New information on the Belgacom leak has been revealed by The Intercept, detailing how UK spying organisation GCHQ managed to deploy a deep malware bug inside the system, capable of spying on thousands of different networks worldwide.
The malware bug was spotted by Belgacom last year, but it may have been deployed two to three years before. The GCHQ has been actively deploying surveillance technology since 2004, which means it could have worked on the malware bug for almost a decade.
The GCHQ managed to mimic a typical Windows background application, making it near impossible for Belgacom to notice. Security experts who worked on clearing the malware bug claimed it was one of the most sophisticated attacks they have ever seen.
Security workers in Belgacom are also unsatisfied with the way they handled the removal of the malware bug, and some believe malware still remains on the system.
Edward Snowden, who supplied the information on the operation against Belgacom, said “For the first documented example to show one EU member state mounting a cyber attack on another is a breathtaking example of the scale of the state-sponsored hacking problem.”
Belgacom has partners worldwide and offers telecom services to government organisations, making it a prime target for the GCHQ. However, this does mean the UK secret service launched a cyber attack on one of its closest allies, which could be detrimental to political relations.
The attack reveals the UK government's stance on global mass surveillance, something European countries like Germany have been aggressively fighting against. In a time where the UK might move away from the E.U., the UK needs as many economic partners in Europe as it can get, but the news might spur European countries to actively block the UK.
However, it is still unclear the damage done by the GCHQ. Belgacom claim the surveillance group were unable to view customer information, but this conflicts new information that says the GCHQ hack managed to intercept all information from Belgacom and clients.
The GCHQ has not been available for comment.