

Belgian professor in cryptography hacked - 1337biz
http://www.standaard.be/cnt/dmf20140201_011

======
sentenza
A near-perfect copy of Slashdot was supposedly served to infect "targets" with
malware. Since Slashdot isn't the center of the IT world any more, the logical
conclusion must be this: Who of us (reading this) is currently being served
his HN by GCHQ?

We're here at the heart of what should (and does) bug many IT people over here
in Europe: If you work in IT for a company that does something of interest to
GCHQ and the NSA, then you and your access credentials are one of those
'targets' they keep speaking about.

~~~
vezzy-fnord
HN isn't the center of the IT world, either.

~~~
niels_olson
Well, maybe not, but USG does keep on eye on the goings on here. E.g.
[http://web.nvd.nist.gov/view/vuln/detail?vulnId](http://web.nvd.nist.gov/view/vuln/detail?vulnId)

~~~
darsham
Your link is indeed broken but some google fu led me to find these entries
proving your point :

[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-017...](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0175)

[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-209...](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094)

[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-492...](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929)

They cite HN among a plethora of other references, though.

~~~
varjag
Yes but this is NIST (formerly ANSI), and these are essentially credits. Heck
even I am in credits at NIST somewhere, it's quite a leap from being mentioned
to being tracked by government.

------
mikevm
I guess if you think that you're a potential target, you should be doing your
computing like rms: [http://stallman.org/stallman-
computing.html](http://stallman.org/stallman-computing.html)

~~~
sentenza
Anybody who works in infrastructure for a big European ISP is a target. That's
a lot of people who are currently living relatively normal lives.

------
intslack
Here's a much better english summary:

[http://www.standaard.be/cnt/dmf20140201_011](http://www.standaard.be/cnt/dmf20140201_011)

~~~
kremlin
thanks. First sentence of second paragraph had my mind in shambles trying to
parse it.

"There isn't a card with an electronic chip available, or it has some sort of
security technology that UCL professor Jean-Jacques Quisquater (67) was
involved in developing."

I haven't a clue what that means.

[edit] wait, your link just ends up at the same article for me.

~~~
intslack
A mod changed the link, earlier it was just a several sentence gigaom
"article" linking to a Google translation of
[http://www.standaard.be/cnt/dmf20140131_049](http://www.standaard.be/cnt/dmf20140131_049).

~~~
1337biz
Thanks to the mod for the link change. Only found the standaard translation
and thought the gigaom was at least some form of a summary and better than a
google translated document.

------
eliteraspberrie
_His computer was infected after clicking a (bogus) LinkedIn invitation of a
non-existent employee of the European patent office._

Just goes to show how effective phishing attacks are. If a professor of
cryptography does not check SSL certificates, far less people do so than we
think.

~~~
zokier
Social engineering has very little to do with cryptography; being expert on
one does not give effective protection against the other (or vice versa).

------
jessaustin
ISTM that a strict adherence to Kerckhoffs's principle on the part of the
professor and his colleagues would reduce the value of this hack to run-of-
the-mill NSA/GCHQ creepiness. That is, they're not going to learn any secret
keys to CA roots by reading his email. Since they're creepy evil bastards,
however, there doesn't _have_ to be a point to it.

------
kevin_bauer
That example just shows, how easy it is to be scamed. No matter how smart and
how much of an expert you are, you still may be vulnerable from an totally
unsuspected angle. Don't ridicule someone who "deserved" it because of his
"stupidity" or "naivety", because you may be the next laughing-stock.

------
setori88
Quisquater was involved in the development AES. Are the NSA trying to find
ways to crack it?

~~~
pbsd
That is incorrect. Quisquater was not involved in _any_ of the AES candidates,
let alone the winner.

------
chbrown
Besides the GCHQ aspect, doesn't seem terribly different from other less
catchy news stories: "Immunologist gets the flu", "Physical therapist
fractures shin", etc.

~~~
effdee
You make it sound like it happened by chance. However, it's more like "Special
Forces kill top terrorist in Absurdistan" (as in, went an extra mile, tailored
operation, high-value target).

edit: speling

