Britain is facing a damaging public clash with a European ally after GCHQ was blamed for a cyber attack on Belgium’s largest telecommunications company and the country’s prosecutors announced they were treating the incident as “state-sponsored espionage”.
The Cheltenham-based eavesdropping agency was named in the latest revelations from American whistleblower Edward Snowden as the origin of a sophisticated assault on Belgacom, whose customers include the European Commission and the European Parliament.
An alleged internal GCHQ presentation, marked “Top Secret” and leaked by Snowden, suggests that British intelligence officers targeted Belgacom employees over a number of years with sophisticated malware to gain access to key infrastructure, including the company’s international router.
Prosecutors in Brussels said that initial investigations showed there had been an attack on Belgacom which could only have been possible with “significant financial and logistical backing”. When combined with the complexity of the techniques deployed, this indicated an “international state-sponsored espionage operation,” investigators said.
The Belgian authorities and politicians yesterday stopped short of pointing the finger directly at Britain but the country’s prime minister said the revelations from former National Security Agency contractor Snowden, published by Der Spiegel, were being “closely examined” and warned of unspecified retaliation if the attack was proven.
Elio di Rupo said: “If the hypothesis involving another country is confirmed, we will of course undertake the necessary steps.”
The allegations are the latest in a raft of damaging revelations flowing from Snowden’s document cache, which has exposed the depth of Anglo-American operations to gain access to vast quantities of email and telecommunications traffic across the globe.
The NSA has been implicated in operations ranging from interception of the emails and phone calls of Brazilian president Dilma Rousseff to inserting “back doors” into computer hardware. But confirmation that Britain has been hacking the phone system of a close ally - and the host nation for key European Union institutions - would be also highly damaging.
GCHQ said last night that it had a “longstanding practice” of not commenting on leaks or intelligence matters.
But a spokesman added: “All GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and that there is rigorous oversight.”
The latest documents from Snowden, which appear to date from around 2010, detail “Operation Socialist”, an assault on Belgacom’s “core GRX routers” - the hardware used by mobile phone companies to make calls between different networks and different countries possible.
The slideshow presentation states that GCHQ’s alleged aim was to undertake “Man in the Middle” or “MiTM” operations “against targets roaming using smart phones”.
Man in the Middle attacks are a highly-sophisticated deception which allows a third party to intervene in an electronic conversation and pretend to be each of the other two parties, obtaining valuable information or spreading disinformation without the targets realising.
One of the slides appears to confirm that several Belgacom networks have been compromised, boasting that access “continues to expand” and GCHQ is “getting close” to accessing the routers. The presentation concludes with a large logo featuring construction cranes and the word “success”.
Belgacom and one of its subsidiaries jointly owned by Swiss and South African companies, which also appears to have been targeted, confirmed it had been the victim of a “digital intrusion” on its internal computer network but insisted there was “no indication” that customer data including emails or conversations had been accessed.
There was speculation yesterday that although the company, which is partly state-owned, handles communications involving EU institutions, GCHQ’s alleged interest may have been in users of its international networks linked to Middle Eastern countries such as Syria and Yemen.
Belgian prosecutors, who were called in by Belgacom earlier this summer, said preliminary investigations showed several servers and work stations had been affected by the attack.
In a statement, the Federal Prosecutors office in Brussels said: “Based on the information currently available, the aim of the hacking seems to be more to gather strategic information and not to commit acts of sabotage or cause economic damage.”