Yes, Cryptographers Get Spied On (and tracking helicopters with audio tracks)

A while back I said something along the lines of “cryptographers are kind of like Muslims in Manhattan — great big targets for espionage, manipulation, and entrapment.”

Now it turns out that the NSA/GCHQ/usual suspects have kindly confirmed my opinion, before the fact, by phishing a Beligan cryptoprofessor and getting their fingers caught in the cookie jar by prosecutors poking at the Belgacom business.

According to the target of the attack, Jean-Jacques Quisquater, they sent him a fake LinkedIn request that delivered a variant of the MiniDuke backdoor/exploit-thingy.

Finding the position of a helicopter… by extracting digital data that happened to bleed into the audio track. Badass. This from the hacker that also reverse-engineered Helsinki’s bus stop display radio transmissions. Did you know the Molotov cocktail was invented by Finnish guerrillas to stop Russian tanks (“General Molotov’s invasion”)? Between that, Linux, and this, I’m starting to wonder if saunas, incessant drinking, and dark winters aren’t good for the brain.

Could you use this principle as a neat semi-steganographic back channel? I’m thinking maybe use something like Olivia MFSK and hide it in the noise.

“Correction (2 February): This story originally and erroneously said Quisquater had fallen victim to a quantum insert attack. This was based on the original report stating that he was targeted using the same technique or a similar one to that used on Belgacom, which also used LinkedIn as a vector. However, that was reportedly a quantum insert attack, and Quisquater’s quotes describe a type of phishing attack. That said, NSA/GCHQ still seem to be involved, as this spun out of the existing investigation.

Belgium’s federal prosecutor is looking into the likely hacking of noted cryptographer Jean-Jacques Quisquater by the NSA and its British counterpart GCHQ, as first reported on Saturday morning by De Standaard.

Quisquater’s targeting became apparent during the investigation into the hacking of telecoms firm Belgacom, shown by Edward Snowden’s leaks to be the work of GCHQ.

The Université catholique de Louvain professor fell victim to an emailed LinkedIn “request” from a non-existent European Patent Office employee. Quisquater, who holds 17 patents and is particularly noted for his work on payment security, told me the attack was “related to a variant” of MiniDuke, an exploit that quietly puts backdoors into the target’s system.

“The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told me by email. As for the purpose of the hack: “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.””

%d bloggers like this: