[stordoff]

Monitor their communications so you know exactly what software they are using, then drop a 0-day on the forged site (I find it very unlikely that GCHQ don't stockpile Firefox/Chrome escapes and Windows/Linux priv. escalations etc.). There's little an individual can do against such a targeted attack without completely airgapping the machine which A) probably isn't viable for a network/software engineer and B) GCHQ are probably determined enough to gain physical access if they deem it necessary.