NSA/GCHQ Accused of Hacking Belgian Cryptographer
There has been a lot of news about Belgian cryptographer Jean-Jacques Quisquater having his computer hacked, and whether the NSA or GCHQ is to blame. There have been a lot of assumptions and hyperbole, mostly related to the GCHQ attack against the Belgian telecom operator Belgacom.
I’m skeptical. Not about the attack, but about the NSA’s or GCHQ’s involvement. I don’t think there’s a lot of operational value in most academic cryptographic research, and Quisquater wasn’t involved in practical cryptanalysis of operational ciphers. I wouldn’t put it past a less-clued nation-state to spy on academic cryptographers, but it’s likelier this is a more conventional criminal attack. But who knows? Weirder things have happened.
Nicholas Weaver • February 10, 2014 7:25 AM
Probably the best report is here:
http://www.techweekeurope.co.uk/news/quisquater-nsa-gchq-malware-attacks-137990
Two reasons why its probably NOT NSA/GCHQ:
a) It was targeted with a well constructed “phish to get user to click link to exploitative site” attack.
b) It appears to be a MiniDuke variant.
The first is suggestive because the NSA/GCHQ doesn’t bother with phishing anymore, especially someone like Quisquater who uses LinkedIn is very easy to target with QUANTUM (and target at home where you guarantee no IDS log).
The second is also suggestive because although MiniDuke is very well engineered, its mostly targeted European and US interests.
Thus the general conclusion for me is “Nation state but NOT the NSA/GCHQ”.
Finally, there is the interesting feature that the malcode appears to be inactive when at home. Since Quisquater is known to consult, I’d personally suspect the target was not Quisquater, but rather some company where the attacker knows his laptop will visit.