Latest Snowden Leaks Show GCHQ Gleefully Hacking Belgian Telco

from the this-pleases-the-spies dept

Another day, another report on a leaked Snowden document, this time showing how the UK's GCHQ, using technology from the NSA, gleefully hacked into Belgian telco giant Belgacom's system.
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides.

The documents also suggest that GCHQ continued to probe the areas of infrastructure to which the targeted employees had access. The undated presentation states that they were on the verge of accessing the Belgians' central roaming router. The router is used to process international traffic. According to the presentation, the British wanted to use this access for complex attacks ("Man in the Middle" attacks) on smartphone users. The head of GCHQ's Network Analysis Centre (NAC) described Operation Socialist in the presentation as a "success."
Once again, despite various denials, it appears that the NSA/GCHQ have been hacking into companies, rather than directly targeting individuals or terrorist organizations. This leads to questions about the possibility of economic espionage, but also about using these hacked systems for further attacks. As the report notes, this could be especially concerning, given that Belgacom serves the EU Parliament, the EU Council and the EU Commission -- all of whom have been named as "targets" of the NSA (and, by extension, GCHQ, even as the UK is a member of the EU).

As I've said in the past, I'm a lot less disturbed by intelligence gathering on foreign politicians -- that's just standard every day expected espionage activity. However, hacking into companies to do that espionage begins to cross some very questionable lines that could lead to massive economic harm, as well as the ability to mask the surveillance by government agencies as somehow being the fault of those companies.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    That One Guy (profile), Sep 20th, 2013 @ 5:00pm

    Suddenly the HD destruction orders make a lot more sense

    If they even thought that such damning evidence might have been on the drives, the ones up top had to have been in full panic mode, and were desperate to make sure such information never saw the light of day.

    Unfortunately for them(and fortunately for everyone else), such actions were so utterly futile, cannot wait to see how they try and defend this one.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Sep 20th, 2013 @ 7:26pm

    Beginning to see this as routine, eh?

    "Another day, another report on a leaked Snowden" -- Yeah, ho hum.

    We're all coming to accept it as normal, as I conjectured from the start: the open fascism of mega-corporations spying for NSA had to come out sometime, so just dump it -- with a "hero" to focus on, David vs Goliath, nothing really new, a distracting "chase", putting focus on the gov't as the bad guys but individuals are actually trying to do their best to balance spying vs privacy according to what's-her-Hoelzer, and anyway, the gov't is too big and remote so anger diffuses; then the story is helped by the co-conspirator mega-corps pretending to file suit -- but only to be allowed to put out some uncheckable numbers... Nothing yet has happened out of my expectations: the criminals are still walking free.

    And Mike, you really don't help the cause of freedom by yet again focusing on how this may affect corporations and worrying about their bottom lines! Try to show some concern for "natural" persons, who are spied on by both gov't and corporations.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 21st, 2013 @ 8:31am

      Transparent troll

      I hate that people flag your comments btw. People should see you for what you are.

      You are a troll (attempting to get people to hate the message cause you said it)

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Sep 23rd, 2013 @ 8:57am

        Re: Transparent troll

        Just proof that ootb is a planted, astroturfing sock puppet. He'll take whatever position TechDirt has, twist it into the most ridiculous tinfoil hat conspiracy theory, add a dash of Google, then mock the article author for not going "far enough". The intent is obvious: to try to lower the credibility by either 1) trying to paint the author as having the opposite opinion for not being "hardcore enough", 2) "agreeing" with the author, but being as obnoxious as possible to both the author and the rest of the readers.

        Unless copyright is involved. Then out_of_the_blue's true persona emerges: a pro-corporatist pro-artist-enslavenment shill.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 21st, 2013 @ 3:47pm

      Re: Beginning to see this as routine, eh?

      OOTB I know you don't read the articles but to clarify this article was about UK intelligence hacking a corporation to gain access to phone records and commit MITM attacks. Note that Belgacom, a corporation, (you seem to either love or hate corporations, maybe depending where the moon is in the sky), were not complacent in any spying.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 7:42pm

    We see again just how deep corruption goes in the revolving doors of government capture.

    While the info is I am sure of use to the NSA/GCHQ, you can bet that somewhere in this line of data gathering is some one looking to make a nice and tidy rest bed with some corporate HQ and willing to feed that data to get it.

    Given that the NSA can't seem to tell who looks at what, nor who accesses what, who the frig would know? If it turns out the average spy without network administrator privileges can't then the money/promise of position can just as easily be given to the administrator. Obviously the NSA can't tell but we haven't heard a lot about the GCHQ. Are they as badly managed?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 7:58pm

    Proof that these unconstitutional spying programs have little to do with catching terrorists. They're mostly about industrial espionage, political blackmail, and suppression of ordinary citizen's freedoms and rights.

    The whole "terrorist" thing, is just a cover story, to distract attention away from the true purpose of these sinister spy programs.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Sep 20th, 2013 @ 8:00pm

    out_of_the_blue just hates it when due process is enforced.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous, Sep 20th, 2013 @ 8:03pm

    Gleefully?

    I should have known Sue Sylvester was behind this.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    dmeans (profile), Sep 20th, 2013 @ 9:05pm

    Say what?

    Quantum Insert? Really? I guess 'spear phishing' is just too plain Jane for those folks.

    Step 1) send official looking email to victim
    Step 2) redirect victim to official looking website
    Step 3) own clueless victim with drive-by or zero-day exploit.
    Step 4) Beers.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Anon E. Mous (profile), Sep 20th, 2013 @ 9:12pm

    Wow!!! I am surprised that the NSA and Obama didn't put out a press release stating: "Look what we didn't do"
    "See how forthright we are with the people, now you can trust us!"

    Of course no one would believe it anyway since the government and the NSA can't seem to be honest about anything that is going on.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Anonymous Coward, Sep 20th, 2013 @ 9:28pm

    Which da What?

    All of these surreptitious attacks, thought up or found out, by the 'good guys'.

    What about all the surreptitious attacks that are found out by the 'foes' that the 'good guys' haven't found out about?

    The 'good guys' go hunting for 'terrorists' but, without their knowledge, get owned by the 'foes'. Who can say it didn't happen? They sure can't.

    This is a circular game, and the 'circle' between liberty and security is becoming more of a semi-circular elongation of a weirdly un-concentric parabola. If this describes a really weird shape, then I got it right.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    clon3 (profile), Sep 20th, 2013 @ 9:30pm

    Total Information Awareness

    Back in 2002 the NSA was using the TIA program (Total Information Awareness) the title says it all. Now a few years later the PRISM program is here. It seems that these guys have no moral, nor respect for privacy or rights of ordinary people. The TIA program got a lot of criticism back then, and the IAO (Information Awareness Office) was defunded in 2003 by the Congress. Apparantly it seems that these people will stop at nothing to collect information.

    The Stasi archives seems like a bedtime story compared to these NSA revelations. Now is this how you build a democracy ?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 2:31am

    the part i am waiting to see is how the UK defends it's actions against another member of the EU? this is disgraceful conduct and needs to be taken to the EU court. how can the UK do something like this? it's spying on friends for the benefit of enemies really. it has done this, i bet, at the request of the USA. i said before, the UK is so scared of offending the USA it risks undoing it's friendship and membership by offending other members of the EU. what i dont understand is why the UK would crap on it's own doorstep? it doesn't make sense. 90% of companies operating in the Uk are owned by companies in the EU. most of the services come from or through countries that are in or next to countries in the EU. if there were a war, the UK would be dead within 3 days. they dont have any storage capacity for gas or electricity. they produce next to nothing food wise anymore. they then go and do something like this that is surely going to offend the near neighbours across the channel, just 20 or 30 miles away in favour of helping a country that is thousands of miles away that couldn't help us even if it wanted to. i think the USA would turn round and say, 'you made your choice, live with it' and leave us to whatever fate was dished out. the 'Special Relationship' between the USA and the UK wouldn't mean squat then. Cameron's saying of 'all in it together' would take on a whole new meaning, not that it would worry him, sitting on a beach somewhere without a care in the world, while 'his' country got raped!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 3:42am

    As the first born son of a Belgian immigrant all I can say fuck the NSA

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Claire Rand, Sep 21st, 2013 @ 4:48am

    Phorm

    All of this makes the utter inaction against Phorm and its insidious brand of spyware all the more transparent. Appears the powers that be simply could not allow that court action to go ahead as the breaking of the law by Phorm was so blatant it was bound to establish a precedent that what what was taking place was illegal.

    Given what we know now that precedent would have made it a lot harder to claim what GCHQ was up to was "within the law", guessing some of the 'anti phorm' stuff being developed before it more or less collapsed as the telcos walked away would have alos highlighted some of this sort of stuff

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 6:33am

    Belgium foreign office also

    Also the foreign ministry was hacked.

    http://www.deredactie.be/cm/vrtnieuws.english/News/130919_hacking

    I suspect NSA has enough info/leverage on Belgium politicians to make the Belgium democracy as much a sham as the EU and UK ones. We vote in a guy, but they all do the NSA agenda whether Labour or Conservative.

    USSR mk 2, with UK as East German Stasi nation, and NSA as KGB.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 7:33am

    I am not making any excuses for what appears to have been done here, but do believe it worthwhile to think about the requirements imposed upon agencies that must engage in covert activities, and just how are they to execute such requirements when important information traverses through public and private channels.

    Frankly, I am less concerned about what systems they are able to surveil, and more concerned that they perform such surveillance under a system that is regularly and strictly audited to reduce the possibility of misuse (with draconian penalties being the rule for those who misuse positions of trust).

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 21st, 2013 @ 8:23am

      Re:

      "worthwhile to think about the requirements imposed upon agencies ...just how are they to execute such requirements when important information traverses through public and private channels."

      Apparently staying within the law isn't one of the requirements? I'm sure it is. There's no immunity granted to GCHQ and no authorization from Parliament to break other countries laws let alone the UKs.

      " a system that is regularly and strictly audited"

      If you couldn't stick within the law, will you stick within the audit and it's lesser penalties? No of course not, you want the lesser penalties.

      GCHQ's currently claim to spy on Brits is that Foreign Secretary William Hague can authorize targetted warrants of Brits for foreign countries, and [magic thinking] targetted can mean 'every Brit', since 'every' is a target... right?

      So he can authorize blanket surveillance of every Brits on behalf of the USA's NSA. And if anyone complains he pretends its all about terrorists, even the commercial and political spying.

      Did NSA do him any favors in his political career? Because HE AUTHORIZED SPYING ON BRITS FOR THE NSA IN VIOLATION OF UK LAW! FFS! It doesn't become more a clear cut case of a traitor to his country than that.

      Did none of you in GCHQ stop and think of all the anti-UK abuses the NSA could use that data for? Did none of you stop and think you were actually trying to get a grip on Belgium's telecoms to get a grip on the EU politicians comms traffic?

      Are you all f*ing morons in Stasi land?

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Sep 21st, 2013 @ 1:16pm

      Re:

      I don't know about the GCHQ, but when it comes to the NSA it is very clear that there is no effective oversight at all, and their auditing procedures pretty much boil down to "trust us because we're the good guys".

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 7:39am

    yikes

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    New Mexico Mark, Sep 21st, 2013 @ 10:24am

    It's like...

    The USA (via the NSA) appears to have been applying the principles from the book written by Dale Carnegie's lesser known evil twin titled, "How to Win Enemies and Influence Nobody".

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 21st, 2013 @ 11:10am

    Waiting for Belgium to expel British diplomats and sever relations with the U.K.

    Waiting. For. It.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Kevin Morley, Sep 21st, 2013 @ 12:35pm

      Waiting. For. It.

      Has an Englishman I too am waiting and hoping for the same result. If you care to check the voting for EU membership I bet there were more Welsh, Scottish & Northern Irish voters for than the total English vote (for & against) England and the English don't need, we tolerate.

      The only people you would upset are your own "EU", the Scots, Welsh, and N Irish

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Sep 23rd, 2013 @ 5:27am

    I don't think anybody should be fooled by the promises of surveillance to tackle terrorism. It's quite clear that there are other motives. The question is what are those motives.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Pragmatic, Sep 23rd, 2013 @ 5:51am

      Re:

      Profit.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Ed the Engineer, Sep 23rd, 2013 @ 7:06am

      Re:

      Ninja Writes:

      "I don't think anybody should be fooled by the promises of surveillance to tackle terrorism. "

      I would change that to: I don't think any rational person should be fooled......

      There are far to many mindless people. To many:
      "I don't want to think about that.."
      "The government is much smarter than us, so they know best"
      "What happened last night on Dancing with the Stars."
      "What have you got to hide?"
      Etc, Etc, Etc.

      Rationalization is far easier than rational thought.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    IceColdNed, Sep 23rd, 2013 @ 8:09am

    Actually Doing their job?

    As far as this instance goes, I don't have a problem with the UK spying on the EU. The IMF and EU are about as transparent as the NSA, and I don't see why anyone should really be up in arms about this. There's a lot of power centered in Belgium that really isn't overlooked by anyone, so if the NSA and GCHQ are spying on them, then this is the one instance where they're actually doing something useful.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This