BY KIM ZETTER
Photo: Ariel Zambelich/WIRED
British spies hacked into the routers and networks of a Belgian telecommunications company by feeding telecom engineers malicious LinkedIn and Slashdot pages, according to documents released by NSA whistleblower Edward Snowden.
Once the computer browsers of the engineers with Belgacom pulled up the fake pages, malware was installed surreptitiously onto their machines, giving the spooks with Britain’s GCHQ the ability to penetrate the internal networks of Belgacom and its subsidiary BICS.
The primary aim, reports the German newspaper der Spiegel, which obtained the documents, was to compromise the GRX router system that BICS controlled, in order to intercept mobile phone traffic that got transmitted by the router.
The elaborate scheme, dubbed “Operation Socialist,” involved first identifying key telecom administrators and members of computer security teams who likely had access to sensitive parts of the Belgacom network. The spies then produced a dossier of the targets’ email addresses, social networking accounts and online reading habits using open source information that the employees freely provided online.
Target computers were infected by using a method called Quantum Insert technology developed by the NSA. This involves placing high-speed servers at key internet switching points to conduct a man-in-the-middle attack when a target tries to surf the web. When a target called up a LinkedIn page, for example, the Quantum servers intercepted his web request and served up a malicious LinkedIn page instead that was embedded with malware.
The injection attempts are referred to internally as “shots,” and have proved to be highly effective, according to the Snowden documents.
“For LinkedIn the success rate per shot is looking to be greater than 50 percent,” one document states.
The spooks didn’t just target telecom workers, however, they also targeted the employees of phone billing companies, such as Mach, based in Luxembourg. GCHQ’s hacking team developed customized digital weapons to target the computers of six Mach employees.
In that case, the spooks focused on a computer expert working for the company’s branch in India. The spies created a complex dossier charting his Gmail and social networking accounts, listing his work and personal computers, identifying the IP addresses he used to surf the web, and also gaining access to the cookies on his computers. “In short, GCHQ knew everything about the man’s digital life, making him an open book for its spies,” der Spiegel reported.
