Online:
Visits:
Stories:
Profile image
By Chelsea Hackett
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

NSA, GCHQ colluded to steal SIM encryption keys for millions of phones

Tuesday, February 24, 2015 13:06
% of readers think this story is Fact. Add your two cents.

(Before It's News)

GCHQ

Edward Snowden’s data trove continues bearing fruit — and the implications of the latest release are dark for anyone who cares even slightly about mobile privacy. According to the once-secret documents, the NSA and its British counterpart, the GCHQ, engaged in a massive operation against one of the world’s largest mobile SIM card manufacturers, Gemalto. To understand the significance of this release it helps to know a bit about how SIMs are used. When you use 3G or 4G connections, the connection between your device and your cell phone carrier is encrypted. That encryption isn’t perfect, but cracking it is still time-consuming, particularly if the goal is to monitor millions of people simultaneously.

Each SIM card has its own unique encryption sequence, known as a “Ki.” Carriers are provided with a copy of each Ki on their networks, which enables them to track and authenticate each device. Cracking the communication between your phone and the network is difficult. If you already have the Ki, however, it’s simple. As The Intercept notes, the SIM card manufacturing and distribution pipeline was never designed to withstand government surveillance attacks.

The scale of the attack against Gemalto has to be read to be believed. The US and British intelligence agencies went after individual employees directly, monitored Facebook accounts, and carefully selected targets for hacking — not because they’d allegedly done anything wrong, but because they were likely to possess information that would facilitate blatantly illegal activity. At the same time, the GCHQ successfully infiltrated Gemalto’s corporate network, stealing additional information and Ki data.

The result? Millions of SIM card keys intended for various countries across the world were leaked to the NSA and GCHQ. Dozens, perhaps hundreds of individuals had their email and social media accounts cracked for the purpose of facilitating further espionage.

The intelligence agencies themselves are firmly insisting that these activities are moral, legal, and valid, but it’s unlikely that targeted countries will agree. Again, the companies and individuals targeted in this manner were not accused, charged, or even suspected of having committed a crime. The sole reason given for such egregious violations is “Well, you had information that we wanted.”

There have always been legal distinctions made between state-sanctioned and unlawful behavior, but the gap between draconian punishments for relatively minor hacking crimes and the dizzying display of government behavior is widening rapidly. As Sophie in’t Veld, a Dutch member of the European Parliament observed, “If you are not a government and you are a student doing this, you will end up in jail for 30 years.”

Gemalto’s security keys and products are used in hundreds of millions of devices, from passports to cell phones. It has huge customers in every first world nation — and according to company executives, was utterly unaware that it had been so thoroughly penetrated by foreign intelligence services. The company is investigating, but securing any international supply chain or network will take time given the scope and nature of the alleged theft. This isn’t the first GCHQ – NSA collaboration, either. The two agencies worked together to gather webcam data on Yahoo users, and the NSA tapped data cables between the US and the United Kingdom in order to tap Google’s internal, encryption-free links.

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.