Belgian telco says it was hacked, while reports point to NSA or GCHQ as culprit

Here’s a curious one: Belgium’s largest telco has filed a complaint against an “unknown third party” that hacked into its internal IT systems and apparently inserted a virus. Belgacom hasn’t officially suggested who this third party might be, but De Standaard has quoted sources as saying it was the U.S. National Security Agency or one of its partners.

Belgacom said on Monday that it had found evidence of an intrusion into its systems, and the subsequent investigation revealed a virus in “a few tens” of servers and workstations. The company stressed that the virus infected only its internal IT systems, and not Belgacom’s telecoms network.

However, De Standaard‘s sources revealed a couple further details that don’t quite fit with the official statement. According to that report, the attackers hacked into at least two years of international phone traffic (I’m not sure whether that means metadata or actual voice traffic) with the intrusion being discovered in June this year. They were also apparently very interested in Belgacom International Carrier Services (BICS), the firm’s joint venture with Swisscom and South Africa’s MTN.

That and other reports say the attacker was most likely the NSA or Britain’s GCHQ, based on the complexity of the malware. They also suggest the hackers were after traffic from countries such as Syria and Yemen. On both counts, the evidence appears to be circumstantial for now.

That said, it’s probably worth pointing out that BICS is one of the outfits behind the SEA-ME-WE3 and SEA-ME-WE4 cables that run from Europe through North Africa and the Middle East to Singapore and beyond. Sueddeutsche Zeitung has previously noted that GCHQ has access to these two cables (and many others) – but then again, the cables touch the UK itself, so if they’re tapping it anywhere it’s probably there.

Anyhow, Belgium’s federal prosecutor is now on the case, so let’s see what the investigation turns up.