GCHQ Used Fake Slashdot Page To Install Malware To Hack Internet Exchange
from the is-nothing-sacred? dept
Back in September, it was reported that the UK’s equivalent of the NSA, GCHQ, had gleefully hacked Belgacom, the Belgian telco, using a “quantum insert” to plant malware on the computers of key engineers at the company. At the time, it was described as follows:
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a “Quantum Insert” (“QI”). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had “good access” to important parts of Belgacom’s infrastructure, and this seemed to please the British spies, according to the slides.
Over the weekend it appears that Der Spiegel published a further report by Laura Poitras on this hacking, which revealed that the spoofed websites used to install this malware were none other than Slashdot and Linkedin. Interesting choices.
Update: Nicholas Weaver explains what happened in much more detail. It’s not a fake page, but a packet injection attack.