back to article How did jihadists hack into top UK ministerial emails if no security breach took place?

GCHQ has declined to comment on a report in the Daily Telegraph this weekend, which claimed that UK cabinet ministers' emails had been hacked, but that – bafflingly – no breach had occurred. Which is a bit like saying "nothing happened, but we're going to write a story anyway." Spokesbeings at Britain's eavesdropping nerve …

  1. brym

    Thankfully...

    El Reg is on the scene to poke holes in the inconsistencies. As soon as I read the footnote in the article, I thought 'but... didn't you /just say/ their accounts were hacked???'

  2. Your alien overlord - fear me

    GCHQ doesn't "comment on intelligence matters".

    or

    GCHQ doesn't "comment on intelligent matters, just unconfirmed rumours to increase their budget."

  3. Anonymous Coward
    Go

    *cough* D Notice *cough*

    Nothing to see here, move along

  4. Anonymous Coward
    Anonymous Coward

    Probably been said before

    But that picture looks like the People's Front of Judea, which might be defeating its intended propaganda purpose. Although I suppose those susceptible to propaganda will be incapable of seeing it that way.

    IS is a US-created mess, but clearly beyond the capability of the Yanks and their British poodle to sort out. I say let the Iranians and the Russians go sort it out, in the old fashioned way.

    1. davidp231

      Re: Probably been said before

      Don't you mean the Judean Popular People's Front?

      1. Mage Silver badge

        Re: Probably been said before

        No, it's the Popular Judean People's Front today.

        1. LordSlaphead

          Re: Probably been said before

          Splitters.

      2. Anonymous Blowhard

        Re: Probably been said before

        We're the People's Front of Judea!

    2. Sarah Balfour

      Re: Probably been said before

      Why just blame the septics…? We had a role, too, y'know. The U.S. wasn't the only one poking its nose in where it didn't belong…

    3. magickmark

      Re: Probably been said before

      Yes but what did the Jihadists, ever do for us?

  5. Anonymous Coward
    Gimp

    A leak without a hack/breach?

    Sounds to me like some overpaid incompetent fucktard has gone and left something he shouldn't have been bandying about the place in a meetingroom/taxi/train/whore. Yet again.

  6. Destroy All Monsters Silver badge
    Gimp

    Just another hit by Paul Muad'dib

    > Your spice transport will be delayed

    > Your spice transport will be delayed

  7. BobRocket

    Massive Prison Break

    no prisoners escaped

  8. Anonymous Coward
    Anonymous Coward

    If uk.gov weren't breached...

    Perhaps a certain "ally" with a penchant for extraordinary infosec incompetence was?

  9. Khaptain Silver badge

    What's his name ?

    A very inconsistent article, can you please give clarification, at least a bit more han GCHQ ab out how actually did or do not perform the breach, was it ISIS, IS , ISIL, Jihadists Liberation Front or the Now Defunt Syrian ExBrits Hackers Club.

    1. Destroy All Monsters Silver badge
      Gimp

      Re: What's his name ?

      You forgot "Al Nusra (prisoner liver-eating)" and "Al Nusra / CIA supported" (recently eliminated by Al Qaeda), "Al Qaeda / Saudi supported with CIA weapons" as well as the "Internet Trolling Jewish Keyboarder Brigade pretending to be Al Nusra".

      It's all a bit of a clusterfuck.

      1. Anonymous Coward
        Facepalm

        Re: What's his name ?

        Game of Thrones The LARP version. And again, I wish I was kidding.

    2. Captain DaFt

      Re: What's his name ?

      Obviously, it was Col. Mustard, in the drawing room, with an iPad.

      1. Anonymous Coward
        Anonymous Coward

        Re: What's his name ?

        You refer to brothels as 'drawing rooms Capt. DaFt? How very... er... literal.

  10. x 7

    perhaps they broke into a dummy honeytrap network?

    1. Will Godfrey Silver badge

      perhaps they broke into the dummy (user)

      1. Pascal Monett Silver badge

        Didn't have to break into him, they just waved a chocolate bar.

  11. chivo243 Silver badge
    Headmaster

    Account hacked but no security breach?

    So, an account was hacked, or do I have it backwards? Breached? No, hacked i guess, as the pw was guarsed? But, no security breach on the system itself?

    Glad to see the terminology has been muddied.

  12. Anonymous Coward
    Anonymous Coward

    Technically it wouldn't be a GCHQ security breach if they only hacked the Ministers with Ashley Madison accounts.

  13. julian_n

    "How did jihadists hack into top UK ministerial emails if no security breach took place?"

    Maybe they had their own version of clintonmail?

  14. Anonymous Coward
    Anonymous Coward

    Does GCHQ maintain the gsi or gsi-x network and mailservers carrying ministerial mail?

    I think not... Can't remember the name of the primary contractor on that network, might be C&W, but if its in GSI its not BT being incompetent for a change, though not sure they have any competent people left nowadays to be able to tell. If the gsi gateway is hacked its not GCHQ that's been compromised, thus producing confusion, why would people ask the donut for a comment on 3rd party provided systems?

    It could be in the handover point, in the DFTS transit links or in the IGS, but either way its *still* not GCHQ who maintains the security of those systems, though they do get involved with auditing them and mandating operating process in a series of JSP documents.

    Asking the wrong people mate, innit...

    Posting anon, but they know who I am no doubt.

    1. Otto is a bear.

      A bit behind there

      C & W are now Vodaphone, and GSI has moved on as well, but public sector eMails are not hosted by GSI anyway, but by the various departments and agencies, and their contractors. So one assumes the Cabinet Office would be responsible for ministerial eMails.

      By the way, what evidence was provided that a hack had actually occurred, and yes GCHQ are not responsible, or even in the loop.

  15. Elmer Phud

    Shirly it has nothing to do with the announcement that Jeremy Corbyn is a 'threat to National Security'.

  16. Anonymous Coward
    Anonymous Coward

    You're overlooking Occam's Razor: the simplest explanation is the most probable.

    Yes, there was a cyberattack that was successful. No, there was no breach. Why? Because a previous undisclosed cyberattack had already resulted in the breach, so the second attack could not be a breach because the information was already stolen. It's like breaking into a safe only to find you were the second burglar and everything was already gone.

    1. P. Lee

      >You're overlooking Occam's Razor: the simplest explanation is the most probable.

      "No security breach" -> "no breach of national security"?

      Perhaps, a government's minister's email account did have its password guessed, but it wasn't one being used for ministerial things?

  17. Mark 85

    WTF...

    Maybe they went in, and sent some emails? I'm wondering if anyone actually knows what happened.

  18. Peter Stone

    I've just finished reading Intercept, 'the secret history of computers and spies' by Gordon Corera, Although it starts with the first world war, then Tommy Flowers & Colossus. it soon moves into modern times. I found it quite an interesting read, (though I'm a sucker for such books), especially the later sections, with stories of how the spy agencies saw systems being broken into & stuff 'disappear' from servers, without feeling that they needed to say anything. The last two or three chapters explain how interlinked the world is, & how easy it is the for the three letter agencies to tap into it. A book I think is worth the read. If I wasn't paranoid before, I would have been by the end.

  19. Jan 0 Silver badge
    Holmes

    Timewarp?

    Why are there two 19th Century bearded sailors in experimental cork lifejackets at the front of the picture?

  20. Zmodem

    its not exactly hard to make your own keylogger in c++ that is 2kb and install it, if its your own, code then no virus checker will know about it until you release on a public website

    and then it would be less then 2kb if you have pecompact

    even the bbc can afford key scrambler https://www.qfxsoftware.com/

    1. Allan George Dyer

      "no virus checker will know about it until" - true, but it's all about defence in depth. Anti-malware suites nowadays use multiple techniques, including emulation and heuristics to evaluate the behaviour of code. Hey, this app hooks the keyboard API AND makes connections to an external site AND is trying to install itself silently as a permanent service... are you suspicious yet? Plus, if you scan at the gateway, seeing an executable that does all that being sent in is definitely something you want to block.

      Doing all that in less than 2kb is also suspicious - what developer cares about bloat nowadays?

      Are you kidding about that key scrambler website? You're suggesting that the BBC uses it, but the site doesn't claim that, it quotes BBC News, but that might just be a journalist quoting the developer's own press release. That key scrambler might be useful as an additional line of defence, but preventing malware running on your system in the first place is a lot higher priority in my view.

      Disclosure: I sell anti-malware products and services.

      1. Zmodem

        "Doing all that in less than 2kb is also suspicious - what developer cares about bloat nowadays?"

        everyone, the bigger the file, the crapper coder you are, with no optimization which makes work flow take longer then it should, there`s a million ways to do the same thing with c++, its upto you to find the fastest way

    2. Voland's right hand Silver badge

      Not a chance

      I worked with one of the guys who built the first "interpreted scan" engines (partial x86 interpreter in addition to signatures) in 1996. We both maintained a couple of networks in addition to our day jobs. I went on for this to become my "daily bread" while he continued working on anti-malware.

      What you are suggesting was not going to get past most of the scanners then (nearly 20 years ago). I do not see how it will get past a scanner now.

  21. Sirius Lee

    Read my lips...

    I did not have security relations with that Jihadist.

  22. Dr. Mouse

    Can I just say that this actually makes sense to me.

    A person could very well hack a system, by my definition of the word, but not breach it. You do not need to successfully break in to a system to be hacking. A failed attempt to break in is still a hack.

    In the same way, it would be a cyber attack, just as a bunch of enemy fighters raiding an encampment is an attack even if they do not manage to kill anyone or inflict any damage. The attack still occurred, whether it was successful or not.

  23. 0laf Silver badge

    They probably hacked the ministerial Hotmail accounts that were being used to avoid answering FOI requests

  24. Anonymous Coward
    Anonymous Coward

    Quality mps

    The culprit was voted in, hence no security breach.

    1. Anonymous Coward
      Anonymous Coward

      Re: Quality mps

      ... Addendum. Let me check that Ashley Madison database I downloaded.

  25. Hans 1
    Facepalm

    I was already amazed to find commentards quoting Daily Telegraph around here, but el'reg ? No, seriously ?

    If other "news exclusives" from the Telegraph are anything to go by, I guess the "source" is a pound shop owner somewhere in Wales.

  26. Dodgy Geezer Silver badge

    ...Junaid Hussain – the UK fugitive hacker turned ISIS recruiter killed in a US drone strike in Syria in August – was understood to have been behind the "cyber attack"....

    He is a paedophile climate change denier, was also responsible for plotting an attack on the Queen, for ensuring that Britain failed in its bid to host the 2018 World Cup, and is understood to boil little kittens to make gloves - oh, and he runs several UK banks which charge exorbitant amounts of interest....

  27. TeeCee Gold badge
    Coat

    Easy question.

    They probably just got Corbyn to forward everything.

    1. druck Silver badge
      Mushroom

      Re: Easy question.

      Exactly, no need to hack anything now a Privy Council member will be passing everything on to his many friends in the Middle East, Irish Republican's, Argentina, etc, etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like