VOIP and the web baffle Brit spook wiretappers

MI5, GCHQ bemoan 'biggest change since telephones'


The head of the UK government's secret electronic spying and codebreaking agency, GCHQ, has said that his organisation's ability to intercept conversations and messages is seriously undermined by internet-protocol (IP) communications. The digital spook's comments may come as a blow to British and European politicians who have sworn to eradicate terrorism from the internet.

The revelations came as part of the annual parliamentary oversight report into the doings of the UK intelligence community, which was released today. The report is compiled by the specially-vetted MPs and lords of the Intelligence and Security Committee (ISC), who are allowed to review secret data and grill important mandarins from the shadowier parts of Whitehall.

The section on GCHQ touches on the problems caused for government wiretappers by IP networks:

One of the greatest challenges for GCHQ is to maintain its intercept capability in the face of rapidly evolving communications technology. This relates in particular to the growth in internet-based communications and voice over internet telephony.

It seems that it was much easier to tap old-school phone calls, faxes and so on as they tended to move through networks by routes which were easy to predict. Sir David Pepper, boss of GCHQ, briefed the ISC.

"The internet uses a very different approach to communications," he said.

"Rather than having any sense of fixed lines... communications are broken up... whether you are sending an email or any other form of Internet communication... packets are then routed around the network and may go in any one of a number of different routes... [This is] the biggest change in telecoms technology since the invention of the telephone. It is a complete revolution..."

Sir David went on to explain more, but his further comments - presumably covering the best ways for someone to be sure that GCHQ would not be able to tap their comms - were blanked out. So were the words of the Director-General of MI5*, in which apparently "the seriousness of these challenges was reinforced".

These remarks were made in the context of counterterrorism work against groups at least partly located in the UK. The report also makes clear that the average size of a UK-based terror network is about ten people (we are told that MI5 are watching 200 such groups, amounting to 2000 possible terrorists).

It's pretty clear, then, that even small groups without much money can avoid having their communications intercepted by MI5 and GCHQ - and that the methods involve using IP applications.

No surprises there, really - the difficulty of centrally monitoring and intercepting packet networks will be obvious to most Reg readers. Countries like China and the US have had to mount enormous, extremely expensive infrastructure efforts in pursuit of such capabilities.

But the snags aren't at all obvious to politicians. Prime Minister Gordon Brown and Home Secretary Jacqui Smith have recently pledged to prevent any use of the internet for terrorist communications, propaganda etc. So has EU vice-president Franco Frattini.

It seems that if they have only GCHQ to carry out these plans - and this is one of the biggest and baddest agencies of its type in the world, outside America - then it isn't going to happen.

Read the whole ISC report and the government's responses here. ®

*MI5 isn't the proper name. Officially the UK's domestic spooks are called the Security Service, but nobody wants to refer to a secret internal-security body by the initials "SS".


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022