A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.

Hasaan Arshad, 25, speaking at the Old Bailey in London, admitted that on August 24, 2022, he took his phone into a highly secure area of GCHQ, the UK's intelligence and security branch, and downloaded top secret information – including some staff names – then returned home and transferred it to a hard drive connected to his PC.

He pleaded guilty to breaking [1]Section 3ZA of the Computer Misuse Act 1990 , by "unauthorized acts causing, or creating risk of, serious damage."

[2]

Prosecutors said Arshad downloaded a "top secret" tool that they estimated was worth millions of pounds and had been developed using a "significant amount" of taxpayer money. Arshad stole the software two days before his year-long placement at GCHQ was due to end.

[3]

[4]

Arshad, a student at the University of Manchester, was arrested and his home was searched on September 22, 2022, according to [5]reports . After his computer equipment was searched, investigators found he had illegally created two indecent images of a child that month; he already pleaded guilty to two charges relating to those crimes in 2023.

Investigators found discussions on his phone relating to "bug bounties" and mention of "10k for simple info leaks," but in a prepared statement to police, he denied any financial motive.

[6]

"I removed the data simply out of curiosity to further develop some of the changes I was unable to complete during the course of my placement. I had intended to use my developments when I hopefully returned to my previous team," he said.

"I'm sorry for my actions and I understand the stupidity of what I have done. I understand the potential damage and risk when obtaining the data. I have accepted that I removed the data and the stupidity of doing so. I did take steps to ensure that the data was not compromised," he added.

[7]Wanted. Top infosec pros willing to defend Britain on shabby salaries

[8]Ex-GCHQ software dev jailed for stabbing NSA staffer

[9]Stifling Beijing in cyberspace is now British intelligence's number-one mission

[10]Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

The crime was one of "recklessness," Arshad's lawyer, Nina Grahame KC, told the court. He is currently out on bail and banned from using the dark web as part of the terms of his release. Sentencing is due on June 13 and Mrs Justice McGowan warned him that he may face a custodial sentence.

GCHQ runs a regular summer internship program and says it is seeking applicants from Black, Asian, mixed heritage, or other ethnic minorities, as well as those from socially or economically disadvantaged backgrounds, since these demographics are underrepresented at GCHQ.

The [11]program involves shadowing intelligence staff and studying math, cryptography, and language skills. Students get free accommodation and £300 ($388) per week for the ten-week internship. Arshad attended the program in 2019 and was spending a year on placement at GCHQ with full security clearance, and stole the data two days before his placement ended.

[12]

Attempts to exfiltrate top secret data are flagged by security systems. Had Arshad read Edward Snowden's autobiography, he'd have known this. ®

Get our [13]Tech Resources



[1] https://www.legislation.gov.uk/ukpga/1990/18/section/3ZA

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z-u5QUBn7zjH6q00VzEvPwAAA5A&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-u5QUBn7zjH6q00VzEvPwAAA5A&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-u5QUBn7zjH6q00VzEvPwAAA5A&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://news.sky.com/story/ex-gchq-employee-pleads-guilty-to-causing-risk-to-national-security-13339410

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z-u5QUBn7zjH6q00VzEvPwAAA5A&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/10/29/gchq_needs_advanced_cybersecurity_professionals/

[8] https://www.theregister.com/2023/11/03/gchq_software_dev_stabbing/

[9] https://www.theregister.com/2024/05/16/the_uks_alarm_over_china/

[10] https://www.theregister.com/2024/12/03/ncsc_annual_review/

[11] https://www.gchq-careers.co.uk/our-careers/early-careers/summer-placements.html

[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z-u5QUBn7zjH6q00VzEvPwAAA5A&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[13] https://whitepapers.theregister.com/