German news magazine Der Spiegel has reported that GCHQ used doctored websites including those from the business network LinkedIn to secretly install surveillance software on the computers of unwitting target companies it wanted to snoop on.
The disclosures, from US whistleblower Edward Snowden, came less than a week after The Independent newspaper revealed the existence of a suspected secret GCHQ listening post on the roof of the British embassy in Berlin.
Der Spiegel said that GCHQ used "manipulated copies" of web pages put online by the business network LinkedIn to gain access to the computers of suspects it was targeting.
GCHQ and the NSA were said to have developed a practice codenamed "Quantum Insert" to install spy software on the computers of targets without their knowledge. A LinkedIn spokesman was quoted as saying: "We were never told about this alleged activity and we would never approve of it, irrespective of what purpose it was used for."
Using Quantum Insert, GCHQ was said to have infiltrated the computers of staff employed by the Belgian telecommunications company, Belgacom. Der Spiegel said the partly state-owned internet provider had been subjected to a major GCHQ "hacking attack".
GCHQ was said to be deliberately targeting the computer systems of service companies operating in the international mobile telecommunications sector. One of the infiltrated companies was named as Mach – a concern used by several mobile phone operators to co-ordinate international "roaming" traffic.
"Using Quantum Insert GCHQ attacked the computers of employees and was able to work its way deep into the company’s network," Der Spiegel wrote.
It quoted a "Top Secret" GCHQ report which claimed the agency had managed to obtain detailed information about the concern’s communications infrastructure, business and personnel."
