ANOTHER DAY, another embarrassing Edward Snowden revelation about internet surveillance.
German newspaper Der Speigel has alleged that the UK Government Communications Head Quarters (GCHQ) snooping operation has been doctoring the pages of websites, including Linkedin and Slashdot, to allow it to implant surveillance malware.
The newspaper claimed that Belgian telecoms company Belgacom was one high profile victim of the "Quantum Insert" spyware. The attack had been detected already, but Edward Snowden's materials made it clear that the source was GCHQ.
One document claimed, "We can locate, collect, exploit (in real time where appropriate) high-value mobile devices and services in a fully converged target centric manner." The service works by using a significantly faster computer to display a "cuckoo" version of a webpage before the legitimate server has time to react.
Although Slashdot and Linkedin are named, the "Quantum Insert" technique, once installed, could be used for anything from Gmail to Skype, as well as infiltrating the billing systems of telecoms providers to detect when targets were travelling abroad.
This directly contradicts the claims made before Parliament last week, in which GCHQ director Iain Lobban told MPs that it only monitored companies in support of national security.
It is unclear at the moment whether the NSA was complicit in the operation, which also targeted senior executives in the OPEC oil cartel, because where there is oil, there is often skullduggery.
Linkedin has so far not been able to confirm the attack and said that it has no evidence of spoofing or security breaches, though it is aware of the allegations.
Jennifer Bewley, spokesperson for Dice Holdings - Slashdot’s parent company - got in touch with The INQUIRER, and said they were not aware of the issue.
She said, "We were alerted to these reported government agency actions by a submission on Slashdot made by the community Sunday evening linking to news stories. To be clear, we have not been asked to cooperate with any government agency related to this matter and have not provided access to Slashdot systems or user information.
"We know of no unauthorized Slashdot code manipulation, or attempts to effect any. We do not approve of this reported activity and if true, it’s unfortunate that we are yet another in a long line of internet businesses to suffer this type of intrusion." µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither