New documents have revealed an extensive campaign by the American National Security Agency (NSA) and British Government Communications Headquarters (GCHQ) to steal and decrypt information from global telecommunications networks. This involved hacking into and monitoring the manufacture of SIM cards that form the backbone of all smartphone communications.
Each modern SIM card contains encryption that prevents third parties from listening in on any transmissions, it also carries the private key to ensure that decrypting the data can only be done by the device with the SIM. By stealing these user keys, both the NSA and GCHQ are able to listen in to any wireless communication; without first filing for a warrant or asking for permission.
Gemalto, a SIM manufacturer that supplies cards to some 450 wireless network providers across the globe, was the main victim of the theft. The company produces some two billion SIM cards a year. The keys were stolen while they were being transferred to the telcos using them, which were moved using FTP. This point of transfer is when the keys are most vulnerable, allowing the spies to harvest several million keys at a time. In fact, the documents also outline how the NSA was capable of processing some 12-22 million keys per second for use against intelligence targets.
Unsuspecting Gemalto employees were put under constant surveillance to discover which of them would most likely have access to the company’s core-systems and encryption key generation. The spy agencies deployed the NSA’s X-KEYSCORE to break into company email of individuals with the necessary information in order to intercept the encryption keys while they were being transferred.
The targeted emails were not only those belonging to Gemalto, but also other electronics manufacturers like Ericsson, Nokia, MTN Irancell, Belgacom, and Huawei. In fact, Huawei – who have often been accused of spying for the Chinese government – had the largest number of emails harvested by the GCHQ.
This theft of secure encryption keys has major implications as it allows the two spy agencies to listen in to secure telecommunications. This not only means voice calls, but also all mobile internet usage like email and chat logs. It also allows the agencies to decrypt communications that had been intercepted at an earlier date.
For users, it is particularly troublesome as most people do not change their SIM cards. Nor are the SIMs designed to stop this kind of behaviour. Gemalto’s Dutch headquarters said that it is not aware of any attack, but is investigating the claims that it was breached.
It should be noted, however, that simply having the encryption keys does not necessarily allow the NSA and GCHQ full access to communications. Australian telco Telstra has said that SIM card encryption is only one of many ways it secures users. The methods also failed to produce results against Pakistani telcos, which the leaked documents note that the networks owned by Mobilink and Telenor now use additional levels of encryption.
[Source: The Intercept]