Extracting data from Belgian telecoms firm, alleged to have been performed by British intelligence service GCHQ, was more widespread than initially thought without being detected for more than two years, according to reports.
Britain faced the first public clash with Belgium last year, when the European allay blamed the intelligence service for using highly sophisticated malware to hack into its systems.
The Intercept, an online platform that regularly reports on the documents leaked by the National Security Agency whistleblower Edward Snowden, published together with De Standaard and NRC Handelsblad – Belgian and Dutch newspapers – comprehensive reports on how the hacking happened.
Snowden told The Intercept that the Belgacom hack was the first documented case to show one EU member state mounting a cyber-attack on another, being a breath-taking example of the scale of the state-sponsored hacking problem.
According to the documents received from Snowden, GHCQ first infiltrated the computers of three Belgian engineers back in 2011 and the virus went on undetected until 2013, when Belgacom removed it from its system. It is said that the malicious software was camouflaged as legitimate Microsoft software while extracting data.
"The security service was thus able to intercept communications from Belgacom's individual clients, from NATO and the EU, as well as from clients of hundreds of international telecoms providers. It is an unprecedented violation of the privacy of anybody who used a mobile telephone," De Standaard said.
GCHQ previously declined comments on the allegations.