Search Icon
See all Business

GCHQ wants internet providers to rewrite systems to block hackers 

GCHQ
The changes are a core part of the strategy of GCHQ's National Cyber Security Centre Credit: Alamy

GCHQ is urging internet providers to change long-standing protocols to stop computers from being used to set off large-scale cyber attacks.

The Government’s cyber-defence arm said it plans to work with networks such as BT and Virgin Media to rewrite internet standards to restrict “spoofing” - a technique that allows hackers to impersonate other computers and manipulate them to carry out anonymous attacks.

“Distributed denial of service” (DDoS) attacks, which employ this method, have been used in numerous high-profile incidents in the past fortnight, including an unprecedented hack that brought down Netflix, eBay and hundreds more popular websites.

Dr Ian Levy: "We think we can prevent UK computer cyber-attacks"
Dr Ian Levy: "We think we can prevent UK computer cyber-attacks" Credit: Microsoft

“We think we can get to a point where we can say a UK machine can’t participate in a DDoS attack,” Ian Levy, technical director of GCHQ’s National Cyber Security Centre, told the Sunday Telegraph. “We think that we can fix the underpinning infrastructure of the internet through implementation changes with ISPs and CSPs [communications service providers].”

The plan would involve changes to the Border Gateway Protocol (BGP) and Signalling System 7 (SS7) standards that have been in place for decades, and are widely used for routing traffic. GCHQ wants providers to stop the trivial re-routing of UK traffic and help prevent text message scams.

The Internet Service Providers Association (ISPA), the body that represents ISPs, expressed scepticism, saying GCHQ was applying a “we can fix it , it’s easy” approach to a complex, historic system.

Interactive: DDoS number of attacks

James Blessing, the chair of the ISPA, said internet providers are working on their own fixes for such insecurities, “because we don’t like DDoS on our networks either”. But he said the complex nature of the technology, which involves a network of international communication, makes it a time-consuming process.

“No one country can fix this,” Mr Blessing said. “International cooperation and working together is the solution and it won’t be fixed overnight.

However, he said the industry would be open to suggestions for fixing well known problems with the BGP, and said it would welcome funding from the intelligence agency for the costly plan.

“A large amount of hardware will need upgrading to make sure whatever changes are made are propagated throughout the world. Government is more than welcome to fund the efforts, like the National Security Agency does in the US,” Mr Blessing added.

Cables 
GCHQ's plans would change decades-old internet protocols to bolster security  Credit: EPA 

Security researchers warned that the changes could pose a privacy threat by re-routing internet traffic and will not be able to prevent DDoS attacks.

“GCHQ doesn’t really have the trust of industry,” said Dr Steven Murdoch, a research fellow specialising in computer security at University College London, citing incidents where the agency has previously used such collaboration to improve its surveillance capabilities.

He also said it wouldn’t stop DDoS attacks, but would just move the problem to other countries.

The announcement followed the launch of the Government’s five year cybersecurity strategy this week, which includes £1.9bn for bolstering computer security, including provisions to create a national firewall.

READ MORE ABOUT:
Comment speech bubble icon
License this content