Belgacom hack, state-sponsored attack hypothesis

To sanitize the infected servers Belgacom cleans up the entire system, at the moment there is no information regarding the impact of the attack in term of information disclosed and services compromised.  The security experts involved in the investigation are inclined to believe that the Belgacom hack, in reality, has been caused by a state-sponsored attack due to the complexity of the malicious code used.

Following the official announcement issued by Belgacom after the incident:

“Previous security checks by Belgacom experts revealed traces of a digital intrusion in the company ’s internal IT system. Belgacom has taken all appropriate actions to protect the integrity of its IT system and to further reinforce the prevention against possible incidents.  

The first speculations on the Belgacom hack indicate the US and British intelligence agencies, NSA and GCHQ, as authors of the attack.  The reason is due to the fact that the company Belgacom handles some of the undersea cables used for communications, voice and data, and so would be a likely target for an attacker. In particular the tampered

Sources of intelligence refer that the attackers might be interested in spying on communications coming from critical areas such as Syria and Yemen.

The company has filed a complaint against an unknown third party and is sustaining the investigation of the Federal Prosecutor, following a couple on interesting observations made by the French security expert Marc Blanchard (BitDefender), aka “Virus Doctor”:

It is an operation of computer commando? Yes, it is not in the field of “rotten codes” used by Anonymous to cause a denial of service (DDOS) and block a website. It is generally more difficult to detect more complex systems, which are actually “siphon” strategic information in companies. A technique used by hackers? Yes, it is more difficult to detect than asking users to bring their own equipment to the office in the BYOD (Bring Your Own Device) very popular in business. The attack systems used are also very sophisticated: they reproduce and evolve adaptations to avoid defense systems. We speak here of “advanced persistent attacks.” Belgacom, it claims to have spotted the attack in mid-July and will be eradicated only recently. This is an important time? It does not surprise me. Here we are in the case of a complex attack that requires both skills, tools, and strategies to master. In some cases, taking into account a number of important positions with thousands of machines, servers, PCs, smartphones, work can take up to six months. The newspaper “De Standaard” that revealed this case evokes a listening operation by the NSA. It is credible? If this is the NSA, we will never know. They are too strong. More seriously, the right question is who has an interest in actually spying Belgacom or discredit its reliability.

If it was confirmed that Belgacom hack is a state-sponsored attack, hardly get to know the real authors

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Belgacom hack, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]