Latest Snowden Leaks Show GCHQ Gleefully Hacking Belgian Telco

from the this-pleases-the-spies dept

Fri, Sep 20th 2013 6:37pm — Mike Masnick

Another day, another report on a leaked Snowden document, this time showing how the UK's GCHQ, using technology from the NSA, gleefully hacked into Belgian telco giant Belgacom's system.

According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides.

The documents also suggest that GCHQ continued to probe the areas of infrastructure to which the targeted employees had access. The undated presentation states that they were on the verge of accessing the Belgians' central roaming router. The router is used to process international traffic. According to the presentation, the British wanted to use this access for complex attacks ("Man in the Middle" attacks) on smartphone users. The head of GCHQ's Network Analysis Centre (NAC) described Operation Socialist in the presentation as a "success."

Once again, despite various denials, it appears that the NSA/GCHQ have been hacking into companies, rather than directly targeting individuals or terrorist organizations. This leads to questions about the possibility of economic espionage, but also about using these hacked systems for further attacks. As the report notes, this could be especially concerning, given that Belgacom serves the EU Parliament, the EU Council and the EU Commission -- all of whom have been named as "targets" of the NSA (and, by extension, GCHQ, even as the UK is a member of the EU).

As I've said in the past, I'm a lot less disturbed by intelligence gathering on foreign politicians -- that's just standard every day expected espionage activity. However, hacking into companies to do that espionage begins to cross some very questionable lines that could lead to massive economic harm, as well as the ability to mask the surveillance by government agencies as somehow being the fault of those companies.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: economic espionage, europe, gchq, hacking, nsa, surveillance
Companies: belgacom

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 20 Sep 2013 @ 5:00pm

Suddenly the HD destruction orders make a lot more sense
If they even thought that such damning evidence might have been on the drives, the ones up top had to have been in full panic mode, and were desperate to make sure such information never saw the light of day.

Unfortunately for them(and fortunately for everyone else), such actions were so utterly futile, cannot wait to see how they try and defend this one.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 20 Sep 2013 @ 7:26pm

Beginning to see this as routine, eh?
"Another day, another report on a leaked Snowden" -- Yeah, ho hum.

We're all coming to accept it as normal, as I conjectured from the start: the open fascism of mega-corporations spying for NSA had to come out sometime, so just dump it -- with a "hero" to focus on, David vs Goliath, nothing really new, a distracting "chase", putting focus on the gov't as the bad guys but individuals are actually trying to do their best to balance spying vs privacy according to what's-her-Hoelzer, and anyway, the gov't is too big and remote so anger diffuses; then the story is helped by the co-conspirator mega-corps pretending to file suit -- but only to be allowed to put out some uncheckable numbers... Nothing yet has happened out of my expectations: the criminals are still walking free.

And Mike, you really don't help the cause of freedom by yet again focusing on how this may affect corporations and worrying about their bottom lines! Try to show some concern for "natural" persons, who are spied on by both gov't and corporations.
[ link to this | view in chronology ]
- Anonymous Coward, 21 Sep 2013 @ 8:31am
  
  Transparent troll
  I hate that people flag your comments btw. People should see you for what you are.
  
  You are a troll (attempting to get people to hate the message cause you said it)
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Sep 2013 @ 8:57am
    
    Re: Transparent troll
    Just proof that ootb is a planted, astroturfing sock puppet. He'll take whatever position TechDirt has, twist it into the most ridiculous tinfoil hat conspiracy theory, add a dash of Google, then mock the article author for not going "far enough". The intent is obvious: to try to lower the credibility by either 1) trying to paint the author as having the opposite opinion for not being "hardcore enough", 2) "agreeing" with the author, but being as obnoxious as possible to both the author and the rest of the readers.
    
    Unless copyright is involved. Then out_of_the_blue's true persona emerges: a pro-corporatist pro-artist-enslavenment shill.
    [ link to this | view in chronology ]
    - The Groove Tiger (profile), 23 Sep 2013 @ 8:58am
      
      Re: Re: Transparent troll
      Blech, got signed off.
      [ link to this | view in chronology ]
- Anonymous Coward, 21 Sep 2013 @ 3:47pm
  
  Re: Beginning to see this as routine, eh?
  OOTB I know you don't read the articles but to clarify this article was about UK intelligence hacking a corporation to gain access to phone records and commit MITM attacks. Note that Belgacom, a corporation, (you seem to either love or hate corporations, maybe depending where the moon is in the sky), were not complacent in any spying.
  [ link to this | view in chronology ]
Anonymous Coward, 20 Sep 2013 @ 7:42pm

We see again just how deep corruption goes in the revolving doors of government capture.

While the info is I am sure of use to the NSA/GCHQ, you can bet that somewhere in this line of data gathering is some one looking to make a nice and tidy rest bed with some corporate HQ and willing to feed that data to get it.

Given that the NSA can't seem to tell who looks at what, nor who accesses what, who the frig would know? If it turns out the average spy without network administrator privileges can't then the money/promise of position can just as easily be given to the administrator. Obviously the NSA can't tell but we haven't heard a lot about the GCHQ. Are they as badly managed?
[ link to this | view in chronology ]
Anonymous Coward, 20 Sep 2013 @ 7:58pm

Proof that these unconstitutional spying programs have little to do with catching terrorists. They're mostly about industrial espionage, political blackmail, and suppression of ordinary citizen's freedoms and rights.

The whole "terrorist" thing, is just a cover story, to distract attention away from the true purpose of these sinister spy programs.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 20 Sep 2013 @ 8:00pm

out_of_the_blue just hates it when due process is enforced.
[ link to this | view in chronology ]
Anonymous, 20 Sep 2013 @ 8:03pm

Gleefully?
I should have known Sue Sylvester was behind this.
[ link to this | view in chronology ]
dmeans (profile), 20 Sep 2013 @ 9:05pm

Say what?
Quantum Insert? Really? I guess 'spear phishing' is just too plain Jane for those folks.

Step 1) send official looking email to victim
Step 2) redirect victim to official looking website
Step 3) own clueless victim with drive-by or zero-day exploit.
Step 4) Beers.
[ link to this | view in chronology ]
Anon E. Mous (profile), 20 Sep 2013 @ 9:12pm

Wow!!! I am surprised that the NSA and Obama didn't put out a press release stating: "Look what we didn't do"
"See how forthright we are with the people, now you can trust us!"

Of course no one would believe it anyway since the government and the NSA can't seem to be honest about anything that is going on.
[ link to this | view in chronology ]
Anonymous Anonymous Coward, 20 Sep 2013 @ 9:28pm

Which da What?
All of these surreptitious attacks, thought up or found out, by the 'good guys'.

What about all the surreptitious attacks that are found out by the 'foes' that the 'good guys' haven't found out about?

The 'good guys' go hunting for 'terrorists' but, without their knowledge, get owned by the 'foes'. Who can say it didn't happen? They sure can't.

This is a circular game, and the 'circle' between liberty and security is becoming more of a semi-circular elongation of a weirdly un-concentric parabola. If this describes a really weird shape, then I got it right.
[ link to this | view in chronology ]
clon3 (profile), 20 Sep 2013 @ 9:30pm

Total Information Awareness
Back in 2002 the NSA was using the TIA program (Total Information Awareness) the title says it all. Now a few years later the PRISM program is here. It seems that these guys have no moral, nor respect for privacy or rights of ordinary people. The TIA program got a lot of criticism back then, and the IAO (Information Awareness Office) was defunded in 2003 by the Congress. Apparantly it seems that these people will stop at nothing to collect information.

The Stasi archives seems like a bedtime story compared to these NSA revelations. Now is this how you build a democracy ?
[ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 2:31am

the part i am waiting to see is how the UK defends it's actions against another member of the EU? this is disgraceful conduct and needs to be taken to the EU court. how can the UK do something like this? it's spying on friends for the benefit of enemies really. it has done this, i bet, at the request of the USA. i said before, the UK is so scared of offending the USA it risks undoing it's friendship and membership by offending other members of the EU. what i dont understand is why the UK would crap on it's own doorstep? it doesn't make sense. 90% of companies operating in the Uk are owned by companies in the EU. most of the services come from or through countries that are in or next to countries in the EU. if there were a war, the UK would be dead within 3 days. they dont have any storage capacity for gas or electricity. they produce next to nothing food wise anymore. they then go and do something like this that is surely going to offend the near neighbours across the channel, just 20 or 30 miles away in favour of helping a country that is thousands of miles away that couldn't help us even if it wanted to. i think the USA would turn round and say, 'you made your choice, live with it' and leave us to whatever fate was dished out. the 'Special Relationship' between the USA and the UK wouldn't mean squat then. Cameron's saying of 'all in it together' would take on a whole new meaning, not that it would worry him, sitting on a beach somewhere without a care in the world, while 'his' country got raped!
[ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 3:42am

As the first born son of a Belgian immigrant all I can say fuck the NSA
[ link to this | view in chronology ]
Claire Rand, 21 Sep 2013 @ 4:48am

Phorm
All of this makes the utter inaction against Phorm and its insidious brand of spyware all the more transparent. Appears the powers that be simply could not allow that court action to go ahead as the breaking of the law by Phorm was so blatant it was bound to establish a precedent that what what was taking place was illegal.

Given what we know now that precedent would have made it a lot harder to claim what GCHQ was up to was "within the law", guessing some of the 'anti phorm' stuff being developed before it more or less collapsed as the telcos walked away would have alos highlighted some of this sort of stuff
[ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 6:33am

Belgium foreign office also
Also the foreign ministry was hacked.

http://www.deredactie.be/cm/vrtnieuws.english/News/130919_hacking

I suspect NSA has enough info/leverage on Belgium politicians to make the Belgium democracy as much a sham as the EU and UK ones. We vote in a guy, but they all do the NSA agenda whether Labour or Conservative.

USSR mk 2, with UK as East German Stasi nation, and NSA as KGB.
[ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 7:33am

I am not making any excuses for what appears to have been done here, but do believe it worthwhile to think about the requirements imposed upon agencies that must engage in covert activities, and just how are they to execute such requirements when important information traverses through public and private channels.

Frankly, I am less concerned about what systems they are able to surveil, and more concerned that they perform such surveillance under a system that is regularly and strictly audited to reduce the possibility of misuse (with draconian penalties being the rule for those who misuse positions of trust).
[ link to this | view in chronology ]
- Anonymous Coward, 21 Sep 2013 @ 8:23am
  
  Re:
  "worthwhile to think about the requirements imposed upon agencies ...just how are they to execute such requirements when important information traverses through public and private channels."
  
  Apparently staying within the law isn't one of the requirements? I'm sure it is. There's no immunity granted to GCHQ and no authorization from Parliament to break other countries laws let alone the UKs.
  
  " a system that is regularly and strictly audited"
  
  If you couldn't stick within the law, will you stick within the audit and it's lesser penalties? No of course not, you want the lesser penalties.
  
  GCHQ's currently claim to spy on Brits is that Foreign Secretary William Hague can authorize targetted warrants of Brits for foreign countries, and [magic thinking] targetted can mean 'every Brit', since 'every' is a target... right?
  
  So he can authorize blanket surveillance of every Brits on behalf of the USA's NSA. And if anyone complains he pretends its all about terrorists, even the commercial and political spying.
  
  Did NSA do him any favors in his political career? Because HE AUTHORIZED SPYING ON BRITS FOR THE NSA IN VIOLATION OF UK LAW! FFS! It doesn't become more a clear cut case of a traitor to his country than that.
  
  Did none of you in GCHQ stop and think of all the anti-UK abuses the NSA could use that data for? Did none of you stop and think you were actually trying to get a grip on Belgium's telecoms to get a grip on the EU politicians comms traffic?
  
  Are you all f*ing morons in Stasi land?
  [ link to this | view in chronology ]
- John Fenderson (profile), 21 Sep 2013 @ 1:16pm
  
  Re:
  I don't know about the GCHQ, but when it comes to the NSA it is very clear that there is no effective oversight at all, and their auditing procedures pretty much boil down to "trust us because we're the good guys".
  [ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 7:39am

yikes
[ link to this | view in chronology ]
New Mexico Mark, 21 Sep 2013 @ 10:24am

It's like...
The USA (via the NSA) appears to have been applying the principles from the book written by Dale Carnegie's lesser known evil twin titled, "How to Win Enemies and Influence Nobody".
[ link to this | view in chronology ]
Anonymous Coward, 21 Sep 2013 @ 11:10am

Waiting for Belgium to expel British diplomats and sever relations with the U.K.

Waiting. For. It.
[ link to this | view in chronology ]
- Kevin Morley, 21 Sep 2013 @ 12:35pm
  
  Waiting. For. It.
  Has an Englishman I too am waiting and hoping for the same result. If you care to check the voting for EU membership I bet there were more Welsh, Scottish & Northern Irish voters for than the total English vote (for & against) England and the English don't need, we tolerate.
  
  The only people you would upset are your own "EU", the Scots, Welsh, and N Irish
  [ link to this | view in chronology ]
Ninja (profile), 23 Sep 2013 @ 5:27am

I don't think anybody should be fooled by the promises of surveillance to tackle terrorism. It's quite clear that there are other motives. The question is what are those motives.
[ link to this | view in chronology ]
- Pragmatic, 23 Sep 2013 @ 5:51am
  
  Re:
  Profit.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 23 Sep 2013 @ 9:26am
    
    Re: Re:
    No, power. Above a certain point, accumulating wealth is merely a means to advance the true goal of accumulating power.
    [ link to this | view in chronology ]
- Ed the Engineer, 23 Sep 2013 @ 7:06am
  
  Re:
  Ninja Writes:
  
  "I don't think anybody should be fooled by the promises of surveillance to tackle terrorism. "
  
  I would change that to: I don't think any rational person should be fooled......
  
  There are far to many mindless people. To many:
  "I don't want to think about that.."
  "The government is much smarter than us, so they know best"
  "What happened last night on Dancing with the Stars."
  "What have you got to hide?"
  Etc, Etc, Etc.
  
  Rationalization is far easier than rational thought.
  [ link to this | view in chronology ]
  - Ninja (profile), 23 Sep 2013 @ 7:35am
    
    Re: Re:
    True enough. Far too many people are like that.
    [ link to this | view in chronology ]
IceColdNed, 23 Sep 2013 @ 8:09am

Actually Doing their job?
As far as this instance goes, I don't have a problem with the UK spying on the EU. The IMF and EU are about as transparent as the NSA, and I don't see why anyone should really be up in arms about this. There's a lot of power centered in Belgium that really isn't overlooked by anyone, so if the NSA and GCHQ are spying on them, then this is the one instance where they're actually doing something useful.
[ link to this | view in chronology ]