The Spiegel reports that the cyber-attack against the half-state owned telecommunications provider Belgacom was an operation executed by the UK’s GCHQ, based on documents leaked from Edward Snowden.
According to a “Top Secret” Presentation by GCHQ, the project has the codename “Operation Socialist” with the mission to enable “improved surveillance of Belgacom” and to better understand the providers infrastructure.
While the Presentation is undated, another document states that GCHQ has had access since at least 2010.
Belgacom became aware of the attack after initiating an internal review after the NSA Spying revelations. The EU Commission, the Council of Europe and the European Parliament are Belgacom customers.
Initially, the NSA was suspected, but the presentation shows that it was a British operation using surveillance technology developed by the NSA.
According to the presentation, the attack was executed by an attack technique named “Quantum Insertion” (QI), where several Belgacom employees were redirected without their knowledge to malicious websites where the surveillance malware was installed. Several of these victims had “good access” to important parts of the Belgacom infrastructure, according to the Spiegel report.
From there, GCHQ was able to further infiltrate the providers network, and the presentation indicates that one target were the “Roaming routers” which are responsible for international traffic, where a man-in-the-middle attack was intended to be used to spy on smartphone users.
According to the Spiegel, GCHQ's Network Analysis Center considered “Operation Socialist” a success.