GCHQ & MI5 Scandals — The Unseen War

1. Hasaan Arshad — The Curious Case of the DEI GCHQ Intern

Insider Breach — Manchester / Rochdale

The Cheltenham Walkout

University of Manchester · Industry Year placement · Old Bailey trial 2025

Hasaan Arshad, 25, of Rochdale in Greater Manchester, was a computer science student and another failed DEI hire at the University of Manchester. He had previously completed a GCHQ placement in 2019 and returned for a second Industry Year placement between 6 September 2021 and 26 August 2022, joining a technical development team working on highly sensitive material held on GCHQ's Top Secret network.

On 24 August 2022, in the final days of his placement, Arshad brought his work-issued mobile phone into GCHQ's Cheltenham facility, plugged it into his development workstation, copied top-secret files onto the phone, and walked out of the building with the device. He then transferred the data to a personal computer at home. He is a son of a labour councillor, but these policies show the intelligence agencies prefer non-native or muslim representatives even at the cost of NATIONAL SECURITY

Police raided his home on 22 September 2022. During the search, officers recovered the stolen GCHQ material — and also discovered indecent images of children on his devices.

Age

Location

Rochdale

Sentence

7y 6m

Colleagues at risk

Arshad pleaded guilty at the Old Bailey on 31 March 2025 to one count of "doing an unauthorised act in relation to a computer, creating a significant risk of serious damage to national security" — a charge under the Computer Misuse Act and Section 3ZA. On 13 June 2025, Mrs Justice McGowan sentenced him to seven years and six months imprisonment. He received two additional 18-month sentences for the indecent images offences.

The breach risked exposing the identities of 17 GCHQ colleagues whose details were embedded in the technical files. Arshad's stated explanation to investigators: he took the material "out of curiosity."

Why it matters

A trusted intern bypassed GCHQ's entire physical-removable-media regime by simply plugging a phone into a Top Secret workstation. The case raised serious questions about insider controls, USB/MTP device policy enforcement, and the vetting of placement students with access to compartmented networks.

2. The Second GCHQ Intern — April 2025 Guilty Plea

Separate Insider Case

Smuggled Software Out of a Protected Facility

Crown Court · April 2025

A separate British intern — distinct from Arshad — pleaded guilty in early April 2025 to smuggling software out of GCHQ. The former staffer admitted a national-security offence after taking data home, again citing personal curiosity rather than espionage intent. Two insider breaches surfacing in court within months of each other prompted internal review of GCHQ's "Industry Year" programme.

3. Bulk Data — IPT Rules Mass Retention Was Unlawful

Mass Surveillance

GCHQ, MI5 and MI6 Found in Breach of Article 8 ECHR

Investigatory Powers Tribunal · 2018 – 2019

Following litigation by Privacy International, the Investigatory Powers Tribunal ruled that all three UK intelligence services had been unlawfully collecting and retaining "Bulk Personal Datasets" and "Bulk Communications Data" — files containing information on millions of innocent citizens — from the programmes' inception until they were publicly avowed in 2015.

The IPT found that this conduct violated Article 8 of the European Convention on Human Rights (right to private and family life) for more than a decade. MI5 was separately criticised for unlawfully retaining innocent people's data even after lawful purposes had expired.

Datasets included travel records, financial records, communications metadata, and personal data swept up incidentally
The agencies admitted in court that they had been spying on Privacy International itself
No senior officer faced personal sanction

4. Katharine Gun — The Whistleblower GCHQ Tried to Prosecute

Whistleblower

Bugging the UN to Help Sell the Iraq War

GCHQ Cheltenham · 2003 – 2004

Katharine Gun, a young Mandarin translator at GCHQ, leaked a secret NSA memo requesting GCHQ's help bugging the offices and homes of UN Security Council delegates from six wavering nations — the goal being to pressure them into voting for the Iraq invasion.

She was charged under the Official Secrets Act 1989, but on the eve of her Old Bailey trial in February 2004 the prosecution dramatically offered no evidence and dropped the case — widely believed to be because disclosure of the Attorney General's full Iraq legal advice would have been required at trial.

5. Manchester Arena — MI5's Public Apology

Intelligence Failure

22 Dead — Prior Warnings Not Actioned

22 May 2017 / Inquiry findings 2023

The 2017 suicide bombing at the Ariana Grande concert at Manchester Arena killed 22 people. The Manchester Arena Inquiry found that MI5 received intelligence in the months before the attack that, had it been correctly assessed, would have likely led to investigation of bomber Salman Abedi as a possible terror plotter. MI5's Director General Ken McCallum issued an extraordinary public apology — the first of its kind from a serving DG.

6. "Spy Cops" & Criminal Conduct Authorisations

Authorised Crime

MI5 Agents Allowed to Break the Law

Court action 2018 / CHIS Act 2021

Human-rights litigation in 2018 forced the UK government to acknowledge a long-standing secret policy authorising MI5 agents and informants to commit criminal acts in the course of their work. The full scope was redacted from the public.

The Covert Human Intelligence Sources (Criminal Conduct) Act 2021 — the CHIS Act — later codified this into statute, granting MI5, police, NCA, HMRC and even the Food Standards Agency power to issue "criminal conduct authorisations" that pre-emptively immunise informants from prosecution for crimes committed in their handler's interest. The Act contains no explicit prohibition on murder, torture or sexual offences — limits are read in only via the Human Rights Act.

7. Undercover Police (the Wider "Spy Cops" Scandal)

SDS / NPOIU

Sexual Relationships, Stolen Identities of Dead Children

Undercover Policing Inquiry (Mitting) — ongoing since 2015

The Special Demonstration Squad and National Public Order Intelligence Unit — though Metropolitan Police rather than MI5 — operated in close coordination with the Security Service. Officers infiltrated environmental, anti-racist and women's-rights groups for decades, formed long-term sexual relationships with activists under false identities, fathered children with targets, and used the names of deceased children as cover identities. The ongoing Mitting Inquiry has documented over 1,000 spied-on groups.

8. The Special Advocate Search — Privileged Material Seized

Legal Privilege

MI5, MI6 and GCHQ Jointly Raided a Lawyer

A joint operation by all three agencies seized files from a Special Advocate working on a Guantanamo-related closed material case. The seizure swept up legally privileged working documents from an unrelated detainee case. The High Court was later asked to consider the lawfulness of the operation.

9. Ex-MI5 Officer "Sectioned Indefinitely" (2026)

Recent / 2026

Mental-Health Detention After Alleged Foreign Leak

April 2026 — reported by The Canary

A former MI5 employee was reportedly placed under indefinite section under the Mental Health Act after allegedly leaking secrets to a foreign power. Civil-liberties commentators raised concerns about the use of psychiatric detention as an alternative to public criminal proceedings against intelligence insiders — a pattern with echoes of Soviet-era "psikhushka" treatment of dissidents.

10. MI6 Chief's Hacked Emails — Betrayed China Operations

Cyber Compromise

Internal Attacks on MI5 Surfaced With Operational Detail

Hacked email correspondence belonging to a former MI6 chief became public, exposing internal MI6 criticism of MI5 — and, more seriously, references to British spy operations inside China. The leak compounded an already brittle UK position following the 2010–2012 Chinese rollup of CIA assets and the OPM breach.

Pattern: Insider Risk + Bulk Surveillance + Authorised Crime

Read together, the cases above describe a Security Service / GCHQ environment in which:

Insiders — from interns to handling officers — have repeatedly defeated technical controls (Arshad, the April 2025 second-intern case, the MI6 email compromise)
Bulk collection swept innocents into the net for over a decade unlawfully, and the only consequence was a tribunal ruling
Criminal conduct by informants is now legislated as routine rather than exceptional
Public apology from MI5 happens only when 22 people die at a concert and inquiry findings make denial impossible
Mental-health detention may now be appearing as an alternative disposal for insiders

A regime of bulk powers is only as accountable as its weakest oversight link. When the agency-of-record loses top-secret material to an intern with a USB cable, the case for trusting that same agency with the data of millions of innocent citizens becomes substantially harder to argue.

Primary Sources & Further Reading

Crown Prosecution Service — Former GCHQ intern jailed for taking top secret files home
The Register — GCHQ intern jailed for stealing top-secret files
ITV News Granada — Trial of GCHQ employee accused of taking top secret data home
Barrhead News — Intern jailed over data breach which risked exposing 17 colleagues
The Register — Student pleads guilty to smuggling software out of GCHQ
PublicTechnology — Former GCHQ staffer admits national security offence
Privacy International — UK intelligence agencies admit unlawful spying
WSWS — GCHQ/MI5 admit illegally spying on millions
The Canary — Ex-MI5 employee 'sectioned indefinitely' after 'leaking secrets'
Computer Weekly — MI6 chief's hacked emails attacked MI5 and betrayed China operations
Matrix Chambers — High Court considers MI6/MI5/GCHQ search operation
Manchester Arena Inquiry — Volume 3 (MI5 / Counter-Terrorism Policing failings), 2023
Covert Human Intelligence Sources (Criminal Conduct) Act 2021 — UK Statute