A hack on Belgacom by British surveillance agency GCHQ was more far-reaching than previously thought, according to the latest documents from whistleblower Edward Snowden (pictured).
The files revealed the most sensitive parts of Belgacom’s systems were compromised for more than two years before any issue was detected. They also link GCHQ to one of the most sophisticated pieces of malware ever discovered.
Snowden told The Intercept that this is an unprecedented “smoking-gun attribution for a governmental cyber attack against critical infrastructure.”
He said: “For the first documented example to show one EU member state mounting a cyber attack on another is a breathtaking example of the scale of the state-sponsored hacking problem.”
Belgacom and its subsidiary Belgacom International Carrier Services have partnerships with telcos across the world, making up one of the largest roaming hubs globally.
More on mass surveillance
This was identified by British spies as an important target because many people travelling through Europe connect to the hub, according to The Intercept report.
Belgacom said only its internal systems were breached and customers’ data was never found to have been at risk. But the latest documents show GCHQ gained access far beyond Belgacom’s internal employee computers and was able to intercept encrypted and unencrypted streams of private communications.
Although Belgacom invested about $5m to clean up its systems and beef up its security after the attack, The Intercept has learned that sources familiar with the malware investigation at the company are deeply uncomfortable with how the clean-up operation was handled.
The sources believe parts of the GCHQ malware were never fully removed.