British intelligence reportedly intercepted LinkedIn and Slashdot traffic to plant malware

T.C. Sottek
The Verge
November 11, 2013

German newspaper Der Spiegel reports that British spy agency GCHQ set up fake LinkedIn and Slashdot pages to plant malware within Belgacom, a Belgian telecommunications company. Using a method called “quantum insert,” the GCHQ was reportedly able to preempt legitimate access to the websites, redirecting the employees to fake sites that compromised their computers. Der Spiegel reports that the GCHQ and NSA were also able to infiltrate the Vienna headquarters of the Organization of Petroleum Exporting Countries (OPEC). The report is the latest based on documents provided by whistleblower Edward Snowden.

On September 20th, Der Spiegel reported that the GCHQ hacked Belgacom under a project codenamed “Operation Socialist,” in order to “enable better exploitation” of the telecommunications provider. That report referenced the quantum insert method, also known as a “man in the middle attack,” but today’s report reveals that the British spy agency was able to spoof LinkedIn and Slashdot to conduct the operation. A LinkedIn spokesman told The Independent that “we were never told about this alleged activity and we would never approve of it, irrespective of what purpose it was used for.”

Today’s report comes as the GCHQ faces an unprecedented amount of pressure from government officials. While the NSA has faced public hearings for months, British intelligence leaders on Thursday faced public questioning for the first time since this year’s intelligence leaks began in June. Like US spy heads, British intelligence officials defended surveillance programs as legal, contained, and necessary for national security, claiming that 34 terror plots had been stopped since the London bombings in 2005.