Thursday, October 28

UK cyber attack: spies are planning for a major hostile



Ambitious new plans are being drawn up by GCHQ to create a Great British Firewall to block malicious websites countrywide and combat a doubling of serious cyber attacks threatening national security over the past year.

Though still in its infancy, the scheme is intended to be a flagship project for the new National Cyber Security Centre a public-facing arm of GCHQ which will open next month to better co-ordinate the UK’s digital defence efforts.

The NCSC plan envisions private-sector internet service providers, such as BT, Sky or Virgin Media, voluntarily complying with its proposals, circumventing any need for legislation. Consumers will be able to opt out of the censorship should they wish in order to allay concerns over civil liberties.

Malicious websites which automatically infect visitors’ computers with malware — often disguised as legitimate domains — are one of the most common methods of cyber attack.

They are allegedly widely used by states such as China, Iran or Russia in efforts to penetrate sensitive government networks, steal commercial information or compromise national infrastructure. They are also a common means for cyber criminals to target individuals.

Ciaran Martin, GCHQ’s director-general for cyber security, and the incoming head of the NCSC, told a US audience of security experts and government officials at a conference in Washington on Tuesday that steps were now being taken to combat such websites.

“It’s possible to filter unwanted content or spam. It’s possible to filter offensive content. It’s technically possible to block malicious content,” he said. “So, the question is: why aren’t we, the cyber security community, using this more widely? Well, we — in the UK — now are,”

“We’re exploring a flagship project on scaling up DNS [domain name system] filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses?” Mr Martin said.

Because of its strategic interests and digital development, the UK is one of the most vulnerable economies in the world to cyber attack, Mr Martin added, making the need for more robust government action to protect businesses and civilians urgent.

“Behind the necessarily closed doors of our cyber defence operations centre, last year we detected twice as many national security level cyber incidents — 200 per month — than the year before,” he said.

Efforts by GCHQ and the government to try to boost the UK economy’s cyber defences have so far had a patchy effect. Even large companies, such as the Telecoms provider TalkTalk, have fallen victim to attacks in recent months.

Plans for a national DNS filtering regime are nevertheless likely to raise concerns among civil liberties campaigners: the same technical principles lie behind China’s “Great Firewall” which allows the government effectively to control what its citizens have access to online and what not.

It is not yet clear who will decide which websites are blocked and by what criteria.

GCHQ hopes to demonstrate the security benefits of the proposals to ISPs by example: it is already testing a number of automated features across government networks and domains to clampdown on spoofing and attempts by hackers to mimic government services.

It is now far harder for hackers to mask malicious emails with fake “” suffixes. Only emails claiming to be from addresses that contain specific keys known to the email domain owner — the government — can now be sent to UK internet users.

“Whoever was sending 58,000 malicious emails per day from isn’t doing it any more,” noted Mr Martin.

GCHQ has also rolled out automated detection and response systems which identify large-scale “commodity” attacks where hundreds of spam emails are sent out indiscriminately. Internet companies receive automatic takedown requests from the systems as soon as spam campaigns which masquerade as government services are identified. The average lifespan of such attacks has dropped from 49 hours to 5 hours as a result, Mr Martin said.

“Faced with a problem of this importance and scale, we believe it is worth trying something new, unleashing innovation in the hope and expectation we can achieve a very significant breakthrough in the coming years.”