55 comments

[ 3.2 ms ] story [ 98.7 ms ] thread
What an obvious piece of propaganda/recruitment ad. Is GCHQ having such difficulty finding staff?

Cool detail about the Royal Navy and lead-lined code books though.

>Is GCHQ having such difficulty finding staff?

They're trying but apparently there's not enough ballet dancers to fill all the roles.

That one solicited a decent size guffaw. What a ridiculous campaign it was.
Russia has quite allot...oh
Is GCHQ having such difficulty finding staff?

A large government department requiring niche technical skills on public sector pay and bureaucracy levels in a rural part of the country?

There are probably some difficulties.

Recruitment isn't a problem if there is a worthwhile mission. Things like the Berlin Airlift and Marshall Plan motivate people.

The idea that GCHQ is doing anything other than preserving Britain's role as junior partner in an increasingly immoral American empire is kind of laughable.

At this point, what do America and Britain stand for?

Pretty much this, they pay crap.

That and a lot of the people with the genuine skills they need are actually on the other side of the spectrum from them on things like liberty, free speech and privacy.

Fuck 'em.

Yes they are having difficulty. No one wants to be paid that terribly to work for a place that owns a big chunk of your life, leaves you somewhat less employable afterwards and does nothing even slightly sexy.
(comment deleted)
(comment deleted)
I know a couple of ex staff who left after a short while, dissatisfied. Obviously no details but it's clear that it combines the low pay and inflexibility of civil service work with a whole extra hassle of working securely.

Lots of advertising for all three arms of the military at the moment too.

Full-time staff they will struggle with as the pay is so crap for the skills they need.

I just assume they are mostly contractors these days

“For security reasons, all but a handful of employees here – such as the director – are known only by their first names.”

It was amusing going to tech meetings in London, when GCHQ/NCSC staff sometimes attend. The spooks are blatantly obvious with their first-name-only badges :-)

I think I'd probably spend most of the meeting trying to find out their real names.
I'd like to ask them how they square the circle morally by supporting an agency that under the most optimistic interpretation breaks the law constantly.
(comment deleted)
That kind of thinking is compartmentalised into oblivion.
This has been solved: the home secretary can now authorise the security services to commit crimes completely legally.

/S

They claim that they don't break the law.

Most of the UK laws do specifically have sections allowing the security services to operate.

At this point in time I’d almost go as far as saying those working in something as ethically disagreeable as cigarette production would be justified in guffawing at the hypocrisy should some tech worker bring up the morality of their work with them.
Yeah the UK would be much better off without an intelligence agency and if only the West would lay down its arms. Imagine!
It is a cute policy, a historical anachronism. In these days of internet databases and facial recognition the actual security advantage of not knowing someone's last name is minimal. Anyone who really wants to can find it.

As a basic first-order op, start with a the graduation photos of the elite British schools, which wouldn't be hard to get from their libraries. Pass that to some basic facial recognition software and within minute you will have all those secret last names.

.. and a visit from GCHQ informing you that you've breached the official secrets act.
Anyone who matters, anyone properly dangerous from whom GCHQ wants to hide, doesn't care much about official secrets acts. Any KGB (ie russia's FSB) wouldn't hesitate. But it would be an interesting exercise. A visit to the oxbridge libraries, then compare those faces to everyone walking the streets around MI5/6. Seems rather tame compared to all the other things we know have been done.
Entertainingly Bellingcat is doing the same thing to the GRU: https://www.bellingcat.com/news/2020/02/25/an-officer-and-a-...

(people should stop using "KGB" to refer to any Russian intelligence service, it's just fighting a war that ended 30 years ago)

KGB means state security service. There are plenty of KGBs around the world in places like Belarus. Only russia has renamed its KGB to FSB.
(comment deleted)
You're definitely correct, but its more like "scrape Facebook and Linkedin in real time".

This measure is probably more about generating mystique that is useful for recruiting than it is about maintaining security.

Pure propaganda. Shame on the self described journalist for partaking in this propaganda.
One of the interesting thing that struck me, is that in the photos of computer screens, it appears they are using Windows. wtf?

Now I'm nervous enough about these Windows zero day exploits to not use windows (using Ubuntu now). I just expected them to be even more paranoid than me.

(comment deleted)
I severely doubt the computer of an analyst actually has anything like an internet connection. Anything 'exposed' to the outside world is basically assumed to be infected, including hardware.

Ultimately many of the analyst tools they use are decades old, and only support Windows.

It makes sense that an analyst would just shift through internal tools not connected, that process intelligence data.

However, they must have s/w engineers. I'm curious how they do their jobs w/o stack-overflow, google and obviously HN. :)

Yes, it's possible to do dev w/o an internet connection, but programming nowadays is a pita, especially as a full-stacker. i.e. I just had to deal with a sticky css footer problem and I would have topped myself if I didn't have the internet.

Maybe they have a separate computer for that? As long as it doesn't have anything secret on it, it shouldn't matter much if it's infected.

Though they'd still have to be careful that what they search doesn't give anything away, and that an adversary might be injecting results, so maybe not.

You'd be surprised how far you can get with printed reference material. And especially if you're using mostly "boring"/"mature" technology.

There probably are machines connected to the public internet, but if you need to lock your workstation, walk over to the designated unclassified machine, log in to that, do your search, write down or print the answer, log out of that machine, walk back to your workstation and then unlock it - every time you want to look up a CSS thing - you'd probably just ask your boss to buy you a dang book.

There was a program on the radio about either GCHQ or MI5 a while back, interviewing some who worked there, all young people by their voices. They talked about it as a job, even the interviewer noted they didn't discuss dealing/mitigating bad stuff like actual bad actors and enemies[0], they liked it as a job, reasonably enthusiastic I guess. What was most obvious to me was they sounded not very smart; they had little insight into a larger role, no deeper questioning of what they were really doing, mainly a nice secure job and that was fine with them. They came over as medium-dull bureaucrats at the start of their career.

[0] badly put but I hope it's clear

Nice that the article links to the original Time Out "Eavesdroppers" article, but only mentions an "American journalist" as author, ignoring Duncan Campbell. Both were given a hard time by the authorities, which Campbell wrote about at The Intercept: https://theintercept.com/2015/08/03/life-unmasking-british-e...

Edit: having read it, very lightweight as you'd expect. Interesting they are publicising their new in-house historian (https://twitter.com/TrooperAbs) but not the new authorised history that has just been released (https://twitter.com/GCHQ/status/1320292272488009729).

Speaking of GCHQ - this is an excellent movie starring Keira Knightley and Matt Smith that got way too little exposure:

https://en.wikipedia.org/wiki/Official_Secrets_(film)

(Rotten Tomatoes Audience Score: 89%)

> Official Secrets is a 2019 British-American docudrama film based on the life of (GCHQ) whistleblower Katharine Gun who leaked a memo exposing an illegal spying operation by American and British intelligence services to gauge sentiment of and potentially blackmail United Nations diplomats tasked to vote on a resolution regarding the 2003 invasion of Iraq.

https://en.wikipedia.org/wiki/Katharine_Gun

> Gun's regular job at GCHQ in Cheltenham was to translate Mandarin Chinese into English. While at work at GCHQ on 31 January 2003, Gun read an email from Frank Koza, the chief of staff at the "regional targets" division of the American signals intelligence agency, the National Security Agency.

> Koza's email requested aid in a secret operation to bug the United Nations offices of six nations: Angola, Bulgaria, Cameroon, Chile, Guinea, and Pakistan. These were the six "swing nations" on the UN Security Council that could determine whether the UN approved the invasion of Iraq. The plan might have contravened Articles 22 and 27 of the Vienna Convention on Diplomatic Relations, which regulates global diplomacy.

This is a wonderful movie and one anyone interested in the stories and fate of Assange, Manning and Snowden will appreciate.
I really think this article, like many others, is part of a post-Snowden propaganda push. They know they've lost the hearts and minds of nerds -- that's why we now encrypt everything. Where once GCHQ et al were desirable places to work, now I am very much sure that the vibe among the people they want to attract is far from positive. Just look at the HN discussion, for example.

One of my friends is an academic computer scientist, working on steganography, specifically steganalysis -- trying to do the inverse problems like "given 1e12 cat pictures, find the one with hidden information". GCHQ often like to talk to him about his work.

He has spoken of it being filled with mathematicians too socially inept to have an academic career...

> Where once GCHQ et al were desirable places to work

From a US perspective, Britain has low salaries in the private sector, but the civil service is even worse.

You would have to squint carefully at the benefits before joining.

I’m not sure what spurred you into action to offer up... well this... but do please keep in mind that many of us outside the USA don’t put money ahead of literally everything else in life as most Americans seem to.
Anything more you care to say about what most Americans seem to ...

You have to have quite the vantage point to have insight like that.

It’s more than likely that you all on the other side of the Atlantic aren’t our betters

It's exactly the same in the US public service. The TLA's have been complaining about it for years and they are essentially hamstrung with defined public service salaries. It's a shitty situation for natsec operators and institutionally hard to change.

All of which has essentially led to the proliferation of greymarkets for exploits like Zerodium et al.

The situation is likely far worse for the States than the UK as the salary differential is greater and the agencies can only hire citizens. Do note that the US government is now the biggest buyer of malware on the planet, not really that surprising when you look at the circumstances.

I'm a software engineer working in the UK Civil Service for the last 5 years after a 15 year career in the private sector (including a few short stints in Menlo Park). You are right, the money is far, far from the best I could earn but then on top of the 8 days of public holidays I get 30 days leave (plus an extra day for the Queen's birthday, gawd bless 'er), flexible working hours, a pension that's worth way more than I accrued privately and a cultural abhorrence workhouse practices I've experienced in the private sector.

Best of all, I get to work on systems which touch entire populations.

I guess Type-X personalities need not apply.

What percentage of mathematicians would that be?

You just need enough, given unlimited computational budgets.

> Just look at the HN discussion, for example.

Isn't this an obviously biased sample? People who work at GCHQ can't talk about it, even if they enjoy it.

And for the few who are allowed to discuss it and enjoy working there they won't talk about it because, as you say, look at the HN discussion.

(comment deleted)
(comment deleted)