Feeds

Mid East undersea fibre telco hacked: US, UK spooks in spotlight

Belgacom infiltrated for past 'two years', cables run through Syria and other hot spots

High performance access to file storage

Belgian telco Belgacom - which operates vital undersea communications cables - says its internal network was compromised, possibly by foreign spooks.

Phone and data connections from international hot spots, such as Syria and Yemen, pass through submarine fibre lines handled by Belgacom International Carrier Services (BICS).

Security experts suspect the Belgian biz was infiltrated by state-backed hackers - and NSA and GCHQ have emerged as the prime suspects. Journalists in Belgium - writing here, here, here, and here - cite sources who reckon Belgacom’s systems may have been compromised for two years by a foreign intelligence agency.

Well-known security researcher Eddy Willems of antivirus biz G Data told El Reg that Belgacom admitted on TV that 5,000 of its internal machines were infected with sophisticated malware, which may have cyber-espionage purposes.

"I don't have a sample of the malware but am hoping to acquire it," Willems explained. "The circumstances look that it might be cyber-espionage but it might be something completely unrelated."

BICS - a joint venture between Belgacom, Swisscom and South Africa’s MTN - provides wholesale carrier services to mobile and fixed-line telcos around the world. It is among a group of companies that run the TAT-14, SEA-ME-WE3 and SEA-ME-WE4 cables connecting the United States, UK, Europe, North Africa, the Middle East and Singapore to the rest of the world.

Blighty's eavesdroppers at GCHQ run a programme called Tempora which taps data flowing through undersea fibre-optic lines of major telecommunications corporations - and BICS's cables may be a target. Stuffing malware into the telco's network could allow spooks to monitor the submarine communications, but how exactly that would happen is unclear.

In a statement issued yesterday Belgacom admitted its internal systems were invaded, but sought to reassure its customers that their records and other information stored in the systems were not affected. It said the intrusion, which did not compromise the "delivery" of communications, is under investigation by law enforcement:

This weekend, Belgacom successfully performed an operation in the light of its continuous action plan to protect the security of its customers and their data and to assure the continuity of its services.

Previous security checks by Belgacom experts revealed traces of a digital intrusion in the company’s internal IT system. Belgacom has taken all appropriate actions to protect the integrity of its IT system and to further reinforce the prevention against possible incidents.

For Belgacom, the protection of the customers and their data is a key priority. At this stage there is no indication of any impact on the customers or their data. At no point in time has the delivery of our telecommunication services been compromised.

Belgacom strongly condemns the intrusion of which it has become a victim. The company has filed a complaint against an unknown third party and is granting its full support to the investigation that is being performed by the Federal Prosecutor.

Security experts - such as Costin Raiu, a senior security researcher at Kaspersky Lab - have drawn parallels between the breach within Belgacom and the compromise of systems at Norwegian carrier Telenor. Analysis about the Telenor attack by infosec firm Norman pointed the finger of blame towards India.

In the case of Belgacom, the GCHQ and NSA is suspected given this year's revelations of the two agencies' global internet surveillance operations. "It's still too early to make conclusions that NSA is involved, however the likelihood is high if you look at the monitoring opportunities," G Data's Willems told El Reg. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.