GCHQ inter took top secret data home, court told

A GCHQ intern endangered national security, risked exposing 17 colleagues, and 'threw away' thousands of hours of work when he took Top Secret data home, a court has heard.
Manchester University computer science student Hasaan Arshad, 25, was in 'flagrant breach' of tight security rules when he used his mobile phone to remove material from a computer system and transfer it to his private computer on August 24 2022.
Arshad, from Rochdale, Greater Manchester, pleaded guilty to an offence under the Computer Misuse Act which carries a maximum penalty of life in prison.
He also admitted two charges of making an indecent photograph of a child in relation to 40 category A images and four category B images found on his personal phone following his arrest.
He appeared at the Old Bailey yesterday, Friday to be sentenced by Mrs Justice McGowan.
The court was told that part of the hearing – including a detailed assessment of the harm caused – would be outlined behind closed doors in the absence of the press and public.
However, the court was told that Arshad's actions 'lost a tool' being developed at GCHQ, risked exposing the identities of 17 GCHQ colleagues, and undermined the trust of partners.
Opening the facts in open court, prosecutor Duncan Atkinson KC said: 'His actions created a significant risk of damage to national security for reasons that can only be fully explained in a private hearing.
'In short, however, his actions compromised the security and utility of the material and the role it played in the national interest, and he also in the process put the safety of intelligence agency personnel at risk.'
The Government Communications Headquarters – known as GCHQ – is the UK's intelligence, security and cyber agency and plays an important role in keeping the country safe, in conjunction with MI5 and the Secret Intelligence Service (MI6).
The highest levels of security are needed for GCHQ to carry out its work to gain information about threats to the UK from 'hostile states or terrorists' by using lawful covert tools and techniques, the court was told.
Mr Atkinson said: 'Put bluntly, if hostile states or terrorists were aware of how GCHQ was able to gather intelligence about their plans, they would be able to prevent the intelligence community in the UK from learning of those plans at a stage and to an extent that allows the intelligence community to thwart them.'
At the time of the offence, Arshad was coming to the end of an industry year placement with a technical development team which required him to work at a secure GCHQ site near Cheltenham, Gloucestershire, and use computer systems.
The court heard he was part of a team that worked on the development of 'tools and techniques' to obtain information about threats to the UK.
Arshad had undergone GCHQ induction and was required to sign the Official Secrets Act.
Former GCHQ intern Hasaan Arshad pictured previously leaving the Old Bailey (Image: Ben Whitley / PA)
It was made 'abundantly clear' to Arshad that his access to top secret material had to be in controlled circumstances at 'an extremely secure location', Mr Atkinson said.
He went on: 'In flagrant breach of those obvious and necessary restrictions, the defendant used a mobile handset provided for his use whilst on his work placement but with strictly confined scope as to its permitted use, to remove Top Secret material from the top secret network of the technical development team to which he had been attached.
'He then transported that material from the secure location where he had been working to his home, risking it falling into the wrong hands or being lost, and downloaded it onto a removable hard drive which formed part of IT system that he used at his home address.
'This home computer system wholly failed to match the necessarily exacting security requirements of GCHQ's systems, and therefore exposed this Top Secret material to the vagaries and risks of an unsecure computer system connected to the internet at an insecure location.
'This significant security breach compromised lawful intelligence related activity that was being undertaken in the national interest. In doing so, he threw away many thousands of hours of work, and significant sums of taxpayers' money.'
Mr Atkinson said his actions had damaged 'confidence in UK security' because the data included the identities of a 'significant number' of GCHQ colleagues and put others' safety at 'direct risk'.
Following his arrest, the defendant admitted removing data without authorisation 'out of curiosity'.
He said in a statement that he had no intention to hand over the data to anyone else.
He told police: 'I would like to apologise for my actions. I removed the data simply out of curiosity.
'I'm sorry for my actions and I understand the stupidity of what I have done.'
Arshad said he 'went out of my way' to ensure the data was stored locally and not in the cloud.
Asked if he had breached the level of trust and confidence by removing the sensitive data without authority, he replied: 'No comment.'
Mitigating, Arshad's lawyer Nina Grahame KC said the defendant had been 'reckless' 'thoughtless and naive'.
His internship had involved working on a 'specific project' which he had been unable to complete before the end of the placement, she explained
He took the data home because he wanted to 'continue and complete the most exciting and challenging work the defendant had ever undertaken' in the hope of gaining future employment at GCHQ, Ms Grahame said.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

3 hours ago

• Yahoo

Blackmail victims told 'don't suffer in silence'

Students are being urged not to suffer in silence when targeted by scams on dating apps, as investigators see blackmail cases rise. Fraud teams at Nationwide, the UK's biggest building society, said trusted friends could help potential victims avoid sending private or intimate images during new online relationships. Anyone who has been scammed should report cases to the authorities, they said. One student in Cardiff told the BBC how a drink in the pub had alerted them to the risk of a friend being tricked by fraudsters using AI technology. Last year, the National Crime Agency (NCA) put out its first ever all-school alert, warning teenagers about the dangers of sextortion. Sextortion is when criminals pose as young people online, trick a victim into sending sexually explicit material, and then blackmail them. Annya Burksys, head of fraud operations at Nationwide, said that scammers were "efficient and unrelenting". As a result, these kinds of scams were "commonplace" among students. Data on such crimes is difficult to gather, as they are recorded in different ways or are never reported at all. A survey by Nationwide suggested 28% of students asked had been scammed, and 50% of students worried about becoming a victim. Last year, BBC News sent a Freedom of Information request to every police force in the UK, asking how many reported blackmail offences featured the word "sextortion" over the last decade. The 33 forces (out of a total of 45) who responded recorded almost 8,000 blackmail cases logged with a reference to sextortion in 2023. The same number of forces recorded just 23 in 2014. All the forces to respond were in England and Wales. On a night out with friends, Emma Evans, a student in Cardiff, was chatting to one of them about his chats on dating apps. He suggested the group look through some of the conversations, but one "particularly attractive and particularly keen" match raised alarm bells. "We looked at this chat and the thing that gave it away was that this person was saying the same words over and over again," Emma told BBC Radio 4's You and Yours. "For example, he kept on saying how he wanted to find someone who is really passionate over and over again, and he wasn't really answering my friend's questions." The group pointed out to their friend that the language seemed to be the speech patterns of an AI chatbot. Jim Winters, head of economic crime at Nationwide, urged people not to overshare images, particularly with someone they had never met. "Blackmail is one of the hardest things to face and it's happening more often. It's not easy but if something doesn't feel right, speak up," he said. "It might be tempting in the moment to share information or photos but once shared, you will never have control over it again." He has the following tips: Look out for odd phrases in messages and conversations that do not relate to what you have written Put any profile photos into a search engine and see if they have been used elsewhere, and are stock images If you are unsure about a situation, show the messages to someone else for a second opinion before things go too far Anyone who is being blackmailed should report their case to the authorities, for help and support "Talk to someone you trust, maybe a friend or family member. Don't suffer in silence," he said. As well as targeting young people near the start of their lives, fraudsters have been stepping up their attempts to trick the friends and family of people who have died. Criminals exploit the grief of bereaved families by impersonating them online and charging mourners to see funeral livestreams that should be free, according to the Chartered Trading Standards Institute (CTSI) which supports businesses and local authorities' trading standards officers. These livestreams became more popular during lockdown, and have continued since for those who struggle to attend a funeral in person. Fraudsters contact mourners with bogus links to watch a funeral and demand payment, or set up fake donation pages on legitimate websites. Katherine Hart, CTSI lead officer for doorstep crime, said: "This is a truly despicable scam – targeting people during one of the most emotionally difficult moments of their lives. "It's hard to imagine a more callous form of fraud. What's particularly upsetting is that victims often feel they can't report what's happened for fear of adding further stress to grieving families. "That silence is exactly what these criminals are counting on. We need people to stay vigilant, share warnings and report anything suspicious."

Yahoo

4 hours ago

• Yahoo

Families to march against knife crime through streets of Glasgow

A march against knife violence is to take place through the streets of Glasgow on Sunday. Starting at 1pm, the Parents Against Knives march will be joined by the family of Kory McCrimmon, who died after an attack involving a bladed weapon on May 31 2024. His family said the 16-year-old's life 'will not be in vain' as they urged others to join the march. The 16-year-old died after he was found seriously injured in Greenfield Park in the east end of Glasgow. A 14-year-old was last month sentenced to five years detention after admitting culpable homicide. The march comes in the wake of the deaths of teenagers Amen Teklay and Kayden Moy in separate incidents in recent weeks. In a statement issued through Victim Support Scotland, Kory's family previously said: 'Kory McCrimmon's young life was a brushstroke in time but we his family wish for his death to make a difference: Kory's life will not be in vain. 'Our aim here is to continue highlighting the increase in deaths and danger by knife and violent crime. Our sons and daughters are more than statistics, they deserve better. 'Kory's parents are very clear: if we can prevent at least one more family going through this life-shattering agony, we have gone a long way in our mission, but let's go further. 'We walk in Kory's name but we stand for all those lives lost or maimed to knife violence: too much, too many. No more. 'Come join our walk and lend your hearts and voices to making our streets, our young people and our lives safer.' Two boys aged 14 and 16 have appeared in court charged with murder following the death of 15-year-old Amen in the Maryhill area of Glasgow on March 5. Kayden, 16, was found seriously injured on Irvine beach in North Ayrshire after police were called to the area at about 6.45pm on May 17. A 14-year-old boy and two 17-year-old boys have appeared in court charged with murder following his death. The Parents Against Knives march will set off from Rangers' Ibrox stadium and those taking part will walk to Celtic Park in the east end of the city. Kate Wallace, chief executive of Victim Support Scotland, said: 'Too many lives are being devastated by knife crime in Scotland. 'Behind every statistic, hundreds of lives are irreversibly impacted with tragic consequences for everyone involved; family, friends, siblings, school mates, and the wider communities in which we all live. 'We support the Parents Against Knives walk, organised entirely by the McCrimmon family in memory of their son Kory, which will undoubtedly help draw attention to this growing crisis. 'These are complex and sensitive situations which require a multi-agency response from the Scottish Government, victim support organisations, police, social work, youth work and others to work together to tackle knife crime and the devastation it causes. People across Scotland deserve to feel safe in their own communities.'

Yahoo

4 hours ago

• Yahoo

AT&T's $177-million data breach settlement wins US court approval

By Mike Scarcella and David Shepardson WASHINGTON (Reuters) -A U.S. judge granted preliminary approval on Friday to a $177-million settlement that resolves lawsuits against AT&T over breaches in 2024 that exposed personal information belonging to tens of millions of the telecom company's customers. U.S. District Judge Ada Brown in Dallas said in a ruling that the class-action settlement was fair and reasonable. The deal resolves claims over data breaches that AT&T announced in May and July last year. Depending on which breach is involved, AT&T has agreed to pay up to $2,500 or $5,000 to customers who suffered losses that are "fairly traceable" to the incidents. After payments are made for direct losses, the remaining funds will be distributed to customers whose personal information was accessed. AT&T said it denied allegations it was "responsible for these criminal acts." "We have agreed to this settlement to avoid the expense and uncertainty of protracted litigation." AT&T said it expects the settlement will be approved by the end of 2025, with settlement payments to be issued early next year. One of the incidents resulted in the illegal downloading of about 109 million customer accounts at the U.S. wireless company. AT&T disclosed that its call logs were copied from its workspace on a Snowflake cloud platform covering about six months of customer call and text data from 2022 from nearly all its customers. In March 2024, AT&T said it was investigating a data set released on the "dark web" and said its preliminary analysis showed it affected approximately 7.6 million current account holders and 65.4 million former account holders. The company said the data set appeared to be from 2019 or earlier. The Federal Communications Commission is also investigating. In September, AT&T agreed to pay $13 million to resolve an FCC investigation over a data breach of a cloud vendor in January 2023 that impacted 8.9 million AT&T wireless customers. The FCC said the data exposed in 2023 covered customers from 2015 through 2017 that should have been deleted in 2017 or 2018.