Over the weekend it came out that GCHQ used a packet injection attack on Slashdot and LinkedIn pages
in order to do a "quantum insert" -- basically a man-in-the-middle attack to install malware on the computers of key employees at Belgian telco Belgacom, which they then used to get much greater access to Belgacom's infrastructure for spying. It would appear that neither LinkedIn, nor the owners of Slashdot, are particularly pleased about this. After requesting more information, GCHQ had a useful response: "no comment."
In an emailed statement to Slashdot, the GCHQ’s Press and Media Affairs Office wrote: “We have no comment to make on this particular story.” It added:
“All GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.”
Right. So we can't comment on this, but we assure you that it's very much legal that we effectively ran a man-in-the-middle attack on your site, guaranteeing that people are less willing to go to your sites any more. Meh. Collateral damage for the very important work of spying on everyone