Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

British spies reportedly spoofed LinkedIn, Slashdot to target network engineers

Lucian Constantin | Nov. 12, 2013
The GCHQ reportedly used spoofed LinkedIn and Slashdot pages to compromise the computers of network engineers working for global roaming exchange providers based in Europe.

Belgacom, whose customers include the European Commission, the European Parliament and the European Council, announced in September that it had discovered sophisticated malware on some of its internal systems. Last month the company also started investigating unauthorized changes made to a router at BICS.

Belgacom representatives never confirmed that GCHQ was involved in the malware attack against the company, but Dirk Lybaert, the company's secretary general told the European Parliament's Civil Liberties, Justice and Home Affairs Committee in October that the intruder had "massive resources, sophisticated means and a steadfast intent to break into our network."

Belgacom did not immediately respond to an inquiry seeking more information in light of the new report that its engineers were targeted using spoofed LinkedIn and Slashdot pages.

The "Quantum Insert" attack technology reportedly used by GCHQ was developed by the NSA and is made possible by partnerships between the intelligence agency and telecommunication companies that operate Internet infrastructure, according to cryptographer and security expert Bruce Schneier.

"As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone," Schneier said in a blog post in October. "This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a FoxAcid server."

FoxAcid is reportedly the codename for servers from which the malicious code injection attacks are launched.

"In the academic literature, these are called 'man-in-the-middle' attacks, and have been known to the commercial and academic security communities," Schneier said. "More specifically, they are examples of 'man-on-the-side' attacks."

"They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the Internet backbone, and exploit a 'race condition' between the NSA server and the legitimate website," Schneier said.

"We have read the same stories, and want to clarify we have never cooperated with any government agency, nor do we have any knowledge, with regard to these actions, and (to date) have not detected any of the spoofing activity that is being reported," said Darain Faraz, communications manager for the EMEA region at LinkedIn, in an emailed statement. "LinkedIn takes the privacy and security of our members very seriously, and when were made aware of any improper activity, we work to quickly respond."

Dice Holdings, the New York-based company that owns Slashdot.org did not immediately respond to a request for comment.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.