UK Secret Intelligence Service MI6

From LeakDirectory

Jump to: navigation, search

Contents

General Notes

The Secret Intelligence Service (SIS), often known as MI6, collects Britain's foreign intelligence. The Service is based at Vauxhall Cross in London. Its Chief is Sir John Sawers. SIS provides Her Majesty's Government with a global covert capability to promote and defend the national security and economic well-being of the United Kingdom.


This website is one of those for which fake Digital Certificates were produced by an allegedly Iranian hacker or the Iranian government see DigiNotar Damage Disclosure

Contact Details

website: https://www.sis.gov.uk/contact-us.html

Encrypted Contact Form: https://www.sis.gov.uk/form/

Press Enquiries

No

(favoured journalists get secret anonymous briefings)

Enquiries from the media are conducted through a dedicated FCO press officer in FCO Press Office. Because of the secret nature of our work, it's been the policy of SIS and successive Governments not to comment on operations, staff, agents, or relations with foreign intelligence services. SIS does not have a Press Office.

General Enquiries

  • email: No
  • telephone: No
  • mobile phone / SMS text message: No
  • fax: No

Postal Address:

Secret Intelligence Service

PO Box 1300,

London SE1 1BD

United Kingdom

Social Media / Networks

Mainstream media print and broadcast journalists and politicians etc. i.e. influential people at which whistleblower leaks are targeted, are busy people, but can sometimes be enticed to read about whistleblower issues through Twitter or FaceBook or Blog RSS feeds etc.

Twitter

No

FaceBook

No

Blog

No

Financial Donation methods

Not Applicable - UK taxpayer funded

Currently accepting submissions of whistleblower leaks ?

Yes

Explicit promises about Anonymity, Privacy or Security

Yes

If you choose to submit information using our online form and provide us your name and e-mail or postal address, we will not give this infomation to any private organisation, commercial or otherwise.


Restrictive legal Terms & Conditions

No

If you choose to offer information or assistance to SIS by using our online form, we will make appropriate inquiries to determine the accuracy of your information. In addition, we may share the information you provide with other appropriate authorities to enable SIS to carry out its legally authorised responsibilites.

By providing information or assistance to SIS through our online form, you expressly consent to our use of whatever information you provide via our website.

Practical Advice on preserving Whistleblower Anonymity

No

Leak Submission Encryption

Digital Certificate fingerprints published on their website:

No

Since this website is one of those for which fake Digital Certificates were produced by an allegedly Iranian hacker or the Iranian government (see DigiNotar Damage Disclosure), here are the current Digital Certificate cryptographic hash fingerprints:

Subject: CN=www.sis.gov.uk, OU="Member, VeriSign Trust Network", OU=Authenticated by VeriSign, OU=Terms of use at www.verisign.co.uk/rpa (c)05, OU=Secret Intelligence Service, O=Secret Intelligence Service, L=London, ST=London, C=GB

Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial Number: 4AB0 1A3A F479 3821 3491 2B98 A2FD E6BC

Valid Until: 12-Jan-2014 23:59:59 GMT

SHA-1: 76:33:99:02:28:BE:2B:3C:36:82:86:82:82:23:BA:B7:E6:CB:0D:B3

MD5: 14:75:50:7F:00:91:8D:CF:C1:27:0B:D5:19:D4:D8:E0

Qualsys SSLLabs SSL Server Test rating:

https://www.ssllabs.com/ssldb/analyze.html?d=www.sis.gov.uk

Overall rating: A [85]

Certificate: 100

Protocol Support: 85

Key Exchange 80

Cipher Strength: 90

PGP Public Encryption Key

No

TOR Hidden Service

No

I2P eepsite

No

PrivacyBox.de

No

Hushmail Secure Form

No

Leak Submission Anonymity

Some of these techniques are appropriate for a normal website like this wiki, but not for whistleblower or tipoff websites, where potential whistleblower source anonymity protection should be paramount:

TOR users blocked from access

No

3rd Party or persistent tracking cookies or graphics

No

CAPTCHA graphics generated from another website e.g. GoogleRe-Captcha

No

Mixed mode non-SSL graphics or style sheets

No

Embedded video clips or deep linked graphics etc. from another website e.g. YouTube

No

Flash file uploader class

No

This site uses Flash replacement methods (sIFR) to display headers

https://secure.wikimedia.org/wikipedia/en/wiki/Scalable_Inman_Flash_Replacement

Communications / Acknowledgement back to the whistleblower via the website

Acknowledgement of receipt of information

e.g. file upload success indicator - has the leak message or upload actually been received successfully ?

No

You have about 1500 characters in the main text field

Thank you for contacting us.

In line with standard security pracitices consider clearing your browser history and cache at the end of the session.

You can now close this window.


Leak analysis work flow status reporting

e.g. Has anyone actually looked at what the whistleblower has submitted ?

No

Private message box

e.g for 2 way communications back to the anonymous whistleblower, asking for clarification, offering advice etc.

No

The web form does allow you to enter email or phone or other contact details

Domain Name Resilience

The threats of legal court proceedings against Domain Name Registrars and Domain Name Service providers are lessons which WikiLeaks.org emulators should take note of:

Domain Name Registrar

QinetiQ TIM

United Kingdom

Multiple Internet Service Providers, in different legal jurisdictions ?

No

QinetiQ Ltd, United Kingdom

http://qinetiq.com

(privatised former UK Defence research laboratories)

Domain Name Server(s) & jurisdiction(s)

ns0.qinetiq-tim.net ns1.qinetiq-tim.net ns2.qinetiq-tim.net ns3.qinetiq-tim.net

United Kingdom jurisdiction

Alternate Domain Name aliases

http://www.sis.gov.uk [194.61.183.122]

http://www.mi6.gov.uk [194.61.183.121]

Both of these URLs end up at the https:// only SSl / TLS session encrypted version of the website.


Actual Physical Mirrors of the website:

No

Content available via BitTorrent etc P2P etc.

No

Personal tools