Der Spiegel reports: Elite GCHQ teams targeted employees of mobile communications companies and billing companies to gain access to their company networks. The spies used fake copies of LinkedIn profiles as one of their tools.
The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didn’t take any longer than usual to load.
The victims didn’t notice that what they were looking at wasn’t the original site but a fake profile with one invisible added feature: a small piece of malware that turned their computers into tools for Britain’s GCHQ intelligence service.
The British intelligence workers had already thoroughly researched the engineers. According to a “top secret” GCHQ presentation disclosed by NSA whistleblower Edward Snowden, they began by identifying employees who worked in network maintenance and security for the partly government-owned Belgian telecommunications company Belgacom.
Then they determined which of the potential targets used LinkedIn or Slashdot.org, a popular news website in the IT community.
The computers of these “candidates” were then infected with computer malware that had been placed using infiltration technology the intelligence agency refers to as “Quantum Insert,” which enabled the GCHQ spies to deeply infiltrate the Belgacom internal network and that of its subsidiary BICS, which operates a so-called GRX router system. This type of router is required when users make calls or go online with their mobile phones while abroad. [Continue reading…]