Forgot your password?
typodupeerror
United Kingdom Security IT

Snowden Docs: Brits Hacked Accounts of Belgian IT Admins 126

Posted by Soulskill
from the what's-good-for-the-goose-is-good-for-the-gander dept.
An anonymous reader writes "British secret service GCHQ is willing to penetrate the networks of telecoms firms to subsequently use them for spying. German magazine DER SPIEGEL reports GCHQ hacked the machines of Belcacom staff to later use their GRX routers for targeted man-in-the-middle-attacks on people's phones. Belgacom is the biggest telecom in Belgium, and is partly state-owned. DER SPIEGEL publishes three original slides from a GCHQ presentation. They specifically mention targeting 'engineers/systems administrators.'"
This discussion has been archived. No new comments can be posted.

Snowden Docs: Brits Hacked Accounts of Belgian IT Admins

Comments Filter:
  • ...that all governments spy on all other governments, regardless of the state of cordiality between those nations.

    Didn't we already know this?
    • by Serious Callers Only (1022605) on Friday September 20, 2013 @10:28AM (#44902617)

      1. This is not a government spying on another government.
      2. Economic espionage is illegal
      3. Breaching trust like this will lead to all sorts of blowback when partners find out, it's hardly a good idea.

      GCHQ has strayed well over the line from protecting British interests against our enemies to economic and political espionage. This op was probably ordered at the behest of some American service anyway (to whom GCHQ are in hoc to the tune of hundreds of millions of dollars), who knows why or who it benefits, but it certainly isn't the people of the UK.

      • by TWX (665546)
        As far as I've been able to tell, most espionage of a materiel type requires spying on companies, as it's those companies that are the true producers of materiel, not governments themselves.
        • by vux984 (928602)

          As far as I've been able to tell, most espionage of a materiel type requires spying on companies, as it's those companies that are the true producers of materiel, not governments themselves.

          True. And if you were investing a weapons manufacturer in Syria nobody would blink. But Belgium is an ally.

          This is like breaking into your friends house without provocation, you know, just in case... uh... something... something... terrorism.

      • by Trepidity (597)

        in hoc to

        Off-topic pedantry: the expression's in hock to, originating from a Dutch word for a kennel or lock-up or prison, informally used to describe someone in debt. Not related to Latin hoc, meaning "this", and common in phrases like post hoc ergo propter hoc ("after this, therefore because of this"), ad hoc ("for this [occasion]"), etc.

      • by TheSpoom (715771) <{ten.00mrebu} {ta} {todhsals}> on Friday September 20, 2013 @11:10AM (#44903033) Homepage Journal

        There's no such thing as illegal to a government.

        • Tell that to the 'illegals'...
        • by Xest (935314)

          Yet that's the exact arguments the UK government uses when it doesn't want to do something.

          "We can't just not hand over Julian Assange because the whole extradition looks fishy because that would be illegal"

          We have separation of our judicial branch from our government for a reason and they can't just pick and choose when they ignore the law even with their attempt at hijacking the judiciary with their politically appointed supreme court.

      • by Anonymous Coward

        who knows why or who it benefits, but it certainly isn't the people of the UK.

        Is that your evaluation based on many years of experience with the intelligence agencies? Or is it the snark of a passing minute on the internet?

        NSA helped foil terror plot in Belgium, documents, officials say [cnn.com]
        Police arrest 10 over Belgian 'Islamist terror plot' [bbc.co.uk]
        Belgian police raid homes in connection with Syrian terror groups recruits [rt.com]
        Two Belgian "terrorism" suspects detained in Yemen [reuters.com]
        Fearing terror attack, Belgium arrests 14 [latimes.com]

        • by IamTheRealMike (537420) <mike@plan99.net> on Friday September 20, 2013 @12:18PM (#44903871) Homepage

          A couple of problems here. Firstly a lot of those stories refer to an event in 2008, and Der Spiegel claims GCHQ only got access to Belgacom in 2010. So their spying cannot have been relevant there.

          Secondly, the evidence in those cases was the sort of thing that can be obtained using ordinary court orders or ordinary, limited and carefully controlled wiretaps. The people targeted went to the Afghan-Pakistani border for months and according to one article, some of them were already known criminals in Belgium even before then. Getting a tight, time limited court order for surveillance of these people within Belgium is easily possible - at no point would Britain hacking Belgium have been helpful in such a prosecution and indeed, would have been dangerous - if the evidence was obtained without a warrant and defence counsel found out, the case might have collapsed.

          I strongly dislike this notion that the acts Snowden uncovered are all OK because occasionally, the authorities do manage to catch terrorists. Guess what? They also catch random serial killers, fraudsters, drunk drivers who do hit and runs, all kinds of other criminals .... just using the ordinary tools and strict supervision they are supposed to operate under. Where's the evidence that tightly specified, time limited court orders issued by open courts are insufficient? Can you point me to just one case of a terrorist who successfully blew himself up because a judge mistakenly denied a reasonable warrant request? I've not heard of such a thing, even though occasional mistakes would be expected and not by itself sufficient to conclude what the NSA/GCHQ does is necessary.

          • by Xest (935314)

            "Can you point me to just one case of a terrorist who successfully blew himself up because a judge mistakenly denied a reasonable warrant request?"

            Perhaps somewhat ironically, a number of attacks that have succeeded such as the butchering of a soldier in London earlier this year were by people who were not only known to the security services, but whom the security services tried to recruit.

            You're right, the security services can't even catch people sat right under their own noses when they have all the info

      • by bdwebb (985489)

        This op was probably ordered at the behest of some American service anyway

        I love how every negative thing even other governments do is all our fault. I guess GCHQ is full of retards who can't wipe their ass without being told to by America. What a crock of shit.

        There may be connections and there may have been discussion between GCHQ and NSA as we are allies but I'm tired of hearing how we're assholes for things that other people do. If our government agencies can order your government agencies around, you might as well call yourselves Americans, too.

        • by fatphil (181876)
          Well, UK politicians are all retards who can't wipe their arse without being told to by America, so I see no reason why those in metagovernmental roles should be any less spineless.
      • Way to try and blame it on the Americans. I wish other countries could actually accept responsibility for their own actions once in a while.

      • by Xest (935314)

        Yes, the thing that bothers me most about all this though is the fact that the US seems to basically own GCHQ. We already had the story about how the US paid money for access to intelligence and influence on GCHQ but the fact that Snowden was able to pilfer some highly sensitive documents from the NSA about GCHQ is worrying.

        Don't get me wrong, I'm absolutely glad Snowden did what he did but our intelligence services are way too close to and way too open with the US.

        It's pretty clear what was meant now when

    • by Njovich (553857)

      And how exactly do you know that all governments do this? That the British are in the same boat as the Americans has long been suspected. I don't see the Belgians mass monitoring Verizon calls in the US, do you?

      • I don't see the Belgians mass monitoring Verizon calls in the US, do you?

        It's all a matter of capability, not interest.

    • by X.25 (255792)

      ...that all governments spy on all other governments, regardless of the state of cordiality between those nations.

      Belgacom is a government?

  • Truthfully, if any hub of communication on the continent was going to exploited and counter-expoited, it would be the trunks and infrastructure running into and out of Belgium. SHAEF is there and lots of other stuff. I wonder what will be unearthed about the Russians in Belgium?

    • by Xest (935314)

      Well given that Britain is the second largest military force in NATO after the US you'd think that we'd not need to hack it to find out what was going on.

  • This was probly at the request of Nigel Farage, given his opinion [youtube.com] on Belgium and attempts to "..be the quiet assassin of European democracy and of European nation states. [theguardian.com]".
    • by gmuslera (3436)
      If something could end the EU is this kind of actions from UK, how you continue in something based on mutual trust when that trust is not deserved? This century Axis of evil has changed actors, but once again are a few countries (some of them inside Europe, some of them outside) vs the rest of the world, just wait for their next moves if you are still not doped enough.
      • If something could end the EU is this kind of actions from UK, how you continue in something based on mutual trust when that trust is not deserved? This century Axis of evil has changed actors, but once again are a few countries (some of them inside Europe, some of them outside) vs the rest of the world, just wait for their next moves if you are still not doped enough.

        What many people forget is that you can have more than two axes. Along with the Axis of Evil, we've now got the Axis of Fascists, the Axis of Slime, and the Axis of "not as bad as them".

        In other news, China must be laughing, as they don't have to even nudge anything to let all this take place and have everything fall into their lap. Doesn't mean they're not positioning themselves favourably though.

  • Consequences? (Score:5, Interesting)

    by Weezul (52464) on Friday September 20, 2013 @10:32AM (#44902645)

    Any chance the GCHQ people will do time in Belgian jails?

    Any chance the U.K. will get an astronomical fine?

    • by lordholm (649770)

      Good question, wonder what happens if the Belgian police issues an EAW, does the GCHQ operators have immunity for their crimes in the UK? Does the EAW apply in this case; in my mind it should, it would put some needed control over this crap.

      • by Rich0 (548339)

        Good question, wonder what happens if the Belgian police issues an EAW, does the GCHQ operators have immunity for their crimes in the UK? Does the EAW apply in this case; in my mind it should, it would put some needed control over this crap.

        I would think that as long as they violated a law in Belgium that meets the EAW requirements and there is probable cause they could issue one. I'm not an expert in European law, but it seems like part of the deal in becoming a part of the EU is that you lose your sovereignty to protect your spies who are breaking laws in other member nations. One would think that in joining an alliance like the EU that you're supposed to stop treating other member states like enemies. If they needed to tap a cell phone i

        • by pesho (843750)
          That's really bizarre. If GCHQ wanted to listen to any communication in an EU country all they needed to do is come up with a somewhat plausible reason and simply ask for access. It is beyond me why would they risk exposing their employees for two pages worth of paperwork. Well, unless they were actually spying on their allies, that is.
          • by gl4ss (559668)

            ...it's pretty damn hard to come up with plausible reason to listen to politicians of all EU countries.

    • by GNious (953874)

      What I'm curious about is whether the recent treaties and agreements about electronic warfare covers this as an act of war, and whether Belgium can request NATO and US support in said war with the UK...

    • by lefke123 (2446554)

      Any chance the GCHQ people will do time in Belgian jails?

      Any chance the U.K. will get an astronomical fine?

      As a Belgian, I'm going to speculate that the GCHQ people will probably have to murder a couple of people before they'll be put into jail. They could get a house arrest, and maybe a fine, tops. Our jails are overcrowded and our legal system avoids jailing people if it's not absolutely necessary. Fun fact: It's not illegal to break out of jail in Belgium.

  • The rule of security is: Make it more expensive for the attacker than it's worth to them.

    How much is it worth to spy agencies to have root access to telecom providers? Quite a bit, is my amateur guess. The telecom providers (and ISPs, etc.) should anticipate attacks proportional to the value, and implement security proportional to the anticipated attacks. (But do they really have a chance of holding off the NSA, GCHQ, etc.? Perhaps their own national intelligence agency could help, if their citizens can tru

    • The corollary is that securing your infrastructure isn't worthwhile if it's more expensive to do so than the value of ensuring your infrastructure isn't compromised. There's no sense in buying a $500 safe to protect a $20 tool.
    • by gmuslera (3436) on Friday September 20, 2013 @12:00PM (#44903671) Homepage Journal

      NSA (& associates) made that equation worthless when started to require to manufacturers to insert backdoors and timebombs into their products and spread privileged access over too much people [salon.com].

      So a single person or a group of them (either being insider, or finding how to access those backdoors deployed everywhere) with the right motivation can access most of world's critical information, including US one, and Snowden is a proof of that, the one that decided to go public, for good. What you don't know is how many in the past, present or future will abuse that privilege, or just will make a security mistake giving access to that information to the wrong people.

  • by canadiannomad (1745008) on Friday September 20, 2013 @10:48AM (#44902785) Homepage

    I could be way off base, but I bet this particular type of information was sought out from the leaks by Greenwald to dissuade GCHQ from behaving the way it did again...

  • So what more have we learnt about Poirot?
  • by randomErr (172078) <ervin@kosch.gmail@com> on Friday September 20, 2013 @11:09AM (#44903019) Homepage Journal

    We already know that something between 1984 and the NAZI regime was being built. Snowden just brought it to everyone's attention.

    The best thing we can do is either unplug all together or create custom P2P networks that breaks from the standard networks. We need to use disruptive technologies like CB, Zigbee, enhanced versions GPG, faxs, face to face communication, hell even FIDOnet would offer a level of privacy you usually can't get today.

    • Oh, if only "store and forward" weren't specifically outlawed by the FCC... Then you could buy an ISP device once, and never pay anything more than maintenance and electricity to join the encrypted mesh network. Instead we only allow corporations to do this, and charge by the bit. Wireless Plans, indeed.

      Colocation? Bandwidth Problems? Hack because IPv4/6 lacks automatic caching of store and forward... And TCP is dumb.

  • by Anonymous Coward

    Getting rather sick of just overview articles that tell what intelligence agencies are doing, but doesn't explain HOW they are doing it, or everything that they are doing with the collected data. Basically, the journalists have now become the gatekeepers of information deciding what the affected masses should see. Give us (tech community) specific details on who/what has been compromised so that mitigation can take place while we wait for legal and political solutions (if they ever come) to address the cr

    • by HiThere (15173)

      The journalists don't tell you how it's done, because they don't understand the explanations. This isn't being a gatekeeper. This is being a "narrow passage".

      P.S.:

      It's been 4 minutes since you last successfully posted a comment

      Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.

      Why don't they say how long you need to wait?

  • "It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them."
    So that's who keeps doing that. And I was blaming flash gaming sites that my mother-in-law goes to.
  • Well, I am "willing to penetrate" certain young female celebrities. Doesn't mean I did. Doesn't even mean would. Certainly won't get the opprtunity.
  • Not of the NSA (I mean seriously, you weren't already?) but of these leaks? I am starting to have doubts that this one contractor had access to all this varied data, about various programs, and now even about non-American agencies.

    I am seriously starting to wonder if he, or others, are making up some shit for their own ends. I just have trouble buying that he has all this disparate data, on all this stuff, particularly given the compartmentalization of highly classified data.

    • by neo-mkrey (948389)
      Yes, I believe he does. This is based on the extreme reaction by those from whom the data was taken.
      • I'm quite sure his original stuff about the NSA's prism program is accurate. It is some of the later stuff I'm questioning. I don't doubt that he had access to classified data, and it certainly seem like it is at least somewhat, if not completely, accurate given the reaction. But then there keeps being more and more leaks that are less and less related, which do not seem to be generating much reaction.

        It is just causing me to wonder on their veracity.

    • Let me just clear up all your lack of access concerns: Omivore / Carnivore ran on Unix, it was ported to MS Windows when they made ECHELON, thus Windows is the platform PRISM runs on too.

      The only thing suspicious about the reports is that the Chinese hackers who bust up all the SCADA and Windows-Ran Energy grid aren't corroborating the reports... You credit the NSA too highly. Where do you think they higher hackers from? That same group that makes a game out of getting root on Windows and other OSs?

    • by Xest (935314)

      The official line is that Snowden was just some basic contractor who was a network administrator but other sources that have done some digging seem to think he was one of the NSA's hired hackers contracted to attack other nation state's infrastructure.

      Only it seems he turned on the NSA and hacked them instead, hence the access to all this data.

      The problem is that the NSA was likely using the very algorithms and systems it had put backdoors into assuming that no one else would know about the backdoors so it

  • If you want to know more what each party is discussing with their national governments, can't think of a better place than hacking Belgian telecom.

    This is why they did it.

  • Brilliant move, Britannia.
  • Everyone ( the idiots anyway ) say its only the USA that does this.. this cant be true..

To understand a program you must become both the machine and the program.

Working...