The UK Cabinet Office has moved to downplay concerns that it infected telecoms engineers' workstations with espionage-focused malware.
A Cabinet Office spokesperson told V3 that if such spying did occur it would have been within the law.
"All GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that its activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the Interception and Intelligence Services commissioners and the Intelligence and Security Committee," read the statement.
Reports that the GCHQ was using bogus LinkedIn and Slashdot pages to mount a targeted attack, via the part-government owned Belgacom telecommunications company, broke earlier in the week via German news outlet Der Spiegel. The newspaper reported uncovering the campaign while examining documents leaked by ex-CIA employee Edward Snowden.
The documents reportedly showed that the GCHQ had used the bogus pages to install custom malware on a select number of key targets' machines. The malware reportedly granted the GCHQ access to router systems used to traffic data when people use their mobile phones abroad. Der Spiegel reported that the agency was using its access to launch a series of man-in-the-middle attacks against an unspecified number of smartphone users.
LinkedIn has also moved to downplay the significance of Der Spiegel's report. A spokesman told V3 that the company has never received data requests from the GCHQ and has not seen any suspicious activity on its systems.
The reports follow widespread questions about how intelligence agencies collect data. The heads of the GCHQ, the Security Service (MI5) and the Secret Intelligence Service (MI6) defended their online data collection campaigns as an essential part of the war on terrorism.
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine