British Refuse To Co-operate With Belgian Hacking Inquiry

Uploaded on 2018-10-31 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The UK government has been accused of endangering diplomatic relations with Belgium after its “exceptional” refusal to cooperate with an inquiry into GCHQ’s alleged hacking of Belgacom, the country’s biggest telecoms company (now Proximus Group.

For at least two years ending in 2013, the British intelligence service was probably spying within the state-owned company’s networks on the instruction of UK ministers, according to leaks from a judicial inquiry presented to Belgium’s national security council this week.

When asked by the Belgian federal prosecutor’s office to cooperate with the investigation into the alleged hacking, the UK Home office is said to have refused, claiming: “The United Kingdom believes that this could jeopardise our sovereignty, security and public order.”

According to the Belgian newspaper, De Standaard, the prosecutor’s office regarded the response as “exceptional between EU states, and something that could lead to a diplomatic incident”.

Sophia in ’t Veld, a member of the European parliament’s committee on civil liberties, justice and home affairs, tweeted in response to the media report: “Remarkable attitude towards other European countries, pre or post Brexit.”

The Belgian prime minister, Charles Michel, declined to comment.

The GCHQ operation, if proven, would be the first documented example of an EU member state covertly hacking into the critical infrastructure of another.

The Belgian investigation into the alleged hacking was launched in response to claims made by the National Security Agency whistleblower Edward Snowden five years ago when he leaked 20 slides exposing GCHQ’s hacking targets, which included Belgacom, now known as Proximus.

Codenamed Trinity, the Belgian inquiry found evidence of hackers swiftly covering their tracks following Snowden’s leaks but also unambiguous evidence of the British intelligence service’s involvement, it is alleged.

The investigation discovered spy software installed remotely on Belgacom’s computers from three Internet protocol addresses registered in the UK to front companies. When Belgian investigators approached GCHQ for help in identifying those behind the IP addresses, it declined to cooperate.

The spies, working under the codename Operation Socialist, were said to have targeted the computers of Belgacom employees working in security and maintenance through the use of fake LinkedIn messages.

There was a particular focus on the Belgian company’s subsidiary unit, Belgacom International Carrier Services, which handles phone and data traffic in Africa and the Middle East. It was reported that the British espionage operation was also seeking to target communications made between roaming smartphones.

The interception could have also provided access to communications at Nato headquarters in Brussels and at key European institutions including the European commission, European parliament, and the European council.

The prosecutor’s report is said to have concluded that there was not enough evidence to prosecute any individual.

The Belgian prime minister at the time of the alleged hacking, Elio di Rupo, promised to take “the appropriate steps” if the high-level involvement of a foreign country was confirmed.

The Belgian government, a majority shareholder in the telecoms company, has spent €50m (£44m) on improving its security after the hacking scandal. A GCHQ spokesman declined to comment. 

Guardian:

You Might Also Read:

GCHQ Data Collection Violated Rights To Privacy

« Russia And US Offer Competing Visions Of Cyber Normality
North Korea Is Using The Internet Like The Mafia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Tuskira

Tuskira

Tuskira is a Preemptive Cyber Defense & Response Platform powered by Agentic AI, designed to go beyond traditional vulnerability management.