Earlier this week, the primarily state owned Belgacom – the largest telecom in Belgium, with customers such as the European Commission, Council and Parliament – has made public the fact that their internal computer system have been breached by an “unknown third party”.
The company involved the Belgian federal prosecutor in the investigation, and Belgian PM Elio Di Rupo stated that the technology used for the attack seems to point towards an espionage effort mounted by a foreign state.
And while Belgacom CEO and the Belgian Minister of Public Enterprises and Development Cooperation to speculate which state might be involved, “well-informed” internal sources fingered the UK and the US as the likely attackers.
Today, the German Der Spiegel reported about perusing documents leaked by NSA whistleblower Edward Snowden, among which was a presentation that indicates Britain’s GCHQ intelligence service is the perpetrator of the attack.
“The presentation is undated, but another document indicates that access has been possible since 2010,” the reporters noted. “The document shows that the Belgacom subsidiary Bics, a joint venture between Swisscom and South Africa’s MTN, was on the radar of the British spies.”
The codename of the successful effort is “Operation Socialist”, and its goal was to enable better exploitation of the company and understanding of its infrastructure.
They did so by targeting a number of Belgacom employees, attempting to redirect them to malware-laden sites where they would pick up backdoor Trojans or other malware that would allow the attackers to remotely manipulate their computers.
Having achieved that, the agents were able to access important parts of the company’s infrastructure, to (from there) attempt to access the rest – such as the company’s central roaming router that processes international traffic – and ultimately to mount Man-in-the-Middle attacks targeting smartphone users.