Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Crypto Legend Quisquater Targeted - But NSA May Not Be To Blame

samzenpus posted about 9 months ago | from the it-wasn't-us-this-time dept.

Privacy 57

judgecorp writes "Reports that the NSA and/or Britain's GCHQ deliberately targeted Belgian cryptography professor Jea-Jacques Quisquater may be jumping to conclusions, the professor has said. Investigation of an apparent NSA/GCHQ hack of Belgian ISP Belgacom uncovered evidence that Quisquater's PC had been infected with malware and had data extracted. However the two incidents might be coincidence: similar malware is used by Asian attackers, he said."

cancel ×

57 comments

Sorry! There are no comments related to the filter you selected.

Damned if they did, more so if they didn't (3, Insightful)

3.5 stripes (578410) | about 9 months ago | (#46139901)

Now the NSA has shown its willingness to do such things, and then deny even having the ability, they're going to get the finger of blame pointed at them a lot more, regardless of whether they deserve it, and now in a much more credible way.

Re: Damned if they did, more so if they didn't (3, Insightful)

Anonymous Coward | about 9 months ago | (#46140025)

If you lie often enough I can't believe anything you say anymore. That's the way trust works.

Re: Damned if they did, more so if they didn't (2)

Anonymous Coward | about 9 months ago | (#46140659)

The intel agencies prefer to say nothing, not to lie. Some people won't trust them regardless of what they say anyway. That's the way it works.

It isn't uncommon for the people to call them liars to be lying themselves.

Re: Damned if they did, more so if they didn't (4, Insightful)

Anonymous Coward | about 9 months ago | (#46140731)

Clapper lied to Congress. No ifs, ands or buts about it. That's enough for me. If he'll lie under oath why on earth should we ever expect him to tell the truth?

Re: Damned if they did, more so if they didn't (1)

Anonymous Coward | about 9 months ago | (#46141515)

He lied during the open session of Congress. My understanding is that during a classified, closed door session with committeee members, the actual truth came out.

Sometimes, you are required by law to lie, even to Congress. That doesn't make it right however.

Re: Damned if they did, more so if they didn't (3)

Mathinker (909784) | about 9 months ago | (#46143801)

> My understanding is that during a classified, closed door session
> with committeee members, the actual truth came out.

How would you know? The members of the Intelligence Committees are clueless/corrupt, and even less reliable sources of information than the intel brass.

> Sometimes, you are required by law to lie, even to Congress

No. Just, no. Clapper has on numerous occasions refused to answer questions in open sessions while providing the information in closed session (to the same Congressmen, not just committee flunkies) [techdirt.com] .

Re: Damned if they did, more so if they didn't (1)

HiThere (15173) | about 9 months ago | (#46143829)

No. You can say that you can only reveal infromation related to that topic in a closed session. You don't have to lie.

Of course, if you only reveal things in a closed session, people will doubt that you said them. So, perhaps, his intent was to use the testimony in open session to lie to the public, and to the non-cleared members of Congress. He still lied to Congress under oath, and that makes him a criminal. One who remains curiously unprosecuted.

Re:Damned if they did, more so if they didn't (2, Insightful)

Opportunist (166417) | about 9 months ago | (#46140099)

Problem is, when pointing the finger blindly at the NSA, your chance to be right is surprisingly high...

Re:Damned if they did, more so if they didn't (1)

Xest (935314) | about 8 months ago | (#46148325)

The most amusing thing I find about it is how we had weekly, almost daily stories about China hacking this, China hacking that, how China was engaging in a cyber war and so on and so forth.

Since the Snowden revelations I don't think I've seen a single story on the issue.

The NSA has caused the US to lose all credibility in complaining about hacking from foreign nations, which doesn't mean it's not happening, but is a result of the fact that anything even China was or still is doing is small fry compared to the tapping and mining of seemingly ever major data cable spanning the globe.

It's sad really because whether China really was doing what was claimed before or not, they now have the justification to do that and even increase such efforts because they can still claim "We're only doing what the US and Britain are doing".

NSA And GCHQ Used Fake LinkedIn And Slashdot Pages (2)

rvw (755107) | about 9 months ago | (#46139909)

How about this? Edward Snowden Reveals 'Quantum Insert': NSA And GCHQ Used Fake LinkedIn And Slashdot Pages To Install Spyware [ibtimes.com] ?!?!

German newspaper Der Spiegel reported that documents leaked by Snowden show that the GCHQ used a method called “quantum insert” to redirect employees of Belgacom, Belgium’s largest telecommunications company, to fake websites that contained spyware. The program targeted higher-level employees that had “good access” to Belgacom’s infrastructure.

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa (0)

Anonymous Coward | about 9 months ago | (#46140079)

He is probably one of the willing participants, and trying to shrug off and explain this away so people don't stay curious.

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa (1)

PlusFiveTroll (754249) | about 9 months ago | (#46140393)

And we still don't have SSL with PFS on /.

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa (1)

fatphil (181876) | about 9 months ago | (#46140859)

And if we did, there would have been another slide with a little arrow pointing to Dice and saying "this is where we remove SSL". With a smiley, of course.

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa (2)

Bite The Pillow (3087109) | about 9 months ago | (#46141201)

The prof is simply not jumping to conclusions. Doesn't mean anyone in particular is or is not involved.
Presumably the researchers he contacted know enough to say if this did not look like the NSA job. The quantum insert looks like they don't need hosting in Asia, where these attacks were hosted.
NSA ate not the only people who have heard of LinkedIn, and it is the obvious attack vector for people who use it. It could be fricken anyone, and pointing to one party in particular is just click bait given the facts. If you have more info beyond that link, let us know how it lines up with the info linked elsewhere in these comments and you will actually deserve a +5.

Re:NSA And GCHQ Used Fake LinkedIn And Slashdot Pa (0)

Anonymous Coward | about 9 months ago | (#46145213)

Yes, that's the beta.slashdot.org site. If you're redirected to it, you know why.

TFA doesn't tell much... (1)

ls671 (1122017) | about 9 months ago | (#46139913)

TFA doesn't tell much about the setup on the professor machine and network. I couldn't even find which OS he was running...

Re:TFA doesn't tell much... (1)

AHuxley (892839) | about 9 months ago | (#46140055)

A few details on http://www.standaard.be/cnt/dm... [standaard.be]
"Belgian professor in cryptography hacked"
("This is an English summary of an article published in today's [01/02/2014] edition of Belgian newspaper De Standaard. The article concerns the hacking of the computer of professor Jean-Jacques Quisquater")
Note the German aspect too near the end of the article.

Re:TFA doesn't tell much... (0)

Anonymous Coward | about 9 months ago | (#46140103)

TFA doesn't tell much about the setup on the professor machine and network. I couldn't even find which OS he was running...

Obviously Windows. Geeze!

Re:TFA doesn't tell much... (3, Informative)

AHuxley (892839) | about 9 months ago | (#46140111)

Some more at http://www.infosecurity-magazi... [infosecuri...gazine.com] is6
"He received a fake LinkedIn invite from a non-existent person in the European patent office (Quisquater holds 17 patents).
This dropped a variant of the MiniDuke malware which covertly opens a backdoor onto the infected computer."
and http://www.infosecurity-magazi... [infosecuri...gazine.com]

Re:TFA doesn't tell much... (2)

Mashdar (876825) | about 9 months ago | (#46140619)

Taking parent's post for granted, MiniDuke appears to only target Windows:
http://www.symantec.com/securi... [symantec.com]

Re:TFA doesn't tell much... (3, Insightful)

fatphil (181876) | about 9 months ago | (#46140935)

And this shows why "cryptography expert" and "security expert" should not be confused.

Re:TFA doesn't tell much... (0)

Anonymous Coward | about 9 months ago | (#46140681)

I was a student of his ~5 years ago. At that time, he was doing his presentations with a Windows laptop if I recall well.

Asian attackers? (0)

Anonymous Coward | about 9 months ago | (#46139941)

WTF? Is it no longer PC to say Chinese hackers? And so now we vilify an entire continent instead?

In other news felching all the rage with GCHQ staff.

Re:Asian attackers? (1)

lagomorpha2 (1376475) | about 9 months ago | (#46141107)

WTF? Is it no longer PC to say Chinese hackers? And so now we vilify an entire continent instead?

In other news felching all the rage with GCHQ staff.

I'm not sure of usage in Belgium but in England "Asian" typically refers to Arabs/Persians/Turks/Indians (you know, the rest of the Asian continent). It's unclear if this ambiguity is intentional or not.

Re:Asian attackers? (0)

Anonymous Coward | about 9 months ago | (#46143633)

Is it no longer PC to say Chinese hackers?

I prefer the term "Chinese Military", because that's who it is.

Mail said... (1)

Anonymous Coward | about 9 months ago | (#46139971)

Enlarge ur ......linkedin profile size! Click Here!

Malware "was only active when I was out" (1)

AHuxley (892839) | about 9 months ago | (#46140029)

Thats may point to a local support network of staff knowing when to turn the malware or make it become passive again.

Re:Malware "was only active when I was out" (1)

Somebody Is Using My (985418) | about 9 months ago | (#46140105)

Or simply software that waits a long time for the user to be idle (four or five hours) before it does its thing.

Re:Malware "was only active when I was out" (1)

Opportunist (166417) | about 9 months ago | (#46140119)

Or maybe wait 'til the login prompt gets displayed after the computer locked down after a while?

Either way, they are responsible (2)

PopeRatzo (965947) | about 9 months ago | (#46140043)

The NSA is responsible for the hacking of Jean-Jacques Quisquater whether or not they actually did it.

They're the ones who created this ugly labyrinth of snoops and upskirters who obsessively have to possess every atom of extant human dignity by owning their information, they're very meaning.

God, I hope Edward Snowden is only the beginning. I hope that dozens, hundreds, thousands of Edward Snowdens reveal every single detail of every single stinking perverted notion of what a government and corporation is to do until we know exactly what kind of chlamydia medicine the wife of the head of the NSA takes and how often he spits in the shower.

These NSA revelations have left me absolutely disgusted and incensed. They've changed my politics, they've changed my behavior, they've changed my view of my innocent corner of the world.

And worse, for the corporations who thought this was going to bring some great future of control over the metrics of our lives, it's changed my consumption habits. Now, I've become leery of every request for my zip code. My willingness to use a real email address anywhere is just about gone and I'll pay cash just because fuck them.

I don't think the backlash has even started over this Surveillance State. Or rather, I hope it hasn't because if there's not an effective backlash then our only hope is a solar flare that wipes everything with an EMP, and that would mess up my saved games.

Damn you to hell, NSA! and the corporate trojan horse you rode in on.

Re:Either way, they are responsible (2)

Somebody Is Using My (985418) | about 9 months ago | (#46140287)

The problem I have with the NSA is not just the violation of my (and others') privacy. That's pretty bad but let's face it, that seems to be the direction the world is heading. As our technology matures, we are going to be under observation more and more often, be it from the government, corporations, other organizations (such as religions) or just each other.

As bad as this is, the real issue I have with the NSA is the complete imbalance of power this creates between the people and the government that is nominally there to support it. Of course, the question of who is really in charge of this country has gone back and forth for over two centuries, though the statesmen who wrote the US Constitution and other documents did everything they could to tip the scales in favor of the citizenry, while the politicos have spent generations pushing in the other direction. But the observational power currently solely held by the government (through agencies of the NSA/FBI/CIA/IRS/etc.) could well prove the unimpeachable advantage that ensures the power irrevocably slides into the hands of a select few. It is an exceedingly dangerous power and, unopposed, is a far more dangerous tool for tyranny than any army. A strong military can take a country, but it is the network of informers is what will let you hold it.

Which leaves us with two options: one, we-the-people say "no more", and do what we can to protect our privacy. Unfortunately, because of the ubiquity of these tools - and the temptations for police to use them - this would probably make illegal much of the technology we now take for granted, everything from GPS receivers to cellphone cameras to the Internet. But People and Government would have a closer balance of power.

The alternative is to go completely in the other direction: we achieve a sort of universal panopticon, where everybody is watching everybody; the government sees everything we do in our lives, and we can monitor everything they do in (and out of) office. Informational blackmail by either party becomes impossible; how can government enforce laws if they are shown - as they would be - to be breaking it as often as we?

I don't look favorably at this second option, but the first has such severe disadvantages - and would be so difficult to bring about - that I believe the latter is our future. Already the younger generations are coming to terms with a decreased lack of privacy, and Snowden's heroic actions have shown us how this can be used to keep the Powers-That-Be in check. Personally, I think a panopticon society will be so psychologically and culturally different than what I am used to that I won't want to live there, but I still think it is far, far better than one where surveillance is in the hands of only a few,

Re:Either way, they are responsible (1)

allaunjsiIverfox2 (3506701) | about 9 months ago | (#46144989)

That's pretty bad but let's face it, that seems to be the direction the world is heading.

Yeah, so just give up on things like "freedom" and "privacy."

Re:Either way, they are responsible (1)

Gr8Apes (679165) | about 9 months ago | (#46140391)

Then you're going to love this story [cnn.com]

Re:Either way, they are responsible (1, Insightful)

PopeRatzo (965947) | about 9 months ago | (#46140801)

Then you're going to love this story [cnn.com]

Thanks a lot. It's bad enough that it's below zero outside and I'm still hungover and haven't gotten over the cold that I caught last week, but now I've got Total Surveillance in the WorkplaceTM to worry about.

And my cat just threw up. I'm going back to bed.

Re:Either way, they are responsible (1)

fatphil (181876) | about 9 months ago | (#46141287)

I am reminded of /Lex Nokia/.

Presumably my most recent NDA would prevent me from mentioning if I've been reminded of /Lex Nokia/ other times recently, were it to be the case that those reminders were while I was within there workplace. I walked out of that job after only a couple of months...

Re:Either way, they are responsible (1)

PopeRatzo (965947) | about 8 months ago | (#46150003)

/Lex Nokia/

The Wikipedia entry is in Finnish and does not translate well. Is this law still in effect in Finland? People really live like that?

Re:Either way, they are responsible (1)

fatphil (181876) | about 8 months ago | (#46150523)

It's still active. It still gives Finns, and those who work there, much more privacy than US/UK workers. Sure, they used to have more, but it could be a lot worse.

Where are you comparing to?

Re:Either way, they are responsible (1)

PopeRatzo (965947) | about 8 months ago | (#46156047)

OK, I have to try to work through that Wiki article again. I guess I just don't understand the law at all.

I've got a neighbor who's a recently-arrived Finn, and I'm going to ask for her help. (Plus, she's really good-looking).

How to dodge all responsibility (0)

Anonymous Coward | about 9 months ago | (#46140077)

Crypto Legend Quisquater Targeted - But NSA May Not Be To Blame

Oh, come now. I'm certain we can find SOME way to blame the NSA for this! It's almost as if you don't have any faith in our talents whatsoever!

Re:How to dodge all responsibility (1)

Opportunist (166417) | about 9 months ago | (#46140125)

Why bother? Just toss a dead cat over your shoulder, you'll sure as hell hit some kind of privacy invasion the NSA has been responsible for.

Exactly what they wanted (1)

TheCarp (96830) | about 9 months ago | (#46140139)

May not be to blame? Well, they very specifically seem to aim for that don't they?

They use injection systems that masquerade as legitimate systems. They use preliminary infections to probe and gauge user sophistication, then they choose their attacks based on threat of detection.

so the attack that most looks like them is one that doesn't look like them. So any intrusion, unless its just lame (like the one Jake Applebaum talked about in his recent talk where it was litterally just using a script to upload screenshots of his system to a remote server, and had failed to upload many so it filled his home directory..... that was very likely not them.

However anything that actually works, even if it is off the shelf malware, could be them.

Which doesn't mean that it is of course, but, it does mean that there is no way to actually shut the conspiracy nuts down on any of these because, any attack could plausibly be them.

Re:Exactly what they wanted (0)

Anonymous Coward | about 9 months ago | (#46141021)

reminds me of the american AWACS (advanced warning and control radar) which the yanks gave the israelis to help fight turds.
once in israel, "they" promptly disassembled the components, and sold the lot to Red China, in Asia!

wonder if they got to the Apple-bomb via isreeli PrimeSense, the AKAMAI VIRUS (botnet), or perhaps through his phone bill provided by AMDOCS, all of which are isreeli TROJANS!

how this works (2)

stenvar (2789879) | about 9 months ago | (#46140185)

You can be pretty much certain that the NSA is trying to get its hands on the private data of anybody relevant to their interests and work: cryptographers, big data scientists, other related fields of computer science. This is simply so that they can make sure that they are ahead of what's out there in the public domain and academia.

And in addition, you can also be certain that any administration is going to be using the NSA and other spy agencies to keep track of potential dissidents, critics, and leakers: economists, social scientists, political opponents, political activists, members of the military, etc. And they are going to use that data to warn the administration of political attacks and silence opponents through leaks of unflattering personal information, as well as selective prosecution of actual wrongdoing.

That's not a question of whether this or any other administration is particularly bad or dishonest, it's simply what happens when you give any organization and any government the kind of power that the NSA has given to recent administrations.

Re:how this works (0)

Anonymous Coward | about 9 months ago | (#46143245)

You could have laws regulating the government, oh wait, that would be interfering with the free market! ..Oh wait.. Fuck it, you and the other former colonies and the mother Britain have been waiting enough already.

Crypto Legend? (1)

hweimer (709734) | about 9 months ago | (#46140713)

This guy's Wikipedia page [wikipedia.org] basically only mentions that he's famous for being the victim of the alledged attack. So he's been chosen as a target because he is famous for being the target of the same attack? I'd assume a garden variety mass phising attempt is more likely.

Re:Crypto Legend? (3, Informative)

Fref (843765) | about 9 months ago | (#46140963)

The french page is more thorough http://fr.wikipedia.org/wiki/J... [wikipedia.org] I was a student of his, and he is indeed well known in the field of cryptography. This might give you a glimpse of his relevance: http://scholar.google.com/cita... [google.com]

Re:Crypto Legend? (2)

fatphil (181876) | about 9 months ago | (#46141377)

I'm familiar with his name, but wouldn't say "legend" was appropriate.
Google for ``"Quisquater attack"'', and you should find some of the cryprographic attacks he's known for.

About that malware... (0)

Anonymous Coward | about 9 months ago | (#46141175)

similar malware is used by Asian attackers, he said

Similar malware is also used by the US government. It was used in the Freedom Hosting attack, it was used on ~100,000 suspects (of what and who they are was not stated) of the FBI, the NSA's own documents claim they have malware on over 50,000 machines worldwide, and that's not even counting Stuxnet/Flame.

Porn (0)

Anonymous Coward | about 9 months ago | (#46141617)

Don't worry, the NSA has a log of all the porn sites the guy has visited, so they can help identify which gave him the infection.

Data was taken (1)

SST-206 (699646) | about 9 months ago | (#46141717)

cryptography professor Jea-Jacques [...] Quisquater's PC had been infected with malware and had data extracted.

...including the letter N from his first name!

Need to know (0)

Anonymous Coward | about 9 months ago | (#46142531)

" NSA May Not Be To Blame"

Yes,

Oh and by the way how is the Nile doing at this time of year?

Re:Need to know (1)

tomhath (637240) | about 9 months ago | (#46143653)

Indeed. Because you can be sure that no other government is conducting espionage. Not.

Whoever it was -- it doesn't help the NSA (1)

Mister Liberty (769145) | about 9 months ago | (#46144393)

Think about it.

fuck the nsa (1)

strstr (539330) | about 9 months ago | (#46145843)

When are people going to understand: the NSA targets all, at all times. Satellite and space/radar capability monitor all souls regardless. Who the fuck cares if they targeted him one pathetic way or not, when everyone is being monitored regardless in other more invasive and secretive ways?

Total global surveillance method exposed by Dr. Robert Duncan, a DOD/CIA/US DOJ systems architect: http://www.oregonstatehospital... [oregonstatehospital.net]

NSA is 90% air wave and radiation intelligence. 10% lower tech shit.

Re:fuck the nsa (0)

Anonymous Coward | about 9 months ago | (#46147079)

You're a fucking moron, headed to Salem for a permanent residence.

Re:fuck the nsa (0)

Anonymous Coward | about 8 months ago | (#46176845)

I have no plans to go to Salem, fucking idiot...

Professor Quatermass (0)

Anonymous Coward | about 9 months ago | (#46147669)

Is that you?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?