Last week Belgacom, Belgium’s largest telecom, admitted it was the target of a malware attack that may have been in operation for several years.
Suspicions turned immediately to the National Security Agency (NSA), not unreasonable considering, as FierceITSecurity points out, hackers look to have also taken aim at “the company’s undersea fiber joint venture with Swisscom and MTN that supplies international telecom service to the Middle East and other regions.”
The venture has made Belgacom one of the world’s top carriers of voice traffic to the Middle East and Africa. Its clients include institutions like the European Commission, the European Council, and the European Parliament.
Belgian federal prosecutors told Reuters that, based on a complaint filed in July, when the company discovered the malware, "the hacking was only possible by an intruder with significant financial and logistic means. … This fact, combined with the technical complexity of the hacking and the scale on which it occurred, points towards international state-sponsored cyber espionage."
However, Der Spiegel, using its access to materials leaked by Edward Snowden, has since discovered that it was Britain’s electronic intelligence agency, the GCHQ—closely allied with the NSA—that perpetrated the attack, code named “Operation Socialist.”
The hack was apparently achieved by spear-phishing Belgacom engineers and taking over their computers through a malware-inserted back door. Mention is made of an NSA “attack technology” called “Quantum Inset” (QI). QI appears to be simply a method: the redirection of a browser to a site that will install on the target computer a sophisticated remote access tool.
H/T Guardian | Illustration by Jason Reed