British Refuse To Co-operate With Belgian Hacking Inquiry

The UK government has been accused of endangering diplomatic relations with Belgium after its “exceptional” refusal to cooperate with an inquiry into GCHQ’s alleged hacking of Belgacom, the country’s biggest telecoms company (now Proximus Group.

For at least two years ending in 2013, the British intelligence service was probably spying within the state-owned company’s networks on the instruction of UK ministers, according to leaks from a judicial inquiry presented to Belgium’s national security council this week.

When asked by the Belgian federal prosecutor’s office to cooperate with the investigation into the alleged hacking, the UK Home office is said to have refused, claiming: “The United Kingdom believes that this could jeopardise our sovereignty, security and public order.”

According to the Belgian newspaper, De Standaard, the prosecutor’s office regarded the response as “exceptional between EU states, and something that could lead to a diplomatic incident”.

Sophia in ’t Veld, a member of the European parliament’s committee on civil liberties, justice and home affairs, tweeted in response to the media report: “Remarkable attitude towards other European countries, pre or post Brexit.”

The Belgian prime minister, Charles Michel, declined to comment.

The GCHQ operation, if proven, would be the first documented example of an EU member state covertly hacking into the critical infrastructure of another.

The Belgian investigation into the alleged hacking was launched in response to claims made by the National Security Agency whistleblower Edward Snowden five years ago when he leaked 20 slides exposing GCHQ’s hacking targets, which included Belgacom, now known as Proximus.

Codenamed Trinity, the Belgian inquiry found evidence of hackers swiftly covering their tracks following Snowden’s leaks but also unambiguous evidence of the British intelligence service’s involvement, it is alleged.

The investigation discovered spy software installed remotely on Belgacom’s computers from three Internet protocol addresses registered in the UK to front companies. When Belgian investigators approached GCHQ for help in identifying those behind the IP addresses, it declined to cooperate.

The spies, working under the codename Operation Socialist, were said to have targeted the computers of Belgacom employees working in security and maintenance through the use of fake LinkedIn messages.

There was a particular focus on the Belgian company’s subsidiary unit, Belgacom International Carrier Services, which handles phone and data traffic in Africa and the Middle East. It was reported that the British espionage operation was also seeking to target communications made between roaming smartphones.

The interception could have also provided access to communications at Nato headquarters in Brussels and at key European institutions including the European commission, European parliament, and the European council.

The prosecutor’s report is said to have concluded that there was not enough evidence to prosecute any individual.

The Belgian prime minister at the time of the alleged hacking, Elio di Rupo, promised to take “the appropriate steps” if the high-level involvement of a foreign country was confirmed.

The Belgian government, a majority shareholder in the telecoms company, has spent €50m (£44m) on improving its security after the hacking scandal. A GCHQ spokesman declined to comment. 

Guardian:

You Might Also Read:

GCHQ Data Collection Violated Rights To Privacy

« Russia And US Offer Competing Visions Of Cyber Normality
North Korea Is Using The Internet Like The Mafia »

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Need to Evolve to a Risk-Based Vulnerability Management Strategy but Don’t Know How? This Guide Will Show You.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Akamai

Akamai

Akamai are the leading provider of services for delivering, optimizing and securing online content and business applications across any device, anywhere.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

BlueVoyant

BlueVoyant

BlueVoyant helps organizations to meet increasingly sophisticated cyber attack techniques head-on with real-time threat intelligence and managed security services.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Recovery Point

Recovery Point

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

Tala Security

Tala Security

Tala secures websites and web applications against advanced client-side attacks including XSS, cryptojacking, clickjacking, ad injection and others.