GCHQ spies pass cyber crime info to HMRC

British intelligence officers are sharing time critical secret information ‘in a matter of seconds’ with HMRC and a range of financial institutions in a bid to fight cyber crime, the director of GCHQ has revealed

Speaking at the flagship cyber security event for the National Cyber Security Centre (NSCS), which comes under GCHQ’s remit, GCHQ chief Jeremy Fleming said that its formation in 2015, the NCSC has co-ordinated responses to some of the biggest cyber threats the country has faced.

‘Our incident management team has worked on more than 1,500 significant cyber security incidents. And using automation, it has reduced the harm from thousands of attacks a month. And it has played a major role in dealing with the strategic threats we face from hostile states,’ Fleming said.

During his speech, Fleming highlighted research which showed only 15% of people said they knew how to protect themselves online, while GCHQ analysis published this week found that 23.2m victims of hacks used the password 123456 to protect their accounts.

Fleming discussed NCSC’s active cyber defence (ACD) programme, which uses automation to block attacks on an enormous scale.

‘One of our first programmes has continued to have a huge impact. In March, the UK-hosted share of global phishing fell below 2% for the first time. When we started in 2016 it was 5.4%,’ Fleming said.

Fleming said: ‘Our ACD programme also works in partnership with government departments.

‘HMRC is an excellent case study of an organisation leading the way in protecting its customers. In 2016, it was the 16th most phished brand globally, accounting for 1.25% of all phishing emails sent.

‘Today it is ranked at 146th and accounts for less than 0.1% of all phishing emails.

‘Our protective DNS system for the public sector blocked access 57.4m times with malware such as Conficker – first seen in 2008 – still being spotted in public sector networks.’

Fleming said GCHQ is also working hard to put in place programmes to help small businesses. This year the UK’s top intelligence agency identified over 1,200 sites which were serving malicious code to illicitly copy credit card transactions.

Fleming said: ‘NCSC has always been keen to be more open, more transparent with the information we obtain. We’re already doing that and are committed to share even more in real time, to help business and government defend themselves and the UK.

‘So specifically, in the last year we have made it simple for our analysts to share time critical, secret information in a matter of seconds. With just one click, this information is being shared and action is being taken.

‘In the coming year, we will continue to scale this capability so – whether it’s indicators of a nation state cyber actor, details of malware used by cyber criminals or credit cards being sold on the Dark Web – we will declassify this information and get it back to those who can act on it.’

Responding to the news that the UK spy network is also helping financial institutions fight fraud, technology specialist Alex Boothroyd, senior banking fraud solutions specialist, SAS UK & Ireland, cautioned that the financial sector also needs to be proactive.

‘While it should be a huge help to banks that GCHQ is happy to share real-time cybersecurity information in the fight against credit card fraud, banks should not be reliant solely on this support. ‘Rather, it is the banks themselves who should be taking action. With £1.2bn lost to bank fraud in 2018, it is clear that financial institutions must be proactive in preventing financial crime before their customers become victims.

‘Banks must not simply deal with the repercussions of fraudulent activity, rather they must tackle the issue from the outset. While it is true that part of the solution rests in educating customers around the techniques that scammers use, technology will play a more vital role in foiling fraud.

‘AI provides the capabilities that businesses need to protect customers against this form of fraud. It is therefore vital that they invest in the necessary technology if they want to stay ahead of the curve rather than relying on the protective tools of intelligence officers.’

Accountancy Daily