GCHQ uses doctored websites including those from the business network LinkedIn to secretly install surveillance software on the computers of unwitting target companies and individuals it wants to spy on, the German news magazine Der Spiegel has reported.
The disclosures, which were said to be based on the contents of intelligence data leaked by the US whistleblower Edward Snowden, came less than a week after The Independent revealed the existence of a suspected secret GCHQ listening post on the roof of the British embassy in Berlin.
Der Spiegel said that GCHQ, the Government’s surveillance centre based in Cheltenham, used “manipulated copies” of web pages put online by the business network LinkedIn to gain access to the computers of suspects it was targeting. LinkedIn has some 260 million users in more than 200 countries.
GCHQ and the National Security Agency, its US equivalent, were said to have developed a practice codenamed “Quantum Insert” to install spy software on the computers of targets without their knowledge. A LinkedIn spokesman was quoted as saying: “We were never told about this alleged activity and we would never approve of it, irrespective of what purpose it was used for.”
Using Quantum Insert, GCHQ was said to have successfully infiltrated the computers of staff employed by the Belgian telecommunications company, Belgacom. Der Spiegel said the partly state-owned internet provider had been subjected to a major GCHQ “hacking attack”.
The magazine said it also had evidence that GCHQ was striving to improve its monitoring of mobile internet traffic to achieve the same kind of dominance in intelligence gathering that it currently holds over cable internet correspondence through its “Tempora” surveillance programme.
GCHQ was said to be deliberately targeting the computer systems of service companies operating in the international mobile telecommunications sector. One of the infiltrated companies was named as Mach – a concern used by several mobile phone operators to co-ordinate international “roaming” traffic.
“Using Quantum Insert GCHQ attacked the computers of employees and was able to work its way deep into the company’s network,” Der Spiegel wrote.
It quoted a “Top Secret” GCHQ report which claimed the agency had managed to obtain detailed information about the concern’s communications infrastructure, business and personnel.”
A Mach spokesman said that as a result of the disclosures the concern had launched an “ immediate security test”. Der Spiegel said that GCHQ and NSA had also infiltrated the Vienna headquarters of Opec and had managed to bug the computers of nine Opec employees. It said the NSA had carried out surveillance on the office of Opec’s general secretary.
The disclosures follow claims by an Icelandic politician at the weekend that GCHQ spied on Iceland during its 2010 financial meltdown when Britain was trying to retrieve savers’ cash from collapsed banks. Birgitta Jonsdottir said she had been tipped off about the practice by WikiLeaks founder Julian Assange and warned negotiators not to use web-based email to discuss intentions.