Hmmm... "Good luck with that" is the first answer that comes to mind.
On the other hand, one potential legal solution who go something like this:
- Get Belgacom on your side ;
- Find the person(s) at Belgacom who have been infected through the fake /. site by GCHQ ;
- Sue GCHQ and the UK government in Belgian and UK courts - yes, I think there are some jurisdictions that will hear cases even if their protagonists are out-of-country and Belgium may be one (some Rwanda genocide cases were tried in Belgium if I remember correctly) ;
- Get the case thrown out of court repeatedly all the way to the local equivalent of the Supreme Court ;
- Appeal all the way to the European Court of Human Rights (which is, according to the EU Charter, one step above local Supreme Court);
- Profit! Well, only if the European Court of Human Rights decide that, yes, there is a clear violation of due process and invasion of privacy, etc... Which, in that particular case, seems pretty much open-and-shut at this point.
In other words: this is definitely a case the European EFF should take on immediately, on behalf of /. and the person (and corporations! Belgacom was, after all, the subjectaffected - it will take years and stupendous amounts of money, but, heck that's why Kickstarter is for (I would send money immediately to such a project!).
Try suing in different jurisdictions at the same time - the French governement - in that particular case, is begging for someone to come and kick its butt, Germany also sounds like a prime candidate, as well as some of the Scandinavian countries.
The interesting side of this case is that it could result in a binding ECHR court decision that would force all European governements - not just the UK - to rein in and place GCHQ and others (DGSE anyone?). It would probably take years and a lot more money and a lot more suing to make them all apply this ruliong in their respective jurisdictions, but it would be money well spent (IMHO).
Please don't quote me on this - IANAL even though I play one on /. ;-)