GCHQ: Government systems see thousands of attacks

Summary:Government systems are targeted by 1,000 malicious emails a month and have been compromised by worms, according to GCHQ's director, who warns that an attack on critical infrastructure is 'real and credible'

The UK government's computer systems are coming under persistent cyberattack, according to signals intelligence agency GCHQ.

Worm attacks and drive-by downloads have disrupted UK systems, and government agencies are hit by around 20,000 malicious emails a month — 1,000 of them aimed specifically at government employees, according to Iain Lobban, director of GCHQ, which oversees information assurance for the government.

"It is true that we have seen worms cause significant disruption to government systems — both those targeted deliberately against us, and those picked up from the internet accidentally," Lobban said in a speech at the International Institute for Strategic Studies on Tuesday. "There are over 20,000 malicious emails on government networks each month, 1,000 of which are deliberately targeting them."

A targeted attack is tailored to a specific individual or group of individuals in an attempt to compromise the systems of the organisation they work for or to whom they are connected. For example, hackers identify the email address of a specific person at a business and send them a message containing a malicious file that executes when opened or containing links to websites that host malicious code.

The company that defends UK government email systems, MessageLabs Symantec Hosted Services, said that targeted attacks on public-sector systems have increased in intensity and sophistication.

"There has been an increase in targeted attacks in recent years," MessageLabs senior analyst Paul Wood told ZDNet UK. "We've seen some very sophisticated examples of targeted attacks."

Targeted attacks often increase their chances of success by using social-engineering techniques, he added. Cyberattackers can access or scrape personal details from sites such as LinkedIn, which they can then use in an email message to give it credibility and make it more likely to be accepted as genuine. "Professional social-networking sites have all the information to make an attack more convincing," said Wood.

At the event in London, Lobban said that governments and organisations had seen data breaches that could affect national security, and he noted that the threat to the UK's critical national infrastructure is a "real and credible" one.

"We have seen theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too," said Lobban. "Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors."

Some nation states had used cyberattacks to bring pressure on others, according to the GCHQ director. "We have seen the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear," said Lobban.

He said that GCHQ needs to sustain a flow of "top-quality recruits" to its own ranks and to industry partners to counter international cyberthreats, which are continuous.

"Cyberspace is contested every day, every hour, every minute, every second," said Lobban. "I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world."

Topics: Security


Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.