Want to hack companies and not get punished? Just join GCHQ

GCHQ satellite dish Good news for anyone wanting to hack companies without their permission.

The UK government has sneakily changed the law, while no-one was watching, exempting GCHQ, and other law enforcement officers, from being prosecuted if they hack into computers or mobile phones.

Bad news if you want to hack into companies’ computers – you may not be prosecuted if you’re working for GCHQ, but the pay is rubbish.

Banksy graffiti in Cheltenham

Sign up to our free newsletter.
Security news, advice, and tips.

Watchdog Privacy International is rightly unimpressed with GCHQ being given a seeming carte blanche to hack whoever the heck it likes without repercussions:

“It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes. There was no published Privacy Impact Assessment. Only the Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, Police and National Crime Agency were consulted as stakeholders. There was no public debate.”

I agree with Privacy International, it’s an utter disgrace.

Next stop, the Snooper’s Charter and David Cameron’s bone-headed scheme to block messaging services unless they have a government backdoor?

Is it any wonder that some tech firms have decided to quit the UK in response?

PS. I wonder what happens if a GCHQ employee hacks a GCHQ computer? I suspect they wouldn’t be too happy about that…

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

2 comments on “Want to hack companies and not get punished? Just join GCHQ”

  1. Anonymous

    >you may not be prosecuted if you're working for GCHQ, but the pay is rubbish.
    >I wonder what happens if a GCHQ employee hacks a GCHQ computer?

    First target, the payroll!

  2. Coyote

    "PS. I wonder what happens if a GCHQ employee hacks a GCHQ computer? I suspect they wouldn't be too happy about that…"

    Funny thing is when I saw the headline (rss feed) I was thinking of your reuse of GCHQ and my immediate thought was (obviously I don't condone it and naturally I will get to it below) exactly what you suggest, only I was thinking of the Graham Cluley HQ (though I was actually thinking of security auditing rather than disregard for others, i.e. I could only think that you were bringing something like that up…if that makes sense).

    But I have an issue here (actually I have many issues with their ideas but I'll refrain from it here and probably everywhere). The issue I'm going to raise is this:

    "I agree with Privacy International, it's an utter disgrace."
    Yes. However, that is a large understatement. It is incredibly low even for governments, even for governments that don't want encryption, even for governments governing a country with a bloody past (and unfortunately all countries have a past so the possible pun doesn't work so well… something about the word bloody making government related puns more difficult). To be fair, many more countries (is that 'all ' ?) have such a past but that really is besides the point. A choice that is beyond shameful, hypocritical, exceedingly arrogant and it has many serious implications and risks (which they obviously missed), including – as always – to themselves, their families, friends and ultimately everyone.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.