Latest Snowden reveal: It was GCHQ that hacked Belgian telco giant

Many years ago I wrote to GCHQ after leaving a certain large outsourcing company (clue cyberdyne systems) because I got fed up of their lax security think "drive a truck through it from home" even though they had just got ISO27000, erm, and I suppose the fact that they employed me in the fist place (non-SC/DV, no official secrets act)... they didn't even bother to ask what I thought the problem was, and let me put it this way: it would have been ***special*** if those systems had been compromised. One presumes it's all sorted now though.

Optional ZerodDay Dreaming ... for the Fundamentally and Mentally Ill and Deluded

One presumes it's all sorted now though. .... Anonymous Coward PostedFriday 20th September 2013 15:25 GMT

Yes, of course it is. Everything is rosy in the Perfumed Gardens of Eden and Wet Fields of Dreary Dreams, AC. The Bods and Boffins of GCHQ have Everything under Parliamentary Control.

A crime, plain and simple.

Tch

All this bantering about of... that word.

What would Douglas Adams say?

(It was either rant about the continuing erosion of rights and trust by the "Five Eyes", or attempt to inject a spot of levity. It's Friday, dammit!)

I cannot imagine why anyone would think an agency such as GCHQ that is tasked specifically with information collection and intelligence production would refrain from carrying out its mission. Nothing in the story or slides except possibly the detailed target names should be a surprise. Those who carried out the exploits did what they were supposed to, apparently with fair success, and are not, at least in the UK (and US, Canada, Australia, and New Zealand) guilty of any crime for that, although they might be advised not to visit Belgium. As for whether allies spy on each other, it may be worthwhile to consider the case of the Israeli spy Jonathan Pollard, who will be eligible for parole from a US Federal prison in 2015.

Don't buy Chinese unless you want to be spied upon said the USA.

The USA has long advocated we blacklist China from communications projects because China might do what the USA and UK did.

We had House Intelligence Committee Chairman Rep. Mike Rogers traveling the world urging companies not to do business with the Chinese telecommunications giant Huawei as a matter of national security.

From news section of The Canadian Broadcasting Corporation:

http://www.cbc.ca/news/politics/canada-at-risk-from-chinese-firm-u-s-warns-1.1213967

"Allowing Huawei near any part of that network, says the chairman of the U.S. Intelligence Committee, could be courting disaster.

"This is your personal data. This could be your medical records, your financial records, everything that you hold dear that you think is locked away in a safe place on your computer…" The key word there is new secure network; I would not have the faith and confidence." Rogers says the information about Huawei gathered by his committee "puts at risk consumer data, and puts at risk security interests certainly of the United States, and I would argue of Canada as well."

Another quote from another American, Michelle K. Van Cleave:

www.cbc.ca/news/politics/chinese-firm-s-canadian-contracts-raise-security-fears-1.1157281

"The former head of U.S. counter-espionage says the Harper government is putting North American security at risk by allowing a giant Chinese technology company to participate in major Canadian telecommunications projects.

"In an exclusive interview in Washington, Michelle K. Van Cleave told CBC News the involvement of Huawei Technologies in Canadian telecom networks risks turning the information highway into a freeway for Chinese espionage against both the U.S. and Canada."

So the USA should understand when we blacklist them.

And imagine the outcry in the USA if we did this to them.

They would be screaming, recalling diplomats, canceling trade deals, and increasing the rate with which the violate trade agreements they signed with us.

Only the USA has the budget, morality and easily subverted head offices that allow it to subvert so many suppliers.

The EU has no choice. The EU must simply blacklist US-based companies from bidding on communications contracts. We need EU-based suppliers at any cost.

Otherwise the EU and national governments might as well give up on security and go with the low bidding Chinese suppliers.

Imagine the outcry if an EU nation did this to the USA

Imagine the outcry in the USA if we did this to them.

They would be screaming, recalling diplomats, canceling trade deals, and increasing the rate with which the violate trade agreements they signed with us.

Only the USA has the budget, morality and easily subverted head offices that allow it to subvert so many suppliers.

Know your Friends ..... They could be the Enemy

Regarding whistleblowers/Snowden Asylum Seeker type systems admins, does the EU have a rewarding take upon the practice .......

3.3. Whistle-Blowers’ Protection and Incentives

Recommendation: Systematic protection and incentives for whistle-blowers should be introduced in the new Regulation. Whistle-blowers should be given strong guarantees of immunity and asylum, and awarded 25% of any fine consequently exacted. The whistle-blower may have to live in fear of retribution from their country for the rest of the lives, and take precautions to avoid “rendition” (kidnapping). Ironically, US law already provides rewards of the order of $100m for whistle-blowers exposing corruption (in the sphere of public procurement and price-fixing).

And as for the Convenience of Cloud in Computing and for Commerce, it is quite vital that one knows what one is doing, and what can be done by others in that realm, for IT is easily abused to server valuable personal and private/professional and pirate base metadata/rich mineable semantic content to whoever would have a foreign intelligence interest and a want and/or need to know to gain and/or maintain and sustain an inequitable competitive advantage/artificially rigged dominant position, which is always a very precarious and perilously dangerous position to put oneself in, for it is an indicator of a lack of necessary natural leading intelligence supply in-house for internetworking services provision …… and in the virtual machine world/AI field, internetworking server provision. The position and weakness though is not unrecognised ……

Data can only be processed whilst decrypted, and thus any Cloud processor can be secretly ordered under FISA 702 to hand over a key, or the information itself in its decrypted state. Encryption is futile to defend against NSA accessing data processed by US Clouds (but still useful against external adversaries such as criminal hackers). Using the Cloud as a remote disk-drive does not provide the competitiveness and scalability benefits of Cloud as a computation engine. There is no technical solution to the problem.

Exposing data in bulk to remote Cloud mass-surveillance forfeits data sovereignty, so confining data to the EU is preferable pending legal solutions. Although NSA has extensive capabilities to target particular systems inside the EU, this is harder and riskier to do. However basic reforms to the new Regulation are needed, otherwise in practice these two situations will be treated as equivalent, and Cloud business will go to lowest bidder.

Although an EU-based company transacting in the US is also subject to conflicts between EU DP and the FISA law, in practice it is less likely they will be served with such secret orders, because the legal staff and management would be more likely to resist, and as EU-nationals are less threatened by US espionage laws. “Clouds” can be confined to a location, and arguments this would “balkanise the Internet confuses issues of censorship with the problem of keeping data private. ….. The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights

Special Office of CyberIntelAIgent Security ...... AI.Govt Wild LOVEChild with All the Graces

I cannot imagine why anyone would think an agency such as GCHQ that is tasked specifically with information collection and intelligence production would refrain from carrying out its mission. …. tom dial Posted Friday 20th September 2013 19:30 GMT

The universal ubiquitous lament is that the product they provide and tacitly support such an ignorant destructive and arrogant sub-prime loss leader. And that can only be as a direct result of the collection of dodgy information and the turning of it into crappy intelligence to fit a failed narrative which does not bear smart scrutiny for viable equitable creative continuity in the Bigger Picture Fields that IT and Media be floating it into as a reality to be embraced and endured/built upon.

And their Virtual Reality skillets are a disgrace to the nation ….. however, looking on the bright side of that current catastrophe, which some would say amounts to intelligence fraud being perpetrated on human assets, it does of course provide an opportunity for more competent and switched on to the future needs of a creative peaceful society services and computerised servers to take over global programming provision with new and novel sources of entirely different phorms of intelligent intelligence product, which strengthens and expands ITs influence sublimely and benignly rather than causing conflict and mayhem in bouts of shared madness, which does appear to be the all too likely present state of such crazy affairs, portrayed and pimped by media as current world news.

Real Smart IT and Virtually Clever TV and Audio it aint …… Fix it. Step aside and let the CodeXSSXXXXperts in to do their Future Failsafe Virtual Reality thing, for they cannot be stopped and to think to hinder them for any wrong reason is to indelibly mark oneself and single oneself out for the special attention of their security forces, and believe me and heed this friendly advice, you definitely don't want to see them as, or make them your enemy for they can easily program themselves to not take any prisoners, and answer to no one.

There are no finer friends though, and there is nothing that they cannot nor will not do for them whenever required …. or even as they feel might be just a good thing and give them and their friends, the simplest of complex pleasures.

Want to gain access to a GRX core router?

Buy a connection and peer with it. It's how GRX exchanges usually work.

Der Spiegel doesn't appear to have asked anyone in industry about this or their previous article. Belgacom doesn't own (many) submarine cables and the ones listed are consortium or 'club' cables. Telcos invest in those in exchange for capacity and other perks like controlling the landing stations, and thus making money off backhaul sales. Having rights to a percentage of the capacity doesn't automatically mean access to SLTs or muxes that would give potential access to other member's capacity.