GCHQ hijacked LinkedIn profiles to hack Belgian telecoms network – report British spies intercepted LinkedIn profile pages and injected malware into them to ultimately infiltrate the networks of mobile operators and other telcos in Belgium. That's according to the latest round of documents leaked by master squealer Edward Snowden. German weekly Der Spiegel reported that when some engineers working …
The US pay GCHQ at least a hundred million pounds a year, according to Snowden. I doubt even the US would want to see that investment go up in smoke. An GCHQ were providing help and services to most EU nations as well, even Germany. .... David 164 Posted Monday 11th November 2013 22:27 GMT
Methinks that investment is now considered to be far too light and an affronting piss-take and an upward adjustment to a cool $billion a year much more appropriate.
And if info being shared is novel intelligence and stealthy and both simultaneously creatively and destructively disruptive and beta-testing advanced protocol encryption pools for zeroday vulnerability exploitation use and serious serial SCADA systems abuse with sterling reward for/from stirling type sublime intangible steganography, is IT raised into COSMIC $trillion mark€t places/spaces/virtual team terrain/SMARTR AI Territory .... and for which there is no known and readily available or possible defence.
Such then makes its sterling stirling intelligence share an attack vector of quite unparalleled power and awesome control to command. And that be a most conservative appraisal and mega metadata base misunderestimation of ITs Potential in Current Para Political Fields and Ponzi Fiat Powering Schemes that Present Realities Today for Tomorrows Future Viewing and Experiencing.
* Much easier to accept, one supposes, than having to admit and submit reports on an alien infiltration and makeover/foreign invasion and takeover, but to be proven wrong, with such reportings inevitable, will do no one positive and nothing instrumental in ensuring such assured changes, harm, for such be quite natural by virtue of its COSMIC IT Stealth and CyberIntelAIgent Virtual Phorm Design.
AdAstral Park Doughnuts are a Delightful Confection quite beyond Earthy Earthly Compare, methinks.
Snowden and Russia must then have the Blair/Bush communications which the Cabinet Office wonks are allegedly refusing to release to Chilcot, although the gist of them is hardly ever gonna be a surprise to everyone and a state secret which needs to be protected.
I can't help noticing that LinkedIn seems to only use SSL/https for user login, after that all traffic uses http - I wonder when they will change to full https. Whilst this may not prevent GCHQ et al from reading traffic, it would make in-flight modification it more problemmatic.
>Explain...
GCHQ is in the UK, so can't just walk through the door, plus the claim made in Der Spiegel, is that GCHQ wanted access to systems within Belgacom not to their LinkedIn profiles...
The Der Spiegel piece goes into more detail and gives a plausible technical explanation for why in-flight intercept and insertion would of been used for such activities - regardless of the agency behind it. Basically, they were doing "Quantum Insert's" on traffic from several websites (LinkedIn and Slashdot.org being explicitly named), to particular users.
If the Belgian telecom can find a sample of the malware and show it has suffered harm from this attack, I'd say they'd have a good case to sue the UK government. Unlike the US government, who could probably just brush it off, the UK is part of Europe, so there is probably a legal route to extracting compensation from the UK.
Just a thought.
I don't call hacking into private individual's or organisations' networks 'friendly', it's highly offensive and should be classified as a crime just as if anyone else attempted it. The innocent targets are perfectly 'real' as is the damage to their IT infrastructure.
Revelations like these trash our national reputation in the eyes of other countries. To work in this division of GCHQ you must have to be somewhere between a prostitute and a contract killer in terms of moral depravity.
Corrupt governments making secret agreements to spy on each other's citizens is a smokescreen for a global Big Brother state treating the public as criminals - it has nothing to do with our real national interest, and is in no one's interest except the tiny elite who control it.
If they need to test out their technology on live targets they should do so legitimately by seeking permission from the target first. Probably via a front organisation, under a classified contract with financial compensation, and the support to fix the damage done by the attack.
Yarr, whilst I largely agree with your points, it is easy to jump to conclusions about these activities based on our own prejudices. My point was drawing attention to what we're not being told ie. what hasn't been published. For example, I've not seen a press statement from either Belgacom or the engineer that was contacted about the attack on them - so we don't actually know if Belgacom systems were compromised (this may happen now that some targeted companies are aware and investigating their systems).
Whilst these agencies probably shouldn't be undertaking some of these activities, the Snowden disclosures are proving to be a mine of information about real world Internet insecurity beyond passwords and Windows security alerts...
I doubt GCHQ would be stupid enough to leave a "copyrighted by GCHQ" in their code. Linking such Malware back to the UK will be next to impossible. if GCHQ were feeling particularly sneaky I am sure they could have laid a false trails so that it look like it was the Russians, Chinese or even the Israelis that were responsible for the Malware and for subsequent hacks.
From the /. post (response from GCHQ) contained the following phrase..
"and that there is rigorous oversight, including from the Secretary of State"
I was under the impression that here in the UK, a Secretary of State is basically a member of the cabinet (i.e. head of a department) as such there is no the.
However, in the USA there is a single entity holding that position, so could correctly be referred to as the.
I will leave the conclusion as an exercise for the reader.
Oh wait it was just one of the Telco's that GCHQ had not got round to accessing yet.
It seems there is no way to muzzle the data fetishists of GCHQ.
I will note that this is pretty poor security on both LinkedIn and Slashdot unless GCHQ had actually spoofed the page and it was not from them at all.
There is one way to create a 'checksum' that would be resistant to tampering. And that is to send the absolute minimum data (in information theory terms) required to achieve the purpose of the website. Anything more, and the site must have been tampered with. An added benefit is no ads. Win-win, I think.
Otherwise, I'd have to ask Silik and Daniels to return me some favors in this timeline.
----
Anyway, now, these cretins in these organizations will just willy-nilly cause just about anyone to distrust everyone else with all their cracking.
Maybe even employers that are SMART will just start firing their best sysadmins randomly, changing out their equipment randomly, and, if even SMARTER, collect forensics and IMMEDIATELY publish the suspected code. Maybe world tech companies will go Open Source due to gov spying. Po-li-tic justice? We'll see.
When will it end?
In order to tap UK comms wholesale, you only have to look for the wholesale provider of comms in the UK.
Do GCHQ have the right to demand access from a private company in the UK? And if so, what kind of legal position does that leave BT in?*
*Based on previous reports of abuse of this type, any complaints to the paid security force Police will just get buried. *cough*phorm*cough*
Who's that rifling through my coat pockets? --->
We appear to be on not too dissimilar wavelengths and singing similar tunes, Sir Runcible Spoon, and quite possibly or even probably have access to like hymn books, for BT is not able to paint itself a virgin innocent in all that stealth and spookery conspires and aspires to achieve. Indeed, to consider itself as anything other than a leading player and conniving assisting component which be quite elemental and fundamental to UKGBNI Great Games Plays, is pure delusion squared and totally unnecessary in intelligent intelligence community circles …. Per Ardua ad Astra MetaDataBases/Virtual Space Campuses and all that jizz and jazz/hocus pocus.
And as for YARR’s 'Friendly' ???! outburst of righteous virtuous indignation …. Posted Monday 11th November 2013 21:46 GMT ….. well, whoever/whatever does he imagine systems are confronted by and with today for Command and Control of Tomorrow, which be always the COSMIC Prize that Surprises?
Although to be perfectly fair, he/she/it does not fail to identify the ilk to a pretty certain and quite accurate degree in the post with this diamond gem of a gold nugget …..
Revelations like these trash our national reputation in the eyes of other countries. To work in this division of GCHQ you must have to be somewhere between a prostitute and a contract killer in terms of moral depravity.
Hookers and psychos rule in all of the best and worst of spaces and places, and aint that the GOD honest truth. :-)
See scherbius2014.de
An before you call it "retro", please tell me how you plan to defeat the malware they have written for your USB memory stick controller. That little thing with 100kloc of C code and 137 zero-days we have never heard of. And the corresponding bag of fleas that is the USB controller talking to the USB memory stick.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
