Slashdot Mirror

Theresa May was previously the Minister for the Home Office and therefore responsible for the National Cyber Security Centre (NCSC) and the failure of IT governance in that made the NHS vulnerable to attack last week.

The conservatives also passed the Digital Economy Act 2017 Described as 'unacceptable', 'unaffordable', and 'infeasible' by the UK Open Right Group which an erosion of consumer Digital Rights and considered by many to be quid pro quo to old media barons for their support.

But since GCHQ is a bought and paid for subsidary of the NSA.

Learn some history mate.

I'm sure GCHQ https://www.gchq.gov.uk/Pages/homepage.aspx will search your mail and that CESG https://www.gchq.gov.uk/AboutUs/Pages/CESG.aspx will advise you on how to fix your problem.

I'm sure GCHQ https://www.gchq.gov.uk/Pages/homepage.aspx will search your mail and that CESG https://www.gchq.gov.uk/AboutUs/Pages/CESG.aspx will advise you on how to fix your problem.

All in the job description http://www.gchq.gov.uk/AboutUs/Pages/index.aspx and I expect the law http://www.gchq.gov.uk/AboutUs/Pages/Accountability-and-the-Law.aspx.

All in the job description http://www.gchq.gov.uk/AboutUs/Pages/index.aspx and I expect the law http://www.gchq.gov.uk/AboutUs/Pages/Accountability-and-the-Law.aspx.

The GCHQ About Us http://www.gchq.gov.uk/AboutUs/Pages/index.aspx and Accountability and the Law http://www.gchq.gov.uk/AboutUs/Pages/Accountability-and-the-Law.aspx, so yes, lets call them the government for that is who they are.

The GCHQ About Us http://www.gchq.gov.uk/AboutUs/Pages/index.aspx and Accountability and the Law http://www.gchq.gov.uk/AboutUs/Pages/Accountability-and-the-Law.aspx, so yes, lets call them the government for that is who they are.

This article, the source of it all, suggests something like you describe - but even better. But instead of using actual words as code, each five-letter group stands for a word (or common phrase maybe?). So without having the key to how to replace the five-letter groups to something sensible, there is no way of knowing what the meaning is.

On top of that they suspect the coded message is in turn encrypted using a one-time pad. Making it impossible to even get back the coded message.

The only real weakness in these encryption schemes is of course the key exchange, the encryption itself is better than what we use now: most modern encryption is crackable by brute force (albeit so hard it takes like forever).

I can't find any links to the "released" papers. No fanfare on http://www.gchq.gov.uk/.

Anyone?

https://en.wikipedia.org/wiki/Spartacus_(film) Well I am!

So how does the US defend or any other Country for that matter against a syn ack or my deep packet inspection back to GCHQ http://www.gchq.gov.uk/Pages/homepage.aspx I don't even work for them, as I am better and they use BT Integrated Accommodation Services Ltd.

That is a company for spying! Nothing you do is private; but can I penetrate as a hacker? Maybe, and If I said I was a CDC member Cult of the Dead Cow and do anything illegal? No. Philosophy states; if I want in as a hacker; you would have never seen me coming and pulling an rm-rf of /var/logs is not where the real log files are stored!

Thanks to my friend fydor http://www.sectools.org/ | might go unseen, but a true hacker... maybe he is spartacus. Remember it only takes 1 to get in! binary finary :P

If you really believe that the left is less intrusive of civil liberties than the right, you just don't have enough experience with the left. Or you're willfully ignoring it. They just usually attack different civil liberties than (some of) the right attacks, but you can bet your bottom dollar that once they have their highest priorities taken care of, they'll go after the rest. One of the first to go will be - no surprise - freedom to dissent. That's neither particularly left nor right, governments of all stripes tend to dislike criticism and will suppress it if they can, by any means they can.

Don't believe any of that? Try living and working in a communist country for a while. It'll open your eyes.

If you really believe that the left is less intrusive of civil liberties than the right, you just don't have enough experience with the left. Or you're willfully ignoring it. They just usually attack different civil liberties than (some of) the right attacks, but you can bet your bottom dollar that once they have their highest priorities taken care of, they'll go after the rest. One of the first to go will be - no surprise - freedom to dissent. That's neither particularly left nor right, governments of all stripes tend to dislike criticism and will suppress it if they can, by any means they can.

Don't believe any of that? Try living and working in a communist country for a while. It'll open your eyes.

Having seen serious combat in many countries and *gagged* by the official secrets act there are some things I would like to post anonymously but am afraid slashdot would get a subpoena for my details so it makes no difference anon or not. Therefore I am going to jump in and tell you what has been occuring at GCHQ http://www.gchq.gov.uk/ because no matter what I do or say on slashdot, I am pretty high up on the radar and my phone calls have been monitored too as I am trained in counter-espionage and ISTAR. Despite what the government tells you, it is easy to end up on a database as a threat or just for speaking your mind. There are secret files held on people and it does not matter whether you use the "Freedom of Information Act" you will never get access to those files. Wiretapping is redundant and "deep packet inspection" has been used by GCHQ for as long as I can remember with my career in the Mil going back to 1985 even on nix SLIP accounts. GCHQ have had the abilitiy to triangulate you using your Mobile/Cell phone since 1992! All your civil liberties are eroded beyond belief. Sorry if I rant too much but my reply to the topic is putting out an Amnesty and then after all the info-gathering getting punished. Remember all governments will and can change their minds without contridicting themselves. I say power to the people.

GCHQ has two important missions: Signals Intelligence and Information Assurance. Our Signals Intelligence work provides vital information to support Government in the fields of national security, military operations, law enforcement and economic well being. The intelligence we provide is at the heart of the struggle against terrorism and also contributes to the prevention and detection of serious crime. GGHQ supplies intelligence to the UK armed forces, wherever they may be deployed in the world. Information Assurance is about protecting Government data - communications and information systems - from hackers and other threats. GCHQ is heavily dependent on technology in order to execute our global missions. An increasingly rapidly changing digital world demands speedy innovation in our technical systems, allowing us to operate at internet pace, as the information age allows our targets to. One of our greatest challenges is maintaining our capability in the face of the growth in internet-based communications and voice over internet telephony. We must reinvest continuously to keep up with the methods that are used by those who threaten the UK and its interests. Just as our predecessors at Bletchley Park mastered the use of the first computers, today, partnering with industry, we need to master the use of internet technologies and skills that will enable us to keep one step ahead of the threats. This is what mastering the internet is about. GCHQ is not developing technology to enable the monitoring of all internet use and phone calls in Britain, or to target everyone in the UK. Similarly, GCHQ has no ambitions, expectations or plans for a database or databases to store centrally all communications data in Britain. Because we rely upon maintaining an advantage over those that would damage UK interests, it is usually the case that we will not disclose information about our operations and methods. People sometimes assume that secrecy comes at the price of accountability but nothing could be further from the truth. In fact, GCHQ is subject to rigorous parliamentary and judicial oversight (the Intelligence and Security Committee of parliamentarians, and two senior members of the judiciary: the Intelligence Services Commissioner and the Interception of Communications Commissioner) and works entirely within a legal framework that complies with the European Convention on Human Rights. The new technology that GCHQ is developing is designed to work under the existing legal framework. It is an evolution of current capability within current accountability and oversight arrangements The Intelligence Services Act 1994 and the Regulation of Investigatory Powers Act 2000 underpin activities at GCHQ - both existing systems and those we are planning and building at the moment. The purposes for which interception may be permitted are set out explicitly in the legislation: national security, safeguarding our economic well being and the prevention and detection of serious crime. Interception for other purposes is not lawful and we do not do it. GCHQ does not target anyone indiscriminately - all our activities are proportionate to the threats against which we seek to guard and are subject to tests on those grounds by the Commissioners. The legislation also sets out the procedures for Ministers to authorise interception; GCHQ follows these meticulously. GCHQ only acts when it is necessary and proportionate to do so; GCHQ does not spy at will. 03 May 2009

via http://www.gchq.gov.uk/prelease.html

Bletchley Park (I have some VAXen that went through you at one point, and we'll both pretend you crushed the media... ;-) is the father of GCHQ, the British sorta-NSA. It would not, of course, dream of allocating any part of its budget to the memory of its intellectual founders, because it differs from Bletchley in one important respect: Bletchley fought a real war against a real threat to the nation.

On the off-chance that the guys that jumped into the Service from the same crappy minor public school I went to are reading this: sorry to hear you weren't good enough to get into the City, and let Ulbricht serve as your modest guide to the new century. No matter what you achieve, your old schoolchums will always know that you did it because you weren't bright enough to do anything more creative.

A slightly ironic detail: It seems the Germans don't have any Lorenz SZ42 machines left, and they have to borrow one from the British GCHQ, while promising not to repossess it as war loot.

If the NSA really is so good that they can outdo the entire rest of the crypto community, well then they can probably break pretty much any of the cryptosystems out there.

Yeah, but that's only a defence against man-in-the-middle attacks. The RIPA is about forcing you to reveal information that's on your own hard disc or other storage.

The UK has its own agency devoted to intercepting and decrypting information in transit, and they're world class. All this law does is make sure that the local plod can demand information from you without even needing to involve real experts.

Too late, it has already been done!

See the new GCHQ building known as "The Doughnut" http://en.wikipedia.org/wiki/GCHQ and http://www.gchq.gov.uk/about/accommodation.html

Actually it's very unlikely to be GCHQ - that would represent somewhat of a conflict of interest. GCHQ are tasked, among other things, with *securing* government communications and systems... see here.

GCHQ developed public key cryptography in 1973.

use one time pads. the only REAL secure solution.

I've toyed with this one myself to send chitchat back and forth to my Mum.

Use a geiger counter to fill a CD with random numbers, send a copy to Mum, and drive CSIS/NSA/GCHQ/etc. nuts with email that they can't decode.

Given a CD full of random numbers, a couple of lines of perl would do the rest...

Yeah, I know, I need to get out more. I even recorded the leap second on WWV earlier today. Sad or what?

...tick...tick...tick...(blank)...(blank)...BEEP ...tick...tick...

...laura

The export ban always made me laugh because it arrogantly assumed that no one outside of the US/Canada was capable of developing their own encryption technologies.

This is something that British Secret Services have used to their advantage. Public key encryption technologies were developed at GCHQ in the early 70s but unlike the US, they didn't tell anyone until recently so they could use it without anyone knowing.

Something similar was done with Enigma. The fact that Enigma had been cracked was kept very quiet so that Enigma machines could be sold by the Brits to foreign governments after the war and we could listen in! News that we invented the World's first electronic computer was also kept secret for the same reason.

It depends on who is running it really. Being SIS rather than something more computer security oriented (like GCHQ), I'd expect it is possible that they will get hacked. Places like GCHQ and the NSA on the other hand, who deal with information assurance and computer security as part of their role, tend to have far better records on that front. The NSA website has never been hacked, and given their profile you can be sure it isn't from lack of trying.

Jedidiah.

Which give the authorities the access they require quickly. You shouldn't doubt GCHQ's ability to crack it when it's truely needed, but could they do it quick enough to prevent an attack ?

The silence alone cannot convict him, but it would compound the severity of any crime exposed by cracking the data. While providing a good judicial check-balance to somebody hiding nothing of serious criminal intent.

Just as US three letter acronym agencies aren't allowed to routinely eavesdrop on US communications without a warrant, so GCHQ over here does it for them.

Welcome to Blair's Britain, blueprint by Eric, implementation by Tony.

There's no way that works? I work 14 miles away from where I live (Cheltenham, UK). If it gets that far then i'm having one. And there was me thinking me being able to use my cordless phone in the pub across the road was amazing :D

Mind you i'd better watch out. I live about 1/2 mile away from GCHQ http://www.gchq.gov.uk//, and I wouldn't want them mistaking my phone calls for Saddam Husseins bat-signal.

The have an introduction to codes and code-breaking methods on the site. Just click on the link which says "Break Some Codes" or click here.

This means that there is no law stopping the US government from spying on Europeans, or for that matter European governments from spying on people in the US. A government can even use this to bypass its own privacy regulations by having a friendly government spy on its citizens and getting that information.

It's been known for years that the NSA and GCHQ have a reciprocal agreement where the former spies on UK citizens and the latter spies on US citizens.

Don't know about the NSA, but GCHQ are. Plenty of career opportunities for patriotic young hackers ready to sniff terrorist packets for Queen and country...

But how much of this is really news? Our very own Canadian intelligence folks describe themselves as "...an organization with secrets to protect, not a secret organization." They provide detailed information on what's involved if you want to join them. The CIA have a detailed employment FAQ Try the GCHQ recruitment page.

If you click on Employment Opprtunities at the NSA, you get a blank window (at least in my version of Mozilla). The web version of invisible ink, perhaps?

...laura

Isn't that why the UK already has things like GCHQ, the infamous listening centre that's now part of the Echelon network?

My understanding was that GCHQ fed information into the US intelligence services, so that it wasn't the US that was technically spying on its own citizens, but instead was simply "sharing the intelligence from NATO"

The UK Government Communications Headquarters (GCHQ) are due to relocate to a shiny new building nicknamed "the doughnut", later this year. It's up the street from the house I'm renting at the mo. I remember a few months ago, reading an article either in the local newspaper or a brochure that came round explaining about the new building. One thing it mentioned was a large hall constructed to house the most powerful super computer outside of the US. Now, that kind of infers that the most powerful computer in the world is in the US, which the top 500 article disagrees with. Or maybe the list doesn't include some classified ones. Or, as the GCHQ claim was future tense, maybe they're expecting things to change soon. Whichever, I'm putting aside my roll of cat5 and ceasing work on the tunnel until I know what's what.

Actually there's more than a rumour that it was previously implemented at GCHQ.

Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.

You're right: that is interesting, and it's certainly something of which I wasn't aware. Though it suggests that 2005 is probably a sensible time frame to be retiring the 1024-bit keys. Probably unlikely that $10M will become $10 and 1 year will become 10 minutes that soon.

Actually there's more than a rumour that it was previously implemented at GCHQ.

Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.

You're right: that is interesting, and it's certainly something of which I wasn't aware. Though it suggests that 2005 is probably a sensible time frame to be retiring the 1024-bit keys. Probably unlikely that $10M will become $10 and 1 year will become 10 minutes that soon.

Not just Universities either. The UK does it to recruit spooks.

The theory is sound: If you want good people, don't ask them to write a self-aggrandizing paper, set them a real-world, if trivial, challenge. The world is open-book, so the reward (job scholarship admission whatnot) goes to the person who can find the answer by whatever means.

Unrelated, but follows: A reference librarian is oftentimes better to have than a genius.

If you're not eligible to work for Uncle Sam, try here.

Not quite, the RSA patent is not valid in the UK because their patent office also didn't/doesn't allow algorithms to be patented, since they're not tangible.

Also, public key crypto was actually first developed in the UK by GCHQ before it was even a twinke in Diffie or Hellmann's eye. Secondly, it would have been insulting to expect the Brit's to pay royalties on a invention that actually first originated in the UK, bit like the jet engine debacle all over again.

Also, they seem to think they can pass secret instructions to spies the world over by inserting 'random' bold tags on one of their pages

That's because of the GCHQ challenge - try it here!

If you want to look at cool modern-day intel. stuff, the GCHQ website is actually pretty detailed.

The largest LAN in Europe, one of the highest data storage capacities in the world, and free healthcare =)

Also, they seem to think they can pass secret instructions to spies the world over by inserting 'random' bold tags on one of their pages

If you want to look at cool modern-day intel. stuff, the GCHQ website is actually pretty detailed.

The largest LAN in Europe, one of the highest data storage capacities in the world, and free healthcare =)

Also, they seem to think they can pass secret instructions to spies the world over by inserting 'random' bold tags on one of their pages

The OHE-H is on the same page that they discuss what a linguist does here. You'll notice that the text for the Linguist heading is in italics. Look at the source code and then look at the ALT tag for the image above it.



BTW, how did you come up with WELLD? I'm guessing it has something to do with the weird mapping on one of the nav bars...

The OHE-H is on the same page that they discuss what a linguist does here. You'll notice that the text for the Linguist heading is in italics. Look at the source code and then look at the ALT tag for the image above it.

BTW, how did you come up with WELLD? I'm guessing it has something to do with the weird mapping on one of the nav bars...

Nope. It's the ones modified on the 17th of Dec. that are important. Compare job6.gif (dated 17th Dec.) & job6_old.gif (dated 27th of Oct.)

Nope. It's the ones modified on the 17th of Dec. that are important. Compare job6.gif (dated 17th Dec.) & job6_old.gif (dated 27th of Oct.)

Nope, you've got to be a British 'citizen', or you parents must be... See http://www.gchq.gov.uk/apply/national ity.html

Look at the images directory.

Now, look at all the images called something_old.gif -- they all have the modification date 27 Oct 99.

Perhaps there's something suspicious about the something.gif images?

01001100 01011001 01000110 01001111 01010010

--- .-- .- .--. .--.

This particular site is just using common or garden analogue scanners. American/Canadian mobiles are still analogue (can you imagine that! No international roaming, loads of static- it must be like still living in the 80's).

If US/CA citizens are stupid enough to broadcast their private conversations on an open channel, that's their look out. They can have all the laws they like but it doesn't change the fact that analogue transmissions are no more private than standing on top of a hill and shouting (and what kind of idiot would draft a law that makes it illegal to own a pair of ears?).

I too live near Cheltenham and I take your point about GCHQ. However if GCHQ have a need to listen in to anything, no matter how it is transmitted or encrypted, they will. GSM or GPO, PCN or PGP it makes no difference. The most obvious way of doing this is by being present at the time of encryption or decryption, or by stealing the key physically, NOT by doing the maths. That's why we still pay our spies- to break in to places, plant bugs, and steal things.

The question is... do they WANT to be listening in to your or my lives? The answer I'm afraid is that they have loads more important things to do.

I know enough people there to know that, on the whole, they're an okay bunch of people. Sure there must be more than a few maneovolent bad apples but on the whole, they're good guys.

If you are going to worry about people hacking GSM or PCN then you are going to go very, very mad.

--