It looks like GCHQ is at it again, and has been targeting employees of mobile communication and billing companies to gain access to their company computers. Moreover, this was achieved through fake copies of the employee’s LinkedIn and SlashDot pages.
Der Spiegel reported back in September that, according to a slide released by Snowden, GCHQ had hacked Belgacom, the Belgian telco, and planted malware on engineer’s computers through the use of a “quantum insert”:
According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a “Quantum Insert” (“QI”). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had “good access” to important parts of Belgacom’s infrastructure, and this seemed to please the British spies, according to the slides.
Further digging into the topic by Laura Poitras has revealed that the faked websites used to display this malware were Slashdot and LinkedIn. Essentially, should a targeted Belgacom employee have accessed either of these websites, instead of accessing their own profile they would have been unknowingly redirected to a mirror website, one which will have planted malware on their computer.
In a response to TechDirt, GCHQ had this to say regarding the hacks:
We have no comment to make on this particular story.
All GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.