UK politicians should use ‘disappearing messages’ on devices, says GCHQ

British politicians have been urged to turn on the “disappearing messages” function to automatically delete their WhatsApp exchanges, in new guidance from UK spies to protect against hacking attempts.

The National Cyber Security Centre, a branch of the signals intelligence agency GCHQ, published fresh advice on Monday for “high-risk individuals” whose work or public status means they can access or influence sensitive information that could be of interest to foreign states.

It came after Oliver Dowden, deputy prime minister, publicly blamed China for two malicious cyber campaigns targeting the Electoral Commission and UK parliamentarians.

An unnamed China state-affiliated entity was accused of breaching the election watchdog’s systems to access the data of 40mn Britons, while China state-linked group APT31 was blamed for hacking attempts against UK MPs and peers.

The Chinese embassy in London dismissed the claims as “completely fabricated and malicious slanders”, hitting out at a “self-staged, anti-China political farce” by the UK government.

In its new guidance for high-risk figures, the NCSC recommended the use of “disappearing messages” functions on apps such as WhatsApp, Messenger and Signal when messaging for personal use on a personal device. The functions automatically delete correspondence after a set period.

Acknowledging that messaging apps had become “an important part of how we communicate in everyday life”, the guidance said “special attention” was required when connecting with people professionally.

High-risk individuals should “avoid accepting message requests from unknown accounts — consider calling first to verify who they are”, it added.

In addition the NCSC urged the use of strong and complex passwords such as a sequence of three random words, warning that using names, places or a run of numbers in a password tended to make them easier to crack.

However, the agency said that because such passwords could be difficult to remember, “it’s fine to write them down . . . separate from your devices” or to use a password manager instead.

A unique password should be used for every different account, the agency recommended.

The NCSC said high-risk individuals included elected representatives, candidates, activists and staffers within the political realm, plus figures in academia, journalism and the legal sector.

Its new guidance warned attackers could seek to breach computer, phone or tablet devices to “steal sensitive or personal information, carry out monitoring, or even impersonate you”.

Earlier on Monday, leading China hawk and former Tory leader Sir Iain Duncan Smith told a Westminster press conference he had been impersonated by a “wolf warrior” who had created a false email address to contact legislators overseas pretending to be him.

In the messages, the impersonator purporting to be Duncan Smith claimed he had recanted his criticisms of Beijing and had “lied” about China.

Installing updates, replacing old devices, ensuring the ability to erase data from devices and protecting physical access to devices were among the other recommendations made by the NCSC.