The Intercept: GCHQ Intrusion into Belgacom, an Ally

In the digital age with California tech giants, nothing stays private. The 9/11 attacks on the US caused the Western allies to step out of bounds in the Face of Terror, a string of Patriot Acts [What’s In A Name?] made its way across Europe. What was illegal became legal. A new diary posted @EuroTrib:

Is a Russian Troll Farm Destroying US Democracy?

How UK Spies Hacked a European Ally and Got Away With It

The covert operation was the first known example of a European Union member state hacking the critical infrastructure of another. The malware infection triggered a massive cleanup operation within Belgacom, which has since renamed itself Proximus. The company – of which the Belgian government is the majority owner – was forced to replace thousands of its computers at a cost of several million Euros. Elio di Rupo, Belgium’s then-prime minister, was furious, calling the hack a “violation.” Meanwhile, one of the country’s top federal prosecutors opened a criminal investigation into the intrusion.

The criminal investigation has remained open for more than four years, but no details about its activities have been made public. Now, following interviews with five sources close to the case, The Intercept – in collaboration with Dutch newspaper de Volkskrant – has gained insight into the probe and uncovered new information about the scope of the hack.

More below the fold …

In June 2013, shortly before the discovery of the intrusion at Belgacom, journalists began publishing documents leaked by National Security Agency whistleblower Edward Snowden. The documents exposed controversial mass surveillance programs operated by the NSA and its British counterpart, GCHQ.

Some of the Belgacom investigators initially suspected that the NSA was involved in the hack, partly due to the complexity of the malware. It bore similarities to Stuxnet and Flame, U.S.-created digital viruses designed to sabotage and collect intelligence about Iran’s uranium enrichment program. “This was by far the most sophisticated malware I’ve ever seen,” recalled Frank Groenewegen, a researcher who analyzed Belgacom’s infected systems for the cybersecurity firm Fox-IT.

It was not until September 2013 that the Belgians would learn the truth: The Belgacom intrusion had in fact been carried out by another of their close allies, the British. Documents from Snowden, published that month by Der Spiegel, showed that a GCHQ unit called the Network Analysis Centre had hacked into the computers of three Belgacom engineers who had access to sensitive parts of the company’s systems.

When the details about the hack went public, Belgacom tried to play down the extent of the breach. The company circulated a press release insisting there was “no indication of any impact” for its customers and their data. But the reassurance turned out to be false. As The Intercept revealed in December 2014, the most sensitive parts of Belgacom’s networks were compromised in stages between January and December 2011.

The UK intelligence community before and after Snowden by Richard J. Aldrich

Executive Summary

Few areas of public policy are more important than electronic intelligence and cyber-security. The revelations  made  by  Edward  Snowden  have  shone  a  bright  light  on  this  subject.  The  National Security  Agency  (NSA)  and  its  many  partners  have  grown  rapidly,  sharing  data  in  a  response  to globalisation  as  well  as  terrorism.  In  an  uncertain  world,  increased  knowledge  is  often  seems  a security  panacea.  Whether  global  challenges  are  defined  in  terms  of  international  terrorism, organised crime, disease or indeed demographic and socio-economic change, a common response has  been  to  turn  to  knowledge-intensive  organisations  to  manage  societal  risk.  Today,  the  data derived from social media, from our travel cards and our supermarket loyalty cards, is at the core of this activity.

Government no longer owns most of this data. The most important change during the last decade is that “surveillance” has merged with “shopping” and has ceased to be the preserve of specialist state agencies;  instead  it  has  escaped  out  into  society.  The  big  collectors  of  intelligence  are  now  the banks,  airlines,  supermarkets,  ISP  providers  and  telecoms.  Every  organisation,  both  public  and private  now  collects,  stores  and  shares  data  on  an  unprecedented  scale  –  often  across  state boundaries. Airlines are typical of this new phenomenon as both vast collectors and also ‘customers’ of refined data for both commercial and security purposes. Are the organisations the future security agencies?

What are the consequences? In the UK the outcomes of these trends are often portrayed as darkly dystopian.  Yet  human  beings  are  now  more  connected.  Potentially,  the  new  era  of  “knowledge- intensive  security”  offers  stronger  partnerships  and  more  open  styles  of  governance  that  will diminish government secrecy and corporate confidentiality  as well as privacy. But this will require higher  levels  of  trust  regarding  the  way  corporations  and  government  handle  personal  data, together  with  “flat”  ownership.  We  will  also  need  radical  new  approaches  and  new  concepts  if oversight is to be improved and public confidence is to be sustained. The policy task is urgent, for while  information  and  communications  technology  is  accelerating,  cabinets  and  corporate  boards are often baffled by this subject.

Parliaments,  the  judiciary,  human  rights  organisations  and  the  media  have  also  struggled  to comprehend its potential and its dangers. In short, while the consequences of electronic intelligence and cyber security are important, they are as yet poorly understood and poorly regulated.  Just like intelligence itself, oversight and the protection of rights is an activity that is increasingly dispersed. The  lead  elements  are  no  longer  formal committees but  global  civil  society, consisting  of  a broad alliance of whistle-blowers, journalists, academics, campaign groups, lawyers and NGOs. These fluid international  alliances  of  counter-spies  work  unevenly,  but  have  the  advantage  of  mirroring  the multinational alliances of the intelligence agencies. National governments are not comfortable with “regulation  by  revelation”  and  have  worked  hard  to  constrain  whistleblowers.

Don’t threaten to cut intelligence ties in Brexit talks, UK warned | The Guardian – Feb. 2017 |

The British government’s desire to “take back control” would also be tested when it comes to data privacy. The UK would have to apply to the European commission for “adequacy status” to allow financial and personal data to move unimpeded across the continent. “We are not an island in the sense of data flows,” Moraes said. “The commission would have to examine our data protection law and if it doesn’t offer equivalent protection to the [EU] data protection regulation, then we have a problem.”

He pointed to the difficulties faced by the US, when its “safe harbour” pact on data protection with the EU was struck down by the ECJ, throwing Google, Facebook and thousands of other companies into legal limbo. The pact has since been replaced by the new “privacy shield” agreement, which puts stronger duties on American companies to protect EU consumers.

“[Safe harbour] collapsed because the US data protection standards were so much lower than the EU’s,” he said. “The UK will have to come up to quite high standards.”

Further reading …

Munich: Theresa May calls for UK-EU security agreement | DW |
EU approves data-sharing SWIFT agreement with US authorities (2009)

Author: Oui

1904 World Fair -- Meet me at St. Louis!