Last weekend’s high-profile cyberattack against telco Belgacom could have been part of a long-running spying campaign by Britain’s GCHQ, German magazine Spiegel Online has suggested after studying documents leaked by Edward Snowden.
According to a presentation seen by the site, GCHQ first broke into the partly state-owned firm in 2010 under a project called ‘Operation Socialist’. The attack used a system called Quantum Insert’ – a malware hub possibly developed by the NSA - that gained access to Belgacom’s network by luring employees to infected websites.
The ‘way in’ was allegedly through Belgacom subsidiary BICS, a joint venture between Swisscom and South Africa's MTN, the website said. This was part of a plan to “map the network and better understand the Belgacom infrastructure,” and “investigate the VPN links from BICS to other telec providers,” the leaked presentation said.
This was no mere spear phishing expedition; GCHQ got close to accessing the firm’s main international GRX mobile router which had been targeted because it would allow spies to conduct man-in-the-middle attacks on “targets roaming using smartphones.”
The document describes Operation Socialist as having been a success which from the level of detail in the slides is not an over-statement.
The latest Snowden documents can’t be verified and if genuine the connection drawn with last week’s attack on Belgacom is, of course, speculative. But it does look like a remarkable coincidence. Operation Socialist commenced some years in the past while the telco admitted that the intrusions had existed since at least 2011.
Now suspicion rules the day. Last week, Belgacom took the unusual step of publicising the malware intrusions it had detected, interpreted by some as a way of causing political embarrassment to prime suspect, the NSA. Belgian newspaper De Standaard reported that an internal investigation had concluded that the attacks had involved a foreign state, presumed to be the US.
Belgacom has passed its evidence to the Belgian federal prosecutor.
But why would GCHQ care about a Belgian telco? The answer probably has a lot to do with the important undersea cables run by the BICS subsidiary that span the globe from the US to Asia. Belgacom/BICS was most likely viewed by the spooks as an easy way into a system that carries large volumes of mobile and other traffic that it wanted to access.