Thankfully...
El Reg is on the scene to poke holes in the inconsistencies. As soon as I read the footnote in the article, I thought 'but... didn't you /just say/ their accounts were hacked???'
GCHQ has declined to comment on a report in the Daily Telegraph this weekend, which claimed that UK cabinet ministers' emails had been hacked, but that – bafflingly – no breach had occurred. Which is a bit like saying "nothing happened, but we're going to write a story anyway." Spokesbeings at Britain's eavesdropping nerve …
But that picture looks like the People's Front of Judea, which might be defeating its intended propaganda purpose. Although I suppose those susceptible to propaganda will be incapable of seeing it that way.
IS is a US-created mess, but clearly beyond the capability of the Yanks and their British poodle to sort out. I say let the Iranians and the Russians go sort it out, in the old fashioned way.
You forgot "Al Nusra (prisoner liver-eating)" and "Al Nusra / CIA supported" (recently eliminated by Al Qaeda), "Al Qaeda / Saudi supported with CIA weapons" as well as the "Internet Trolling Jewish Keyboarder Brigade pretending to be Al Nusra".
It's all a bit of a clusterfuck.
Does GCHQ maintain the gsi or gsi-x network and mailservers carrying ministerial mail?
I think not... Can't remember the name of the primary contractor on that network, might be C&W, but if its in GSI its not BT being incompetent for a change, though not sure they have any competent people left nowadays to be able to tell. If the gsi gateway is hacked its not GCHQ that's been compromised, thus producing confusion, why would people ask the donut for a comment on 3rd party provided systems?
It could be in the handover point, in the DFTS transit links or in the IGS, but either way its *still* not GCHQ who maintains the security of those systems, though they do get involved with auditing them and mandating operating process in a series of JSP documents.
Asking the wrong people mate, innit...
Posting anon, but they know who I am no doubt.
C & W are now Vodaphone, and GSI has moved on as well, but public sector eMails are not hosted by GSI anyway, but by the various departments and agencies, and their contractors. So one assumes the Cabinet Office would be responsible for ministerial eMails.
By the way, what evidence was provided that a hack had actually occurred, and yes GCHQ are not responsible, or even in the loop.
You're overlooking Occam's Razor: the simplest explanation is the most probable.
Yes, there was a cyberattack that was successful. No, there was no breach. Why? Because a previous undisclosed cyberattack had already resulted in the breach, so the second attack could not be a breach because the information was already stolen. It's like breaking into a safe only to find you were the second burglar and everything was already gone.
I've just finished reading Intercept, 'the secret history of computers and spies' by Gordon Corera, Although it starts with the first world war, then Tommy Flowers & Colossus. it soon moves into modern times. I found it quite an interesting read, (though I'm a sucker for such books), especially the later sections, with stories of how the spy agencies saw systems being broken into & stuff 'disappear' from servers, without feeling that they needed to say anything. The last two or three chapters explain how interlinked the world is, & how easy it is the for the three letter agencies to tap into it. A book I think is worth the read. If I wasn't paranoid before, I would have been by the end.
its not exactly hard to make your own keylogger in c++ that is 2kb and install it, if its your own, code then no virus checker will know about it until you release on a public website
and then it would be less then 2kb if you have pecompact
even the bbc can afford key scrambler https://www.qfxsoftware.com/
"no virus checker will know about it until" - true, but it's all about defence in depth. Anti-malware suites nowadays use multiple techniques, including emulation and heuristics to evaluate the behaviour of code. Hey, this app hooks the keyboard API AND makes connections to an external site AND is trying to install itself silently as a permanent service... are you suspicious yet? Plus, if you scan at the gateway, seeing an executable that does all that being sent in is definitely something you want to block.
Doing all that in less than 2kb is also suspicious - what developer cares about bloat nowadays?
Are you kidding about that key scrambler website? You're suggesting that the BBC uses it, but the site doesn't claim that, it quotes BBC News, but that might just be a journalist quoting the developer's own press release. That key scrambler might be useful as an additional line of defence, but preventing malware running on your system in the first place is a lot higher priority in my view.
Disclosure: I sell anti-malware products and services.
"Doing all that in less than 2kb is also suspicious - what developer cares about bloat nowadays?"
everyone, the bigger the file, the crapper coder you are, with no optimization which makes work flow take longer then it should, there`s a million ways to do the same thing with c++, its upto you to find the fastest way
I worked with one of the guys who built the first "interpreted scan" engines (partial x86 interpreter in addition to signatures) in 1996. We both maintained a couple of networks in addition to our day jobs. I went on for this to become my "daily bread" while he continued working on anti-malware.
What you are suggesting was not going to get past most of the scanners then (nearly 20 years ago). I do not see how it will get past a scanner now.
Can I just say that this actually makes sense to me.
A person could very well hack a system, by my definition of the word, but not breach it. You do not need to successfully break in to a system to be hacking. A failed attempt to break in is still a hack.
In the same way, it would be a cyber attack, just as a bunch of enemy fighters raiding an encampment is an attack even if they do not manage to kill anyone or inflict any damage. The attack still occurred, whether it was successful or not.
...Junaid Hussain – the UK fugitive hacker turned ISIS recruiter killed in a US drone strike in Syria in August – was understood to have been behind the "cyber attack"....
He is a paedophile climate change denier, was also responsible for plotting an attack on the Queen, for ensuring that Britain failed in its bid to host the 2018 World Cup, and is understood to boil little kittens to make gloves - oh, and he runs several UK banks which charge exorbitant amounts of interest....