MI5 Relies on Hacking

Uploaded on 2015-11-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

MI5, the UK's domestic spy agency, says it has “relied” on hacking techniques in “the overwhelming majority of high priority investigations" over the past year, according to a government document.

The document is a “factsheet” describing the UK’s hacking powers, released as part of the Draft Investigatory Powers Bill, the nation’s newly proposed surveillance legislation. It says that “Equipment Interference,” (EI) the UK government's term for computer hacking, is “the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”
“[EI] has been instrumental in disrupting credible threats to life, including against UK citizens,” the section on MI5 continues. However, those claims could not be verified by Motherboard. MI5 could not be reached for comment, but a spokesman for the National Crime Agency, which has also been revealed to have EI capabilities, previously told Motherboard that “there is a range of capabilities and techniques available to the NCA."
EI can either be carried out by physically tampering with a person's gadgets, or remotely, the document continues. Approaches vary in complexity, with EI encompassing everything from using login credentials of a target to gain access to a computer, or “remotely installing a piece of software on the device.”
The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect"

The document claims that “the use of this capability by the security and intelligence agencies was avowed in February 2015 through a draft Equipment Interference Code of Practice.”
There is already voluminous evidence that the UK's signal intelligence agency, Government Communications Headquarters (GCHQ), breaks into the computer systems of targets. Motherboard previously reported that the National Crime Agency—essentially the UK's FBI—also has hacking capabilities.
The rest of the document, entitled “Factsheet—Targeted Equipment Interference,” attempts to justify the use of hacking techniques in investigations.
“Equipment Interference is used to secure valuable intelligence to enable the Government to protect the UK from individuals engaged in terrorist attack planning, kidnapping, espionage or serious organised criminality.” The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

Interestingly, the document says that the draft Investigatory Powers Bill, a proposed piece of UK surveillance legislation, “will create a new power to require the assistance of CSPs where necessary, to give effect to equipment interference warrants.” A CSP, or communications service provider, is a company that handles electronic information, such as a telecomm. It is unclear how CSPs are expected to collaborate with the authorities in this context.
In total, the document is vague regarding what EI actually constitutes. As for what information obtained from hacking can be used for, “material derived from equipment interference may be used in evidence,” the document reads.
Motherboard: http://bit.ly/1SIdhav

« The Dark Side of the Fourth Industrial Revolution – and How To Avoid It
EU votes Snowden Human Rights Asylum »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Surf Security

Surf Security

SURF Security has transformed the browser into your strongest security asset while providing complete end-user privacy – all with full compliance.

Arctera

Arctera

Arctera simplifies data management to keep you secure. Our company operates as three units - Data Compliance, Data Resilience, and Data Protection.

Axelerated Solutions

Axelerated Solutions

Axelerated Solutions offer a comprehensive range of technology services tailored to meet our clients' diverse needs. Our focus is on delivering innovative and secure solutions.