MENUMENU

How U.K. intelligence exploited LinkedIn to spy on a Belgian telecom

undefined

The British equivalent of the National Security Agency created fake LinkedIn pages to hack into a major Belgian telecommunications company.

The U.K. Government Communications Headquarters—the British equivalent of the National Security Agency—created fake LinkedIn pages to hack into a major Belgian telecommunications company.

The hack was originally reported by Der Spiegel back in September, based on documents leaked by former intelligence contractor Edward Snowden. At the time, it was not known how the GCHQ pulled off the attack.

As it turns out, the hack was carried out using what is called a “man-in-the-middle attack.” In this case, we now know that means the GCHQ used fake LinkedIn pages to redirect employees to sites containing malware. By tricking company personnel into downloading the malicious software, the GCHQ appears to have been able to breach Belgacom cybersecurity.

This latest leak, published by Der Spiegel on Sunday, is the first reported instance of LinkedIn being exploited by a government spy agency. Unlike Facebook or Google, LinkedIn contains few personal details about its users. The incentive for targeting the professional network, then, is almost certainly economic.

What exactly the GCHQ did with the information it obtained from Belgacom is unclear. However, the agency’s willingness to obtain it stands as a clear example of surveillance that has moved beyond the realm of protecting national security.

Illustration by Jason Reed

Joe Kloc

Joe Kloc

Joe Kloc is a former Daily Dot contributor who covered technology and policy. He's contributed to Newsweek and Mother Jones, discussed his reporting on air with WNYC, and written Weekly Reviews for Harper's Magazine.