UK Secret Intelligence Service MI6

From LeakDirectory

Jump to: navigation, search


General Notes

The Secret Intelligence Service (SIS), often known as MI6, collects Britain's foreign intelligence. The Service is based at Vauxhall Cross in London. Its Chief is Sir John Sawers. SIS provides Her Majesty's Government with a global covert capability to promote and defend the national security and economic well-being of the United Kingdom.

This website is one of those for which fake Digital Certificates were produced by an allegedly Iranian hacker or the Iranian government see DigiNotar Damage Disclosure

Contact Details


Encrypted Contact Form:

Press Enquiries


(favoured journalists get secret anonymous briefings)

Enquiries from the media are conducted through a dedicated FCO press officer in FCO Press Office. Because of the secret nature of our work, it's been the policy of SIS and successive Governments not to comment on operations, staff, agents, or relations with foreign intelligence services. SIS does not have a Press Office.

General Enquiries

  • email: No
  • telephone: No
  • mobile phone / SMS text message: No
  • fax: No

Postal Address:

Secret Intelligence Service

PO Box 1300,

London SE1 1BD

United Kingdom

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.







Financial Donation methods

Not Applicable - UK taxpayer funded

Currently accepting submissions of whistleblower leaks ?


Explicit promises about Anonymity, Privacy or Security


If you choose to submit information using our online form and provide us your name and e-mail or postal address, we will not give this infomation to any private organisation, commercial or otherwise.

Restrictive legal Terms & Conditions


If you choose to offer information or assistance to SIS by using our online form, we will make appropriate inquiries to determine the accuracy of your information. In addition, we may share the information you provide with other appropriate authorities to enable SIS to carry out its legally authorised responsibilites.

By providing information or assistance to SIS through our online form, you expressly consent to our use of whatever information you provide via our website.

Practical Advice on preserving Whistleblower Anonymity


Leak Submission Encryption

Digital Certificate fingerprints published on their website:


Since this website is one of those for which fake Digital Certificates were produced by an allegedly Iranian hacker or the Iranian government (see DigiNotar Damage Disclosure), here are the current Digital Certificate cryptographic hash fingerprints:

Subject:, OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign, OU=Terms of use at (c)05, OU=Secret Intelligence Service, O=Secret Intelligence Service, L=London, ST=London, C=GB

Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial Number: 4AB0 1A3A F479 3821 3491 2B98 A2FD E6BC

Valid Until: 12-Jan-2014 23:59:59 GMT

SHA-1: 76:33:99:02:28:BE:2B:3C:36:82:86:82:82:23:BA:B7:E6:CB:0D:B3

MD5: 14:75:50:7F:00:91:8D:CF:C1:27:0B:D5:19:D4:D8:E0

Qualsys SSLLabs SSL Server Test rating:

Overall rating: A [85]

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90

PGP Public Encryption Key


TOR Hidden Service


I2P eepsite



Hushmail Secure Form


Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access


3rd Party or persistent tracking cookies or graphics


CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha


Mixed mode non-SSL graphics or style sheets


Embedded video clips or deep linked graphics etc. from another website e.g. YouTube


Flash file uploader class


This site uses Flash replacement methods (sIFR) to display headers

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?


You have about 1500 characters in the main text field

Thank you for contacting us.

In line with standard security pracitices consider clearing your browser history and cache at the end of the session.

You can now close this window.

Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?


Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.


The web form does allow you to enter email or phone or other contact details

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which emulators should take note of:

Domain Name Registrar

QinetiQ TIM

United Kingdom

Multiple Internet Service Providers, in different legal jurisdictions ?


QinetiQ Ltd, United Kingdom

(privatised former UK Defence research laboratories)

Domain Name Server(s) & jurisdiction(s)

United Kingdom jurisdiction

Alternate Domain Name aliases [] []

Both of these URLs end up at the https:// only SSl / TLS session encrypted version of the website.

Actual Physical Mirrors of the website:


Content available via BitTorrent etc P2P etc.


Personal tools