MI5 Relies on Hacking

Uploaded on 2015-11-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

MI5, the UK's domestic spy agency, says it has “relied” on hacking techniques in “the overwhelming majority of high priority investigations" over the past year, according to a government document.

The document is a “factsheet” describing the UK’s hacking powers, released as part of the Draft Investigatory Powers Bill, the nation’s newly proposed surveillance legislation. It says that “Equipment Interference,” (EI) the UK government's term for computer hacking, is “the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”
“[EI] has been instrumental in disrupting credible threats to life, including against UK citizens,” the section on MI5 continues. However, those claims could not be verified by Motherboard. MI5 could not be reached for comment, but a spokesman for the National Crime Agency, which has also been revealed to have EI capabilities, previously told Motherboard that “there is a range of capabilities and techniques available to the NCA."
EI can either be carried out by physically tampering with a person's gadgets, or remotely, the document continues. Approaches vary in complexity, with EI encompassing everything from using login credentials of a target to gain access to a computer, or “remotely installing a piece of software on the device.”
The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect"

The document claims that “the use of this capability by the security and intelligence agencies was avowed in February 2015 through a draft Equipment Interference Code of Practice.”
There is already voluminous evidence that the UK's signal intelligence agency, Government Communications Headquarters (GCHQ), breaks into the computer systems of targets. Motherboard previously reported that the National Crime Agency—essentially the UK's FBI—also has hacking capabilities.
The rest of the document, entitled “Factsheet—Targeted Equipment Interference,” attempts to justify the use of hacking techniques in investigations.
“Equipment Interference is used to secure valuable intelligence to enable the Government to protect the UK from individuals engaged in terrorist attack planning, kidnapping, espionage or serious organised criminality.” The document claims that hacking may in some cases “be the only way to acquire intelligence coverage of a terrorist suspect or serious criminal in a foreign country.”

Interestingly, the document says that the draft Investigatory Powers Bill, a proposed piece of UK surveillance legislation, “will create a new power to require the assistance of CSPs where necessary, to give effect to equipment interference warrants.” A CSP, or communications service provider, is a company that handles electronic information, such as a telecomm. It is unclear how CSPs are expected to collaborate with the authorities in this context.
In total, the document is vague regarding what EI actually constitutes. As for what information obtained from hacking can be used for, “material derived from equipment interference may be used in evidence,” the document reads.
Motherboard: http://bit.ly/1SIdhav

« The Dark Side of the Fourth Industrial Revolution – and How To Avoid It
EU votes Snowden Human Rights Asylum »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

European Digital Media Association (EDiMA)

European Digital Media Association (EDiMA)

EDiMA, is the European trade association representing online platforms. It is an alliance of new media and Internet companies.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.