British Refuse To Co-operate With Belgian Hacking Inquiry

Uploaded on 2018-10-31 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The UK government has been accused of endangering diplomatic relations with Belgium after its “exceptional” refusal to cooperate with an inquiry into GCHQ’s alleged hacking of Belgacom, the country’s biggest telecoms company (now Proximus Group.

For at least two years ending in 2013, the British intelligence service was probably spying within the state-owned company’s networks on the instruction of UK ministers, according to leaks from a judicial inquiry presented to Belgium’s national security council this week.

When asked by the Belgian federal prosecutor’s office to cooperate with the investigation into the alleged hacking, the UK Home office is said to have refused, claiming: “The United Kingdom believes that this could jeopardise our sovereignty, security and public order.”

According to the Belgian newspaper, De Standaard, the prosecutor’s office regarded the response as “exceptional between EU states, and something that could lead to a diplomatic incident”.

Sophia in ’t Veld, a member of the European parliament’s committee on civil liberties, justice and home affairs, tweeted in response to the media report: “Remarkable attitude towards other European countries, pre or post Brexit.”

The Belgian prime minister, Charles Michel, declined to comment.

The GCHQ operation, if proven, would be the first documented example of an EU member state covertly hacking into the critical infrastructure of another.

The Belgian investigation into the alleged hacking was launched in response to claims made by the National Security Agency whistleblower Edward Snowden five years ago when he leaked 20 slides exposing GCHQ’s hacking targets, which included Belgacom, now known as Proximus.

Codenamed Trinity, the Belgian inquiry found evidence of hackers swiftly covering their tracks following Snowden’s leaks but also unambiguous evidence of the British intelligence service’s involvement, it is alleged.

The investigation discovered spy software installed remotely on Belgacom’s computers from three Internet protocol addresses registered in the UK to front companies. When Belgian investigators approached GCHQ for help in identifying those behind the IP addresses, it declined to cooperate.

The spies, working under the codename Operation Socialist, were said to have targeted the computers of Belgacom employees working in security and maintenance through the use of fake LinkedIn messages.

There was a particular focus on the Belgian company’s subsidiary unit, Belgacom International Carrier Services, which handles phone and data traffic in Africa and the Middle East. It was reported that the British espionage operation was also seeking to target communications made between roaming smartphones.

The interception could have also provided access to communications at Nato headquarters in Brussels and at key European institutions including the European commission, European parliament, and the European council.

The prosecutor’s report is said to have concluded that there was not enough evidence to prosecute any individual.

The Belgian prime minister at the time of the alleged hacking, Elio di Rupo, promised to take “the appropriate steps” if the high-level involvement of a foreign country was confirmed.

The Belgian government, a majority shareholder in the telecoms company, has spent €50m (£44m) on improving its security after the hacking scandal. A GCHQ spokesman declined to comment. 

Guardian:

You Might Also Read:

GCHQ Data Collection Violated Rights To Privacy

« Russia And US Offer Competing Visions Of Cyber Normality
North Korea Is Using The Internet Like The Mafia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

ioSENTRIX

ioSENTRIX

ioSENTRIX offers tailored, risk-focused assessments that reduce true business risk.

CyberRey

CyberRey

CyberRey is a leading distributor of comprehensive cybersecurity solutions, empowering organizations of all sizes to thrive in the digital age.