GCHQ: Government systems see thousands of attacks

GCHQ: Government systems see thousands of attacks

Summary: Government systems are targeted by 1,000 malicious emails a month and have been compromised by worms, according to GCHQ's director, who warns that an attack on critical infrastructure is 'real and credible'

TOPICS: Security

The UK government's computer systems are coming under persistent cyberattack, according to signals intelligence agency GCHQ.

Worm attacks and drive-by downloads have disrupted UK systems, and government agencies are hit by around 20,000 malicious emails a month — 1,000 of them aimed specifically at government employees, according to Iain Lobban, director of GCHQ, which oversees information assurance for the government.

"It is true that we have seen worms cause significant disruption to government systems — both those targeted deliberately against us, and those picked up from the internet accidentally," Lobban said in a speech at the International Institute for Strategic Studies on Tuesday. "There are over 20,000 malicious emails on government networks each month, 1,000 of which are deliberately targeting them."

A targeted attack is tailored to a specific individual or group of individuals in an attempt to compromise the systems of the organisation they work for or to whom they are connected. For example, hackers identify the email address of a specific person at a business and send them a message containing a malicious file that executes when opened or containing links to websites that host malicious code.

Hot topic

DigitalGov hot topic

ZDNet UK's coverage of digital legal matters covers intellectual property, liability, security and liberty, as well as the economic and practical implications of decisions made in our name, and in our industry.

Read more

The company that defends UK government email systems, MessageLabs Symantec Hosted Services, said that targeted attacks on public-sector systems have increased in intensity and sophistication.

"There has been an increase in targeted attacks in recent years," MessageLabs senior analyst Paul Wood told ZDNet UK. "We've seen some very sophisticated examples of targeted attacks."

Targeted attacks often increase their chances of success by using social-engineering techniques, he added. Cyberattackers can access or scrape personal details from sites such as LinkedIn, which they can then use in an email message to give it credibility and make it more likely to be accepted as genuine. "Professional social-networking sites have all the information to make an attack more convincing," said Wood.

At the event in London, Lobban said that governments and organisations had seen data breaches that could affect national security, and he noted that the threat to the UK's critical national infrastructure is a "real and credible" one.

"We have seen theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too," said Lobban. "Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors."

Some nation states had used cyberattacks to bring pressure on others, according to the GCHQ director. "We have seen the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear," said Lobban.

He said that GCHQ needs to sustain a flow of "top-quality recruits" to its own ranks and to industry partners to counter international cyberthreats, which are continuous.

"Cyberspace is contested every day, every hour, every minute, every second," said Lobban. "I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Everyone see those.

    "For example, hackers identify the email address of a specific person at a business and send them a message containing a malicious file that executes when opened or containing links to websites that host malicious code."

    No, they have a million email addresses, they dig all the data they have to find details that will let them pass a spam filter with their phishing attack, then they bulk mail everyone. They don't start with specific targets, they need to phish ten million people to find one gullible idiot.

    What the GCHQ lot are doing is seeing these through their cyber-war goggles and imaging that they are special.

    Words like espionage, phrase like "We have seen the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear," this says far more about what's going on in the minds of GCHQ employees than it does about the actual bulk phishing attacks.
  • Translation:
    We want more money
  • Sounds like they need to remove their Windows systems, and move to something more secure. Which would be any other OS.
  • I'm assuming they run Windows, which is a haven for this type of activity. I see viruses, malware, and other software infect Windows just about every day. And this is while having network protection, and multiple antivirus software running. They should consider a more stable and secure operating system (Linux, or even Mac OS X) if they want to keep this activity out entirely.
  • guihombre, you say that with some air of authority but you are unfortunately very inaccurate. Cyberattackers certainly do use random bulk attacks very often but will use both kind of attacks—targeted and bulk untargeted. Targeting and duping specific individuals in high positions in organisations often require far less effort and resources but the pay-off can often be much bigger making it the more attractive attack target.

    The "GCHQ lot" may be "seeing through their cyber-war goggles", but it's no worse than viewing things through conspiracist, "gubmint are out ta get us" glasses when the end result is spreading non-factual information with a air of self-supposed authority.
  • @ authentic true comment, but lest the world forgets the GCHQ lot advised the rest of the computer security world very publicly that the nations infrastructure was under a sustained and substantial cyber-assault.. What did they mean!? Well turns out some old guy in China was sending out phishing e-Mails to a load of people with the Win32.Poison_Ivy Trojan attached and yes workers in these places where actually stupid enough to open the attachment. Speaks volumes for there chosen platform and their chosen anti-viral solution.

    Been into the local Jobcenter Plus office lately, or how about the local Council office, they are all running Windows!
  • Do you all want to know what the Government in the UK is running? Here's your answer Windows NT with Sun Solaris on the back end for data warehousing, they use the Unix server headless IE: there is no GUI.

    Siemens PBX for most of there telephone routing and re-routing.

    They are oblivious to the concept that something free like OpenBSD or Gnu/Linux is better, because the argument is instantly, well how can something that’s free be better than something we're spending thousands of pounds paying for!?

    The answer is they are listening to vendors like Oracle & Microsoft who are making a mint out of selling them their shoddy & shady solution.. I know because I have been in more than one government office and have seen exactly what’s sitting in there server room!
  • Not all government software is Windows - or at least it never used to be. I can remember the "iron" that used to be used and it ran a type of FORTRAN. The interesting features were compatibility and Host Mode. For example 64 bit machines which were at that time called Mainframes could converse with 32 bit machines known as Minicomputers. The Minis could converse with sixteen and eight bit machines and everything worked OK for at least 99% of the time. I only regard myself as a dabbler when it comes to computers but what I do know is that the OS systems that are most popular nowadays suffer from appalling incompatibility problems. The lack of drivers for "legacy" devices is one thing and the inability to run apps that were originally written as sixteen bit is another. In effect they seem to want you to put everything in a dumpster every time the next generation gets launched. The classic example of a fiasco was the NHS computer systems that never worked. Millions upon millions were squandered but wouldn't it have been a better idea to wipe all the hard drives and run it on Unix? What does Google run on?