Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

British NCA revealed to have hacking abilities, aka equipment interference

Documents published by the UK Government reveal that the UK’s National Crime Agency has the hacking capabilities, so called equipment interference. We have debated for a long time about hacking capabilities of principal law enforcement and intelligence agencies. Many documents leaked by the whistleblower Edward Snowden revealed that the UK intelligence agency, the GCHQ has the […]

Yemen Cyber Army

Documents published by the UK Government reveal that the UK’s National Crime Agency has the hacking capabilities, so called equipment interference.

We have debated for a long time about hacking capabilities of principal law enforcement and intelligence agencies.

Many documents leaked by the whistleblower Edward Snowden revealed that the UK intelligence agency, the GCHQ has the ability to compromise practically every target, exactly like the cousin of the NSA.

Now for the first time the technological abilities of the UK’s National Crime Agency (NCA) have been revealed in a collection of documents, the British law enforcement agency has “equipment Interference” (EI) capabilities, which allow it to hack into mobile devices and computers.

NCA website

Last week, the UK government published the draft Investigatory Powers Bill, a debated proposed of a legislation that would force internet service providers to store the internet browsing history of all citizens for up to one year.

Eric King, the deputy director of the Privacy International, who analyzed the document noticed that in a section there is the explicit reference to the capability of the UK law enforcement having the capability to conduct “equipment interference.”

“Equipment interference is currently used by law enforcement agencies and the security and intelligence agencies,” states the section. The documents also reveal that “more sensitive and intrusive techniques” are available to a “small number of law enforcement agencies, including the National Crime Agency.”

The document “Factsheet—Targeted Equipment Interference” published by the UK government a few days ago provides further information on the Equipment interference available at the National Crime Agency.

[The Equipment interference is] “the power to obtain a variety of data from equipment. This includes traditional computers of computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”

Equipment interference, also known as “computer network exploitation,” has different levels of complexity. The agents at the National Crime Agency can use it to infect computers or to remotely deploy a spyware on mobile devices

[Sophisticated Equipment interference] allows NCS “remotely installing a piece of software on to a device.” the document reads. “the software could be delivered in a number of ways and then be used to obtain the necessary intelligence.” “Equipment interference capabilities have made a vital contribution to the UK from Islamist terrorism and have also enabled the disruption of paedophile-related crime.”

According to experts, there is little doubt that these practices could more simply be described as hacking.

The security research Claudio Guarnieri offered his comment to Motherboard about the Equipment interference capabilities  of the British law enforcement Agency.

“However you put it, and regardless of ‘interference,’ it clearly speaks of equipment, so it most certainly isn’t referring to any sort of passive wiretapping. And the only thing you can do to equipment is, well, hack it,” explained Guarnieri “This appears to confirm for the very first time that British law enforcement are in the hacking business,” added King from Privacy International. “What statutory authority are the police claiming grants them these powers? How often have they been used? Has hacked material been used in criminal prosecutions? Have courts been notified evidence presented before them might have been tampered with by hacking?” King added.

Pierluigi Paganini

(Security Affairs – equipment interference, NSA)