Belgian Prosecutor Looking Into Reports That NSA/GCHQ Hacked Well-Known Belgian Cryptographer

from the sneaky sneaky dept

Last year, we wrote about the NSA and GCHQ hacking into Belgian telco Belgacom using a “quantum insert” via man-in-the-middle attacks using “fake” Slashdot and LinkedIn pages. It has now come out that Belgian prosecutors are looking into reports that one of those attacks was directed at well-known Belgian cryptographer, Jean-Jacques Quisquater. According to David Meyer at GigaOm:


The Universite catholique de Louvain professor apparently fell victim to a “quantum insert” trick that duped him into thinking he was visiting LinkedIn to respond to an emailed “request” when he was actually visiting a malware-laden copy of a LinkedIn page.

“The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told me by email. As for the purpose of the hack: “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.”

Of course, looking into it doesn’t mean very much at this point. There had been serious concerns about how the NSA and GCHQ used the attacks on Belgacom to then bug systems at the EU Parliament in Brussels. Whether or not they’ll do something in response to “just” hacking a cryptographer remains to be seen — but it should remind basically everyone in the world that the NSA/GCHQ don’t seem to have any hesitation about hacking just about anyone.

Update: As noted in the comments, there are good reasons to believe this was not the work of the NSA/GCHQ, but potentially other government attacks…

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Belgian Prosecutor Looking Into Reports That NSA/GCHQ Hacked Well-Known Belgian Cryptographer”

Subscribe: RSS Leave a comment
13 Comments
Ninjasays:

Now that they lost their credibility and thus their opening to insert backdoors in the crypto standards all that is left is to collect damning info on cryptographers to blackmail them or hijack their lives entirely so they’ll be impaired in their ability to contribute with cryptography. No?

When the tyrant can’t rule in disguised kindness it will revert to blunt, evil force.

[deleted]says:

Seem Justin Bieber is of no consolation to NSA anymore. They manage to outdo him and remain in the front page news on a daily basis.

I am yet to see defenders amongst general public (beside from criminals concerned).

Business model with no Plan B sinking, and yet, they refuse to reinvent themselves. I am curious to see how far they will sink.

Anonymoussays:

and the UK government keeps on about the illegal downloading that happens there and how it’s censoring of the Internet is justified because of the numbers (totally unknown by anyone, unfortunately) of children being caught in sex exploitation and, the entertainment industries failure to step up to the plate and join the rest of the world for distributing media and the numbers of crimes that take place in the make-believe world of Cameron! unbelievable!!

Nicholas Weaversays:

Please correct, this is likely NOT the NSA...

A far better report is from TechWeek Europe.

Two very important points:

The initial attack was phishing based. The NSA doesn’t need to phish, instead they just use direct packet injection instead.

The malcode appears to be a MiniDuke variant.

We don’t know who is operating MiniDuke (namely, is it the Russians or is it the Chinese?), but the targeting history suggests that it is not the US/UK, as a significant number of the targets of MiniDuke have been US/UK computers (Think tanks, research institutions), while NSA/GCHQ is largely outward facing.

Thus the headline is WRONG: Quisquater was probably attacked by a nation-state level adversary, but that adversary is probably NOT the NSA/GCHQ.

Laroquodsays:

What kind of a cryptographer clicks links to a well-known site received via email instead of opening a browser and typing the address in manually? The fact that he fell prey to the simplest and most easily avoided attack in the world does not speak very well for Mr. Quisquater. I’m going to give him the benefit of the doubt by speculating that maybe his expertise is not in the area of malware, and advise him to take the most basic, remedial course on how remain secure, online.

Nicholas Weaversays:

Re:

I’d ask the opposite: What kind of person, who sees mail with a link from

a: Company that routinely sends such mail

b: Matches semantically with such mail

c: Would be something they’d want to view

would NOT click on the link? I think the blame the user mantra here is ridiculous. Such links should be untrusted (no plugins, no scripts), or disabled completely, but to expect users to not click on a link in email destroys the whole notion of sending links in email.

John Fendersonsays:

Re: Re:

I absolutely wouldn’t. It’s internet safety 101, something that people have been trying to drill into everyone’s heads since approximately forever.

Never open an email attachment without checking with the sender that they meant, no matter how well you know the sender — and if you’re asking via email, don’t hit the “reply” button to do it.

Never click on links embedded in emails, even if you know the sender. Ever. Copy them into your browser instead.

Yes, it absolutely sucks that this sort of thing is necessary, but that doesn’t change the fact that it’s necessary.

In this particular case, blaming the user is not entirely invalid. The guy is a security professional, and presumably is aware of at least the most basic rules of internet security. That he didn’t follow them is a failure on his part. That doesn’t excuse the behavior of the criminals at all — just saying that this guy should have known better.

Laroquodsays:

Re: Re:

If you click on such links, then you are a fool. I never do and that is the main reason that I have never been hacked. In fact, if your only security measure were to not click on links to well-known sites sent to you via email, then you probably would not even need an antivirus (although you should install one, anyway).

Blame the user is absolutely the correct mantra here, since it is the ONE PHILOSOPHY that will result in NO INFECTIONS FOR THE USER once that user realises that he/she is at fault for putting faith in a plaintext medium with zero security.

John Fendersonsays:

Re: Qubes-OS would have prevented it

Sandboxing in VMs does give you a lot of protection, and I recommend it. But it’s nothing like a panacea — there are numerous attacks that can escape the VM. They just require a little more skill and effort (for now).

One of the dangers of taking security measures is that people think the security measures means that they can engage in risky behavior again. That’s never actually true, and this effect is why history is riddled with examples of security and safety measures actually leading to less security and less safety.

@bsays:

look down this rabbit hole

The term “quantumInsert” voids all comments about email & copy-pasting links.

This is a man-in-the-middle attack. The victim’s browser is asking for the VALID dot com and being delivered a FAKE (the injection) faster than the valid dot com can deliver (hence quantum). How? Attack system involves victim’s telco/ISP.

Click through the links if you’re curious.

So if this (state) technique targeted your browser, you’d also be duped. You couldnt tell fake from real.

Lastly, with your browser compromise “they” can snoop your host OS, and use day-zero exploits to take over (root) your machine.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it