cherezoff - stock.adobe.com

National Cyber Force carrying out daily hacking operations to disrupt hostile threats

Government discloses details about the National Cyber Force’s disruption activities against terrorists, organised criminals and nation states – and names first NCF chief as James Babbage

The UK’s newly created offensive cyber unit, the National Cyber Force (NCF), has carried out daily hacking operations to counter sophisticated cyber threats and disrupt state disinformation campaigns and terrorist groups, it has been revealed.

The government yesterday disclosed rare details about the work of the NCF, which was formed three years ago to respond to hostile state hacking, terrorism and high-tech criminals.

The director of signals intelligence agency GCHQ, Jeremy Fleming, said the NCF had “countered state threats, made key contributions to military operations, and disrupted terrorist cells and serious criminals, including child sex offenders”.

The government also named the head of NCF as James Babbage, a GCHQ intelligence officer for nearly 30 years.

Babbage, who took a degree in history and went on to complete a master’s in computing, has spent most of his career at the signals intelligence agency, with interludes at the Ministry of Defence and as a liaison officer in the US.

The NCF disclosed that it had carried out hacking operations to counter terrorist radicalisation, reduce the threat of interference in elections and disrupt attempts to evade UK government sanctions, in addition to supporting military objectives.

One of the NCF’s most important strategies is to use techniques that have the potential to sow distrust, decrease morale and weaken the ability of adversaries to plan and conduct their activities effectively, a report published yesterday revealed.

Known as the “doctrine of cognitive effect”, objectives can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to spread disinformation.

The aim is to undermine an adversary’s confidence in the data they are using, undermine the ability of information systems to function effectively or disrupt communications through hacking or equipment interference.

Operations could include covertly gathering data on hostile actors to demonstrate that their activities are “known and understood”, or covertly contacting individuals who pose a threat to the UK and influencing their actions. Other operations covertly expose information to highlight, for example, that a state actor is responsible for a disinformation campaign.

The NCF’s work is focused on “priority targets with high tailored and calibrated actions designed to achieve specific outcomes”.

Operations can be carried out by the NCF acting alone, or as part of wider campaigns with other intelligence agencies and partner countries.

The report, Responsible cyber power in practice, did not give details of specific operations, but noted that countries – including Russia – routinely carry out cyber operations to spread disinformation, undermine democratic processes and disrupt critical infrastructure.

The NCF also identified ransomware, the distribution of terrorist propaganda on the internet, and the rise of cyber criminals carrying out politically motivated cyber attacks following the conflict between Russia as Ukraine, as threats.

Set up as a joint operation between staff of the Ministry of Defence, GCHQ, the Secret Intelligence Service (MI6), and the Defence Science and Technology Laboratory (DSTL) at Porton Down, the NCF operates under a single command.

GCHQ II

Known internally as GCHQ II, the NCF is setting up a permanent headquarters at Samlesbury in Lancashire, which is expected to bring £5bn of investment into an area struggling with lower-than-average wages and a shortage of highly skilled jobs. It will eventually employ 3,000 staff.

James Babbage has led the NCF since it was created in 2020, and has been responsible for growing the organisation and building relationships and links with its partner agencies and other organisations, including businesses and universities.

He is one of only four senior heads of intelligence to be publicly named, alongside GCHQ director Jeremy Flemming, MI5 director Ken McCallum and MI6 chief Richard Moore.

In one of the few cyber operations to have been made public, GCHQ worked with US Cyber Command in major operations against the Islamic State (IS) during the war in Afghanistan, as part of Operation Global Symphony. Cyber specialists jammed the ability of IS commanders to communicate, fed them false instructions over the internet and took down servers hosting IS propaganda.

Read more about the National Cyber Force

Read more on Hackers and cybercrime prevention