Earlier this week, Belgacom – Belgium’s largest telecommunications company – revealed that it had been hacked, and that an “unknown virus” had been found on its computer systems.
Now the mystery of who was responsible for the hack appears to have been revealed. And it wasn’t traditional cybercriminals. It was the UK’s intelligence service, GCHQ.
The revelations are made by Der Spiegel which has received top secret slides from GCHQ’s Network Analysis Centre (NAC), via whistleblower Edward Snowden related to an attack dubbed “Operation Socialist”.
In all likelihood, the Belgacom staff who were targeted didn’t realise that the “Quantum Insert” spyware was being silent planted onto their computers, after they visited boobytrapped websites. Once in place, the malware could secretly spy upon their activities, stealing passwords and other documents and installing further code at the behest of its remote operators.
The slides indicate that the British authorities were pleased with the “good access” their infiltration had achieved.
The leaked slides refer to CNE (Computer Network Exploitation), and appear to detail a successful attempt to compromise Belgacom’s infrastructure for the purposes of MITM (man-in-the-middle) attacks on smartphone users.
Whoever put the slides together has added some natty clipart to denote the success of the operation:
It appears, as I described earlier this week, that the goal of the intrusion was to snoop on BICS (Belgacom International Carrier Services), which provides wholesale carrier services around the world to wired and wireless operators, carrying communications for the likes of Syria and Yemen.
Belgium and the United Kingdom are, of course, close European partners. We’re not likely to see obvious sabre-rattling over evidence of spying like this – although it’s hard to imagine that the diplomats won’t be hard at work behind closed doors trying to soften tempers.