GCHQ: Government systems see thousands of attacks

Government systems are targeted by 1,000 malicious emails a month and have been compromised by worms, according to GCHQ's director, who warns that an attack on critical infrastructure is 'real and credible'
Written by Tom Espiner, Contributor

The UK government's computer systems are coming under persistent cyberattack, according to signals intelligence agency GCHQ.

Worm attacks and drive-by downloads have disrupted UK systems, and government agencies are hit by around 20,000 malicious emails a month — 1,000 of them aimed specifically at government employees, according to Iain Lobban, director of GCHQ, which oversees information assurance for the government.

"It is true that we have seen worms cause significant disruption to government systems — both those targeted deliberately against us, and those picked up from the internet accidentally," Lobban said in a speech at the International Institute for Strategic Studies on Tuesday. "There are over 20,000 malicious emails on government networks each month, 1,000 of which are deliberately targeting them."

A targeted attack is tailored to a specific individual or group of individuals in an attempt to compromise the systems of the organisation they work for or to whom they are connected. For example, hackers identify the email address of a specific person at a business and send them a message containing a malicious file that executes when opened or containing links to websites that host malicious code.

The company that defends UK government email systems, MessageLabs Symantec Hosted Services, said that targeted attacks on public-sector systems have increased in intensity and sophistication.

"There has been an increase in targeted attacks in recent years," MessageLabs senior analyst Paul Wood told ZDNet UK. "We've seen some very sophisticated examples of targeted attacks."

Targeted attacks often increase their chances of success by using social-engineering techniques, he added. Cyberattackers can access or scrape personal details from sites such as LinkedIn, which they can then use in an email message to give it credibility and make it more likely to be accepted as genuine. "Professional social-networking sites have all the information to make an attack more convincing," said Wood.

At the event in London, Lobban said that governments and organisations had seen data breaches that could affect national security, and he noted that the threat to the UK's critical national infrastructure is a "real and credible" one.

"We have seen theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too," said Lobban. "Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors."

Some nation states had used cyberattacks to bring pressure on others, according to the GCHQ director. "We have seen the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear," said Lobban.

He said that GCHQ needs to sustain a flow of "top-quality recruits" to its own ranks and to industry partners to counter international cyberthreats, which are continuous.

"Cyberspace is contested every day, every hour, every minute, every second," said Lobban. "I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world."

Editorial standards