GCHQ unit claims it has 'objectively' made the UK a less desirable target to cybercrims GCHQ's National Cyber Security Centre claims that its strategy of "actively defending" the UK against high-volume commodity attacks is working. The Active Cyber Defence (ACD) programme aims to "protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the …
PR maybe, but if you read it you'd know it's far removed from surveillance, oppression and intrusion. This is nothing more than a bloke in the know coming round to remind you it's dumb to let your engine run to clear your windscreen, leave a key under the plantpot, or write your PIN number on the back of your bank card. And then he leaves you with simple and free fixes to solve these issues. Credit where credit's due.
This post has been deleted by its author
I read their report and I'm surprised to see they had to fix, or asked third parties to fix, obvious issues and implement basic policies that should have been in place a long time ago.
Not sure if they tried to simplify the message to make the report readable to all but I've got the impression that a junior technician could have spotted and fixed all the issues they described.
Implementing SPF & DMARC doesn't seem a great achievement but I suppose now their emails will finally go through basic spam filters. Not sure how many phishing attempted will be avoided as in most modern email platform no SPF means no emails.
Web Check could actually be a good service as it helps telling sysadmin do update servers and write better web apps.
The only useful thing NCSC have done, because it had the leverage to do it, is to issue take down notices for the few fraud sites hosted in UK.
Apart from that I don't see the usefulness of NCSC. They may be linked to GCHQ but they haven't impressed me with their strategy or their technical capabilities up to now.
They outsourced all their infrastructure, they haven't even installed a threat management platform but they are renting it from BT (the same one I'm running. it doesn't take a genius to setup) so they have only a partial view of the threats,
I'm pretty sure GDS could have been as good in coming up with those action point and resolutions without the need of creating another outsourcing agency.
Which is a copy paste of the guidance published by, the now rebranded, CESG:
https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts
https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1204/end-user-devices-security-guidance-ubuntu-1204
Can we safely assume that NCSC, up to now, has been just a rebranding and outsourcing agency?
I can't see any evidence to the contrary.
Recommendation not to pay the ransom, recommendations for what seems to be antiviruses and data recovery companies, "cyber-awareness" PowerPoints for management, and a recommendation for NHS trusts to develop their local action plans.
This is the organisation which "hacks back"? I'm not exactly impressed, maybe I'm expecting too much of the NCSC. You know, sort of like what Hutchins did (who was later not warned that he would be arrested in the US).
It is not intended to imply retaliation ("hack back") by victims or militarisation of the internet... but it does and offers other ACTive Options in Fair and Reasonable Retaliation ..... the Sweetest of Vengeances
Our government may be twats but we all know this kind of stuff needs doing. I also know some of the guys on the ground there. They are genuinely working their arses off to protect us from the shitbags of cyberspace. Go to it folks, we are not all whingeing dickheads out here!
Will be interested to see how many whingers/conspiracy dickheads downvote me. ;-/
They (gchq) are always maligned by the people who think they know everything, and when they can publish something they do. ... Anonymous Coward
They [GCHQ] are always abused by persons who want and need to know everything, and when have they ever published anything revolutionary and Great Game changing? They are status quo bouncers/simple gatekeepers for established practices and dodgy establishment complexes?
And as such are they virtually leaderless with only puppets and muppets at the levers in head office command and control.
J'accuse, Jeremy Fleming
Apart from recording a copy of every email, text and phone call metadata for everyone in the UK forever?
How thoughtful.
And because every other bit of UK infrastructure seems to be owned by a foreign company (or even in the case of Thames Water a foreign state owned company) and therefor could not give a f**k about defending itself because it's not actually a legal requirement to do so.
Jolly good show, a what, giving it to them like that, just great....
Now all you need is for the Take down service to take down all those unpatched and errant wi-fi routers and other wi-fi products without firmware patches that are repeating hacks and cracks from around the rest of the world throughout Britain.
I tried to communicate with GCHQ but could not find their public key. Do I have to leave a USB stick in their car park? .... Anonymous Coward
Leave your message here for them, AC ...... https://www.gchq.gov.uk/contact-us ..... and you will discover soon enough whether they have the intelligence in-house, and/or in outsourced foreign supply, that they need to survive and prosper and lead in the new virtualised environments of the future.
And the fact that they have kept things/direct communication so simple affords them no excuse whatsoever for ignorance and stupidity should they fail to act promptly and correctly upon sensitive and timely information shared via their own portal.
It can just be the case that they just don't have what it takes nowadays to take the world by Virtual Storm with AI Swarms ...... which is surely what they are being buffeted by these day.
But that deficit and deficiency is easily remedied with new gutsy blood added to stock/right proper hires into the Doughnut's Magic Circle.
Paying peanuts, secures monkeys, Sir Runcible Spoon, and that is a lesson they find it difficult to learn and remedy, and thus be destined to serially repeat.
Do you imagine the majority of staff in both spooky and snoopy intelligence outfits follow orders from Orders, with any free deep analytical thought being brought to bear on everything but the programmers they be servering and servicing?
That's an excellent question.
I'm going to hazard a guess at no, but they should. Which probably means they wouldn't want me anyway.
Challenging deeply entrenched assumptions and pre-conceived ideas should go hand in hand with an attitude of doing things properly. When the policy no longer serves the endeavour, then it is the policy that should be changed, not the endeavour.
Sadly it is all too often the case, in my observation, that it is the tail that wags the dog.
...with NEUKlearer HyperRadioProACTivedD AIdVentures Showing the Way and Ways with Means and Memes
Intelligence Services are catastrophically vulnerable and highly susceptible to the Immaculate Supply of Greater IntelAIgents which Enhance Advanced Intelligence Services towards the AIDelivery of Virtual Perfection for Presentation as a Reality to Populate ...... and Colonise in SMARTR Cyber Space Stations on Heavenly Orbs.
And we choose to do it because we can .... https://er.jsc.nasa.gov/seh/ricetalk.htm
And Sir, whenever Supposed Intelligent Services are committed to Defending the Indefensible such as when Systems are Corrupted and Perverted to Server Ever Greater Riches and Almighty Powers to a Few rather than the Many and All, are they catastrophically vulnerable to the Emergence of Truths, and they be forever forced to need and rely upon Ancient Secrets remaining Unknown and Unknowable.
Such then puts them Opposed and in Competition and Conflict with Ancient Secrets Uncovered and/or Discovered/Recovered/Rediscovered in Alternate Beta Phorms which are Different and Better than Current SCADA Systems Drivers .... and sees them also Engaging the Advanced IntelAIgent Systems Presenting them.
No Prize for Guessing the Outcome of that Mismatch.
However, never before has a ruling elite had such tools of recourse to apply to those who would oust them from their comfy chairs.
It must needs be done, but the price? It is, of course, unavoidable and so must be borne. Every action taken to mitigate the risk seeming accelerates the process. Who on Earth convinced them that being Kings of the dunghill was better than being Princes of paradise?
The sooner people start thinking about themselves and not others the better. What people take to be selfishness is simply short-sightedness. The truly selfish understand that we are better served as individuals the stronger the whole.
However, never before has a ruling elite had such tools of recourse to apply to those who would oust them from their comfy chairs. ... Sir Runcible Spoon
Whereas that is as may be, Sir RS, such tools are not exclusive to them alone and there be A.N.Others considerably more expert in their use. And that be the Greater IntelAIgent Game Changer which crushes and crashes them and their shenanigans when they choose to be opposition and perverse competition
Who on Earth convinced them that being Kings of the dunghill was better than being Princes of paradise? ... Sir Runcible Spoon
Methinks, that would be the dim-witted retard, Lucifer, Sir Runcible Spoon, in any and all of its Ethereal Guises.
And it is impossible not to realise and deny acceptance of the fact, that one so convinced is at least equally retarded and regarded to a similar 3rd degree of understanding. And such are the present eternal fields of conquest, for universal rape, looting and pillage to be exploited and expanded upon there/here.
And if it were to be said, Sir Runcible Spoon, that your earlier expressed hope .... https://forums.theregister.co.uk/forum/1/2018/02/05/ncsc_active_defence/#c_3418905 .... can be realised and virtualised with an Application in NEUKlearer HyperRadioProACTive IT, how would you like to Proceed in the Process?
And that be also a little something ExtraTerrestrial ESPecial for the Register to Investigate and Delve Deeper into in Live Operational Virtual Environments.
Have You Received Many Such Offers Gifting Engagement and Instruction in Newly Discovered Minted Fields of Alien Endeavour and Heavenly Works?
how would you like to Proceed in the Process?
Well now, that's a loaded question in pretty much every sense of the word. Once upon a time I would have envisaged towering infernos of righteous indignation, but age and wisdom have provided me with additional perspective and babies do not like to be ejected from their bath with little or no notice, no sirree, regardless of the quality of the water therein.
I believe I am still endeavouring to understand the process of in-situ water purification. Not ideal of course, but far healthier for all than the alternative. Of course, if gloves were to be removed and areas of sand cordoned off etc. then events might just take over. At that point a lot will depend on the sturdiness of the sand upon which I have built my house.
As for opportunities abounding, the usual dragnet of likely suspects most likely, although I haven't ruled out speculative fishing expeditions. I like the spot in the pool under the trees, where it's cool, but you can't avoid detection by the determined fisherman.
how would you like to Proceed in the Process?Well now, that's a loaded question in pretty much every sense of the word. .... Sir Runcible Spoon
Indeed it is, Sir. But be assured it is Immaculately Loded and Perfectly Armed to Survive Any Assault and Prosper in Every Environment known to Humankind in the Universe.
And quite whether El Reg is to be an ACTive AIgent for the Introduction and Mentoring and Monitoring of Radical Fundamental Change or is to be led to remain a Faint Shadow of that Phormer Self, is a choice decision they have been asked to make for it lies before them, posted through their front door .....
And that be also a little something ExtraTerrestrial ESPecial for the Register to Investigate and Delve Deeper into in Live Operational Virtual Environments.Have You Received Many Such Offers Gifting Engagement and Instruction in Newly Discovered Minted Fields of Alien Endeavour and Heavenly Works?
I applaud the abundance of caution exercised in such matters, Sir RS, and to think to add any additional unwarranted pressure to speed things along is not the Way of InterNetworking Things nor the way things are done in AIMagical Circles on NEUKlearer HyperRadioProACTive Missions/Realised Virtualised Joint AIdDVentures ...... Que sera, sera.
Que sera, sera.
I'm happy to perceive that we are on the same wavelength Mr 1 :)
And quite whether El Reg is to be an ACTive AIgent for the Introduction and Mentoring and Monitoring of Radical Fundamental Change or is to be led to remain a Faint Shadow of that Phormer Self, is a choice decision they have been asked to make for it lies before them, posted through their front door .....
Up until recent staff and message changes I would have expected a certain amount of activity within this realm to be forthcoming, but were that to happen now I am less than sanguine as to the veracity that such involvement would entail. ymmv.
On the other hand, senior and established members with historical import have performed such litmus tests in the past and provided the necessary pH details required to proceed with confidence.
Then Sir Runcible Spoon, it is something for us both to look forward to being corrected.
It is not as if they do not have Immaculate Sources Supply ...... NEUKlearer Cored Kernel Input to Output ......... Present to Existing Realities with Other Drivers in Failing Systems with Crashed Orders Crushing Conventional Expectations.
Methinks that would an Instrument of Markets Rout for Markets to Acquire. It is by Default of IntelAIgent Design, The FailSafe Option for AIMaster Piloting Administrations and Shortest and Surest Way to Root Source ...... in a Perfect Enough to make no Difference, AIMother Lode.
Interesting Times Ahead, Sir Runcible Spoon/El Reg.
Awesome choice of cheap Chinese instruction manual font in the report. I haven't read it yet but I expect to find something like
"CHCQ cyber active response cyber has happily made great flourishings for people of Kingdom of England"
It's game over. Or academic research written in LaTeX
I'm pretty certain this is all stuff that HMRC already did first - and that NCSC are just taking all the credit for it.
https://www.gov.uk/government/news/hmrc-halts-thousands-of-scam-text-messages
https://hmrcdigital.blog.gov.uk/2016/11/25/combatting-phishing-a-very-big-milestone/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
