CybersecurityU.K. security firms say GCHQ's cyberattack warning overwrought

Published 18 October 2010

U.K. cybersecurity industry insiders say last week’s warnings by Britain’s cybersecurity chief about the cyber threat the U.K. was facing may have over-hyped threats — and may have been related more to the run-up to the U.K. government’s comprehensive spending review announcement than to new threat information

Security firms reckon that the well-publicized warnings by the U.K. General Communications Headquarters (GCHQ) about the threat from cyber attacks earlier last week (“Britain faces “real and credible” cyber threat: intelligence chief,” 14 October 2010 HSNW) are timed to coincide with the run-up to the U.K. government’s comprehensive spending review announcement.

The Register’s John Leyden spoke t several security consultants and he writes that they believe the threat warnings were aimed at making sure GCHQ’s line of funding remains assured. “If this was the case, it seems the approach has already been successful,” Leyden notes.

Iain Lobban, head of the GCHQ, warned that the U.K. government is targeted with over 1,000 cyber attacks a month.

Sean Sullivan, security advisor for F-Secure, commented:

Iain Lobban’s comments seem strategically timed to protect GCHQ’s funding ahead of the Comprehensive Spending Review announcement on 20 October.

One could even argue they are over-hyped because the sort of attacks or worms he refers to are very common and have been for some time. They are experienced by all sorts of different organizations failing to implement best security practices — not just Government agencies

F-Secure reckons the number of targeted e-mail attacks has risen across all sectors of the U.K. economy. “The U.S.’s cyber command also recently spoke of worms ‘targeting’ them but, once again, most of these worms target everybody,” Sullivan added.



As the Register reported on Thursday, the government is expected to earmark more than ₤1 billion to finance an effort to bolster Britain’s cyber security over the next three years, including plans to develop “active defense” capabilities that will rely on the expertise of GCHQ.

Rik Ferguson, a security consultant at Trend Micro, argued it was important to ignore the “white noise” generated by the random scanning activity of worms such as Conficker in favor of concentrating on targeted attacks. “You need to make a judgment and cut through the stuff that looks like an attack to focus on the stuff that actually is an attack,” he explained.

GCHQ’s Lobban argued that co-operation between government agencies and the private sector is needed to combat complex and targeted threats, a point welcomed by security firm M86 Security.

Leyden notes that back in July, M86 Security identified a targeted attack aimed at an as yet unnamed U.K. high street bank and involving the Zeus crimeware toolkit. Since then more than thirty suspects — alleged money mules and organizers of the fraud — have been arrested in the United Kingdom, United States, and the Ukraine.