Hacker News new | past | comments | ask | show | jobs | submit login
Britain's GCHQ hacked Belgium's telco Belgacom
99 points by filipmaertens on Sept 20, 2013 | hide | past | favorite | 30 comments

Through excitement this was erroneously posted and contains the same article of Der Spiegel as https://news.ycombinator.com/item?id=6416660

Which apparently has been flagged off of the front page.

I'm getting tired of the knee-jerk tendency for a small group of people to flag these extremely critical revelations. Yesterday the post about the mass rally on Washington was flagged to the bottom and eventually kicked off the front page. A recent poll revealed overwhelming support for more, not less reports on these spying stories, and yet a vocal minority is able to disregard the community's wishes and ruin things for everyone.

I don't know how this can be solved other than perhaps intense moderation to unflag everything regarding these revelations and let their popularity be determined solely by votes.

This place is only incidentally run as a semi-democracy. The goal is not to get the stuff on the front page that the most people want but the stuff that satisfy peoples intellectual curiosity.

If you want a completely democratically run internet forum, create your own subreddit or on www.reddit.com.

Incidentally Hacker News was made partially as a response to the decline of the general reddit communities and with the hope of addressing at least some of their failures - such as relying too much on democracy.

I'm getting tired of the knee-jerk tendency for a small group of people to flag these extremely critical revelations.

The "knee-jerk" comes from the tendency of people to submit lots and lots of less important stories on the same handful of topics, rather than a few good ones. Remember when the front page was nothing but Erlang? Or nothing but Steve Jobs eulogies? For people that come for quality rather than quantity, it harms the signal to noise ratio. Submitting even more just exacerbates the problem, without creating better discussions (more threads != better threads) in exchange.

As tomjen3 suggests: find or create your own subreddit. Subreddits themselves exist because this same problem afflicted Reddit.

Edit: I'm sorry if I offended somebody. I'm simply trying to propose a solution for people that feel they aren't seeing the stories they want to see on HN.

So you could call this a "false flag" operation?

Any idea why it'd be flagged?

People perhaps fatigued by constant spying mini-revelations

"mini" revelations ... if you're an American.

Unbelievable. When it's the NSA spying on US citizens, everybody's paying attention, and US people scramble to point out that the EU isn't much better, either (which we knew already because it wasn't kept secret from us in the first place. blame us for the apathy, I applaud the US's (relative) outrage). And then something like this comes out, the UK hacking a neighbour EU country, and people are suddenly "huh we're tired of this news". Self-centred is more what I'd call it.

"mini" is certainly not the right word to use if the provider in question "hosts many of the most important European Union institutions, universities and corporations, as well as NATO."

Interestingly, this has not been reported in the UK.

D-Notices limit what the news organisations can report on here in the UK.

Here's some correspondence with the BBC that shows what's going on. The BBC acknowledge they have been asked to talk to the government before reporting on anything to do with the recent security revelations: https://www.whatdotheyknow.com/request/reporting_on_gchqs_te...

There is a gag order on the media against any reporting of GCHQ. Ministry of Truth is in full effect in the UK right now.

Not disputing that there is some 'voluntary' suppression of facts by the media but a quick search of BBC news shows 5 stories in the last 10 days. http://www.bbc.co.uk/search/news/?q=GCHQ

In the UK, we aren't having any real public debate about the security services, largely because the homegrown news organisations aren't giving the issues the attention they deserve. I don't know what would happen to them if they took a stand against a D-Notice.

(BTW, the 2nd result on that BBC news search is more like a job ad for GCHQ)

(Edited to remove my erroneous claim that D-notices aren't voluntary, turns out they are, though hardly any media orgs. go against them)

Safe to say that they hacked every {country}com they could. That's not personal, just business.

What I don't get is how the hell this is not an act of war? If I put a bomb next to some critical telecommunications network, even if I made absolutely sure nobody was harmed, and blew it up it would be considered an act of terrorism.

So why the hell is GCHQ doing this to an allied country?

The main target appears to be the BICS unit within the Belgacom's group, which is a wholesale operation with a strong division in Dubai (peering to du/EITC and Etisalat), covering Middle East switching/termination. Having access to BICS infrastructure could give potential to tier-1 interception of middle east peers. At least, that could be one of the many (many) motives for targeting BICS imho. While Belgium may be an allied country, it might supply/export services to other countries that may seemingly be other allied countries to the U.S. but where a hidden agenda is played out according to the age old saying "trust, but verify" :) Also, if designing attack trees, you take the weakest links in order to have a successful attack. Taking Belgium/Belgacom route may have proven to be a valid option so it seems ("hey, if the Belgians don't care to be without government for over two years, they sure as hell won't care about a hacking") :p

My only response is...so. So far it's nowhere near justified.

And I just get through reading some scary stuff about what Canadian spooks are doing. Had to dig for it, well since nobody cares about Canada.

Care to link to that?

In his final report to Parliament, commissioner Robert Decary says some of the spying at Communications Security Establishment Canada may have affected Canadians in the past year. However, thanks to poor record-keeping, Mr. Decary – a retired judge who has been the agency’s independent watchdog since 2010 – said he can’t be sure.[1] CSEC is forbidden from intentionally collecting or analyzing information from Canadian citizens in Canada or abroad. However, the National Defence Act allows the defence minister to give CSEC written ministerial authorization to intercept private communications unintentionally while collecting foreign-signals intelligence.[1] Doesn't this contradict with the Canadian Privacy Act? Yet, while Mr. Binney compliments the surveillance acumen of Communications Security Establishment Canada, he also urged the Canadian public to scrutinize CSEC – especially given its long-standing close ties to the NSA. “They have integrated reps,” he said, referring to how the agencies swap personnel. He pointed out that they also share technology, such as a very powerful, recently revealed Internet-surveillance tool, code-named “XKeyscore.” “CSEC does not direct its activities at Canadians and is prohibited by law from doing so,” its chief, John Forster, said in a rare public statement. Yet, records recently obtained by The Globe show that CSEC has been developing its own secretive programs to “incidentally” monitor at least some Canadian telecommunications traffic.[2] Some of Mr. Snowden’s leaks speak to the NSA’s close relationship with CSEC – suggesting, for example, that the two agencies teamed up to spy on foreign diplomats at a 2009 G20 meeting in London, and may have also been in cahoots to install a back door to spy on encrypted messages on the Internet in 2006.[2] At the time, Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control. “After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”[3] So CSEC was being coerced by NSA and completely gave up control. Although I can respect the apparent "restraint" Canadian government has, but clearly system can be abused and will stay way under the radar compared to NSA and GHCQ. [1]http://www.theglobeandmail.com/news/politics/watchdog-says-s.... [2]http://www.theglobeandmail.com/technology/beware-of-data- [3]http://bits.blogs.nytimes.com/2013/09/10/government-announce

Thanks for following up! I also caught your submission of this that made the front page.

Indeed there is no justification for any of this. I'm curious how government spin doctors will handle this one though :)

To GCHQ it may be business as usual, but if I were telco owner/admin/user I would be pissed.

After all virus writers/crackers/spammers are just business too.

Just because its government that hacks you doesn't make it any better, I believe it makes it worse.

I've been trying to get my bosses on board with offensive security at work, where if I see someone trying to attack us I want the right to attack them back. Kind of turning the blue team into the red team. Imagine if you did that and then found out the attackers that you just counter-hacked were actually the government and now you're being arrested?

--I know it's illegal (except if a big company like Microsoft or a government agency like the FBI does it). It's the dream of every information security professional though.

Yes. You should be arrested.

Counter hacking is just hacking, the only difference is how you pick your target. And you never know, maybe the owner of the originating system was just another victim. (Hacker breaks in computer A, then precedes to hack computer B leaving trace back to computer A, not the hacker)

It is also against the law in most of developed world.

Counterattacking is a big no-no in most countries, so I would stay from that offensive security stuff. Unless of course, you're working for a government, in which case you need to look at the conventions of warfare and see if you can declare war on another country where the attack allegedly originated from ;-))) Tough sell :-)

> That's not personal, just business.

unless you happen to be Belgian. but eh, it's such a small country, who cares right??

come on just say it, it's not about "personal" vs "business". You all care when it's China hacking into the US, even if they're not allies like the UK and Belgium.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact