back to article Spooks want backdoor into your network

GCHQ, the UK's signal intelligence agency, may get an expanded role in preventing attacks against the networks of key private firms under new government plans. The Communications-Electronics Security Group (CESG) at the UK's Government Communications Headquarters (GCHQ) has historically only provided best practice guidance and …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Eh?

    "What this partnership will not do is start breaking boundaries that we have around privacy and personal data"

    Would she care to name the protections that exist and the instances of them being upheld?

  2. Destroy All Monsters Silver badge
    Big Brother

    Reiterate, forever...

    Mr. Mori Arinori arrives in Belgravia at a quarter past four, driving a new-model Zephyr gurney leased from a commercial garage in Camden Town, just as Charles Egremont is departing for Parliament and a most important speech.

    Egremont's body-guard, on assignment from the Central Statistics Bureau's Department of Criminal Anthropometry, a machine-carbine slung beneath his coat, watches as Mori descends from the Zephyr, a diminutive figure in evening-clothes.

    Mori marches straight across the new-fallen snow, his boots leaving perfect prints upon the black macadam.

    "For you, sir," Mori says and bows, handing Egremont the stout manila envelope. "Very good day to you, sir." Donning round goggles with an elasticated band, Mori returns to his Zephyr.

    "What an extraordinary little personage," Egremont says, looking down at the envelope. "One hasn't seen a Chinaman, got up like that…"

  3. Chris Miller

    Mmmmmmmmmm

    I love the smell of pork in the morning.

  4. Leona A
    Alert

    Big Brother is....

    watching you!

  5. A J Stiles
    Big Brother

    Hmm

    It's about time GCHQ was shut down permanently. Think of the savings we could make .....

    1. Anonymous Coward
      Anonymous Coward

      GCHQ savings

      We could save ourselves a huge amount of intelligence, not to mention R&D and security advice/implementations for many government departments.

      After all, nobody would want to hack a government computer, right?

  6. Anonymous Coward
    Big Brother

    translated from GCHQspeak

    Under the pretext of preventing hacking, an expanded national cyber-security hub at GCHQ would monitor network traffic from "major communications, power and transport providers". The real reason being to expand spying by the state security apparatus on their own population.

    --

    And of course no mention of the computing 'ecosystem' that isresponsible for the vast majority of security breeches. GCHQ would be better employed in designing 'computers' that don't get visues ...

    1. Anonymous Coward
      Coat

      Security Breeches

      I wear them often when riding my horse to security conventions.

    2. RandSec
      Thumb Up

      Difficult or Impossible to Infect

      There is an important distinction between malware somehow getting into the computer and executing, and malware being restarted on every session due to internal infection. Currently, most effort is directed at stopping malware from getting in, but malware does get in, and if it can infect, it can run in hundreds of future sessions. We need to stop the infection.

      We need to prevent malware from modifying the operating system, boot data, and all other data which executes upon startup, including user apps. Currently, OS software tries to prevent this, and if that worked, we would have no problem, yet the problem persists. What we need is improved hardware to protect the boot process and data from being changed by malware.

      Various schemes are possible, but in security, simple is king. The example that everybody loves to hate is the Linux LiveCD, but it is at least an existing, generally practical example of a system which is difficult or impossible to infect. Since over 99 percent of current malware is designed for Microsoft Windows, just using Linux is a big help, but that does not prevent infections from Linux malware (which does exist). It is the CD which protects against infection, but practical use does require updates.

      As far as I know, of all the LiveCD distributions, only Puppy Linux supports updates by allowing the user to save new and changed files back to a multisession boot DVD as another session. I manually update immediately after booting, once every couple of weeks or so, on a DVD+RW. Various versions of the same file may exist on the DVD, but only the latest is loaded into RAM during booting. The system runs completely in RAM, and the DVD can be removed after boot.

      A lot of things are not ideal about using a LiveCD. However, it is an actual practical example of serious malware protection (supporting browsing in Firefox with security add-ons), and the improvement over current systems is in the system hardware, not the usual add-on software or patches. Once we realize the harm our current hardware design has caused and look into fixes, a wide range of alternatives exist. Yet how many of us realize that our equipment needs to change?

      In the US, I would ask for the FCC to type-accept all computation equipment, including routers and smart phones, and require it to be "difficult or impossible" to infect. Manufacturers should be required to provide tools to certify any particular installation of their system as uninfected, and thus ready for online commerce. A formal, Windows-like LiveCD from Microsoft would greatly assist online banking (even if an external DVD writer would be needed), but soon we will have to deal with those smartphones.

      For more, find my page, articles and comments using: "Terry Ritter" malware

    3. Is it me?

      At least it's not

      The Peoples Liberation Army who are asking, oh wait they already are. So it's fine for them to do it, but not GCHQ.

      Think about this people, do you really think that if GCHQ want to listen to you they can't already, but do you know, I think they probably have better things to do with their time.

    4. Anonymous Coward
      Anonymous Coward

      Virus-safe computer...

      > designing 'computers' that don't get visues ...

      Didn't Sir Clive have that one under control - http://www.bbc.co.uk/news/magazine-12703674

  7. Anonymous Coward
    Pirate

    I just though of a solution

    Why not talk up the cyber terrorism scare, and then co-opt the various AV vendors and then get GCHQ spyware, er I mean 'security solutions' installed on every desktop on the planet .. :)

  8. JaitcH
    FAIL

    GCHQ can't even handle the workload it has, what's it after more budget or hardware

    GCHQ is supposed to be catching all those imaginary spies and terrorists and it is failing at that.

    Where and how is it going to get the manpower or equipment to do this in these days of cutbacks?

    Cut the pensioners again?

    1. neb
      WTF?

      well it needs...

      ...to stop letting its staff fall asleep and asphyxiate them bloody selves in locked sports bags to start with

      cutting pensioners, can't do that anymore, soylent greens so last year dahlink!

      1. Anonymous Coward
        FAIL

        what you need

        Is to learn the difference between GCHQ and MI6...

        1. Sara Bee
          FAIL

          secondment?

          I'm sure he does know the difference, he was a GCHQ man on secondment to MI6...

          1. Anonymous Coward
            FAIL

            secondment

            Eep - I'd forgotten about that! Sorry. Will duly self-administer the clue-bat!

        2. Anonymous Coward
          Anonymous Coward

          title

          "Is to learn the difference between GCHQ and MI6..."

          MI5, MI6, GCHQ and DI are all part of the same organisation, which is the Joint Intellegence Commitee.

  9. George09
    Headmaster

    Prevent attacks?

    "GCHQ, the UK's signal intelligence agency, may get an expanded role in preventing attacks ...." Hate to be pedantic but you can't prevent attacks you can only defend against them.

    1. Anonymous Coward
      Go

      OK, I'll bite

      Why can you not prevent attacks?

    2. Anonymous Coward
      FAIL

      Of course you can prevent attacks.

      If you take measures to deter them. Successful deterrence prevents attacks that would otherwise have taken place. You're not being pedantic here; just wrong.

    3. Anonymous Coward
      Anonymous Coward

      Yes you can.

      E.G Not pissing people off, often prevents attacks, or just eliminating your enemy.

  10. jake Silver badge

    "Government fears"

    That pretty much says it all, innit.

  11. Anonymous Coward
    Anonymous Coward

    Remind me please

    The point of 'winning' the cold war and not being overrun by nasty freedom-hating commie tyrants was?

  12. BristolBachelor Gold badge
    Black Helicopters

    Stuxnet

    "...as well as the Stuxnet worm.."

    Didn't this Stuxnet thing come from state sponsored groups infiltrating organisations and planting stuff in them; oh hold on, NOW I'm getting it...

    If government really thought that private organisations can't be trusted to sort themselves out, they should run it all as nationalised infrastructure.

    1. amanfromMars 1 Silver badge

      Getting a grip on the enemy .... and reality?

      "Didn't this Stuxnet thing come from state sponsored groups infiltrating organisations and planting stuff in them; oh hold on, NOW I'm getting it..." .... BristolBachelor Posted Tuesday 8th March 2011 13:58 GMT

      Err, yes, well, you could say that, although in another parallel universe ...... http://cryptogon.com/?p=20897

    2. heyrick Silver badge

      Nationalised infrastructure?

      Didn't we have a lot of that in the '80s before it was all flogged off?

      What exactly is the reality of the threat? I mean, is it viable to panic over the risk of threats to the electrical network? If so, the question is not to spy on everybody "for signs of hacking", but rather to devise a way of the electric network to be fault tolerant, along with enhanced systems in order to mean that one compromised machine isn't automatically authorised to do whatever it wants within the system.

  13. despairing citizen
    Unhappy

    How does this work in international law?

    GCHQ is a government body paid for by UK tax payers

    Using GCHQ staff to protect big UK companies, is effectively tax subsidies to UK big business (oh dear >BUZZ< violated EU and WTO regs)

    If only certain big companies can get this protection, then this putting the other UK and EU businesses at a competative disadvantage (oh dear >BUZZ< violated EU regs)

    For further details tax subsidies and WTO, look up the usual Boeing Airbus mud slinging contests.

    please can we have one government a century that doesn't try to operate by press release, and does actually come up with thought through coherent and legal plans and legislation.

  14. amanfromMars 1 Silver badge
    Grenade

    Virtual Non State Actor Leaderships are Legion.

    "Government fears, in the UK and elsewhere, centre on concerns that hostile powers might cripple communication or banking systems or disrupt the delivery of utilities."

    Oh please, what utter poppycock and juvenile balderdash is that? They surely cannot be serious whenever quite sublime and remote anonymous takeover of all such systems is so very much quietly facilitated by the Great Game and Really SMART Players.

    Of course, what GCHQ will never need to deny, for they are duty bound as defenders of the realm and therefore oft obliged to suggest is perfectly true, is that they have Really SMART Players on Great Game Teams, which is ......... well, an Astute Active Application for Stealthy Programming Protocols into Controlling and Countering Rogue Power Bases .... and Freelancing Chancers.

    And whether 'tis a Falsehood would be Need to Know, which is a paradigm shift in the theory of needs that require information classification feeds ...... from knowing what is true, and presumably then real, to knowing what is false, and therefore really virtual ...... in every world?

  15. amanfromMars 1 Silver badge

    Turning up the Heat ...... on Information Churns

    "The UK plans are comparable to critical national infrastructure "Perfect Citizen" project conceived by the National Security Agency (NSA), GCHQ’s US counterpart, last year and opposed by critics as a move that would give the signals intelligence agency the ability to spy on private communications. The NSA firmly denied any such intention."

    You can be perfectly sure though that any such intention was not denied, for it cannot be so denied, a distinct available possibility, and therefore in every likelihood, a guaranteed probability for the temptations and rewards in knowing and/or in thinking that you know of everything that is going on and therefore, with phorming analysis, what is likely to happen in the future, is just too rich a prize to use and abuse and leave to/with/for others.

    "BT, in particular, is likely to oppose any expanded role for GCHQ in the private sector." ..... Well, of course they will, as they have had first sniff at the cherry since the beginning because do they not supply the lines of communication to practically everyone, through myriad third parties and internetworking service providers.

    However, once you have access to all current information,for viewing and clever analytical extrapolation of future rogue intent, and let us assume that there is presently an authority or agency or application which does have that facility/utility, then are they wholly responsible for any future chaotic and destructive disorder because of their inability to act on the information which they are hosting.

    All in all, that is very much the exact same tale as did for Uncle Sam with 9/11, for was not the situation the same then too, and with no one SMART enough to connect all the dots and create a different picture, did the present chaos unfold and prosper.

    So whose connecting all the dots to create Better Beta Future Big Picture Promotions? Anyone SMARTer Enabled with greater situational awareness?

  16. Yet Another Anonymous coward Silver badge

    Big society

    Under the cutting of public services, sorry - big society - shouldn't we ruin GCHQ instead of the other way around?

    If neighbourhood watch in Reading were given the feeds from all the electronic inteligence gathering then they could have predicted the democracy movements in N. Africa, the Iraqi WMD and the fall of the Berlin wall in the same way as GCHQ but cheaper

  17. Anonymous Coward
    Anonymous Coward

    Corporate Networks

    My work network uses MS Forefront Threat Management Gateway which does man in the middle on the fly ssl decryption by installing a company certificate on your PC. All SSL is blocked unless it goes through the gateway. It's there as viruses and threats often use SSL, so easy to justify on a corporate network, and seeing as most people use personal email at work, all that lovely data can be slurped up if required. If you're using IE you wouldn't even be aware it was happening.

    This is difficult for GCHQ to do on the ISP to home network, but on a corporate network, all your secure personal email are belong to them.

  18. Alan Firminger

    On the subject of attacks on vital infrastructure

    Whatever happened at the recent conference to establish fair play ?

    And why have all the sources that told us the conference was starting been silent about it ?

  19. Anonymous Coward
    FAIL

    It's for your own good

    Trust us, we (almost) know what we're doing.

  20. John Smith 19 Gold badge
    Flame

    They were "Mastering the internet"

    How much more "expanded" a role can you get?

    1. amanfromMars 1 Silver badge

      Trying to Master the internet is ......an Insane Challenge to Madness

      "They were "Mastering the internet" .... How much more "expanded" a role can you get?" ...... John Smith 19 Posted Tuesday 8th March 2011 18:38 GMT

      Err yes, well, that just get you started and only so far, John Smith 19 .... whereas alien proposals would allow them to Master Pilot IT with it, and that is a much more expansive and HyperRadioProActive role, for such as those SMARTer Players and Legionnaires mentioned earlier [Tuesday 8th March 2011 14:37 GMT]

      It is certainly such like that they face, and would need to match and/or better, for any sort of effective leadership with control of power in the operational field and virtual domains. Until then will they always be struggling and playing catch-up, effectively light years behind the curve.

  21. Yet Another Anonymous coward Silver badge

    Big society

    Sorry about the typo - should have been 'we run GCHQ' - even more sorry that the typo made the comment better!

  22. Jon 86
    Megaphone

    And soon

    all your network are belong to us. Can we have access to your internal process for defending against attack too so that we can align our process with yours to be able to draw up best practice solution against the cyber attacks that originate from our enemies like "China"?.

    This ^ will soon happen.

    Last time I read, the backdoor left in Google's network was used by attackers to penetrate their network. I may be wrong here but isn't more backdoors there already?

This topic is closed for new posts.

Other stories you might like