Prominent Cryptographer Victim of Malware Attack Related to Belgacom Breach
Other cryptographers were also targeted by the same attackers, the researcher said
Mon, February 03, 2014
IDG News Service — Belgian cryptographer Jean-Jacques Quisquater had his personal computer infected with malware as the result of a targeted attack that's believed to be related to a security breach discovered last year at Belgian telecommunications group Belgacom. According to him, other cryptographers have also been targeted by the same attackers.
Belgacom, whose customers include the European Commission, the European Parliament and the European Council, announced in September that it had discovered sophisticated malware on some of its internal systems.
German news magazine Der Spiegel reported at the time, based on documents leaked by former U.S. National Security Agency contractor Edward Snowden, that British intelligence agency Government Communications Headquarters (GCHQ) was responsible for the attack on Belgacom as part of a project code-named Operation Socialist.
The magazine later reported that GCHQ used packet injection technology called Quantum Insert developed by the NSA to target network engineers from Belgacom and other companies when they visited the LinkedIn and Slashdot websites. This technology can impersonate websites and can force the target's computer to visit an attack server that uses exploits to install malware.
According to Quisquater, his laptop was infected with a malware program that was different than the one used in the Belgacom attack. However, the malware on his PC communicated over an encrypted link with malware on Belgacom's servers, he said Monday via email.
Quisquater is a professor at UniversitA(c) Catholique de Louvain (UCL) in Belgium and is well known for his cryptography and security research, particularly in the area of smart card security. He has designed cryptographic algorithms, protocols and crypto processors used in electronic passports widely deployed around the world.
According to Quisquater, on Nov. 12 investigators from the Belgian Federal Computer Crime Unit (FCCU) informed him that he had been targeted in an attack directly related to the one at Belgacom. He provided them with his laptop and got it back on Dec. 2 with the confirmation that it had sophisticated malware on it.
Quisquater remembers having received a spoofed LinkedIn email on Sept. 16, the same day the Belgacom security breach was made public. The email was very well crafted and contained a link to the LinkedIn profile of a person he knew.
Quisquater said he clicked on the link, but quickly realized it was a spoof and shut down his computer. He claims he later ran scans with several anti-malware products, but they didn't find anything.
It's not clear if the LinkedIn attack was successful and installed the malware later found on the laptop or if some other attack vector was used, Quisquater said Monday via email.