The UK's GCHQ used bogus LinkedIn and Slashdot pages to turn a key telecoms provider's machines into government spy tools, according to reports.
German newspaper Der Spiegel reported uncovering the GCHQ's campaign when examining a number of leaked intelligence documents. Der Spiegel is one of a select number of media outlets to have access to the PRISM documents leaked by whistleblower Edward Snowden earlier this year.
The paper reported that GCHQ officers began by identifying a number of employees who regularly used LinkedIn or Slashdot within the part government-owned Belgacom telecommunications company. Once identified the targets were hit with a "Quantum Insert" attack, which infected their work stations with custom top-end malware spread using fake LinkedIn and Slashdot pages.
The malware turned the machines into spy tools and was used to infiltrate the Belgacom internal network and its subsidiary BICS. The infiltration of BICS in turn granted the officers access to the company's router system, which is used to traffic data when people use their mobile phones abroad.
Der Spiegel reported that GCHQ used its access to launch a series of man-in-the-middle attacks against an unspecified number of smartphone users. One alleged document said the attacks meant that the "intelligence service could read the entire internet communications of the target and even track their location or implant spying software on their device".
The news follows widespread reports that GCHQ and the US's NSA are using multiple technology companies to mount sophisticated spy campaigns. Numerous publications reported that the NSA was gathering vast amounts of web data from companies including Google, Facebook and Microsoft.
LinkedIn has moved to distance itself from the snooping claims. A spokesman told V3: "We have read the same stories, and want to clarify we have never co-operated with any government agency, nor do we have any knowledge with regard to these actions and, to date, have not detected any of the spoofing activity that is being reported. LinkedIn takes the privacy and security of our members very seriously, and when we're made aware of any improper activity, we work to quickly respond."
At the time of publishing, GCHQ had not responded to V3's request for comment on Der Spiegel's report. The heads of GCHQ, the Security Service (MI5) and Secret Intelligence Service (MI6) argued last week that operations such as those detailed in the PRISM leak are an essential part of their fight against terrorism.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance