Share

Related Links

Related Stories

  • NSA and GCHQ Harvest User Data From Leaky Mobile Apps
    Security experts have long warned that users should be more concerned about the sometimes excessive personal data that some apps take from their hosts. Now it seems that criminals and advertisers are not the only people interested in this information: NSA and GCHQ have been developing the ability to take advantage of leaky mobile apps.
  • NSA Collects 200 Million International Texts Daily and Allows Access by GCHQ
    New revelations from the Snowden leaks published by The Guardian yesterday suggest that the NSA has been collecting almost 200 million text messages every day, including US texts, and subsequently providing GCHQ with access to the metadata of untargeted and unwarranted UK texts.
  • Sweden's Intelligence Agency has Access to NSA's XKeyscore system
    Sweden has sometimes been called the 'Sixth Eye' – referring to the English-speaking Five Eyes SIGINT alliance – suggesting a close working relationship between Sweden's FRA and the NSA and GCHQ. New documents suggest that it has access to the XKeyscore tool, and has helped in the Quantum hacking program.
  • NSA/GCHQ Turn World of Warcraft into World of Spycraft
    Online gamers use false names and characters to meet, chat and interact with other people from all over the world anonymously. NSA and GCHQ began to suspect that criminals and terrorists were using these virtual worlds, such as World of Warcraft, XBox Live and Second Life to 'hide in plain site' – and began a concerted effort to infiltrate gaming.
  • How GCHQ hacked Belgacom
    In September Der Spiegel published details from Snowden leaks indicating that GCHQ had been behind the hacking of Belgian telcommunications company Belgacom, in an operation codenamed Op Socialist. On Friday it published further details indicating how the breach had been effected.

Top 5 Stories

News

NSA/GCHQ Hacking Gets Personal: Belgian Cryptographer Targeted

03 February 2014

Belgian newspaper De Standaard reported Saturday that the federal prosecutor is investigating the hacking of Jean-Jacques Quisquater, a renowned cryptographer and professor at the Université catholique de Louvain, close to Brussels. The hack was discovered while the authorities were investigating the breach at Belgacom.

The Belgacom breach was revealed in top secret NSA and GCHQ documents leaked by Edward Snowden implicating GCHQ. Last week Snowden warned German television company ARD that the NSA doesn't just hack companies, but also targets individuals. Now it appears that Quisquater is the first known example of such personal targeting. 

The breach was discovered by the Belgian authorities investigating the Belgacom hack. They informed Quisquater who has since lodged a formal complaint. “The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told Gigaom by email. As for the purpose of the hack: “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.”

The attack method has some similarities to the Belgacom hack in that LinkedIn was the lure. With Belgacom it was a quantum insert attack. With Quisquater, which appears to have happened six years ago, it was more traditional spear-phishing. He received a fake LinkedIn invite from a non-existent person in the European patent office (Quisquater holds 17 patents). This dropped a variant of the MiniDuke malware which covertly opens a backdoor onto the infected computer.

A year ago Kaspersky Lab uncovered a MiniDuke campaign that appears to be a clear cyber espionage attack against "governments of Ireland, Romania, Portugal, Belgium and the Czech Republic."

The Quisquater hack appears to pre-date the Belgacom attack by several years. Top secret documents leaked in early January show how the NSA's Tailored Access Operations (TAO) group progressed from email-based hacking (as in Quisquater) to its quantum insert method (as in the more recent Belgacom hack). "Certain QUANTUM missions have a success rate of as high as 80%, where spam is less than 1%," one internal NSA presentation states.

Although there is no specific statement that either the NSA or GCHQ is thought to be responsible, that is the clear implication. Where this differs from NSA and GCHQ justifications for their internet surveillance is that it is difficult to see a cryptography professor as a potential terrorist or threat to national security. This would appear to be simple espionage designed to aid the intelligence agencies' attempts to crack the world's encryption algorithms.

"It seems clear to me," comments security expert Graham Cluley, "that anyone working in cryptography research now needs to consider themselves a potential target for state-sponsored cyber-attack, even from countries who you might consider to be on the same side as you."

This article is featured in:
Encryption  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×