5 Comments

Summary:

Jean-Jacques Quisquater says the Belgian federal police tipped him off that he had been hacked in an attack related to that on telco Belgacom, which fell victim to GCHQ last year.

hacker cyber attack
photo: Thinkstock

Correction (2 February): This story originally and erroneously said Quisquater had fallen victim to a quantum insert attack. This was based on the original report stating that he was targeted using the same technique or a similar one to that used on Belgacom, which also used LinkedIn as a vector. However, that was reportedly a quantum insert attack, and Quisquater’s quotes describe a type of phishing attack. That said, NSA/GCHQ still seem to be involved, as this spun out of the existing investigation.

Belgium’s federal prosecutor is looking into the likely hacking of noted cryptographer Jean-Jacques Quisquater by the NSA and its British counterpart GCHQ, as first reported on Saturday morning by De Standaard.

Quisquater’s targeting became apparent during the investigation into the hacking of telecoms firm Belgacom, shown by Edward Snowden’s leaks to be the work of GCHQ.

jean-jacques quisquaterThe Université catholique de Louvain professor fell victim to an emailed LinkedIn “request” from a non-existent European Patent Office employee. Quisquater, who holds 17 patents and is particularly noted for his work on payment security, told me the attack was “related to a variant” of MiniDuke, an exploit that quietly puts backdoors into the target’s system.

“The Belgian federal police (FCCU) sent me a warning about this attack and did the analysis,” Quisquater told me by email. As for the purpose of the hack: “We don’t know. There are many hypotheses (about 12 or 15) but it is certainly an industrial espionage plus a surveillance of people working about civilian cryptography.”

Whatever the precise motive, on the face of it Quisquater is very much a civilian target — a professor emeritus, not a spy, a terrorist nor a member of government. It would be difficult for any intelligence agency to claim that stealing information from him is a matter of crucial national interest. The aftermath of this revelation will be worth watching.

This article was updated at 9am PT to include Quisquater’s quotes and again at 9.50am PT to include comment.

  1. tin foil hat?

    Share
    1. What part of

      “noted cryptographer”,

      “Quisquater’s targeting became apparent during the investigation into the hacking of telecoms firm Belgacom”

      and

      “shown by Edward Snowden’s leaks to be the work of GCHQ”.

      Don’t you understand?

      Share
    2. Miniduke has been used previously in part of government-sponsored targeted attacks

      Share
  2. and LinkedIn just shrugs?

    Share
  3. Wait, how is this linked to NSA/GCHQ? Neither agency is associated with the MiniDuke campaigns…

    Share

Comments have been disabled for this post