GCHQ used fake Slashdot, LinkedIn to target employees at Internet exchanges

A new Snowden leak, reported by Laura Poitras in Der Spiegel, shows that the UK spy agency GCHQ used fake versions of Slashdot and LinkedIn to attack tech staff at Global Roaming Exchanges -- interchange points where large networks meet up. It's speculated that the attacks were used to compromise Belgacom International Carrier Services (BICS).

GRX is roughly analogous to an IX (Internet Exchange), and it acts as a major exchange for mobile Internet traffic while users roam around the globe. There are only around two dozen such GRX providers globally. This new attack specifically targeted administrators and engineers of Comfone and Mach (which was acquired over the summer by Syniverse), two GRX providers.

Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.

This new revelation may be related to an attack earlier this year against Belgacom International Carrier Services (BICS), a subsidiary of the Belgian telecom giant Belgacom. BICS is another one of the few GRX providers worldwide.

UK spies continue “quantum insert” attack via LinkedIn, Slashdot pages [Cyrus Farivar/Ars Technica]

(via TechDirt)

Notable Replies

  1. Dear Spooks,

    I would like more information about your MUTANT BROTH please!

    Faithfully yours,


  2. In the bad old days of the Clipper Chip, I wondered why the government demanded the escrow of not only the keys needed to decrypt messages, but also of signing keys. Escrowed signing keys have no use for decryption, only for impersonation.

    Now I know.

  3. Well, this one only refers to delivery of 'malware' without specifying what malware they were using. I assume a keylogger or similar. Gotta wonder why the government targeted OPEC, though. I could understand an oil company....

    Nevermind. Forgot for a sec that large corps and .govs are the same thing now. Going to bed. Maybe this time when I wake up I'll be out of the Matrix for a while.

  4. Gad, man! Are you suggesting that there is a real LinkedIn?

  5. How many attacks have we now seen, by governments/black hats/'ethical' hackers/my grandma/etc. that utilise fucking LinkedIn? I'd make it a sacking offence to have a bloody profile on the thing...

Continue the discussion bbs.boingboing.net

5 more replies