Euro Security Watch with Mathew J. Schwartz

GCHQ Seeks 'Responsible' Hackers

Agency Hiring 'Cyber Intelligence' Specialists
GCHQ Seeks 'Responsible' Hackers

Wanted: Hackers for hire. Or in British government parlance: "Committed and responsible individuals who have the potential to carry out computer network operations to keep the U.K. safe."

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

So reads a May 12 advertisement from Britain's Government Communications Headquarters. The signals-intelligence agency says in a statement that "this is the first time that GCHQ has openly recruited for Computer Network Operations Specialists."

The agency notes that the job can include both cybersecurity and "cyber-intelligence" responsibilities. "In cybersecurity, operations specialists may find themselves working in a team detecting and preventing attempts to attack the critical national infrastructure, or seeking to defend government systems against criminals seeking to steal information, identities or money," it says. "Cyber-intelligence specialists might need to develop software to access the computers of a terrorist group, or carry out operations to retrieve vital online clues about the location and identity of members of an organized crime ring."

GCHQ appears to regularly assist with law enforcement operations, such as the 2014 disruption of the Shylock botnet, which was led by the U.K.'s National Crime Agency. GCHQ, however, has typically kept a low public profile.

But the head of GCHQ, Robert Hannigan, upon taking office late last year, broke with tradition by making highly public statements, which in his case involved excoriating U.S. social networks for serving - unintentionally or not - as "the command-and-control networks of choice for terrorists and criminals." There's been no word yet on his perspective on webmail, telephone or mobile telephony providers.

Privacy Tensions

GCHQ, meanwhile, has been criticized by privacy rights groups for serving as the British command-and-control network for mass surveillance. The news of the GCHQ job listing - and starting salary of about £28,000 ($44,000) - led former LulzSec member Mustafa Al-Bassam to quip that would-be candidates could earn more if they took a position at the civil-rights group Privacy International.

GCHQ earned the ire of many Europeans after reports tied it - and the U.S. National Security Agency - to the hack of both Belgian telecommunications provider Belgacom and the European Parliament (see Espionage Malware Alert Sounded).

Responding to the job listing via Twitter, Virus Bulletin editor Martijn Grooten quipped: "Must speak fluent Belgian. Ability to offend considered a plus."

Legal Rethink Due

GCHQ insists - via the job listing - that it complies with "strict legal controls, safeguards and requirements," although a Parliamentary committee has said that those surveillance laws are opaque and overdue for a rewrite.

The European Court of Human Rights, furthermore, has ruled that bulk data collection - of the type practiced by the U.K. under recent Labor, Tory and Lib Dem administrations - violates Europeans' human rights, and that EU governments must restrict themselves to targeted surveillance. But Britain's recent coalition government continued the practice, and the country's new Conservative administration has signaled its intention to scrap the EU Human Rights Act in favor of a new British Bill of Rights that would make it easier for Britain to opt out of EU court decisions.

Intelligence Jobs Warning

Regardless of how the surveillance question develops, any would-be GCHQ applicants would do well to heed the work of Transparency Toolkit founder M.C McGrath, who has been using "big data" techniques to review LinkedIn profiles. To date, he has gathered more than 27,000 resumes of people who appear to work as contractors for intelligence agencies, based on the fact that their resumes list such skills as NSA's formerly top secret XKeyscore program. McGrath has assembled that information into the ICWatch database, searchable by name, company, location and skills.

University of Surrey computer science professor Alan Woodward tells me that intelligence analysts and contractors need to beware how they advertise their skills. "The big concern is ... that rank-and-file workers in the intelligence community could be put at risk," he says.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.