Belgian Prosecutor Looking Into Reports That NSA/GCHQ Hacked Well-Known Belgian Cryptographer
from the sneaky sneaky dept
Last year, we wrote about the NSA and GCHQ hacking into Belgian telco Belgacom using a “quantum insert” via man-in-the-middle attacks using “fake” Slashdot and LinkedIn pages. It has now come out that Belgian prosecutors are looking into reports that one of those attacks was directed at well-known Belgian cryptographer, Jean-Jacques Quisquater. According to David Meyer at GigaOm:
The Universite catholique de Louvain professor apparently fell victim to a “quantum insert” trick that duped him into thinking he was visiting LinkedIn to respond to an emailed “request” when he was actually visiting a malware-laden copy of a LinkedIn page.
“The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told me by email. As for the purpose of the hack: “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.”
Of course, looking into it doesn’t mean very much at this point. There had been serious concerns about how the NSA and GCHQ used the attacks on Belgacom to then bug systems at the EU Parliament in Brussels. Whether or not they’ll do something in response to “just” hacking a cryptographer remains to be seen — but it should remind basically everyone in the world that the NSA/GCHQ don’t seem to have any hesitation about hacking just about anyone.
Update: As noted in the comments, there are good reasons to believe this was not the work of the NSA/GCHQ, but potentially other government attacks…