Telecommunications
http://www.freeimages.com/browse.phtml?f=search&txt=communication&w=1
OPERATION SOCIALIST
THE
INSIDE STORY OF HOW BRITISH SPIES HACKED BELGIUM’S LARGEST TELCO
SATURDAY AT 9:26 AM
When the incoming
emails stopped arriving, it seemed innocuous at first. But it would eventually
become clear that this was no routine technical problem. Inside a row of gray
office buildings in Brussels, a major hacking attack was in progress. And the perpetrators
were British government spies.
It was in the summer
of 2012 that the anomalies were initially detected by employees at Belgium’s
largest telecommunications provider, Belgacom. But it wasn’t until a year
later, in June 2013, that the company’s security experts were able to figure
out what was going on. The computer systems of Belgacom had been infected with
a highly sophisticated malware, and it was disguising itself as legitimate
Microsoft software while quietly stealing data.
Last year, documents
from National Security Agency whistleblower Edward Snowden confirmed that British
surveillance agency Government Communications Headquarters was behind the
attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware
found on Belgacom’s systems was one of the most advanced spy tools ever
identified by security researchers, who named it “Regin.”
The full story about
GCHQ’s infiltration of Belgacom, however, has never been told. Key details
about the attack have remained shrouded in mystery—and the scope of the attack
unclear.
Now, in partnership
with Dutch and Belgian newspapers NRC Handelsbladand De Standaard, The Intercept has
pieced together the first full reconstruction of events that took place before,
during, and after the secret GCHQ hacking operation.
Based on new documents
from the Snowden archive and interviews with sources familiar with the malware
investigation at Belgacom, The Interceptand its partners have
established that the attack on Belgacom was more aggressive and far-reaching
than previously thought. It occurred in stages between 2010 and 2011, each time
penetrating deeper into Belgacom’s systems, eventually compromising the very
core of the company’s networks.
“A BREATHTAKING EXAMPLE OF THE STATE-SPONSORED HACKING
PROBLEM.”
Snowden told The
Intercept that the latest revelations amounted to unprecedented
“smoking-gun attribution for a governmental cyber attack against critical
infrastructure.”
The Belgacom hack, he
said, is the “first documented example to show one EU member state mounting a
cyber attack on another…a breathtaking example of the scale of the
state-sponsored hacking problem.”
Publicly, Belgacom has
played down the extent of the compromise, insisting that only its internal
systems were breached and that customers’ data was never found to have been at
risk. But secret GCHQ documents show the agency gained access far beyond Belgacom’s
internal employee computers and was able to grab encrypted and unencrypted
streams of private communications handled by the company.
Belgacom invested
several million dollars in its efforts to clean-up its systems and beef-up its
security after the attack. However, The Intercept has learned
that sources familiar with the malware investigation at the company are
uncomfortable with how the clean-up operation was handled—and they believe
parts of the GCHQ malware were never fully removed.
The revelations about
the scope of the hacking operation will likely alarm Belgacom’s customers
across the world. The company operates a large number of data links
internationally (see interactive map below), and it serves millions of people
across Europe as well as officials from top institutions including the European
Commission, the European Parliament, and the European Council. The new details
will also be closely scrutinized by a federal prosecutor in Belgium, who is
currently carrying out a criminal investigation into the attack on the company.
Sophia in ’t Veld, a
Dutch politician who chaired the European Parliament’srecent inquiry into mass
surveillance exposed by Snowden, told The Intercept that she
believes the British government should face sanctions if the latest disclosures
are proven.
“Compensating Belgacom
should be the very least it should do,” in ’t Veld said. “But I am more
concerned about accountability for breaking the law, violating fundamental
rights, and eroding our democratic systems.”
Other similarly
sophisticated state-sponsored malware attacks believed to have been perpetrated
by Western countries have involved Stuxnet, a bug used to sabotage Iranian
nuclear systems, and Flame, a spy malware that was found collecting data from
systems predominantly in the Middle East.
What sets the secret
British infiltration of Belgacom apart is that it was perpetrated against a
close ally—and is backed up by a series of top-secret documents, which The
Intercept is now publishing.
GCHQ
declined to comment for this story, and insisted that its actions are
“necessary legal, and proportionate.”
No comments:
Post a Comment