[Cryptography] Now it's personal -- Belgian cryptographer MITM'd by GCHQ/NSA

Sat Feb 1 12:19:39 EST 2014

"Belgium is too naive" (google translated)

01/02/2014 | Mark Eeckhaut, Nikolas Vanhecke

"I did not think they'd go that far," said the victim of hacking,
Professor Jean-Jacques Quisquater, however, himself an expert in
computer security.

"For me it was a very unpleasant surprise when the police came to tell
what had happened to me," says UCL professor Quisquater.

According to the professor, the hacking should be fairly recent. "When
someone I do not know sent me a LinkedIn request, which must have been.
>From that moment did my computer weird. I could have and should have
known, but I'm still not been attentive enough. "

Hundreds of others

Quisquater does not believe that he is the only individual who hacked
the NSA is.

"We should have no illusions. I may be an expert in cryptography. But
when I got hacked, then there are hundreds of other individuals who are
too. There have also been others in Belgium. The Snowden files have only
uncovered the tip of the iceberg in this area. "

"The NSA would cost what it would get all the information she thinks it
can help her to break into secure communications. That is already in the
fifties its mission. And while she clearly is not limited to the fight
against terrorism. I have the impression that the NSA meanwhile grabs
everything they can get. "

According Quisquater our country is still far too naive. "I always say
there is the earth, the sea, air, space and cyberspace is. But Belgium
has that last almost nothing. "

Ally not an ally

"We are mainly a naive target. Even in our country, European
institutions, international organizations and companies. Nevertheless,
we think that we are not at risk. But the world has changed: even an
ally such as the United Kingdom, does not treat us as an ally. We need
the signals of recent months will urgently take seriously. "

(probably needs chrome, firefox barfs on the translation:)
https://www.standaard.be/plus/ochtend/1
http://translate.google.com/translate?hl=en&sl=nl&u=https://www.standaard.be/plus/ochtend/1&prev=/search%3Fq%3DVolgens%2Bde%2Bprofessor%2Bmoet%2Bde%2Bhacking%2Bvrij%2Brecent%2Bgebeurd%2Bzijn.%2B%25E2%2580%2598Toen%2Biemand%2Bdie%2Bik%2Bniet%2Bkende%2Bme%2Been%2BLinkedIn%2Bverzoek%2Bstuurde,%2Bmoet%2Bdat%2Bgeweest%2Bzijn.%2BVanaf%2Bdat%2Bmoment%2Bdeed%2Bmijn%2Bcomputer%2Braar.%2BIk%2Bhad%2Bhet%2Bkunnen%2Ben%2Bmoeten%2Bweten,%2Bmaar%2Bik%2Bben%2Btoch%2Bniet%2Baandachtig%2Bgenoeg%2Bgeweest.%25E2%2580%2599%26safe%3Doff%26espv%3D210%26es_sm%3D93

Using a fake invitation to the social networking site LinkedIn, they
infect the system of professor.

The LinkedIn invitation in the mailbox of Professor Quisquater came from
a certain LB, an existing member of the European Patent Office.

Blank web
When the prof on the icon in the mail clicked that was to bring him to
LinkedIn he came to a blank webpage correctly. With the naked eye, the
visitor will see a site that leads nowhere, and that you do not
unwittingly click away. What the professor did. But under the hood of
the page was a computer system that the professor injected with spyware.

(no confirmation as yet whether this is a downgrade attack on SSL or a
false cert replacement.  Either would be interesting...)