How U.K. intelligence exploited LinkedIn to spy on a Belgian telecom

The British equivalent of the National Security Agency created fake LinkedIn pages to hack into a major Belgian telecommunications company.


Joe Kloc


Published Nov 10, 2013   Updated Jun 1, 2021, 2:14 am CDT

The U.K. Government Communications Headquarters—the British equivalent of the National Security Agency—created fake LinkedIn pages to hack into a major Belgian telecommunications company.

Featured Video Hide

The hack was originally reported by Der Spiegel back in September, based on documents leaked by former intelligence contractor Edward Snowden. At the time, it was not known how the GCHQ pulled off the attack.

Advertisement Hide

As it turns out, the hack was carried out using what is called a “man-in-the-middle attack.” In this case, we now know that means the GCHQ used fake LinkedIn pages to redirect employees to sites containing malware. By tricking company personnel into downloading the malicious software, the GCHQ appears to have been able to breach Belgacom cybersecurity.

This latest leak, published by Der Spiegel on Sunday, is the first reported instance of LinkedIn being exploited by a government spy agency. Unlike Facebook or Google, LinkedIn contains few personal details about its users. The incentive for targeting the professional network, then, is almost certainly economic.

What exactly the GCHQ did with the information it obtained from Belgacom is unclear. However, the agency’s willingness to obtain it stands as a clear example of surveillance that has moved beyond the realm of protecting national security.

Illustration by Jason Reed

Share this article
*First Published: Nov 10, 2013, 7:57 pm CST