This month marks the 20th anniversary of the first time cyber experts at GCHQ responded to a foreign state hacking the British government, the agency revealed on Friday.
Even 20 years on, the full details of the hack weren’t disclosed. The National Cyber Security Centre — a part of GCHQ — said the agency scrambled its cyber experts in 2003 to respond “after a government employee detected suspicious activity on one of their workstations.”
“A suspected phishing email had been identified, so technical specialists sought help from the Communications-Electronics Security Group (CESG) — the information assurance arm of GCHQ at that time,” stated NCSC.
The CESG analysis discovered malware installed on the government employee’s device that had been designed to steal sensitive data while evading anti-virus software.
NCSC said that the CESG analysis of the malware’s capabilities raised “suspicions about the attack’s intent and [set] in motion a series of actions that was transformative to cyber incident investigations.”
The agency did not describe how transformative the actions were, but said: “For the first time, GCHQ fused its signals intelligence capabilities with its cyber security function to investigate and identify the actor responsible.”
The analysis concluded that the malware had been developed by a nation-state for the purpose of espionage, although NCSC declined to identify the state and the government department affected.
The CESG was rolled into NCSC when it was founded in 2016, alongside a number of other authorities including CERT-UK, and parts of the Centre for Protection of National Infrastructure, which has since become the National Protective Security Authority and an avowed part of MI5.
Paul Chichester, the NCSC’s director of operations, said: “Twenty years ago, we were just crossing the threshold of the cyber attack arena, and this incident marked the first time that GCHQ was involved in a response to an incident affecting the UK Government
“It was also the first time that the UK and Europe started to understand the potential online risks we faced and our response transformed how we investigate and defend against such attacks,” he added.
At the time of the 2003 hack, much of the news about cybersecurity stemmed from worms and viruses that affected consumer products or from hackers intent on crime or mischief, not nation-state cyberattacks.
“The NCSC and our allies have come such a long way since this incident, and it is reassuring to be at the forefront of efforts to develop tools and techniques to defend against cyber threats and keep our respective nations safe online,” Chichester said.