Looks like many other agencies are following suit of the NSA. GCHQ (Governmental Communication Headquarters) of Great Britain has apparently been hacking LinkedIn profiles of employees of all sorts in order to infiltrate corporate networks and access information. Particularly mobile communication, mobile billing and clearinghouse companies have been the focus here, so that international transactions could be tracked. Organizations such as Belgacom and Syniverse have been at the brunt of these attacks, according to reports by Der Spiegel.
Whistleblower Edward Snowden had initiated these revelations and apparently employees are now targeted for information without discrimination. Although spokesman for Syniverse insisted that there has not been any breaches by government agencies according to their talks with the article, it is not yet been disproved adequately. As explained in the article, the Quantum Insert Method has been used by the GCHQ. Basically the intelligence agency redirects traffic to and from target servers and with this, intercept communication and transactional information. This is also can be called the “man in the middle” attack, essentially being the third party in this intrusion.
By looking at the LinkedIn profiles of targeted companies and employees, the agency is able to gather information and can use it as a safe guard since its deemed as public information. IT personnel such as network administrations have been noted to be the main targets, since they have a major capability of information authority and access. Cookies are even collected where then viruses can be installed in payloads on those PCs that were attacked. The spoof factor comes in where basically fake accounts on LinkedIn are the ones containing malware, so when someone clicks to view that profile, it launches that malware onto the viewers computer.
It was interesting to note that the article pointed out how targeted attacks by cyber criminals and the GCHQ were similar, such as conducting spearphishing. When it comes hacking, there really is not “righteous” way of doing it seems like, as anyone regardless of their title can engage in it. The agency really did look at the NSA as a model and perhaps have been using similar technology as well. Of course, this does not seem ethical at all, as the redirection and capturing of information over the internet is done so without any awareness by organizations or internet users for that matter.
“Brit Spies Spoof LinkedIn Pages to Track Targets.” TechNewsWorld: All Tech. N.p., 11 Nov. 2013. Web. 21 Nov. 2013. <http://www.technewsworld.com/story/79403.html>.