GCHQ Deploys Fake LinkedIn Website to Snag Users

Even the security conscious can’t feel safe anymore.

Today, more documents were released detailing the data collection tactics of the GCHQ, otherwise known as the British counterpart to the American NSA. Turning to websites like LinkedIn, the agency was able to ghost their own phishing-based version of the website on top of the original content, tricking high-level security engineers into revealing their connections at work and home to the spy satellites watching silently from above.

Other targets included employees of major telecom and international billing companies, all of which were involved in handling the communications of their customers in one form or another.

De Spiegel

One solace in this story is that this program was not a wideswept dragnet like others, and the British intelligence workers had already thoroughly researched the engineers they selected before targeting them. According to a “top secret” GCHQ presentation disclosed by NSA whistleblower Edward Snowden, they identified employees who worked in network maintenance sector and manned security for the Belgian telecommunications conglomerate Belgacom.

Quite ironically dubbed “Operation Socialist” (the joke being that a program such as this could never exist in a socialist society), the program sought out high-level contract workers and used their accounts to access secure areas of the internal networks that normally wouldn’t be hooked up to outside severs, in an attempt to isolate them from spying operations identical to what the GCHQ was trying to pull off.

“We can locate, collect, exploit (in real time where appropriate) high value mobile devices & services in a fully converged target centric manner,” a GCHQ document from 2011 states.

For years, the British spies have aspired to potentially transform every mobile phone on the planet into a monitoring tool that could be activated at any time. But the government hackers apparently have to use workarounds in order to infiltrate the relatively inaccessible mobile phone networks.

Deployed by an elite subset of the already highly-skilled GCHQ army of hackers, the MyNOC team, or “My Network Operations Center” for long, was tasked with breaking into the personal computers and networks of only the most difficult-to-crack international systems.

Dependent on something called a “Quantum Insert” method, the programmers were able to hijack the web traffic of concerned parties and supply identical web pages based on the sites they visited. These exact copies of the domains carried all the same functions as the original, with the added “benefit” of being able to inject malware into the users computer even if they have up to date antivirus programs or router-based firewalls protecting them from infiltration.

Although this seems like a daunting prospect, thankfully there are still services like VyprVPN to keep you safe. By employing one of their 100+ servers to hide your actions online, VPNs are able to cut government tracking software off at the source!