A new Snowden leak, reported by Laura Poitras in Der Spiegel, shows that the UK spy agency GCHQ used fake versions of Slashdot and LinkedIn to attack tech staff at Global Roaming Exchanges -- interchange points where large networks meet up. It's speculated that the attacks were used to compromise Belgacom International Carrier Services (BICS).
GRX is roughly analogous to an IX (Internet Exchange), and it acts as a major exchange for mobile Internet traffic while users roam around the globe. There are only around two dozen such GRX providers globally. This new attack specifically targeted administrators and engineers of Comfone and Mach (which was acquired over the summer by Syniverse), two GRX providers.
Der Spiegel suggests that the Government Communications Headquarters (GCHQ), the British sister agency to the NSA, used spoofed versions of LinkedIn and Slashdot pages to serve malware to targets. This type of attack was also used to target “nine salaried employees” of the Organization of Petroleum Exporting Countries (OPEC), the global oil cartel.
This new revelation may be related to an attack earlier this year against Belgacom International Carrier Services (BICS), a subsidiary of the Belgian telecom giant Belgacom. BICS is another one of the few GRX providers worldwide.
UK spies continue “quantum insert” attack via LinkedIn, Slashdot pages [Cyrus Farivar/Ars Technica]