Want to hack companies and not get punished? Just join GCHQ

GCHQ satellite dish Good news for anyone wanting to hack companies without their permission.

The UK government has sneakily changed the law, while no-one was watching, exempting GCHQ, and other law enforcement officers, from being prosecuted if they hack into computers or mobile phones.

Bad news if you want to hack into companies’ computers – you may not be prosecuted if you’re working for GCHQ, but the pay is rubbish.

Banksy graffiti in Cheltenham

Watchdog Privacy International is rightly unimpressed with GCHQ being given a seeming carte blanche to hack whoever the heck it likes without repercussions:

“It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes. There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate.”

I agree with Privacy International, it’s an utter disgrace.

Next stop, the Snooper’s Charter and David Cameron’s bone-headed scheme to block messaging services unless they have a government backdoor?

Sign up to our free newsletter.
Security news, advice, and tips.

Is it any wonder that some tech firms have decided to quit the UK in response?

PS. I wonder what happens if a GCHQ employee hacks a GCHQ computer? I suspect they wouldn’t be too happy about that…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Want to hack companies and not get punished? Just join GCHQ”

  1. Anonymous

    >you may not be prosecuted if you're working for GCHQ, but the pay is rubbish.
    >I wonder what happens if a GCHQ employee hacks a GCHQ computer?

    First target, the payroll!

  2. Coyote

    "PS. I wonder what happens if a GCHQ employee hacks a GCHQ computer? I suspect they wouldn't be too happy about that…"

    Funny thing is when I saw the headline (rss feed) I was thinking of your reuse of GCHQ and my immediate thought was (obviously I don't condone it and naturally I will get to it below) exactly what you suggest, only I was thinking of the Graham Cluley HQ (though I was actually thinking of security auditing rather than disregard for others, i.e. I could only think that you were bringing something like that up…if that makes sense).

    But I have an issue here (actually I have many issues with their ideas but I'll refrain from it here and probably everywhere). The issue I'm going to raise is this:

    "I agree with Privacy International, it's an utter disgrace."
    Yes. However, that is a large understatement. It is incredibly low even for governments, even for governments that don't want encryption, even for governments governing a country with a bloody past (and unfortunately all countries have a past so the possible pun doesn't work so well… something about the word bloody making government related puns more difficult). To be fair, many more countries (is that 'all ' ?) have such a past but that really is besides the point. A choice that is beyond shameful, hypocritical, exceedingly arrogant and it has many serious implications and risks (which they obviously missed), including – as always – to themselves, their families, friends and ultimately everyone.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.