It's spooks vs. geeks in LinkedIn, Slashdot hacks

Alongside world leaders, diplomats, and investigative journalists, everyday engineers join list of targets for cyber spies

Updated your LinkedIn profile lately? Are you sure it was LinkedIn? You may want to reconsider. You should also think twice about what you've been saying lately on Slashdot, too.

Today Der Spiegel reported that the British secret service has been targeting engineers working at European telecom exchanges using spoofed LinkedIn and Slashdot pages. Their intent: To quietly take over the engineers' systems, steal their passwords, and gain access to billions of messages that pass over these exchanges.

[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Check out InfoWorld TechBrief, your source for quick, smart views on the news you'll be talking about -- subscribe today. ]

As InfoWorld's Serdar Yegulalp writes:

Why hack into roaming exchange providers? Such outfits, like Begium's Belgacom, are treasure troves of data about mobile voice and data connections across Europe -- an obvious plum for picking by any intelligence agency. Belgacom provides Internet and telecom for all of the EU's official institutions, so it wouldn't be surprising to learn that American spy efforts in Europe (like the surveillance of German Chancellor Angela Merkel's cellphone) have been aided by such hacks.

Yegulalp adds that this is a common target for Russian cyber gangs and other criminals. Remember when you used to be able to tell the difference between the good guys and the bad ones?

Quantum without solace

The British spies apparently took advantage of an NSA system called Quantum. Bruce Schneier has a thorough explanation of how it works, but the tl;dr version goes like this: Superfast computers sitting in privileged positions on the Internet backbone intercept your HTTP requests before they can reach their actual destination and send back fake pages. The page may look, smell, and taste like your LinkedIn profile, but a tasty little malware treat hidden inside lets the spooks take over your computer and record your keystrokes.

The NSA and GCHQ don't send these "enhanced" pages to just anyone. That would be counterproductive -- they'd be drowning in even more irrelevant data than they already are, and they'd increase the risk of a tech-savvy user figuring out what they were doing.

Instead, the spooks pick their spots. In other words, they need to spy on you a little, to determine if you're worth spying on, before they decide to spy on you a lot.

In one case, noted Der Spiegel, British spies came across a computer expert working for one of these global exchanges in India and decided to make him a target.

The top-secret document shows how extensively the British intelligence agents investigated the life of the innocent employee, who is listed as a "target" after that.

A complex graph of his digital life depicts the man's name in red crosshairs and lists his work computers and those he uses privately ("suspected tablet PC"). His Skype username is listed, as are his Gmail account and his profile on a social networking site. The British government hackers even gained access to the cookies on the unsuspecting victim's computers, as well as identifying the IP addresses he uses to surf the web for work or personal use.

In short, GCHQ knew everything about the man's digital life, making him an open book for its spies.

1 2 Page 1