Feeds

Mid East undersea fibre telco hacked: US, UK spooks in spotlight

Belgacom infiltrated for past 'two years', cables run through Syria and other hot spots

The essential guide to IT transformation

Belgian telco Belgacom - which operates vital undersea communications cables - says its internal network was compromised, possibly by foreign spooks.

Phone and data connections from international hot spots, such as Syria and Yemen, pass through submarine fibre lines handled by Belgacom International Carrier Services (BICS).

Security experts suspect the Belgian biz was infiltrated by state-backed hackers - and NSA and GCHQ have emerged as the prime suspects. Journalists in Belgium - writing here, here, here, and here - cite sources who reckon Belgacom’s systems may have been compromised for two years by a foreign intelligence agency.

Well-known security researcher Eddy Willems of antivirus biz G Data told El Reg that Belgacom admitted on TV that 5,000 of its internal machines were infected with sophisticated malware, which may have cyber-espionage purposes.

"I don't have a sample of the malware but am hoping to acquire it," Willems explained. "The circumstances look that it might be cyber-espionage but it might be something completely unrelated."

BICS - a joint venture between Belgacom, Swisscom and South Africa’s MTN - provides wholesale carrier services to mobile and fixed-line telcos around the world. It is among a group of companies that run the TAT-14, SEA-ME-WE3 and SEA-ME-WE4 cables connecting the United States, UK, Europe, North Africa, the Middle East and Singapore to the rest of the world.

Blighty's eavesdroppers at GCHQ run a programme called Tempora which taps data flowing through undersea fibre-optic lines of major telecommunications corporations - and BICS's cables may be a target. Stuffing malware into the telco's network could allow spooks to monitor the submarine communications, but how exactly that would happen is unclear.

In a statement issued yesterday Belgacom admitted its internal systems were invaded, but sought to reassure its customers that their records and other information stored in the systems were not affected. It said the intrusion, which did not compromise the "delivery" of communications, is under investigation by law enforcement:

This weekend, Belgacom successfully performed an operation in the light of its continuous action plan to protect the security of its customers and their data and to assure the continuity of its services.

Previous security checks by Belgacom experts revealed traces of a digital intrusion in the company’s internal IT system. Belgacom has taken all appropriate actions to protect the integrity of its IT system and to further reinforce the prevention against possible incidents.

For Belgacom, the protection of the customers and their data is a key priority. At this stage there is no indication of any impact on the customers or their data. At no point in time has the delivery of our telecommunication services been compromised.

Belgacom strongly condemns the intrusion of which it has become a victim. The company has filed a complaint against an unknown third party and is granting its full support to the investigation that is being performed by the Federal Prosecutor.

Security experts - such as Costin Raiu, a senior security researcher at Kaspersky Lab - have drawn parallels between the breach within Belgacom and the compromise of systems at Norwegian carrier Telenor. Analysis about the Telenor attack by infosec firm Norman pointed the finger of blame towards India.

In the case of Belgacom, the GCHQ and NSA is suspected given this year's revelations of the two agencies' global internet surveillance operations. "It's still too early to make conclusions that NSA is involved, however the likelihood is high if you look at the monitoring opportunities," G Data's Willems told El Reg. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?