Skip to footer

Edward Snowden: US, British spies hacked cell phone SIM card encryption keys

In the latest revelation to come from NSA whistle-blower Edward Snowden, The Intercept reports that US and British intelligence services hacked into the world’s largest maker of SIM cards used in cell phones and next-generation credit cards.

|
Radius TWC/AP
Edward Snowden, left, appears with Glenn Greenwald in a scene from "Citizenfour," a documentary about Snowden's leak of NSA documents. The film is nominated for an Oscar for documentary feature.

The US National Security Agency (NSA) and Great Britain’s Government Communications Headquarters (GCHQ) hacked into the world's largest SIM card manufacturer, stealing encryption information, according to documents released by whistle-blower Edward Snowden and reported by The Intercept Thursday.

This gave the agencies the ability to secretly monitor a large portion of the world’s cellular communications, including both voice and data, according to The Intercept report, “The Great SIM heist.”

“With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments,” the report asserts. “Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.”

Gemalto, the Netherlands-based company allegedly targeted, produces some 2 billion SIM (subscriber identity modules) cards a year used in mobile phones and next-generation credit cards.

Among its clients are AT&T, T-Mobile, Verizon, Sprint, and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas, and it has a large factory in Pennsylvania, according to The Intercept report.

“As part of the covert operations against Gemalto, spies from GCHQ – with support from the NSA – mined the private communications of unwitting engineers and other company employees in multiple countries,” the report states.

The full impact of this latest revelation about the NSA may never be known. But if Snowden’s latest claim as reported by The Intercept is true, it raises questions about the security of cell phone voice and data communications around the world.

“The breach is disastrous for mobile security, which has historically already been on shaky ground,” writes T.C. Sottek, senior news editor at The Verge, a technology news and media network.

“Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian, principal technologist for the American Civil Liberties Union, told The Intercept. “The news of this key theft will send a shock wave through the security community.”

Officials at Gemalto say they knew nothing about the security breach until the company was contacted by The Intercept. After ordering its security team to look for signs of a breach on Wednesday, it found none, company officials told thenextweb.com.

“I’m disturbed, quite concerned that this has happened,” said Paul Beverly, an executive vice president at Gemalto. “What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”

In a major speech on NSA data collection programs in January 2014, President Obama talked about the balance between national security and privacy rights. His mention of Edward Snowden was brief.

“I’m not going to dwell on Mr. Snowden’s actions or his motivations,” the president said. “I will say that our nation’s defense depends in part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy. Moreover, the sensational way in which these disclosures have come out has often shed more heat than light, while revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.”

This latest revelation comes on the heels of a new report by Russian research firm Kaspersky Lab, which says the US has found a way to hide spyware in almost any hard drive built by the world’s top computer manufacturers.

Five hundred infections in more 30 countries have been documented by the Moscow-based lab, with the highest levels of infection reported in Iran, Russia, Pakistan, and Afghanistan, the Monitor’s Jessica Mendoza reported this week. Manufacturers Western Digital Technologies, Samsung Electronics, and Seagate Technology are among the top brand names affected worldwide.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Edward Snowden: US, British spies hacked cell phone SIM card encryption keys
Read this article in
https://www.csmonitor.com/USA/USA-Update/2015/0219/Edward-Snowden-US-British-spies-hacked-cell-phone-SIM-card-encryption-keys
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe