Forgot your password?
typodupeerror
United Kingdom Government Privacy

GCHQ Created Spoofed LinkedIn and Slashdot Sites To Serve Malware 335

Posted by samzenpus
from the careful-what-you-click dept.
An anonymous reader writes "Ars Technica reports how a Snowden leak shows British spy agency GCHQ spoofed LinkedIn and Slashdot so as to serve malware to targeted employees. From the article: 'Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.'"
This discussion has been archived. No new comments can be posted.

GCHQ Created Spoofed LinkedIn and Slashdot Sites To Serve Malware

Comments Filter:
  • Viral Marketing to Governments.

    • by Taco Cowboy (5327) on Sunday November 10, 2013 @09:25PM (#45387651) Journal

      The term "Rogue" is used to denote "dishonest and/or unprincipled".

      They used to put USSR, China, North Korea under the "Rogue Government" category.

      Both the governments of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

      IMHO, it's time we should include the government of the United States and that of United Kingdom under the "Rogue Government" category.

      And btw, if you see the performance of John McCain, especially how he tried to blame Edward Snowden, you would understand how ludicrously pathetic American politicians have become ...

      ... McCain also said he was convinced that Snowden gave all of his information to Russia ...

      As an American, I am beyond furious ...

      • by Nerdfest (867930) on Sunday November 10, 2013 @09:58PM (#45387823)

        McCain is a first class weasel to begin with. I remember watching one of the presidential debates, ranting about how the government had paid 40K$ or something for a lightbulb, not mentioning that it was for a planetarium projector.

      • by skegg (666571)

        Both the regimes of the United States of American and that of Great Britain have proven to be DISHONEST _and_ UNPRINCIPLED !

        FTFY.

      • And you think J. Edgar Hoover was a straight shooter in the 1960s? What about "Carnivore" snooping on all internet activity in the 1990s? Why are there CCTV cameras everywhere in Britain? What are those very tall telephone poll looking structures in the United States on the highways with a little glass dome at the top? (Hint: Cameras!)

        Governments are always nefarious and untrustworthy entities when it comes to surveillance.

        Not "even in a democracy" but "Especially in a democracy" because keeping tabs
        • by Anonymous Coward on Monday November 11, 2013 @01:38AM (#45388785)

          ..Why are there CCTV cameras everywhere in Britain?

          Err, there aren't.

          Look, you (pl) keep throwing this one up, I'm in Britain, and the nearest 'state' CCTV cameras to my current location are a mile and a half away, and I stay in a major town. The nearest CCTV camera to my home location is approx 1,300 feet away (as the Google Earth ruler flies..) and it's pointed at a bloody 'Doo hut'.

          My place of employ?, internally we've cameras everywhere (and I run 4-8 of them), the industrial estate we're located on is surrounded by a ring of the buggers, guess what?, none of the fucking things work (and they haven't done so now for a number of years..7+ years now).

          Yes, Britain in parts (hello London, Glasgow, any other 'metropolitan' area and the major road networks) may have an inordinate number of CCTV cameras, but they're not 'everywhere in Britain' and not any more so than any other country.

          If you truly want an example of Panopticon levels of CCTV surveillance, try Monaco.

  • by Anonymous Coward on Sunday November 10, 2013 @07:29PM (#45387067)

    when the quality of the comments section significantly improved.

  • by Joining Yet Again (2992179) on Sunday November 10, 2013 @07:30PM (#45387075)

    I know you're reading this.

    You're smart. Smart enough to be able to work out who I am, probably without much trouble.

    Why don't you do something productive?

    • so they wouldn't HAVE to be productive. All they have to do is listen and let the money roll in.

  • by Anonymous Coward on Sunday November 10, 2013 @07:31PM (#45387081)

    Don't worry, this is the real Slashdot right here. I promise.

  • by Hamsterdan (815291) on Sunday November 10, 2013 @07:34PM (#45387105)

    If I or any /. reader were to do the same, a pretty harsh sentence would await us.

    • HTTPS on Slashdot (Score:5, Interesting)

      by tepples (727027) <tepples.gmail@com> on Sunday November 10, 2013 @07:42PM (#45387155) Homepage Journal
      I wonder if it would have been as easy for GCHQ to get away with it if HTTPS on Slashdot weren't a subscriber-only perk. Facebook and Twitter have gone all HTTPS all the time; why can't Slashdot? If ads are the problem, Google recently opened AdSense to HTTPS sites [blogspot.com].
      • by Anonymous Coward on Sunday November 10, 2013 @07:56PM (#45387245)
        Given that the spooks have almost certainly compromised all the major Certificate Authorities and can issue their own certificates at-will, I'm going to go with "No, it wouldn't make the slightest bit of difference".
        • Re: (Score:2, Insightful)

          by AHuxley (892839)
          Re https ,br> Thats what smart people have been warning about for years. Once the nets basic cryptography is a junk standard thanks to gov - anyone can be anything online and its all perfectly trusted..
          The ex staff, fired staff, mercenary, contractor - they all take the complex skill set with them and sell it.
          Other govs, firms, foreigners with cash, faith groups with cash... thats why junk crypto is so useless - all the interesting people can pay to learn about the 'net' and always know to avoid it or
          • Re: (Score:2, Interesting)

            by NicBenjamin (2124018)

            You do realize that the UK already has an obscene amount of data on it's people?

            Londoners in particular, can be tracked individually by the police if they so choose. I don't think they even need a warrant. In theory they could decide they wanted to find out what some random hot chick does every day, and they'd be able to follow her everywhere she went for as long as she was in London.As long as she's in public she's on one of their cameras. For most people (ie: the ones who don't discuss their illegal activ

            • by AHuxley (892839)
              Yes Nic, it was always interesting in the UK. From the first staff asking legal questions about UK satellite call tracking and local UK calls mixed in back in the late 1960's.
              The computers kept running and everything was just fine. Then came voice prints from the US drug wars in South America (for wider use). CCTV tracking, cell phone decryption and finally the bulk of all UK internet traffic per day.
              As for the use of analysts, you have a lot of private sector pre sorting for 'advertising' contracts th
    • Spoofing websites is on the very low end of the scale of things theyre getting away with..

      War crimes and crimes against humanity the Nazis were executed over come to mind.
    • So?

      If I decided to execute some dude I'd be in huge-ass trouble. Yet Texas does that shit all the damn time.

      It's the government. The shit it does is legal by definition as long as the correct internal procedures are followed.

  • by OzPeter (195038) on Sunday November 10, 2013 @07:35PM (#45387113)

    There were no dupes, and all TFS's had perfect spelling and grammar.

    • by ganjadude (952775)
      or maybe "they" are the reason for so many more dupes!
    • by jrumney (197329) on Sunday November 10, 2013 @07:49PM (#45387209) Homepage

      There were no dupes, and all TFS's had perfect spelling and grammar.

      Actually, that's the real one. If you're seeing dupes, misspellings and poor grammar, and the articles seem to be a bit behind other sites, then it is probably a rushed retyping of the original.

    • Dupes? There are dupes?

      Did you maybe have a deja vu? Or can you be certain that you didn't read it on a spoofed page?

      Tell me when I made you paranoid enough.

    • by nherm (889807)

      When I saw a CowboyNeal option in the poll I knew that the GCHQ set up us the spoof.

  • SSL (Score:5, Informative)

    by dido (9125) <dido@im[ ]ium.ph ['per' in gap]> on Sunday November 10, 2013 @07:44PM (#45387171)

    I suppose using HTTPS would have helped even a little, if Slashdot ever bothered to do so. The victims might have noticed that the certificates changed, even if they did check out, most especially if they used HTTPS Everywhere [eff.org]. They couldn't just foist off an SSL cert for Slashdot signed by some other CA (or even the same CA) then: the SSL Observatory would have noticed the change in the certificate the way SSH notices that public keys to servers you connect to change. Unless of course Slashdot gave its (non-existent) private keys to GCHQ, in which case all bets are now off. Why browser SSL doesn't automatically cache certs the way SSH does and warn if there's a change that doesn't involve certificate expiry or revocation is something that isn't quite clear to me.

    • Re: SSL (Score:5, Insightful)

      by Jakeula (1427201) on Sunday November 10, 2013 @08:11PM (#45387311) Homepage
      SSL didn't seem to help LinkedIn. They use ssl and they successfully spoofed that.
    • by gnoshi (314933)

      Being notified of the 'duplicate' responses from the server would have helped too. That's not a normal running condition.

      I don't mind so much that browsers don't cache SSL certificates and notify of changes, but it is a shame that the server can't request that behaviour (using something like HSTS).

    • by gronofer (838299)
      The SSL Observatory wouldn't notice a change in certificate if it was only targetted against certain individuals. The CA system is counterproductive if compromising a single CA is all that it takes to disable SSL against any chosen target.
    • by tomtomtom (580791)

      The victims might have noticed that the certificates changed, even if they did check out

      Actually, only half the victims could have realised this (at least directly). The websites being spoofed are victims here as well - after all it does your reputation no good at all if someone spoofs your website to serve malware. Best case, you look like an incompetent admin; worst case, someone thinks you did it deliberately and starts telling a lot of their friends. It's akin to a murderer framing an innocent party for his crime - that innocent party is a victim of a crime too. I suspect these agencies ha

  • And I'm not feelin' up to par
    It increases my paranoia
    Like lookin' at my mirror and seein' a police car
    But I'm not givin' in an inch to fear
    'cause I promised myself this year
    I feel like I owe it to someone

    I bet a lot of /.ers are mentally running through some of their past posts right about now. Where did I leave that tinfoil?

    • Nope. I joined repeatedly, and earned positive karma repeatedly, with many accounts.

      Bunch of deleted stuff... you can leave your past behind, if you are willing to leave your past behind. Most people aren't, and that's what everyone against you is counting on.

      Kill your wife, or child, or countryman, or government, or celebrity, or friend? I count on you to be strong, while the perpetrator counts on you to be weak.

      Everyone should be mentally reviewing their activity. and if it should be censored or stoppe

  • by RDW (41497) on Sunday November 10, 2013 @07:48PM (#45387205)

    That's a pretty sophisticated hack. Looks like they've gone as far as setting up an entire site that looks superficially like Slashdot, but is full of grotesquely dull stories apparently designed to warp the minds of unsuspecting IT professionals - obviously some sort of psyop strategy, but to what purpose?:

    http://slashdot.org/topic/bi/ [slashdot.org]

  • If /. had even basic ssl support, at least a possible forged certificate could have been revealed.

  • by Press2ToContinue (2424598) * on Sunday November 10, 2013 @08:19PM (#45387353)

    They are frauds. The NSA perpetrated a fraud with these actions. This helps to clarify that these acts are illegal. Fraud is illegal.

    Thanks,

    • by mysidia (191772)

      OK

      The British spy agency GCHQ generated and sent fraudulent messages over the telecommunications network purporting to be from Linkedin and Slashdot to targeted employees' computers, through their internet connection; in order to deceive their targets and their computers' in order to exploit security vulnerabilities causing their computers to execute covertly planted software with a malicious intent.

      After targets were defrauded into having covert malware planted on their computers; the software would

  • Is it "the games"? Is it "the critical apps"? There's a VM for that... there's a separate machine for that. Don't be a sucker. Not saying that Linux can't be targeted, but I will say there is much low-hanging fruit to get to before they get to you. And especially if you're running MSIE? Really? At least go with a browser with NoScript available. Things are getting serious. You should be too.

  • Javascript (Score:4, Insightful)

    by Jah-Wren Ryel (80510) on Sunday November 10, 2013 @11:12PM (#45388161)

    If there was ever indisputable proof that Slashdot needs to maintain javascript-free functionality in slashcode, this is it. If it were viable to use slashdot with javascript disabled, this sort of impersonation attack would be a lot harder to pull off because NoScipt would have protected from drive-by nsa-ware infections hoisted on the slashdot impersonator site.

    Unfortunately, its been years since it was reasonable to use slashdot without javascript. Even if you still use the old style interface, there are too many corners where javascript has crept into the design in a mandatory way rather than just as an enhancement.

  • by Kjellander (163404) on Monday November 11, 2013 @02:32AM (#45388951)

    Really. I mean it. It is not that hard.

1 Mole = 25 Cagey Bees

Working...