According to local media reports, the internationally-renowned expert’s computer was compromised, in a case that has been linked to GCHQ’s successful infection with spyware of Belgium’s leading telecoms company, Belgacom.
“The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told Giga Om reporter David Meyer via email, but admitted he did not know the purpose of the hack. “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.”
Quisquater, a professor at the Université catholique de Louvain, told Meyer that his computer was infected approximately six months ago, by a variant of the MiniDuke malware.
At the time, researchers said they were seeing boobytrapped PDF files distributed, disguised as content related to human rights seminars, Ukraine’s foreign policy, and NATO membership plans.
Putting two and two together, it wasn’t hard to speculate that MiniDuke was being used for state-sponsored espionage.
Questions will surely be asked as to whether GCHQ and NSA were really involved in a hack against a private citizen, engaged in cryptography research. A man who, one presumes, the authorities have no reason to believe is involved in terrorist activity.
And, lets not forget, Jean-Jacques Quisquater is based in Belgium, a friendly EU partner of the United Kingdom.
It seems clear to me that anyone working in cryptography research now needs to consider themselves a potential target for state-sponsored cyber-attack, even from countries who you might consider to be on the same side as you.
Via: Giga Om.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.