NSA and GCHQ spoofed LinkedIn to hack Belgian cryptography professor

12 hours ago Feb. 1, 2014 - 2:24 AM PST

Belgiums federal prosecutor is looking into the likely hacking of noted cryptographer Jean-Jacques Quisquater by the NSA and its British counterpart GCHQ, as first reported on Saturday morning by De Standaard.

Quisquaters targeting became apparent during the investigation into the hacking of telecoms firm Belgacom, shown by Edward Snowdens leaks to be the work of GCHQ.

As in that case, the Universit catholique de Louvain professor apparently fell victim to a quantum insert trick that duped him into thinking he was visiting LinkedIn to respond to an emailed request when he was actually visiting a malware-laden copy of a LinkedIn page.

The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis, Quisquater told me by email. As for the purpose of the hack: We dont know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.

Quisquater, who holds 17 patents and is particularly noted for his work on payment security, also said the attack was related to a variant of MiniDuke, an exploit that quietly puts backdoors into the targets system.

Whatever the precise motive, on the face of it Quisquater is very much a civilian target a professor emeritus, not a spy, a terrorist nor a member of government. It would be difficult for any intelligence agency to claim that stealing information from him is a matter of crucial national interest. The aftermath of this revelation will be worth watching.

This article was updated at 9am PT to include Quisquaters quotes and again at 9.50am PT to include comment.

Subscriber Content

Subscriber content comes from Gigaom Research, bridging the gap between breaking news and long-tail research. Visit any of our reports to learn more and subscribe.

Continue reading here:
NSA and GCHQ spoofed LinkedIn to hack Belgian cryptography professor