British NCA revealed to have hacking abilities, aka equipment interference

Documents published by the UK Government reveal that the UK’s National Crime Agency has the hacking capabilities, so called equipment interference.

We have debated for a long time about hacking capabilities of principal law enforcement and intelligence agencies.

Many documents leaked by the whistleblower Edward Snowden revealed that the UK intelligence agency, the GCHQ has the ability to compromise practically every target, exactly like the cousin of the NSA.

Now for the first time the technological abilities of the UK’s National Crime Agency (NCA) have been revealed in a collection of documents, the British law enforcement agency has “equipment Interference” (EI) capabilities, which allow it to hack into mobile devices and computers.

Last week, the UK government published the draft Investigatory Powers Bill, a debated proposed of a legislation that would force internet service providers to store the internet browsing history of all citizens for up to one year.

Eric King, the deputy director of the Privacy International, who analyzed the document noticed that in a section there is the explicit reference to the capability of the UK law enforcement having the capability to conduct “equipment interference.”

“Equipment interference is currently used by law enforcement agencies and the security and intelligence agencies,” states the section. The documents also reveal that “more sensitive and intrusive techniques” are available to a “small number of law enforcement agencies, including the National Crime Agency.”

The document “Factsheet—Targeted Equipment Interference” published by the UK government a few days ago provides further information on the Equipment interference available at the National Crime Agency.

[The Equipment interference is] “the power to obtain a variety of data from equipment. This includes traditional computers of computer-like devices such as tablets, smart phones, cables, wires and static storage devices.”

Equipment interference, also known as “computer network exploitation,” has different levels of complexity. The agents at the National Crime Agency can use it to infect computers or to remotely deploy a spyware on mobile devices

[Sophisticated Equipment interference] allows NCS “remotely installing a piece of software on to a device.” the document reads. “the software could be delivered in a number of ways and then be used to obtain the necessary intelligence.” “Equipment interference capabilities have made a vital contribution to the UK from Islamist terrorism and have also enabled the disruption of paedophile-related crime.”

According to experts, there is little doubt that these practices could more simply be described as hacking.

The security research Claudio Guarnieri offered his comment to Motherboard about the Equipment interference capabilities  of the British law enforcement Agency.

“However you put it, and regardless of ‘interference,’ it clearly speaks of equipment, so it most certainly isn’t referring to any sort of passive wiretapping. And the only thing you can do to equipment is, well, hack it,” explained Guarnieri “This appears to confirm for the very first time that British law enforcement are in the hacking business,” added King from Privacy International. “What statutory authority are the police claiming grants them these powers? How often have they been used? Has hacked material been used in criminal prosecutions? Have courts been notified evidence presented before them might have been tampered with by hacking?” King added.

Pierluigi Paganini

(Security Affairs – equipment interference, NSA)