GCHQ intern who downloaded secrets and names of spies onto phone learns fate
A GCHQ intern has been jailed for seven and a half years after he took top secret data home which endangered national security, risked exposing 17 colleagues and "threw away" thousands of hours of work.
Manchester University computer science student Hasaan Arshad, 25, was in "flagrant breach" of tight security rules when he used his mobile phone to remove material from a computer system and transfer it to his private computer on August 24, 2022. The defendant, who has an autism spectrum disorder, was said to be an academically gifted "perfectionist" who was motivated by a desire to complete the project he had been tasked with at GCHQ as his placement was coming to an end.
But sentencing him on Friday, Mrs Justice McGowan said his was "intellectual arrogance" and he acted under the belief that the "rules do not apply to him." Arshad, from Rochdale, Greater Manchester, pleaded guilty to an offence under the Computer Misuse Act which carries a maximum penalty of life in prison.
The defendant also admitted two charges of making an indecent photograph of a child in relation to 40 category A videos and four category B videos downloaded from the dark web and found on his personal phone following his arrest. Sentencing, Mrs Justice McGowan jailed Arshad for six years for the data breach and a further year and a half for the sexual offences.
She said: "The risk raised by this conduct was at the highest level. I accept there is no evidence of any intention to sell, disclose or ransom the material." However, the risk was "obvious" and the damage "incalculable", she said.
Part of the hearing – including a detailed assessment of the harm caused – was held behind closed doors in the absence of the press and public. However, the court was told that Arshad's actions "lost a tool" being developed at GCHQ, risked exposing the identities of 17 GCHQ colleagues, and undermined the trust of partners.
Opening the facts in open court, prosecutor Duncan Atkinson KC said the data breach also "created a significant risk of damage to national security." The Government Communications Headquarters – known as GCHQ – is the UK's intelligence, security and cyber agency and plays an important role in keeping the country safe, in conjunction with MI5 and the Secret Intelligence Service (MI6).
The highest levels of security are needed for GCHQ to carry out its work to gain information about threats to the UK from "hostile states or terrorists" by using lawful covert tools and techniques, the court was told. Mr Atkinson said: "Put bluntly, if hostile states or terrorists were aware of how GCHQ was able to gather intelligence about their plans, they would be able to prevent the intelligence community in the UK from learning of those plans at a stage and to an extent that allows the intelligence community to thwart them."
At the time of the offence, Arshad was coming to the end of an industry year placement with a technical development team which required him to work at a secure GCHQ site near Cheltenham, Gloucestershire, and use computer systems. The court heard he was part of a team that worked on the development of "tools and techniques" to obtain information about threats to the UK.
Arshad had undergone GCHQ induction and was required to sign the Official Secrets Act. It was made "abundantly clear" to Arshad that his access to top secret material had to be in controlled circumstances at "an extremely secure location", Mr Atkinson said.
He went on: "In flagrant breach of those obvious and necessary restrictions, the defendant used a mobile handset provided for his use whilst on his work placement but with strictly confined scope as to its permitted use, to remove top secret material from the top secret network of the technical development team to which he had been attached.
"He then transported that material from the secure location where he had been working to his home, risking it falling into the wrong hands or being lost, and downloaded it onto a removable hard drive which formed part of the IT system that he used at his home address.
"This significant security breach compromised lawful intelligence-related activity that was being undertaken in the national interest. In doing so, he threw away many thousands of hours of work, and significant sums of taxpayers' money."
Mr Atkinson said his actions had damaged "confidence in UK security" because the data included the identities of a "significant number" of GCHQ colleagues and put others' safety at "direct risk". Following his arrest, the defendant, who went on to achieve a first class honours degree, admitted removing data without authorisation "out of curiosity" saying he had no intention to share it.
He told police: "I'm sorry for my actions and I understand the stupidity of what I have done." Arshad said he "went out of my way" to ensure the data was stored locally and not in the cloud.
Mitigating, Nina Grahame KC said the defendant had been "reckless, thoughtless and naive" and put his "possessive" desire to complete his project above all else. He took the data home because he wanted to "continue and complete the most exciting and challenging work the defendant had ever undertaken" in the hope of gaining future employment at GCHQ, Ms Grahame said.
The court was told Arshad was driven by ambition and perfectionism having achieved the second highest mark in the country for his computer science A level. His parents were "distraught and heartbroken" at what happened and "feared" for his wellbeing in prison, Ms Grahame added.
Bethan David, head of the Crown Prosecution Service Counter Terrorism Division, said: "Hasaan Arshad knew his actions were prohibited after he signed the Official Secrets Act and received his induction training. His conduct was deliberate and intentional, and represented a flagrant breach of the obvious and necessary rules in place. The Crown Prosecution Service will always seek to prosecute anyone that knowingly jeopardises and endangers the safety of our country."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
BBC News
3 days ago
- BBC News
Ex-Devon and Cornwall PC facing stalking and misconduct charges
A former police officer has been charged with stalking and misconduct in public Kevin Davis, who worked for Devon and Cornwall Police, is due to appear at Exeter Magistrates' Court on Wednesday following an said the first charge related to allegations the 41-year-old, from Seaton, pursued a course of action which amounted to stalking a woman between January and May second charge was linked to claims he used a computer to secure unauthorised access to a program or data contrary to section 1(1) and (3) of the Computer Misuse Act 1990 during the same dates as the stalking allegations.
BBC News
3 days ago
- BBC News
Rotherham hacker who stole millions of people's data jailed
A cyber-criminal who hacked into the websites of international organisations and stole the login details of millions of people has been jailed for 20 months. Al-Tahery Al-Mashriky, 25, from Rotherham, was arrested by cyber-crime officers in August 2022, after they received intelligence from US law enforcement about extremist hacker groups, according to the National Crime Agency (NCA). He had stolen personal data that "could have enabled him to target and defraud millions of people," according to an NCA of Leonards Lane, pleaded guilty to nine offences under the Computer Misuse Act 1990 and was jailed at Sheffield Crown Court on 15 August. NCA investigators who seized Al-Mashriky's laptop found he was in possession of personal data for more than four million Facebook users and had several documents containing usernames and passwords for services such as Netflix and officers were able to link him to hacker group the Yemen Cyber Army through social media and email court heard forensic analysis of Al-Mashriky's laptop and several phones found he had infiltrated a number of websites, including the Yemen Ministry of Foreign Affairs, the Yemen Ministry of Security Media and an Israeli news gained unauthorised access to the websites, created hidden webpages containing his online monikers and messaging that furthered his religious and political ideology, according to the NCA. 'Significant disruption' Al-Mashriky would often target websites with low security, gaining recognition in the hacking community for the large number of pages he infiltrated, the NCA one of his many online aliases, he claimed on one cyber-crime forum that he had hacked into more than 3,000 websites during a three-month period in found that in February 2022, after hacking into the website for Israeli Live News, he accessed admin pages and downloaded the entire website. He had also hacked into two Yemeni government websites, deploying tools to scan for usernames and websites targeted by Al-Mashriky included faith websites in Canada and the USA, as well as the website for the California State Water director Paul Foster, head of the NCA's National Cyber Crime Unit, said: "Al-Mashriky's attacks crippled the websites targeted, causing significant disruption to their users and the organisations, just so that he could push the political and ideological views of the Yemen Cyber Army."He had also stolen personal data that could have enabled him to target and defraud millions of people."Cyber-crime can often appear faceless, with the belief that perpetrators hide in the shadows and can avoid detection. "However, as this investigation shows, the NCA has the technical capability to pursue and identify offenders like Al-Mashriky and bring them to justice." Listen to highlights from South Yorkshire on BBC Sounds, catch up with the latest episode of Look North
Telegraph
05-08-2025
- Telegraph
Spy agencies repeat internship white British applicants cannot apply for
Britain's intelligence services have re-opened a summer internship scheme which ban white participants from applying, despite critics last year labelling it 'racist'. First launched in 2023, the MI5, MI6 and GCHQ Summer Intelligence Internship has been offered only to young people from a 'Black, Asian, mixed heritage or ethnic minority background and from a socially or economically disadvantaged background'. When the scheme for this summer was first advertised, Chris Philp, the shadow home secretary, described the programme as 'racist' and called for it to be axed. 'I understand the need to encourage applications from a wide range of backgrounds, including under-represented minorities,' he said. 'But this is an overtly racist policy and it should be immediately discontinued. It implies it's impossible for any white person to be deprived or deserving of assistance.' Claire Coutinho, the shadow energy secretary, said: 'Deciding who can do a summer internship scheme based on the colour of their skin is bad enough. To bar patriotic white Britain's who want to serve their country, but allow white Irish people, is utterly mad. 'To make matters worse, the security services will also shut you out if you're a child of a nurse, a cabbie or your dad ran a corner shop, while the child of an £80,000 a year train driver is eligible. 'This is state-sponsored discrimination. We should just choose the best people for the job. The Conservatives will defend fairness and stand firmly against ideology replacing competence.' However, despite widespread criticism the scheme is set to go ahead. The programme will run for 10 or more weeks depending on the service, and has been offered to 'increase diversity within our organisations' by the intelligence services. The advert also states that applicants must also be 'from a socially or economically disadvantaged background', as alongside ethnic minorities they are 'currently under-represented in the UK's Intelligence Services'. One former senior Royal Air Force (RAF) officer previously said he believed the decision not to allow poor white students to apply is 'blatant discrimination'. Tim Davies, a former squadron leader, said: 'Opportunities are being denied to white children, that's just a fact, they cannot apply just because they are white.' He said that the RAF had made a similar mistake when pursuing a recruitment policy, which led to accusations that it had discriminated against white men in its effort to meet 'aspirational diversity targets'. The Ministry of Defence subsequently admitted that 'despite the best of intentions, some mistakes were made' in its approach, after reports of a recruitment drive which appeared to favour women and ethnic minority candidates. The inquiry followed the resignation of the RAF's head of recruitment, after she reportedly refused an order to hire more diverse candidates because she believed it was 'unlawful'. Earlier this year, The Telegraph reported that an intern hired by GCHQ stole secret data and returned home with it, in what was described as a national security breach. Hasaan Arshad, 25, took his work mobile to a top secret area of the GCHQ building, connected it to a workstation, and was then allowed to take the device home unchallenged. Thereafter he transferred sensitive information to a hard drive linked to his personal computer, and was arrested a month later downloading it. It was not clear whether Arshad was admitted as an intern through the diversity scheme. The Foreign, Commonwealth & Development Office, the department responsible for the Security Services, was contacted for comment.
