Looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Allied spy agencies abroad are using the same (black) bag of tools.
According to reports published by German magazine Der Spiegel, Britain's Government Communications Headquarters (GCHQ), the U.K. equivalent to the NSA, spoofed LinkedIn and Slashdot pages to break into the computers of network engineers who worked for global roaming exchange providers in Europe. The fake sites planted malware on the victims' systems, which in turn would gain access to the voice and data routers at the telecoms where the victims worked.
The technique used to spoof the websites, dubbed "Quantum Insert" by the NSA, was also employed in the past by that agency to attack users of the Tor anonymous-browsing network. According to Bruce Schneier, the trick involves relying on the NSA's widely discussed but still shadowy "secret partnerships with U.S. telecom companies."
A spoof server (code-named "Fox Acid"), which can respond faster than the real one, is placed somewhere on the Internet backbone. If the victim tries to browse the real site, traffic is silently redirected to the fake one and hacking ensues. What's more, attacks can be fine-tuned to specific victims -- by exploiting sensitive information that had been shared pre-emptively with the NSA.
Hacking a telecom treasure trove
Why hack into roaming exchange providers? Such outfits, like Begium's Belgacom, are treasure troves of data about mobile voice and data connections across Europe -- an obvious plum for picking by any intelligence agency. Belgacom provides Internet and telecom for all the EU's official institutions, so it wouldn't be surprising to learn that American spy efforts in Europe (like the surveillance of German Chancellor Angela Merkel's cellphone) have been aided by such hacks.
And in another operation, the GCHQ targeted clearinghouse companies that perform mobile billing and administration for mobile operators. Such companies include Mach of Luxembourg (now owned by Syniverse of Tampa, Fla.) or Comfone, based in Bern, Switzerland.
Attacking a third-party clearinghouse company to steal personal data is a technique that's been used quite successfully by conventional criminal hackers -- see the Russian gang SSNDOB when it broke into LexisNexis and the National White Collar Crime Center -- so it's not surprising to see spy agencies using the same tactic.
Belgacom has reported in the past that something fishy might well have been going on in its data centers. In October the company reported there had been unauthorized changes to one of its routers, and a month before it claimed to have found a previously unidentified virus lurking in its internal network.
What's troubling is that anything the NSA can do can, in theory, be done just as easily -- and maybe even more undetectably -- by a rogue attacker. To that end, Schneier is convinced that the more such attack methods are made public, the tougher they will be to pull off and the safer we'll all be.
"Yes, [full disclosure of such methods] would make it harder to eavesdrop on the bad guys," Schneier writes, "but it would make everyone on the internet safer. If we believe in protecting our critical infrastructure from foreign attack, if we believe in protecting internet users from repressive regimes worldwide, and if we believe in defending businesses and ourselves from cybercrime, then doing otherwise is lunacy."
This story, "UK spy agency uses NSA attack to hack Slashdot, LinkedIn users," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.