Operation Socialist

Last updated

Operation Socialist is the code name given by the British signals and communications agency Government Communications Headquarters (GCHQ) to an operation in which GCHQ successfully breached the infrastructure of the Belgian telecommunications company Belgacom between 2010 and 2013. [1] The operation's existence was first revealed in documents leaked by the former National Security Agency contractor Edward Snowden.

Contents

Objectives and methods

GCHQ used a method called Quantum Insert attack [2] embedded in fake LinkedIn pages targeting Belgacom engineers. [3] The breach was conducted under the code name 'OP Socialist'. The main target of the clandestine infiltration was to gain access to Belgacom's GRX Operator to enable GCHQ to obtain roaming data for mobile devices and execute what is generally referred to as Man-in-the-middle attack against targets.

When the first anomalies were detected in 2012, Belgacom's security team were unable to identify their cause. [4] [5] Only in 2013 malware disguised as legitimate Microsoft software had been identified as the source of problems. [1]

According to the leaked documents GCHQ probed Belgacom's infrastructure for years. [6] According to the leaked documents 'Operation Socialist' has been qualified by the head of the GCHQ's Network Analysis Centre as a success. [2]

Reaction

Snowden subsequently described Operation Socialist as the "first documented example to show one EU member state mounting a cyber attack on another". [7]

Related Research Articles

<span class="mw-page-title-main">GCHQ</span> British signals intelligence agency

Government Communications Headquarters (GCHQ) is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the United Kingdom. Primarily based at "The Doughnut" in the suburbs of Cheltenham, GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the Foreign Office and its Director ranks as a Permanent Secretary.

<span class="mw-page-title-main">UKUSA Agreement</span> Multilateral signals intelligence treaty signed in 1946

The United Kingdom – United States of America Agreement is a multilateral agreement for cooperation in signals intelligence between Australia, Canada, New Zealand, the United Kingdom, and the United States. The alliance of intelligence operations is also known as the Five Eyes. In classification markings this is abbreviated as FVEY, with the individual countries being abbreviated as AUS, CAN, NZL, GBR, and USA, respectively.

<span class="mw-page-title-main">Jean-Jacques Quisquater</span> Belgian cryptographer

Jean-Jacques Quisquater is a Belgian cryptographer and a professor at University of Louvain (UCLouvain). He received, with Claus P. Schnorr, the RSA Award for Excellence in Mathematics in 2013, and the ESORICS Outstanding Research Award 2013.

<span class="mw-page-title-main">Five Eyes</span> Intelligence alliance

The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UK-USA Agreement, a treaty for joint cooperation in signals intelligence. Informally, Five Eyes can also refer to the group of intelligence agencies of these countries.

Mastering the Internet (MTI) is a mass surveillance project led by the British communications intelligence agency Government Communications Headquarters (GCHQ) budgeted at over £1 billion. According to reports in The Register and The Sunday Times in early May 2009, contracts with a total value of £200m had already been awarded to suppliers.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">Tempora</span> GCHQ-operated Internet and telephone surveillance system

Tempora is the codeword for a formerly-secret computer system that is used by the British Government Communications Headquarters (GCHQ). This system is used to buffer most Internet communications that are extracted from fibre-optic cables, so these can be processed and searched at a later time. It was tested from 2008 and became operational in late 2011.

<span class="mw-page-title-main">XKeyscore</span> Mass surveillance system

XKeyscore is a secret computer system used by the United States National Security Agency (NSA) for searching and analyzing global Internet data, which it collects in real time. The NSA has shared XKeyscore with other intelligence agencies, including the Australian Signals Directorate, Canada's Communications Security Establishment, New Zealand's Government Communications Security Bureau, Britain's Government Communications Headquarters, Japan's Defense Intelligence Headquarters, and Germany's Bundesnachrichtendienst.

<span class="mw-page-title-main">Mustafa Al-Bassam</span>

Mustafa Al-Bassam is a British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

<span class="mw-page-title-main">2010s global surveillance disclosures</span> Disclosures of NSA and related global espionage

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

<span class="mw-page-title-main">Reactions to global surveillance disclosures</span>

The global surveillance disclosure released to media by Edward Snowden has caused tension in the bilateral relations of the United States with several of its allies and economic partners as well as in its relationship with the European Union. In August 2013, U.S. President Barack Obama announced the creation of "a review group on intelligence and communications technologies" that would brief and later report to him. In December, the task force issued 46 recommendations that, if adopted, would subject the National Security Agency (NSA) to additional scrutiny by the courts, Congress, and the president, and would strip the NSA of the authority to infiltrate American computer systems using "backdoors" in hardware or software. Geoffrey R. Stone, a White House panel member, said there was no evidence that the bulk collection of phone data had stopped any terror attacks.

This is a category of disclosures related to global surveillance.

<span class="mw-page-title-main">Global surveillance</span> Mass surveillance across national borders

Global mass surveillance can be defined as the mass surveillance of entire populations across national borders.

<span class="mw-page-title-main">Stateroom (surveillance program)</span>

STATEROOM is the code name of a highly secretive signals intelligence collection program involving the interception of international radio, telecommunications and Internet traffic. It is operated out of the diplomatic missions of the signatories to the UKUSA Agreement and the members of the ECHELON network including Australia, New Zealand, United Kingdom, Canada and the United States.

<span class="mw-page-title-main">ANT catalog</span> Classified catalog of hacking tools by the NSA

The ANT catalog is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures since 2013. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

The Joint Threat Research Intelligence Group (JTRIG) is a unit of the Government Communications Headquarters (GCHQ), the British intelligence agency. The existence of JTRIG was revealed as part of the global surveillance disclosures in documents leaked by the former National Security Agency contractor Edward Snowden.

<span class="mw-page-title-main">Timeline of global surveillance disclosures (2013–present)</span>

This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Operation Anarchist was a joint operation between the American National Security Agency and British Government Communications Headquarters to monitor advanced weapons systems in the Middle East, with a particular focus on Israel. Begun in 1998, it was publicly exposed in January 2016 as a result of documents released by Edward Snowden. It has been called the worst intelligence breach in Israel's history.

References

  1. 1 2 Gallagher, Ryan. "The Inside Story of How British Spies Hacked Belgium's Largest Telcom". firstlook.org. Retrieved 9 April 2015.
  2. 1 2 "Britain's GCHQ Hacked Belgian Telecoms Firm". Der Spiegel. 20 September 2013.
  3. "Quantum Spying: GCHQ Used Fake LinkedIn Pages to Target Engineers". Der Spiegel. 11 November 2013.
  4. "Lees hier hoe de Britse geheime dienst GCHQ Belgacom aanviel". NRC (in Dutch).
  5. "Britse geheime dienst bespioneerde jarenlang Belgacom-klanten". De Standaard .
  6. "How GCHQ hacked Belgacom". www.infosecurity-magazine.com. 11 November 2013.
  7. "GCHQ hacked Belgium's largest telecom service". IT Pro Portal. 16 December 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.