Feeds

Mid East undersea fibre telco hacked: US, UK spooks in spotlight

Belgacom infiltrated for past 'two years', cables run through Syria and other hot spots

Choosing a cloud hosting partner with confidence

Belgian telco Belgacom - which operates vital undersea communications cables - says its internal network was compromised, possibly by foreign spooks.

Phone and data connections from international hot spots, such as Syria and Yemen, pass through submarine fibre lines handled by Belgacom International Carrier Services (BICS).

Security experts suspect the Belgian biz was infiltrated by state-backed hackers - and NSA and GCHQ have emerged as the prime suspects. Journalists in Belgium - writing here, here, here, and here - cite sources who reckon Belgacom’s systems may have been compromised for two years by a foreign intelligence agency.

Well-known security researcher Eddy Willems of antivirus biz G Data told El Reg that Belgacom admitted on TV that 5,000 of its internal machines were infected with sophisticated malware, which may have cyber-espionage purposes.

"I don't have a sample of the malware but am hoping to acquire it," Willems explained. "The circumstances look that it might be cyber-espionage but it might be something completely unrelated."

BICS - a joint venture between Belgacom, Swisscom and South Africa’s MTN - provides wholesale carrier services to mobile and fixed-line telcos around the world. It is among a group of companies that run the TAT-14, SEA-ME-WE3 and SEA-ME-WE4 cables connecting the United States, UK, Europe, North Africa, the Middle East and Singapore to the rest of the world.

Blighty's eavesdroppers at GCHQ run a programme called Tempora which taps data flowing through undersea fibre-optic lines of major telecommunications corporations - and BICS's cables may be a target. Stuffing malware into the telco's network could allow spooks to monitor the submarine communications, but how exactly that would happen is unclear.

In a statement issued yesterday Belgacom admitted its internal systems were invaded, but sought to reassure its customers that their records and other information stored in the systems were not affected. It said the intrusion, which did not compromise the "delivery" of communications, is under investigation by law enforcement:

This weekend, Belgacom successfully performed an operation in the light of its continuous action plan to protect the security of its customers and their data and to assure the continuity of its services.

Previous security checks by Belgacom experts revealed traces of a digital intrusion in the company’s internal IT system. Belgacom has taken all appropriate actions to protect the integrity of its IT system and to further reinforce the prevention against possible incidents.

For Belgacom, the protection of the customers and their data is a key priority. At this stage there is no indication of any impact on the customers or their data. At no point in time has the delivery of our telecommunication services been compromised.

Belgacom strongly condemns the intrusion of which it has become a victim. The company has filed a complaint against an unknown third party and is granting its full support to the investigation that is being performed by the Federal Prosecutor.

Security experts - such as Costin Raiu, a senior security researcher at Kaspersky Lab - have drawn parallels between the breach within Belgacom and the compromise of systems at Norwegian carrier Telenor. Analysis about the Telenor attack by infosec firm Norman pointed the finger of blame towards India.

In the case of Belgacom, the GCHQ and NSA is suspected given this year's revelations of the two agencies' global internet surveillance operations. "It's still too early to make conclusions that NSA is involved, however the likelihood is high if you look at the monitoring opportunities," G Data's Willems told El Reg. ®

Beginner's guide to SSL certificates

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.