Belgacom Hacked; NSA Involvement Suspected

The Belgacom statement makes no mention of the likely culprit, saying only that it "has filed a complaint against an unknown third party and is granting its full support to the investigation that is being performed by the Federal Prosecutor." The main thrust of the statement is that an intrusion was discovered and removed, and that Belgacom customers have not been impacted.

De Standaard is not so reserved. "Everything suggests," it reports, "that the US National Security Agency has hacked Belgacom since 2011." There is no public proof of this, but the newspaper believes there is little doubt: the primary intrusion seems to have been in Belgacom's Bics subsidiary which is the leading telecoms provider in Africa and the Middle East.

This news emerged at the same time as Der Spiegel in Germany revealed that leaked documents from Edward Snowden indicate NSA interest in the financial details of people in Europe, Africa and the Middle East.

A subsequent press conference attended yesterday by Belgacom CEO Didier Bellens and the Minister of Public Enterprises, Jean-Pascal Labille, declined to comment on any suspected source for the attack. "It is up to the court to do its job. Once the perpetrators are identified, we will respond appropriately, I assure you," said Labille.

The Belgian public prosecutor would also not yet comment on the suspected culprit, but said, "The hackers had significant financial and logistical resources and used specific malware and advanced encryption techniques." This is taken to be an indication that it was a state-sponsored attack. All fingers seem to point at either or both the NSA and GCHQ (whose Tempora project has specifically targeted the fiber links of telecoms companies).

Stefaan Van Hecke, a member of the Belgian Federal Parliament and leader of the Green party, immediately called for the suspension of the EU/US free trade negotiations if it is shown that the NSA is implicated in the hack. Renaat Landuyt, a member of the Belgian the SP.A party, added his own concern over the lack of action against NSA intrusions. "We know that it happens, we know how easily that happens, and everyone  continues as if nothing happened."    

The depth of concern and anger over this intrusion in Belgium is because the state is the largest shareholder in Belgacom -- the attackers, whoever they are, have effectively attacked the Belgium state.

Update (25 Sep 2013)
Since this article was written, Der Spiegel has published details from new Edward Snowden leaks that point the finger more at GCHQ than at the NSA.

A "top secret" Government Communications Headquarters (GCHQ) presentation seen by SPIEGEL indicate that the goal of project, conducted under the codename "Operation Socialist," was "to enable better exploitation of Belgacom" and to improve understanding of the provider's infrastructure.

If true this will raise new political questions over one EU member state spying on another EU member state.

What’s Hot on Infosecurity Magazine?