The defendant transferred data from computer to personal phone, and to a personal hard drive.
A former GCHQ intern has admitted they took top secret data home, committing an offence under the Computer Misuse Act.
Hasaan Arshad from Rochdale pleaded guilty to the offence when on August 24th 2022 he took his work mobile phone into a top secret area of GCHQ and connected the device to a top secret work station, it was alleged.
According to media reports, Arshad then transferred sensitive data from a secure, top secret computer to the phone before taking it home to transfer the data from the phone to a hard drive connected to his personal home computer.
The defendant was arrested and his home was searched on September 22nd 2022. On Monday he pleaded guilty to a charge under Section 3ZA of the Computer Misuse Act 1990, relating to “unauthorised acts causing, or creating risk of, serious damage”.
Recklessness
Arshad’s lawyer Nina Grahame KC told the court that he had admitted the offence on the “basis of recklessness.” Sentencing has been adjourned sentencing for all the charges to June 13th.
Jake Moore, cyber security advisor at ESET, said: “The most damaging data breaches don’t always come from external attackers — they can just as easily result from internal mistakes, poor controls or invisible insider threats.
"Organisations need to remember to implement stricter access controls such as locking down removable media and ensuring that only those with direct operational needs have access to sensitive areas.
"Businesses also need to think about reducing the risk of mobile devices being used to capture sensitive data. It is worrying that personal devices were not banned from certain areas or picked up when entering. If phones are absolutely required, it can be effective to deploy strict Mobile Device Management tools to limit device capabilities in high-risk zones such as removing the use of the camera and microphone.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
