Quantum Spying: GCHQ Used Fake LinkedIn Pages to Target Engineers

By SPIEGEL Staff

Officials at LinkedIn say they "would not authorize such activity for any purpose". Zoom
DPA

Officials at LinkedIn say they "would not authorize such activity for any purpose".

Part 2: GCHQ Wants To Make Mobile Web an All-Seeing Surveillance Machine

In an article in Britain's Guardian newspaper, American IT security expert Bruce Schneier describes in detail how Quantum Insert technology is used to place malware. Apparently, the agencies use high-speed servers located at key Internet switching points. When a target calls up a specific website, such as LinkedIn, these servers are activated. Instead of the desired website, they supply an exact copy, but one that also smuggles the government hackers' spying code onto the target computers.

According to other secret documents, Quantum is an extremely sophisticated exploitation tool developed by the NSA and comes in various versions. The Quantum Insert method used with Belgacom is especially popular among British and US spies. It was also used by GCHQ to infiltrate the computer network of OPEC's Vienna headquarters.

The injection attempts are known internally as "shots," and they have apparently been relatively successful, especially the LinkedIn version. "For LinkedIn the success rate per shot is looking to be greater than 50 percent," states a 2012 document.

Much like the Belgacom spying operation, Wylekey is considered a great success. According to a summary, it provided GCHQ with detailed information about Mach, its communications infrastructure, its business profile and various key individuals.

Another document indicates that the operation yielded much more than that. In addition to "enhanced knowledge of the various clearinghouses, their customers," it also provided "knowledge of and access to encrypted links between the clearinghouses and various mobile network operators."

Interim reports on the course of the Belgacom operation were even more enthusiastic, concluding that the British spies had penetrated "deep into the network" of the Belgian company and were "at the edge of the network." This enabled the British internal encryption specialists ("Crypt Ops") to launch their "Operation Socialist II," so as to crack the encrypted connections, or VPNs.

'LinkedIn Would Not Authorize Such Activity'

When contacted, LinkedIn stated that the company takes the privacy and security of its members "very seriously" and "does not sanction the creation or use of fake LinkedIn profiles or the exploitation of its platform for the purposes alleged in this report." "To be clear," the company continued, "LinkedIn would not authorize such activity for any purpose." The company stated it "was not notified of the alleged activity."

A spokesman for Starhome Mach said his company is "with immediate effect undertaking a full security audit to ensure that our infrastructure is secure" and that its platform had recently switched to a completely new configuration with mainly new hardware. Officials at Comfone said: "We have no knowledge of the British intelligence service infiltrating our systems." Syniverse also stated "there have been no known breaches of the Syniverse or MACH data centers by any government agency."

GCHQ did not comment on questions posed by SPIEGEL.

'Any Mobile Device, Anywhere, Anytime!'

For the British, all of this was apparently only an intermediate step on the path to a greater goal. In addition to the conventional Internet, GCHQ now wants to turn the mobile web into an all-seeing surveillance machine.

This is how the GCHQ spies described their "vision" in 2011: "Any mobile device, anywhere, anytime!"

In this context, the attacks on Belgacom and the clearinghouses merely serve as door openers. Once the telecommunications companies' actual mobile phone networks have been infiltrated, completely new monitoring possibilities present themselves to the spies. A briefing dating from 2011 stated the agency wanted to "increase operational capability to remotely deploy implants when we only know the MSISDN." In other words, GCHQ's phone hackers would ideally like to repurpose every mobile phone in the world into a bugging device, merely on the basis of the phone number. "That would be game changing," the document reads.

REPORTED BY LAURA POITRAS, MARCEL ROSENBACH, CHRISTOPH SCHEUERMANN, HOLGER STARK AND CHRISTIAN STÖCKER

Article...
  • For reasons of data protection and privacy, your IP address will only be stored if you are a registered user of Facebook and you are currently logged in to the service. For more detailed information, please click on the "i" symbol.
  • Post to other social networks

Comments
Discuss this issue with other readers!
5 total posts
Show all comments
    Page 1    
1. Quantum Spying
wyburd 11/11/2013
Well done, GCHQ!
2. Espionage
spon-facebook-10000085093 11/11/2013
The price for the crime of stealing private info must be the same for a government or a person.
3. Why is this not on the frontpage!
Yami no Yami 11/11/2013
- in the german edition. Just because it's not about the phone of her who must not be named, it doesn't mean, its not of public interest in Germany.
4. Royal Concierge
universalservis 12/07/2013
Hello Newsroom A very good overview of just another "dark" side of the loose open digital revolution. ExtremeCrypt exists to partner those who need protection from "dark activities". Everybody should dump all their American company social network accounts simply because the Patriot Act renders all of them useless for privacy purposes and the accounts cannot be protected and being an American company it is possible LinkedIn colluded with GHCQ . There is nothing clever about GCHQ .As some of your computer crime watchers there in Germany have found up to 29,000 new hacking attacking shareware and freeware packages are released everyday. extremecrypt.com explains how to survive and prosper by beating every adversary threatening all digital users safety and security. Have a great day Rick Young
5.
illumirachel 01/17/2014
This is happening to me and has been for possibly two years now. They have been able to almost completely isolate me and my kids and pretty much destroy our lives for the time being. Before I knew that they control every single person I am able to communicate with I thought if it got too bad I could move. Im back to living with the not so great ex who considers me a piece of his property and not really feeling like i'm even alive anymore. It's like being in solitary confinement without the walls.
Show all comments
    Page 1    
Keep track of the news

Stay informed with our free news services:

All news from SPIEGEL International
Twitter | RSS
All news from World section
RSS

© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH



From DER SPIEGEL


European Partners
Presseurop

Politiken

Corriere della Sera

One Million Erasmus Babies

ASEM Summit Paralyses Milan


Facebook
Twitter