UK's GCHQ Admits To Using Vulnerabilities To Hack Target Systems

Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."

Re:

[fustakrakich]

Their behavior is highly rewarding. The voters approve, on both sides of the pond. What do they have to be ashamed of? The public that allows this are the ones who should be ashamed.

How can voters 'approve' of secret programs?

[Anonymous Coward]

How can voters 'approve' of secret programs, to spy on them?

Their people in the House of Lords recently tried to slip 'snoopers charter' into an amendment, the Lords rejected it demanding instead a debate of surveillance. Hence nobody can pretend this has approval, even the Lords want to find the details of it and debate it. Also you don't try to legalize something that is already legal. We found out they have a huge database of private British info, and its freely accessed by Ministry staff. No warrants, no checks, and Snoopers Charter would have made it legal retrospectively.

Good luck telling a judge that his private info, and that of his family are freely available to everyone in certain ministries without so much as a warrant, or check.

Fearmongering isn't necessary if approval is given:
https://www.privacysos.org/node/1660

"If you’re submitting budget proposals for a law enforcement agency, for an intelligence agency, you’re not going to submit the proposal that ‘We won the war on terror and everything’s great,’ cuz the first thing that’s gonna happen is your budget’s gonna be cut in half. You know, it’s my opposite of Jesse Jackson’s ‘Keep Hope Alive’—it’s ‘Keep Fear Alive.’ Keep it alive." - FBI assistant director Thomas Fuentes

Re:

[gl4ss]

also, it still wouldn't make it legal elsewhere.

what all this shit is leading into is countries soon flat out refusing to even investigate hacker claims from other countries - I mean, why should they when the other country does jack all shit nothing to help to solve the crimes their agents committed?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[fustakrakich]

How can voters 'approve' of secret programs, to spy on them?

They do so by not demanding sufficient oversight and allowing too much secrecy, legal or otherwise. And they do it willfully because they believe propaganda. As much noise as we make about it here, the vast majority finds it all perfectly acceptable. Not that they will ever overtly admit to such. Code words like 'national security' and 'voting Arabs' are all you need to get everyone on board. The voters are not innocent by any means, they can prete

Per praxis?

[wonkey_monkey]

will not confirm nor deny as per praxis.

What does an explodey Klingon moon have to do with this?

Re:Per praxis?

[Chrisq]

will not confirm nor deny as per praxis.

What does an explodey Klingon moon have to do with this?

Didn't you know that the UK establishment is run by Klingons? Though they have let a Ferengi [wikimedia.org] and a Vulcan [nocookie.net] enter the government too.

Re:

[serviscope_minor]

And a Sith Lord.

http://newsthump.com/2009/09/2... [newsthump.com]

Actually he was completely unelectable (it seems that British voters are not yet ready to vote for the power of the Dark Side), so Labour made him a lord so we couldn't get rid of him.

Who says it's "illegal"? Timothy?

[phayes]

Something is illegal when there are laws or treaties adopted by the country in question that render the actions illegal. If there is no law or treaty that interdicts the GCHQ from hacking third parties then it cannot be illegal.

Timothy & the people he likes to promote often use words like "unconstitutional" & "illegal" using their own private definitions of the words -- but all they do is render their utterances meaningless hype.

Re:

[Anonymous Coward]

" If there is no law or treaty that interdicts the GCHQ from hacking third parties then it cannot be illegal."

They have already been found to have broken the law in UK jurisdiction.
https://privacyinternational.org/?q=node/482

There are plenty of laws. And GCHQ are not protected by Jurisdiction, Belgacom can prosecute for the Belgian telephone hack as can everyone else. The bit we know from Snowden shows its far worse than IPT are admitting, they did bulk collection, and defined British telecoms as foreign si

Re:

[Anonymous Coward]

I look forward to those responsible being identified and prosecuted to the full extent of the law.

Or past offences ignored and new laws enacted to make future actions legal or new laws enacted and applied retrospectively.

Re:

[phayes]

I see that anonymous cowards are still abysmally stupid. If you can look forward to laws that retroactively make some behavior that you dislike illegal then you open the doors to all retroactive laws, like one that I would prefer that would find all the AC's posting dumb comments like yours and neutering them.

Computer Misuse Act 1990 ..

[DougPaulson]

@phayes: "Something is illegal when there are laws or treaties adopted by the country in question that render the actions illegal. If there is no law or treaty that interdicts the GCHQ from hacking third parties then it cannot be illegal.

Computer Misuse Act 1990 [wikipedia.org]

'Sections 1-3 of the Act introduced three criminal offences:

unauthorised access to computer material, punishable by 6 months' imprisonment or a fine "not exceeding level 5 on the standard scale" (currently £5000);

unauthorised acces

Re:

[Sique]

Just because a police officer in the UK has the right to arrest and interrogate suspects, it is not legal for him to arrest and interrogate people in other countries too. And the lawsuits are in other countries.

Re:

[phayes]

That also depends on treaties signed between the two countries. As for lawsuits brought in country B on the sovereign government of country A, they almost always die a quiet death (Civil suits brought by victims of terrorism upon the Iranian government being an example in which the US State department has been arguing that the suits should be thrown out).

Re:

[Anonymous Coward]

What they've done is to use a blanket warrant to grab ALL data on the excuse of 'terrorism', that gives them a searchable database, which no longer has the individual judicial checks. In particular they've done a full take on the pipes into the UK, which by its nature carries mostly UK to UK data.

GCHQ then handed this feed to the NSA, who have indexed it, on the promise they won't misuse it, and NSA in return has given them access to a search interface, PRISM back on this data and others.

NSA built a haystac

Re:

[phayes]

Drivel. Utter drivel.

The NSA, GCHQ, DGSE, etc have all been authorized, even instructed by the elected officials & courts over them to perform the collection they do. That YOU as a basement dwelling AC with no clearance does not have proof of this & believe that your ignorance is proof of anything is just another sign of how ignorant you are.

Re:

[phayes]

Hear hear! That's the most intelligent comment I have ever read from an AC. So intelligent, that given that you posted it as an AC I'm stealing it for future reuse.

Some people ask me "why even attempt to argue against Timothy & his ilk". Your post is a great example of why.

Re:

[aaaaaaargh!]

There are plenty of laws prohibiting GCHQ from hacking third parties, e.g. they are in direct violation of European and German law (both civil and criminal law). That's why ISPs have sued them.

The problem is just that it's damned hard to prove it, since GCHQ is somewhat sneaky and backed up by a corrupt and fascist government.

Re:

[phayes]

Snort, "corrupt and fascist government". You're either an anarchist opposed to all government or the hypocritical supporter of your own local flavor.

Every government has it's own spies. Germany's BND in particular having been shown to perform the same mass & targeted data collection that German politicians were claiming that only the NSA & the GCHQ were doing.

Re:

[aaaaaaargh!]

Neither of the two, I merely stated a fact.

Re:

[phayes]

Says who? You, the hypocritical anarchist? Yeah, right...

Re:

[ledow]

This is why almost every law is covered by an exemption for the purposes of law enforcement (police pretending to be someone else in a sting operation, for example) or national security (which is what GCHQ hide behind).

Like the "Google not paying UK tax" thing - what they did was ENTIRELY legal, or else they'd be before the courts. But it's considered morally "wrong" so the law gets changed over time to match with the expectation (the "spirit" of the law and not just the "word" of the law).

Almost by defini

Re:

[phayes]

Bull. Court cases against sovereign governments are almost always squashed & most of the exceptions are generally kangaroo political courts. The protestations of Anonymous Cowards far far removed from practical repercussions have absolutely no weight.

Re:

[ledow]

In other countries, they are spies who will be treated as such if caught. Please do catch them.

Unless, of course, those other countries are allies or part of the EU where they may (or may not!) have allowed international co-operation for items of "national security" anyway.

The question is not what GCHQ does, but who is allowing them to do that. The answer in the UK is "the people who draft laws", the answer worldwide is "the people who draft laws" and/or "nobody".

Only for where they are explicitly disallo

Hmm

[cascadingstylesheet]

"Police carry the same projectile weapons that criminals do. Except they do it legally."

Re:

[AmiMoJo]

Good job the police never accidentally shot anyone. Good job that no-one else will ever discover these exploits and begin quietly using them to screw the people that GCHQ is supposed to be protecting.

GCHQ taken to court?

[some old guy]

Oh, my! Hah ha ha, please forgive me! Ha ha ha ha That's a good one!

This is news?!

[RussH]

I'm sorry but did anyone even think that they DIDN'T already do this?

To Hack Target Systems

[rossdee]

So are they responsible for the breach just before Christmas 2013 that exposed millions of credit card details?

Target should sue them, and there could be a class action lawsuit from the affected customers.
And the 1700 workers that were fired in the Twin Cities the other day should get some of the damages too.

Re:

[H0p313ss]

I guess I need more coffee, I can't tell if you're joking, trolling or stupid.

If it was a joke you really need to work on that.

Laugh

[koan]

the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally.

LOL, So... it is a crime, not because it is morally and ethically questionable, but because you told us it is, and you told us it's OK for you to do it.

Queen and Country

[zlives]

"it is not illegal if the president does it"

Re:

[zlives]

‘If the President Does It, That Means It’s Not Illegal’

misquoted earlier