A potential diplomatic crisis is brewing as Belgian federal prosecutors blame Britain for hacking the nation’s largest telecoms operator.
Belgacom was first hacked back in the summer of 2012. The company’s security researchers noticed anomalies but it wasn’t until the following year they had an idea of the problem.
A malware which disguised itself as Microsoft software had infected Belgacom’s system and was stealing data. NSA documents released by Edward Snowden indicated Britain’s GCHQ was the culprit as part of ‘Operation Socialist’.
Snowden told The Intercept in 2014 the revelations are the “first documented example to show one EU member state mounting a cyber attack on another… a breathtaking example of the scale of the state-sponsored hacking problem.”
The malware was named ‘Regin’ and is said to be among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the US and Israel to sabotage computers at an Iranian nuclear facility.
By using Regin, British and American spies could gather data from the company’s network and customers – including the European Commission, the European Parliament, and the European Council.
According to the Belgian prosecutor's office, this is 'exceptional between EU countries and can lead to a diplomatic incident'.
When the anomalies were detected, Belgium suspected the NSA’s involvement following Snowden’s revelations about the extent of the agency’s global spying. However, although US-developed malware appears to have been used, it seems Belgium’s EU partner Britain was responsible.
The case had been essentially closed after the perpetrators covered their tracks. After following IP addresses of computers where the spyware software communicated from Belgacom, three were owned by a British company.
Belgian investigators asked the British Home Office: “Can you provide the identity details of the user of those IP addresses?”
According to the report, the response was: “We have decided to refuse this help. The United Kingdom believes that this could jeopardise our sovereignty, security, and public order.”
Interested in hearing industry leaders discuss subjects like this and sharing their experiences? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam to learn more.