The Hacker News Logo
Subscribe to Newsletter

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

Quantum Insert  NSA And GCHQ intercepted LinkedIn and Slashdot traffic to plant malware
Edward Snowden, a former contractor at America's National Security Agency (NSA), has rocked the intelligence world by leaking secret documents which reveal the previously unknown extent of global spying. But looks like the NSA isn't the only one using dirty digital tricks to hack its targets.

Back in September, it was reported that the UK's equivalent of the NSA, GCHQ had hacked Belgacom, a leading telecommunications provider in Belgium.

Some New analysis of the Snowden papers by German magazine Der Spiegel shows that British intelligence agency GCHQ created fake LinkedIn and Slashdot pages to spy on computers of Belgacom network engineers.

Communications networks are particularly valuable to spies, because they allow instant access to individual users. Belgacom provides internet access to dozens of key EU institutions based in its capital city Brussels and its global roaming exchange is a hub for connections between various international mobile networks.

GCHQ reportedly used a method called “quantum insert”, to redirect employees of Belgacom, Belgium’s largest telecommunications company, to fake websites that contained malware.
Quantum Insert  NSA And GCHQ intercepted LinkedIn and Slashdot traffic to plant malware
According to Der Spiegel, the first step for GCHQ was to identify employees at Belgacom working in its security and maintenance divisions, including finding out which ones use LinkedIn and Slashdot.

Then they redirected the intercepted traffic (using Man in the middle attack) to a spoofed server (codenamed "Fox Acid"), which can respond faster than the real one, is placed somewhere on the Internet backbone.

The documents reveal the extent to which spy agencies are able to use mobile communications to track people down and for surveillance. One document claimed, "We can locate, collect, exploit (in real time where appropriate) high-value mobile devices and services in a fully converged target centric manner."

A LinkedIn spokesman told Der Spiegel, "We were never told about this alleged activity and we would never approve of it, irrespective of what purpose it was used for."

It’s unclear whether the GCHQ has its own version of FoxAcid or whether it just piggybacks on the NSA’s servers as per their unique surveillance cooperation relationship. Slashdot hasn't responded to a request for comment.

I wonder if there is any possibility that LinkedIn and Slashdot can go after the government on legal basis for effectively attacking their servers?

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.