For at least two years ending in 2013, the British intelligence service was probably spying within the state-owned company’s networks on the instruction of UK ministers, according to leaks from a judicial inquiry presented to Belgium’s national security council this week.
When asked by the Belgian federal prosecutor’s office to cooperate with the investigation into the alleged hacking, the UK Home office is said to have refused, claiming: “The United Kingdom believes that this could jeopardise our sovereignty, security and public order.”
According to the Belgian newspaper De Standaard, the prosecutor’s office regarded the response as “exceptional between EU states, and something that could lead to a diplomatic incident”.
Sophia in ’t Veld, a member of the European parliament’s committee on civil liberties, justice and home affairs, tweeted in response to the media report: “Remarkable attitude towards other European countries, pre or post Brexit.”
The Belgian prime minister, Charles Michel, declined to comment.
The GCHQ operation, if proven, would be the first documented example of an EU member state covertly hacking into the critical infrastructure of another.
The Belgian investigation into the alleged hacking was launched in response to claims made by the National Security Agency whistleblower Edward Snowden five years ago when he leaked 20 slides exposing GCHQ’s hacking targets, which included Belgacom, now known as Proximus.
Codenamed Trinity, the Belgian inquiry found evidence of hackers swiftly covering their tracks following Snowden’s leaks but also unambiguous evidence of the British intelligence services’s involvement, it is alleged.
The investigation discovered spy software installed remotely on Belgacom’s computers from three internet protocol addresses registered in the UK to front companies. When Belgian investigators approached GCHQ for help in identifying those behind the IP addresses, it declined to cooperate.
The spies, working under the codename Operation Socialist, were said to have targeted the computers of Belgacom employees working in security and maintenance through the use of fake LinkedIn messages.
There was a particular focus on the Belgian company’s subsidiary unit, Belgacom International Carrier Services, which handles phone and data traffic in Africa and the Middle East. It was reported that the British espionage operation was also seeking to target communications made between roaming smartphones.
The interception could have also provided access to communications at Nato headquarters in Brussels and at key European institutions including the European commission, European parliament, and the European council.
The prosecutor’s report is said to have concluded that there was not enough evidence to prosecute any individual.
The Belgian prime minister at the time of the alleged hacking, Elio di Rupo, promised to take “the appropriate steps” if the high-level involvement of a foreign country was confirmed.
The Belgian government, a majority shareholder in the telecoms company, has spent €50m (£44m) on improving its security after the hacking scandal.
A GCHQ spokesman declined to comment.