24-09-2013, 04:18 PM
from http://cryptome.org/2013/09/belgacom-hack-en.htm
Quote:Gradually it became clear that the hackers are not only interested in the communications in the Middle-East, where BICS holds a solid position via South-African minority shareholder MTN. "They have been looking around and took what they could", state sources involved in the investigation. They are clear about one thing: the attack originated from the United States. "We determine that by the signature of the malware, but especially by where the trails lead. They partially run through the UK. We think the US is the main destination. And the past weeks at the US Embassy, you notice some embarrassment when you request exchange of information." Yesterday, the German weekly magazine Der Spiegel reported that the UK intelligence service GCHQ (Government Communications Headquartes) are responsible for the attacks. It based that claim on slides disclosed by whistleblower Edward Snowden. The news that GCHQ is behind the Belgacom attack is a surprise to at least the services working on the affair.
The malware could do anything
The malware at Belgacom actually consists of a complex system of complementary viruses. They are all connected. If a problem is imminent or if they are detected, they can signal each other. "It is somewhat like a human virus, which also mutates continuously", states someone involved who monitors the situation for his service. "For example, one part is responsible for searching and storing information, while another part is continuously looks for pathways to the internet to transfer information. Other pieces of code are responsible for circumventing firewalls, or carry out surveillance. If someone detects the hacking or attempts to remove a part of it, the virus that is acting as a guard promptly signals the other parts. Because you don't know what the malware is capable of, everything can go horribly wrong at the last step."
The cost of the entire detection and cleaning operation is correspondingly high. Fox-IT, the Dutch cyber security/defence company that is commissioned by Belgacom to first make inventory of the problems and then solve them, is a familiar name. "For the first two weeks they estimated the costs to be one million euro", states a well-placed source. And then adds that the entire operation lasted ten weeks. Moreover, Fox-IT did not expect that, at a certain point, it had to allocate all of its employees to this case. A price tag of over five million euro, then? "It won't be far off." But what was so terrifying about this cyber attack? And why the panic that something would go wrong? Telephone data about conversations with countries such as Afghanistan, Yemen and Syria that disappear, how could that have such an impact? They are 'just' stolen phone data, right? The involved expert sitting opposite us, looks dead serious. There is drama in his voice, but considering the contents of what he says, that is not unjustified. "This was highly performing malware and it was present in the nerve centre of communications. Anything that a highly privileged network operator of Belgacom could do, this system could do as well. I don't have to make a drawing of it? It had all the keys, all the passwords and full control. We must dare to classify this as a big crisis. This could have been a catastrophe. And people don't seem to realize."
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".