former Security Service (MI5) officer, was speaking at the CYBERUK2018 conference, held in the northern English city of Manchester. It was his first public speech as director of GCHQ.

Fleming told his Manchester audience that the cyber operation that targeted ISIS was a “major offensive campaign” that seriously hampered the group’s ability to launch and coordinate both physical and online attacks against its enemies. The campaign also prevented ISIS from using its “normal channels” online to spread its message, effectively suppressing the group’s propaganda efforts, said Fleming. The new GCHQ director noted that large parts of the cyber operation against ISIS were “too sensitive to talk about”. But he added that the methods used to combat the Sunni Muslim group’s online operations were so aggressive that they “even destroyed equipment and networks” used by ISIS members. He did not specify what he meant by “destroyed equipment”, but his comment brought to mind the so-called Stuxnet virus, which was discovered by researchers in 2010. The virus appeared to have been designed by what experts described as “a well-resourced nation-state”, with the aim of sabotage sensitive hardware components found in centrifuges used by the Iranian government in its nuclear program.

During his Manchester speech, Fleming claimed that the British cyber war against ISIS was conducted in compliance with existing international legal frameworks. He added, however, that the “international doctrine governing the use [of cyber weapons] is still evolving”. The GCHQ director admitted that Britain’s cyber capabilities “are very powerful”, but argued that “we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place”.

Author: Joseph Fitsanakis | Date: 20 April 2018 | Permalink | Research credit: K.B.

Dozens of successor groups forming in wake of ISIS defeat, experts warn

Hamrin Mountains IraqThe collapse of the Islamic State of Iraq and Syria is giving rise to a host of successor groups, which are quickly regrouping, recruiting members and launching increasingly sophisticated attacks against government forces, according to experts. A military victory in the war against ISIS was officially declared by the Iraqi government in December of last year. In recent weeks, United States President Donald Trump has repeated his government’s claim that American forces are “knocking the hell out of ISIS”. The Sunni militant group, which rose to prominence in 2014 after conquering much of Syria and northwestern Iraq, is clearly on the retreat, having lost every major urban center that it used to control. However, the collapse of the organization has led to the emergence of numerous insurgent groups that are quickly forming in Iraq and Syria.

Many of these highly agile groups are operating in the sparsely inhabited and remote southern district of Iraq’s Kurdish region, which includes the Hamrin Mountains. Others are found in Iraq’s arid regions west of the Euphrates. All are engaged in recruitment, propaganda and —increasingly— attacks against government forces and rival Shiite militias. Writing on Sunday, BuzzFeed’s Turkey-based Middle East correspondent Borzou Daragahi profiled one such group, the so-called White Flags. The group was formed in late 2017 through the union of two ISIS commanders, Khaled al-Moradi, an Iraqi Turkman, and Hiwa Chor, a former member of Ansar al-Islam, a predominantly Kurdish jihadist group that was active in northern Iraq after 2003. Daragahi notes that the White Flags have managed to carry out strikes in Baghdad and Kirkuk, and have repeatedly ambushed Iraqi government forces and members of Shiite militias. Senior White Flag members have been involved with ISIS for years and have “a wide range of experience [and] a high level of training”, says Daragahi. They are one of several post-ISIS armed groups that are recruiting members from Iraq’s disaffected Sunni Arab minority, while promising to protect them from the ire of the almost exclusively Shiite Iraqi government.

In a separate but related development, two analysts with Britain’s Government Communications Headquarters —the country’s primary communications interception agency— have warned that ISIS remains a “significant threat” to the West. The two analysts spoke on Britain’s Sky News television, using only their first names, Ben and Sunny. They recognized that ISIS has lost much of its territory in recent months, but cautioned that it continues to be “a very advanced adversary”, primarily due to its technological dexterity. Operational planners of ISIS have “pushed the bar and raised the bar” in terms of the “technology they have used and the ways in which they have used it”, said one of the analysts, adding that British intelligence agencies have to keep adapting their techniques to remain “one step ahead” of ISIS operatives. IntelNews regulars will recall that last year this blog advised Western counter-terrorism officials to “actively and immediately prepare” for attacks by ISIS militants using chemical weapons.

Author: Joseph Fitsanakis | Date: 3 April 2018 | Permalink

Tony Blair denies he warned Donald Trump British spies were after him

Tony BlairA spokesman for Tony Blair has dismissed as “categorically absurd” allegations that the former British Prime Minister warned the White House that President Donald Trump was targeted by British spy agencies. The claims are made in the book Fire and Fury: Inside the Trump White House, which is due to be published next week. Its author, Michael Wolf, says he based the information in the book on more than 200 interviews that he held with President Trump and members of his inner circle during the past year.

Wolf alleges that Blair, who was Britain’s prime minister from 1997 to 2007, visited the White House in secret in February of 2017. He allegedly did so as a private citizen, as he has held no public position since 2015, when he stepped down from his post as a Middle East envoy for the United Nations. While at the White House, Blair reportedly met with Jared Kushner, Trump’s son-in-law and senior aide. During that meeting, says Wolf, Blair told Kushner that Trump could have been under surveillance by British intelligence during his presidential election campaign. The former British prime minister allegedly said that any surveillance on Trump would have been carried out by the Government Communications Headquarters (GCHQ), Britain’s signals intelligence agency. Wolf further alleges that the administration of US President Barack Obama never asked London to spy on Trump. Instead, the White House “hinted” that intelligence collection about Trump would be “helpful”, says Wolf. The reason why Blair volunteered this information to Kushner, claims Wolf, was that he was hoping to gain the US president’s trust and be appointed as Washington’s envoy to the Middle East.

Blair’s revelation, which Wolf describes in his book as a “juicy nugget or information”, allegedly “churned and festered” in Trump’s mind. It was the basis for claims made on March 14, 2017, by a Fox News commentator that the GCHQ had spied on Trump on behalf of the White House. The claim was repeated on March 17 at the White House by Sean Spicer, Trump’s then-press secretary, who said that Obama had used the GCHQ to spy on Trump so as to evade American privacy laws. Spicer’s claim prompted an angry response from the British government in London and from the British spy agency itself. In a rare public comment, GCHQ called the allegations “utterly ridiculous”.

Late on Wednesday, a spokeswoman for the office of Tony Blair said in an email that Wolf’s claims in Fire and Fury were “a complete fabrication […], have no basis in reality and are simply untrue”. Last year, another spokesman for Blair dismissed claims that the former British prime minister had lobbied to be appointed Trump’s Middle East envoy. This claim was so “completely overblown” and “so far beyond speculation there isn’t a word for it”, said the spokesman. President Trump has not commented on Wolf’s claim about Blair’s alleged visit and subsequent meeting with Kushner.

Author: Joseph Fitsanakis | Date: 04 January 2018 | Permalink

British spy agency speeds up hiring process to compete with private firms

GCHQThe Government Communications Headquarters (GCHQ), one of Britain’s most powerful intelligence agencies, says it plans to accelerate its vetting process because it is losing top recruits to the private sector. Founded in 1919 and headquartered in Cheltenham, England, the GCHQ is tasked with communications interception. It also provides information assurance to both civilian and military components of the British state. It primarily hires people with technical expertise in communications hardware and software. But in the past fiscal year, the agency fell notably short of its recruitment target, according to a new government report published this week.

The information is included in the annual report of the Intelligence and Security Committee of the British Parliament. According to the document, GCHQ’s recruitment shortfall during the past fiscal year exceeded 22 percent, as the agency hired 500 new staff, 140 short of its initial goal of 640. Because of its mission, the agency must have the “ability to recruit and retain cyber specialists”, says the report. However, GCHQ officials told the parliamentary committee that they “struggle to attract and retain a suitable and sufficient cadre of in-house technical specialists”. The latter are lured away by large hi-tech companies, for two reasons: first, because the salaries are higher; and second, because the hiring process is faster. Due to its security requirements, GCHQ has a lengthy vetting process for all potential employees, which sometimes takes more than a year. In recent times, the process has suffered backlogs, a phenomenon that has negatively impacted on the agency’s ability to recruit top talent.

In response to its recruitment shortfall, GCHQ told the parliamentary committee that it plans to speed up its vetting process by addressing its “lack of security vetting capacity”. In July of 2016, the agency had 51 vetting officers in its ranks. It hopes to raise this number to 110 by the summer of 2018, according to the parliamentary report. This will allow it to clear hiring backlogs by December of next year and thus be able to bettercompete with hi-tech firms in the private sector. Other British intelligence agencies have faced recruitment challenges in recent years. In 2010, the then Director-General of MI5, Jonathan Evans, told the British Parliament’s Intelligence and Security Committee that “some [MI5] staff perhaps aren’t quite the ones that we will want for the future”. He added that the lack of even basic computer skills among MI5’s aging officer ranks have sparked the introduction of a program of “both voluntary and compulsory redundancies”. And in 2016, MI6 said that it would increase its staff size by 40 percent by 2020, reflecting a renewed emphasis in foreign intelligence collection using human sources, which is the primary task of the agency.

Author: Joseph Fitsanakis | Date: 28 December 2017 | Permalink

New report details one of history’s “largest ever” cyber espionage operations

GCHQ center in Cheltenham, EnglandA new report authored by a consortium of government and private organizations in Britain has revealed the existence of a computer hacking operation, allegedly based in China, that is said to be “one of the largest ever” such campaigns globally. The operation is believed to have compromised sensitive information from an inestimable number of private companies in Southeast Asia, Europe and the United States. The report was produced by a consortium of public and private organizations, including BAE systems and the London-based National Cyber Security Centre, an office of the United Kingdom’s signals intelligence agency, the Government Communications Headquarters. It details the outcome of Operation CLOUD HOPPER, which was launched to uncover the cyber espionage activities.

According to the report, the attacks were first launched several years ago against targets in Japan’s government and private sector. But after 2016, they spread to at least 14 other countries, including France, the United Kingdom and the United States. It is claimed that the attacks are “highly likely” to originate from China, given that the targets selected appear to be “closely aligned with strategic Chinese interests”. The authors of the report have named the hacker group APT10, but provide limited information about its possible links —or lack thereof— with the Chinese government.

The report claims that APT10 uses specially designed malware that is customized for most of their targets, thus constituting what experts describe as “spear fishing”. Past successful attacks have already resulted in an “unprecedented web of victims” who have had their information compromised, say the authors. The victims’ losses range from intellectual property to personal data. One of the report’s authors, Dr. Adrian Nish, who is head of threat intelligence at BAE Systems, told the BBC that it is currently impossible to estimate the number of organizations and agencies that have been impacted by APT10’s activities.

Author: Ian Allen | Date: 05 April 2017 | Permalink

US, British intelligence agencies spied on Israelis and Palestinians, files show

Israel’s Ministry of Foreign AffairsDocuments accessed by a French newspaper show that American and British intelligence agencies worked together to spy on diplomats, academic researchers and defense contractors in Israel and the Palestinian territories. Last year, the German newsmagazine Der Spiegel and the American newspaper The Wall Street Journal reported that the United States National Security Agency spied on senior Israeli politicians throughout the last decade, including Prime Minister Ehud Olmert and his successor, Benjamin Netanyahu. Now French daily Le Monde has alleged that the NSA teamed up with its British equivalent, the Government Communications Headquarters to spy on Israeli foreign service officials and diplomats, academic researchers and defense contractors. The newspaper also alleged that British and American spies targeted Palestinian government officials.

According to Le Monde, the information came from documents leaked by Edward Snowden, a former employee of the NSA and the Central Intelligence Agency, who is currently living in Russia. Snowden defected there in June 2013, after initially fleeing to Hong Kong with millions of stolen US government documents in his possession. In a leading article on Wednesday, the newspaper claimed that British and American spy agencies have systematically targeted senior officials in Israel’s Ministry of Foreign Affairs in Jerusalem. Several Israeli foreign service officials stationed abroad have also been targeted, said Le Monde, including Israel’s ambassadors to Nigeria and Kenya. But the Anglo-American intelligence alliance has also targeted Palestinian government institutions, including the Office of the Secretary General of the Palestinian Liberation Organization. Senior Palestinian officials that have been spied on include Ahmed Qurei, a former prime minister of the Palestinian National Authority, and Ahmad Tibi, a member of the Israeli Knesset who served as an advisor to Palestinian leader Yasser Arafat in the 1990s.

Palestinian diplomats stationed around the world have also been targeted by the NSA and the GCHQ, said Le Monde, in cities such as Paris, Brussels, Lisbon, Islamabad, Pretoria, and Kuala Lumpur. The documents also show that the two intelligence agencies have spied on Israeli defense contractors, including a company named Ophir Optronics, which works in the areas of laser and fiber optic technologies. Finally, the French newspaper said that research centers throughout Israel had been targeted, including scientific laboratories located at the Jerusalem-based Hebrew University.

Author: Joseph Fitsanakis | Date: 08 December 2016 | Permalink

Fake URL shortening service was part of British online spy operation

Iran protestsAn internet website that offered free URL shortening services appears to have been a front created by British intelligence in order to spread messages and monitor activists involved in protests in Iran and the Arab world. The website was used heavily during the Iranian presidential election protests of 2009, which became known as the Iranian Green Movement. After a brief hiatus, the website was used again in 2011, as the Arab Spring revolts in North Africa and the Middle East were intensifying. The information pointing to the use of the website comes from documents leaked by Edward Snowden, the American former intelligence employee who has been granted political asylum in Russia.

According to the leaked documents, the website, lurl.me, was devised by a specialist until of the Government Communications Headquarters (GCHQ), Britain’s intelligence agency that collects signals intelligence. The unit, called Joint Threat Research Intelligence Group (JTRIG), devised the website as part of an operation codenamed DEADPOOL. The leaked documents state that the purpose of the website was to operate as a “shaping and honeypot” tool, by helping disseminate messages in support of the protests while at the same time allowing the GCHQ to monitor the protesters’ online activities. Lurl.me first appeared in June 2009 as a self-described “free URL shortening service”, using the slogan: “we help you get links to your friends and family fast”. It was used repeatedly on Twitter and other social media platforms to spread messages against the government of Iran. But the vast majority of social media accounts that made use of the website, like @2009iranfree, were operational only for a short period of time, had few followers, and ceased all activity at the end of the Iranian Green Movement. By that time, hardly anyone was using lurl.me. But the website made its appearance again on social media in April of 2011, with messages against the government of Syria. According to Vice’s Motherboard website, Tweets using the lurl.me service appeared to be active only between 9 a.m. and 5 p.m. UK time, and only on weekdays.

Both in 2009 and 2011-2013, lurl.me was used to instruct anti-government activists on how to avoid being monitored by the authorities. Some links contained instructions on how to access the Internet via satellite. Others provided directions on using proxies to access websites that were blocked by the authorities. At the same time, however, the documents leaked by Snowden show that the GCHQ also used the service to track the activities of anti-government activists who clicked on the lurl.me links, and even to ‘deanonymize’ (=to establish the real identity) of these users.

IntelNews first reported on JTRIG in February 2014, when its existence was first revealed by Snowden. The specialist unit has been associated with targeting self-described ‘hacktivist’ groups like Anonymous or LulzSec, using malware, social engineering, and other techniques. JTRIG also appears to have conducted online intelligence operations against the government of Argentina.

Motherboard reports that lurl.me was last used in November 2013, shortly after Snowden began leaking files from his secret hiding place in Russia. Motherboard said it contacted GCHQ for a reaction to the lurl.me allegations, but the agency said it would “not comment on intelligence matters”.

Author: Joseph Fitsanakis | Date: 02 August 2016 | Permalink

%d bloggers like this: