Sign up to Newsletter

A Hack Job? BT Responds to Report that Claims it Develops Malware for the GCHQ 

News & Analysis
Post date
11th June 2019
shrug

One of the UK’s largest telecommunications operators, BT, has said to Privacy International that a report claiming it “co-produces malware” with a surveillance company for the GCHQ is inaccurate – but hasn’t said why or given any more details. 

The accusation was made by C5IS – a shadowy online publication claiming to be “the most widely read source of information on surveillance technologies”. In its Big Black Book of Electronic Surveillance, it claims that SS8, a high-profile US surveillance company with offices in the UK, “Co-produces malware with BT for the GCHQ”.

Screenshot from C5IS Report
Screenshot from C5IS Report

So we put this to BT, asking them:

Is it accurate that BT ‘co-produces malware’ with SS8 for the UK’s primary signals intelligence agency, GCHQ? 

  • If the above is accurate, could you:
    • Elaborate on what BT’s relationship is with SS8;
    • Describe what is meant by ‘producing malware’;
    • Describe how such malware is used;
    • Describe how such production is governed and overseen within BT. 
  • If the report is not accurate:
    • Does BT currently have or has it ever had a commercial relationship with SS8, and if so, what is/was the nature of that relationship? 
    • Does BT carry out any activity which could be described as ‘producing malware’?
    • Will BT contact the publishers of the report to state that the report is not accurate? 

Responding, BT have said:

We can confirm that it isn’t accurate.  

We do use penetration testing, which may include replicating test versions of malware/malware attacks for the sole purpose of testing the integrity of our networks.   

I’m afraid we can’t comment on your other question for legal reasons.

C5IS first appeared some years ago as an online magazine known as Insider Surveillance – purporting to offer expert analysis and commentary on the electronic surveillance industry. It does not provide information on its sources.

So while their accusation may be wrong or at the least misleading, it is still disappointing that BT has refused to directly address the questions or confirm if they will ask for a correction, considering the gravity of the claim. 

BT’s statement that the report “isn’t accurate” doesn’t address which specific assertion is inaccurate, while failing to provide any information on its relationship with SS8 or in developing malware doesn’t inspire confidence. If such an important assertion is wholly without foundation, BT should be able to ask for a correction – and we recommend that it does so.

We have again asked BT to address this, and will update this page with any further information. 

Learn more
Government Hacking
Location
United Kingdom
Target Profile
UK Intelligence Agencies

Related Content

Advocacy
Photo by Mathias Reding on Unsplash

PI seeks to inform report on AI and racial discrimination of the UN Special Rapporteur on racism

Privacy International submitted its input to the UN Special Rapporteur on racism for their upcoming report which will examine and analyse the relationship between artificial intelligence (AI) and non-discrimination and racial equality, as well as other international human rights standards.

Continue reading
Report
Image from report cover - people and camera watching them

Understanding private surveillance providers and technologies

New policy paper by Privacy International and the Geneva Centre for Security Governance Sector (DCAF) explores surveillance services provided by private military and security companies.

Continue reading
Advocacy
Image of a bunch of cameras sitting on top of each other

PI submission on human rights implications of new and emerging technologies in the military domain

PI's response to the call for input to the study of the UN Human Rights Council Advisory Committee on human rights implications of new and emerging technologies in the military domain

Continue reading
Advocacy
FRT Graphic_supermarket

NGOs call upon the UK Home Secretary to stop expansion of Facial Recognition Technology

PI and Big Brother Watch along with other NGOs have written to UK Home Secretary James Cleverly to raise concerns over the danger posed to society by Facial Recognition Technology (FRT).

Continue reading