GCHQ “created fake LinkedIn, Slashdot webpages” to infect targets with malware

Graham Cluley
Graham Cluley
@[email protected]

The revelations from NSA whistleblower Edward Snowden continue to tumble out in the pages of the world’s media, embarrassing intelligence agencies as their surveillance activities are exposed.

Today it’s GCHQ, the British intelligence gathering service, which is once again in the spotlight, after claims were published in Der Spiegel that the agency created bogus LinkedIn and Slashdot webpages, in order to infect computers belonging to targets with malware.

Leaked slide from GCHQ

It has been previously revealed that GCHQ targeted Belgacom, a major Belgian telecoms company, with malware.

Sign up to our free newsletter.
Security news, advice, and tips.

Newly-released information leaked by Edward Snowden explains how it was done.

GCHQGCHQ’s Network Analysis Centre (NAC) is said to have identified which of Belgacom’s network security and maintenance staff used LinkedIn and read Slashdot.

Then, according to Der Spiegel, the spooks placed servers at internet switching points to intercept when targets were making web requests to visit LinkedIn and Slashdot, and serve up convince-looking but malware-laden versions of the pages instead.

LinkedIn is understandably unimpressed that its name is being brought into disrepute by GCHQ’s activities, which could have seen the business networking site unfairly accused of spreading malware:

When contacted, LinkedIn stated that the company takes the privacy and security of its members “very seriously” and “does not sanction the creation or use of fake LinkedIn profiles or the exploitation of its platform for the purposes alleged in this report.” “To be clear,” the company continued, “LinkedIn would not authorize such activity for any purpose.” The company stated it “was not notified of the alleged activity.”

Does this sound like a serious and sophisticated operation conducted by GCHQ? Well, it is.

And, in case you’ve forgotten, this was Britain’s intelligence service doing this against non-criminal employees of Belgium’s leading telecoms company.

The UK and Belgium are partners in the European Union.

Makes you wonder what they’re doing against their enemies, doesn’t it?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.