Replies

GCHQ to share threat intelligence with UK businesses

John Leyden 24 April 2019 at 13:55 UTC

UPDATED Jeremy Fleming opened the third CyberUK conference in Glasgow today with a promise to share more threat intelligence with UK businesses.

Fleming, the director of UK spy agency GCHQ, said there would be an initial focus on telcos and cloud and managed security providers.

“We intend to do more to take the burden of cybersecurity away from the individual,” Fleming said. “In particular, we will work closely with device manufacturers and online platform providers to build security into their products and services at the design stage."

“We will share intelligence with banks to enable them to alert customers to threats in close to real time,” he added.

In practice, this means an expansion on the National Cyber Security Centre’s (NCSC) Active Cyber Defence programme, an automation approach to block phishing and malware attacks at scale.

UK-hosted share of global phishing fell below 2% for the first time at the end of March this year, compared to 5.4% in 2016 – around the time the NCSC was established.

Reaching out to businesses will also involve sharing not just so-called indications of compromise but the modus operandi of attackers, NCSC director of operation Paul Chichester later clarified during a Q&A session.

During his speech, Fleming added: “In the last year we have made it simple for our analysts to share time-critical, secret information in a matter of seconds. With just one click, this information is being shared and action taken.”

Not everything is going to be shared – as befits an intel agency – but businesses, particularly at the top of the food chain, are going to be granted access to more information.

“We will continue to scale this capability so whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals, or credit cards being sold on the dark web, we will declassify this information and get it back to those who can act on it,” Fleming concluded.

Huawei away

Leaked reports that Prime Minister Theresa May has approved the use of telecoms kit from Chinese tech manufacturer Huawei in some non-core parts of Britain’s 5G data network may be premature.

An NCSC spokesman clarified that no announcement has been made, and when there is an announcement it will be made through the Department for Digital, Culture, Media & Sport in Parliament. The technical evaluation has been completed.

A cross-government statement on the debate about approved vendors for the UK’s 5G rollout expanded on this point and added a reference to a GCHQ-led evaluation of Huawei’s kit.

“National Security Council discussions are confidential. Decisions from those meetings are made and announced at the appropriate time through the established processes.

“The security and resilience of the UK's telecoms networks is of paramount importance.

SNIP

https://portswigger.net/daily-swig/gchq-to-share-threat-intelligence-with-uk-businesses

...............[They] can hear you now

GCHQ can access ‘the web browsing histories of every visible user of the internet’, says civil liberties director

By Holly Pyne Thursday, September 13, 2018

Silkie Carlo has said that GCHQ have programmes that can collate “the web browsing histories of every visible user of the internet” as the European Court found the Government’s mass surveillance violated human rights.

Ms Carlo, the Director of Big Brother Watch told talkRADIO’s Matthew Wright: “GCHQ, which is a UK intelligence agency, have a programme called Karma Police that is effectively a catalogue of the web browsing histories of every visible user of the internet.

“That includes us domestically in the UK as well.

“They also had a programme called Black Hole which was a repository of over one trillion events including internet histories, email messenger records, search engine queries and social media activity.

“So whilst we have had success in court this time, the Government has since introduced a new legal framework to do even more extensive surveillance so we still really need the public support because we really have our work cut out.”

This comes as European judges found the use of some surveillance techniques deployed by Britain’s spy agencies breached human rights obligations.

The case centred on complaints about powers given to security services under the Regulation of Investigatory Powers Act 2000, which has since been replaced.

This bulk interception is used to collect communications of individuals outside of the UK to identify potential overseas threats.

A summary of the judgment said: "While the court was satisfied that the intelligence services of the United Kingdom take their Convention obligations seriously and are not abusing their powers, it found that there was inadequate independent oversight of the selection and search processes involved in the operation, in particular when it came to selecting the internet bearers for interception and choosing the selectors and search criteria used to filter and select intercepted communications for examination."

So, err uuuh....what about every other country out there with their versions of these capabilities?

Went by Lowes the other day, went through self-check out, a light comes on, and a LCD screen lights up on the kiosk, and there I wuz on the screen.

They got me. They got haffast. Satellites hooking up in outer space.....too late.

After a stunned moment of watching myself stare at myself, WTH, my doctor's office, hospital and medical labs already have me on file anyway.

Is some freak taking copies of these files home with 'em, reviewing them while drinking a beer and laughing as he posts outtakes to some snowflake web forum somewhere?

That's right buddy, my hat is red, and I at least know what the hole in that washer is for you confused little pervert.

I don't remember what I paid for that bag of washers.

MAGA