UK's GCHQ Intern Transferred Top Secret Files To His Phone

Bruce66423 shares a report from the BBC: A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing an unauthorised act which risked damaging national security.

Arshad, from Rochdale in Greater Manchester, is said to have transferred sensitive data from a secure computer to his phone, which he had taken into a top secret area of GCHQ on 24 August 2022. [...] The court heard that Arshad took his work mobile into a top secret GCHQ area and connected it to work station. He then transferred sensitive data from a secure, top secret computer to the phone before taking it home, it was claimed. Arshad then transferred the data from the phone to a hard drive connected to his personal home computer. "Seriously? What on earth was the UK's equivalent of the NSA doing allowing its hardware to carry out such a transfer?" questions Bruce66423.

Clearly they need a new CIO

[Linsaran]

The fact that a government agency doesn't have protections against this, when I can't even plug a thumb drive into my mere 'corporate' work PC is absurd.

Re:Clearly they need a new CIO

[TomR teh Pirate]

I work for an automotive company and even we can't do what this guy did in spy-land where everything should be MORE locked down. As you say, the CIO is incompetent and should be bounced.

Re:

[PPH]

This is in the UK. Would that be Desmond Llewelyn? Perhaps they'll replace him with John Cleese.

Re:

[arglebargle_xiv]

This is in the UK.

"I say old boy, that's a bit off! Was sure this chap was sound, no idea what the blighter was thinking. Must have a word with him when I next run into him at the club".

Re: Clearly they need a new CIO

[vbdasc]

or perhaps at the pub.

Re:

[MobileTatsu-NJG]

The fact that a government agency doesn't have protections against this, when I can't even plug a thumb drive into my mere 'corporate' work PC is absurd.

I had a comment to make as well, but as an American who is aware of the recent news cycle my credibility is pretty derned low.

Re:

[whoever57]

This is the UK, which allowed Kim Philby to spy for the KGB for many years. He was trusted as a "Cambridge man", along with the other members of the Cambridge five.

Re:

[RockDoctor]

the other members of the Cambridge five.

For values of "five" in double digits.

Dumbass

[newslash.formatblows]

Should have stored it in his golden bathroom.

Re:

[mike449]

Or sent to a Signal chat. This is apparently an approved way of handling national secrets as well.

Phones in GCHQ?

[Roger W Moore]

Nevermind why the computers allowed such a transfer why did he even have his phone inside GCHQ in the first place? These things leak data and can be hijacked to record and upload information by other state actors - as GCHQ itself should know given that they have been accused of doing it themselves!

I'd have expected that, unless you were working in a very low security area, you'd need to leave your phone in a Faraday cage locker at the gate/door. Frankly, you probably also need to do that with watches as well now since I'd be amazed if smart watches have not also been hacked to record and relay information.

Re:Phones in GCHQ?

[PPH]

why did he even have his phone inside GCHQ in the first place?

Just try to pry a phone out of the hands of a zoomer and see what happens.

Re:

[sound+vision]

He should have applied to intern in the White House instead. Seems like a better "cultural fit".

Re:

[ArchieBunker]

He better consult this guide before applying. https://imgur.com/gallery/fami... [imgur.com]

Re:

[gnasher719]

Just try to pry a phone out of the hands of a zoomer and see what happens.

Best case two broken hands.

Re:Phones in GCHQ?

[rambletamble]

Interesting supposition that "I'm guessing this wasn't a high security area", however the /. story here says in the second paragraph "which he had taken into a top secret area of GCHQ on 24 August 2022", so I'm not sure how your conclusion can be drawn

Re:

[EreIamJH]

Because he had a phone. Because he had the ability to connect to a local wifi in a top secret environment, or a USB cable to do it. Because his computer had open ports. Because the server with the top secret data gave him the rights to export data to a local computer. Because the local computer gave him rights to copy data via wifi or to a USB device. Because he had porn on his phone. Just little clues like that.

Re: Phones in GCHQ?

[devslash0]

If you read the article you'd know that it was a work-issue mobile.

Re:

[Superdad]

Everything in GCHQ/MI5/MI6/wherever is 'sensitive'. In the MSM/Press everything in those places is 'Top Secret'.
Maybe it is, maybe it isn't, but am essential part of secrecy is keeping secret what is secret and what isn't.

SD

Re:

[kaatochacha]

Please , let's discuss this when the subject matter is about DOGE and the US security apparatus, as it is valid then.
Otherwise, don't work that into everything.
For example, the Holocaust was awful and horrible.
But I don't mention the Holocaust when talking about border control, or daisies, or even everything German.

Access problems

[jroysdon]

Why did the intern have access? Why was a smartphone allowed into an area with top secret files and without controls to block it from being connected? So many fails.

Re: Access problems

[devslash0]

Possibly because the article says it was a work mobile. Perhaps that's why the device was pre-authorised to connect.

Re:

[Anonymous Coward]

Is that commonly allowed under UK security rules? As I understand it, the usual US security rules are that you're not supposed to bring any wireless devices into an area approved for SECRET or higher (laptops can be allowed with prior approval if wireless functions are switched off while inside, although usually they would prefer no wireless capabilities at all), and there should be pretty strict rules on what devices can plug into the computers there. If the phone was approved to connect to classified co

Re:

[evanh]

I've work in a factory that wasn't classed secret in any way, but not even the work cellphones were allowed in the bulk of the factory let alone the high security areas. There was landline portable and desk phones for making work calls. Maintenance and supply chain staff had assigned desktop computers with web access within the factory secure zone.

The only digital photo cameras allowed were the designated internal ones. Of which there was only two, afaik. Any contractors wanting to photo a piece of mach

Re:

[RockDoctor]

Ditto.

Any contractors wanting to photo a piece of machinery for repair had to use one of those two cameras and then email the photo.

With a corollary that any contractors that complained about it were immediately ex-contractors and escorted from the locker room (where they were locking their phones, cameras etc away).

They are currently clean on OPSEC.

[Guspaz]

They are doing all they can to enforce 100 percent OPSEC.

Re:

[evil_aaronm]

Do you even OPSEC, bro?!

Re:

[Powercntrl]

It's only a crime if you're not republican.

This happened in the UK. Though, it seems like our "new normal" here in the US is contagious.

As Reality Winner once googled,

[RightwingNutjob]

Secret computers [do] record usb drive insertions.

Re:

[RockDoctor]

... if they have USB ports which aren't glued up. Also, USB headers on the motherboards, which are behind the intrusion-detection microswitch, beyond the case padlock.

Every few months there's a report of some dude leaving his MI-several issue laptop full of "fun stuff" in the pub/ on a train ; in a taxi. They'll have a whole suite of additional protection, starting with encryption at the hard drive controller board.

GCHQ - This is your SIgnalGate

[gavron]

Yes, do let an INTERN have access to TOP-SECRET information, unmonitored, and with USB ports just allowing anyone to copy TS data and exfiltrate it.

I don't care what religion or race or color he is. He is an INTERN. He should not have TS clearance. He should not have unfiltered access to TS data. And then he left the building with it and took it home and put it on his PROBABLY WINDOWS MALWARE INFESTED PC, which is all Windows PCs (some being that way from the manufacturer).

GCHQ is like the UK's NSA exce

Sigh.

[ledow]

More worrying that it took a month between the offence and the arrest.

If they'd grabbed him later that day, I could say "Ah, they clearly let him do it, all the alarm bells went off, but they wanted to see what he would do, and then arrested him before anything could happen to the data".

But no. They didn't do anything to stop him until a month later.

Re: Sigh.

[databasecowgirl]

To be fair, it was during Cheltenham Festival and Channel 4 had very limited coverage this year.

WTF

[bloodhawk]

WTF sort of incompetents do they hire, everyone knows once you get to top secret or above it should be signal.

Re:

[RockDoctor]

WTF sort of incompetents do they hire,

In EN_UK, "intern" implies that the person is not being paid. I'm not sure what it means exactly in EN_US.

Which shouldn't be an issue - getting onto a site that covers "sensitive" and higher material will require one level of vetting, regardless of pay scale. Higher levels of vetting for "Secret", Top Secret", etc, with the same disregard of pay rate.

Unless you're a politician, when a highly vetted person lets you see the documents, but not take your own notes. Until

Profiles?

[TJHook3r]

I wonder if this would have made the news if the accused didn't have an exotic name?

Best Resume EVAR!

[hyades1]

As a convicted felon who managed to achieve his first guilty plea just after his 25th birthday, a plea stemming from his commission of a security breach of truly jaw-dropping severity, Hasaan Arshad now satisfies all the criteria necessary to be named by Donald Trump as the next head of the NSA.

following americas lead

[Growlley]

after all if its good enough for the presidents best and only the best people then ,,,

Top secret data on mobile phone

[Mirnotoriety]

DOH!

May be overreacting

[Horus1664]

Normally, in the UK, if this has been a 'serious' security breach, proceedings would have been conducted behind closed doors and likely not even disclosed to the press or public. I would suspect that this is a security infraction but not as bad as many have assumed.

Isn't he a spy?

[Flavianoep]

I am not a native English speaker, so I am a bit confused. I would call a person who takes top secret files home is a spy, but the summary is calling such a person an 'intern'.