Disappearing WhatsApp Texts Recommended to Politicians by GCHQ

Elected representatives and political candidates have been cautioned about spear-fishing and spoofing ahead of local and general elections.
Disappearing WhatsApp Texts Recommended to Politicians by GCHQ
The 24-hour operations room at Government Communication Headquarters (GCHQ) in Cheltenham, England, on Nov. 17, 2015. Ben Birchall/AFP via Getty Images
Evgenia Filimianova
Updated:
0:00

The UK intelligence service has advised politicians to use disappearing WhatsApp messages on personal use devices, which would see texts automatically deleted after a set period.

The recommendation is part of wide-ranging guidance issued by GCHQ’s National Cyber Security Centre (NCSC) on Monday. It follows reports of Chinese state-affiliated actors targeting UK democratic institutions and parliamentarians between 2021 and 2022.

Politicians using WhatsApp on their personal phones and for personal use should consider opting for the disappearing messages setting, the NCSC said.

WhatsApp users can set messages to disappear 24 hours, 7 days, or 90 days after they’re sent unless that message is kept. Disappearing messages can be turned on for all or selected chats.

“By turning this on you will limit what a successful attacker could access if they do manage to get in,” the advice says.

Politicians should also be careful when receiving message requests from unknown accounts. “Consider calling first to verify who they are,” the guidance says.

According to an Institute for Government (IfG) report, WhatsApp is widely used across Westminster to make decisions, get information on policies, and keep up informal communication.

This could lead to poor decisions being made with incomplete information and make record keeping and scrutiny more difficult, the IfG said.

In February, George Adam, who serves as the Scottish parliamentary business minister, was challenged on his 24-hour WhatsApp timer during an interview with the BBC’s “Good Morning Scotland.”
Even though the interview was conducted over a WhatsApp call, Mr. Adam said that he didn’t use the app for parliamentary business in “any shape or form.”

Electoral Management System

The NCSC guidance aims to prevent or reduce cyber attacks on “UK democratic institutions,” especially in light of upcoming local and general elections.

“Democratic events such as elections are attractive targets for adversaries, and organisations and individuals must be prepared for threats, old and new,” said the NCSC.

Among the measures set out by the centre are increased scrutiny of Electoral Management System (EMS) data and mitigation of election disruption risks.

Organisations coordinating elections should ensure the security of EMS suppliers, review the level of access individuals have, and enhance the security of cloud hosting infrastructure.

The NCSC noted the “crucial role” of EMS software in voter registration, ballot preparation, and election administration.

“This makes it a particularly important security consideration when it comes to ensuring the integrity of the electoral process,” the four-part guidance said.

Spear-fishing and Spoofing

Voters in parts of England and Wales will take to the polls on May 2 to elect councillors, mayors, and police commissioners. Later in the year, millions of UK voters are expected at the polls for the general election vote.

The NCSC has warned about risks to electoral processes posed by spear-phishing and spoofing.

Spear-fishing involves cyber attacks that target specific individuals or organisations, typically through malicious emails encouraging them to share sensitive information.

Attackers can use generative artificial intelligence to create “even more convincing spear-phishing content,” the guidance cautioned.

“Without the right controls in place, an attacker could use your domain to send emails pretending to be your organisation, also known as spoofing. This could be used to make spear-phishing emails look more convincing,” said the NCSC.

Elected representatives, candidates, activists, and staffers are all part of the high-risk individuals group, according to the NCSC.

Having a weak password, failure to set up a two-step verification process, and inadequate privacy settings on social media accounts all increase the chance of a cyber attack.

The centre advised politicians to consider setting up stronger passwords. Complex but easy to remember passwords could use a sequence of three random words, the NCSC advised.

Users also can write down their passwords and keep them separate for their devices, or alternatively use a password manager.

“For any public social media accounts that you use in a professional context, consider using a social media management service. This means that colleagues or employees will be able to create posts for you without you sharing your passwords,” said one of the recommendations.

Evgenia Filimianova
Evgenia Filimianova
Author
Evgenia Filimianova is a UK-based journalist covering a wide range of national stories, with a particular interest in UK politics, parliamentary proceedings and socioeconomic issues.
Related Topics