The UK government surveillance agency GCHQ needs more hackers. The normally secretive agency has taken the unusual step of posting a job advert – and a press release – about its hunt for IT security staff.
It’s the first time GCHQ has openly recruited for what it describes as ‘computer network operations specialists’.
The job description throws a little more light on the role: “In cyber security roles, our operations specialists may find themselves working in a team, or seeking to defend government systems against criminals seeking to steal information, identities or money,” it says.
What’s particularly interesting is that while the agency is looking for staff to work in cyberdefence – the relatively standard job of detecting and preventing attempts to attack the UK’s critical national infrastructure – it’s also looking for ‘cyber intelligence’ experts who will take a more exotic approach.
“Cyber intelligence specialists might need to develop software to access the computers of a terrorist group, or carry out operations to retrieve vital online clues about the location and identity of members of an organised crime ring,” GCHQ said.
We know from the Snowden revelations that GCHQ has a long history of using such techniques. Among other things, it has been accused of involvement in the hacking of SIM maker Gemalto in an attempt to grab encryption keys used for mobile phones, and of launching a distributed denial-of-service attack against Anonymous hacktivists (in both cases GCHQ said all of its work “is carried out in accordance with a strict legal and policy framework”).
So why go public now?
Partly it’s because – thanks to such news stories and leaks – everybody now knows that GCHQ does this sort of thing, so there’s little point in pretending anymore.
GCHQ’s more public stance is also a reflection of greater openness about the capabilities of the intelligence service: the UK government recently published a set of draft guidelines which lay out how spies can use electronic hacking and bugging devices, in order to provide a legal framework for the activities of the UK’s security and intelligence agencies at home and abroad.
Some of this openness is a (reluctant) result of Snowden, some of it the result of the gradual maturing in cyberdefence and offensive strategies: for example, the US is being much more open about its cyber capabilities. As a result, these sorts of activities are slowly emerging from the shadows.
Being more open about recruitment could help the agency find candidates who would otherwise be reluctant to apply. That matters because GCHQ is hardly the only organization hiring when it comes to IT security.
There’s a national and international shortage of security experts, and other recruiters – like the big banks – have got much deeper pockets. In contrast, GCHQ is offering a starting salary of £27,913 and you’ll need to pass security check too.
Admittedly, high-paid corporate jobs in financial services and the like don’t offer exciting work taking on organised crime but equally they don’t want you relocate to Cheltenham or Scarborough, either.
All of this means that, for once, even for GCHQ, a bit of publicity can’t hurt.