Foreign intelligence agencies are targeting IT workers at big businesses to gain access to sensitive information, MI5 warns British corporations
- Security service warns of the threat posed to firms by members of staff
- Fears junior IT workers could infiltrate systems and sell vital information
- Could also upload malicious software to cause a business serious harm
- Concern is that staff could easily be targetted by Russia, China or Iran
- MI5 wants large corporations to increase their resistance to the threat
- Says they have ignored the internal threat by focusing on the external
MI5 has warned large corporations that foreign spy agencies may be secretly recruiting their IT workers in the hope of gathering sensitive information for use in cyber attacks, it has been claimed.
The security service is said to have conducted talks with senior figures at a number of leading British businesses in recent months, with the infiltration of IT departments understood to be a top priority.
Even the most junior IT worker could compromise vital computer systems by uploading malicious software, and could also gain access to the kind of sensitive information which may prove useful to hostile nations such as Russia, China or Iran.
Threat: MI5 has warned that even the most junior IT worker could compromise computer systems on behalf of hostile countries such as Russia, China or Iran Writes John Hall
MI5’s warnings come in the hope of encouraging big businesses to boost their security systems, according to a report in the Financial Times.
Although many British companies have increased their systems to protect against external cyber attacks in recent years, the threat from malicious members of staff has been somewhat ignored.
Foreign intelligence agencies are now thought to be taking advantage of this vulnerability by targetting junior IT workers with access to privileged information – such as corporate or national secrets – and paying them large amounts of money to pass on the details.
Concern: The threat posed by low-level workers was highlighted by the recent Edward Snowden case
They may also use the members of staff to upload virus’ or malware to computer systems in the hope of causing a business serious harm, and possibly even impact on stock markets.
Paul Stockton – the former U.S. assistant secretary of defence with responsibility for homeland defence and security – explained to the newspaper how spy agencies would not need to target high level workers to gain lucrative information.
‘Insider threats are a growing challenge… the highest risk employees, they’re not necessarily those at the highest levels of an organisation,’ he said.
‘Rather it is the systems administrators and others who hold the keys to the IT kingdom that pose such significant potential threats,’ he added.
The threat posed by low-level workers was highlighted by the case of Edward Snowden – the former junior security contractor who leaked thousands of classified documents early last year.
Snowden’s leaked documents uncovered the existence of numerous global surveillance programs, many of them run by his former employer – the U.S. National Security Agency.
Snowden’s claims his ‘sole motive’ for leaking the documents was ‘to inform the public as to that which is done in their name and that which is done against them.’
The controversial disclosures have led to intense debates over mass surveillance, government secrecy, and the balance between national security and information privacy.