« Reports say that respected cryptographer Jean-Jacques Quisquater had his PC hacked by National Security Agency and GCHQ snoops, but the professor told TechWeekEurope he is not jumping to any conclusions about who the perpetrators were.
Quisquater, whose algorithms are applied widely in much-used electronic chips,suffered a malware attack and had encrypted data extracted, it was found during an investigation into the alleged GCHQ attack on Belgium ISP Belgacom, a source told Belgian paper De Standaard, Quisquater, who is based at the Université Catholique de Louvain (UCL) in Louvain-la-Neuve, has filed an official complaint and police are looking into the breach. It’s understood his machine was infected in September 2013 after he clicked on a fake LinkedIn request over email, leading to malware infecting his PC, allowing the attackers to scoop up his metadata.
It became clear to Quisquater he had been directly targeted when federal police probed his machine more thoroughly, after initial scans showed no signs of malware. Quisquater attacks could have come from Asia…
Yet Quisquater was unsure as to whether he had been targeted by the NSA or GCHQ security agencies, telling TechWeekEurope there was no proof to suggest they were behind it. Quisquater said he had been contacted by two researchers on Sunday, who had told him the modus operandi used in the attacks on his machine is not one currently employed by the NSA. They indicated to the cryptographer the attacks likely emanated from Asia. Previous investigations had showed the malware used appeared to be a variant of MiniDuke, which was discovered by Kaspersky in 2013, targeting a range of European governments. Federal police were very careful and was ‘thinking’ it was coming from NSA but some indices indicated a source from Asia (maybe it is finally coming from NSA with some clever tricks, not a surprise). So it is really a premature announcement by the press, Quisquater told TechWeek over email.
Nevertheless, the targeting of his machine was an important issue, as he was not alone to be attacked in such a way, Quisquater added. Why this attack ? I don’t know. Maybe the cryptography research is under surveillance, maybe some people hope I’ve some interesting information or contact, maybe there is another goal.
The used malware is very clever, very difficult to detect, nearly impossible to remove… In fact the malware was only active when I was outside my home.
The data siphoned off by the malware was encrypted, so only metadata could have been used by the attackers, Quisquater added, noting that everything on his computer was research-based and would have been made public at some point anyway. Belgacom said last year it had uncovered two separate breaches, which may have been carried out by GCHQ. One involved malware sent to workers, whilst another targeted a router at the ISP’s carrier services subsidiary BICS. »