Feb 19, 2015
Explosive new reporting by The Intercept published Thursday, based on documents obtained by NSA whistleblower Edward Snowden, reveals how the U.S. spy agency and their British counterpart, the GCHQ, worked together in order to hack into the computer systems of the world's largest manufacturer of cell phone SIM cards - giving government spies access to highly-guarded encryption codes and unparalleled abilities to monitor the global communications of those with phones using the cards.
Following its publication, journalist Glenn Greenwald called it "one of the biggest Snowden stories yet."
According to fellow journalists Jeremy Scahill and Josh Begley, who did the reporting on the top-secret documents and detail the implications of the program, the target of the government hacking operation was a company called Gemalto, based in the Netherlands, which makes SIM cards for some of the best known makers of cell phones and other portable electronic products, including AT&T, T-Mobile, Sprint, and hundreds of other global brands. The acronym SIM stands for "subscriber identity module" and is a small intergrated circuit within a phone that is used to authenticate users and relay key information to the network on which the phone is operating.
As Scahill and Begley report:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
As part of the covert operations against Gemalto, spies from GCHQ -- with support from the NSA -- mined the private communications of unwitting engineers and other company employees in multiple countries.
In a series of tweets, both Scahill and Greenwald offered context for the latest reporting:
\u201cThe NSA & GCHQ covertly stole millions of encryption keys used to protect your mobile phone communications: https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424374329
\u201cThis is basically what the NSA & GCHQ are doing to cell phone "privacy" https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375245
\u201cRemember how Obama says NSA only monitors private comms of bad guys? Yeah, that's BS. They cyberstalk engineers https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375489
\u201c"People were specifically hunted & targeted by intel agencies, not b/c they did anything wrong, but b/c they could be used" -- @csoghoian\u201d— jeremy scahill (@jeremy scahill) 1424375838
\u201cThis top secret document is so damn creepy. Look at how they spied on innocent people working for a SIM card company https://t.co/vtyWP9ed1o\u201d— jeremy scahill (@jeremy scahill) 1424376167
For its part, Gemalto told The Intercept it was totally unaware of the security breach or that the encryption keys to any of its cards had been compromised. In fact, after being reached for comment on the operation, Gemalto directed its own security team to investigate the situation, but told the journalists they could find no trace of the hack. However, according to the top-secret document detailing the program leaked by Snowden, an operative with the NSA boasted, "[We] believe we have their entire network."
Technology experts who spoke with Scahill and Begley said the theft of the encryption keys was highly troubling. Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said the idea that the NSA has stolen these encryption keys "will send a shock wave through the security community."
Told about the program, Gerard Schouw, a member of the Dutch Parliament, said the revelation was "unbelievable." And repeated: "Unbelievable."
According to The Intercept:
Last November, the Dutch government amended its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. "We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed," he said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments' intelligence agencies. "I don't believe that he has given his permission for these kind of actions."
The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. "Gaining access to a database of keys is pretty much game over for cellular encryption," says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is "bad news for phone security. Really bad news."
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Explosive new reporting by The Intercept published Thursday, based on documents obtained by NSA whistleblower Edward Snowden, reveals how the U.S. spy agency and their British counterpart, the GCHQ, worked together in order to hack into the computer systems of the world's largest manufacturer of cell phone SIM cards - giving government spies access to highly-guarded encryption codes and unparalleled abilities to monitor the global communications of those with phones using the cards.
Following its publication, journalist Glenn Greenwald called it "one of the biggest Snowden stories yet."
According to fellow journalists Jeremy Scahill and Josh Begley, who did the reporting on the top-secret documents and detail the implications of the program, the target of the government hacking operation was a company called Gemalto, based in the Netherlands, which makes SIM cards for some of the best known makers of cell phones and other portable electronic products, including AT&T, T-Mobile, Sprint, and hundreds of other global brands. The acronym SIM stands for "subscriber identity module" and is a small intergrated circuit within a phone that is used to authenticate users and relay key information to the network on which the phone is operating.
As Scahill and Begley report:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
As part of the covert operations against Gemalto, spies from GCHQ -- with support from the NSA -- mined the private communications of unwitting engineers and other company employees in multiple countries.
In a series of tweets, both Scahill and Greenwald offered context for the latest reporting:
\u201cThe NSA & GCHQ covertly stole millions of encryption keys used to protect your mobile phone communications: https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424374329
\u201cThis is basically what the NSA & GCHQ are doing to cell phone "privacy" https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375245
\u201cRemember how Obama says NSA only monitors private comms of bad guys? Yeah, that's BS. They cyberstalk engineers https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375489
\u201c"People were specifically hunted & targeted by intel agencies, not b/c they did anything wrong, but b/c they could be used" -- @csoghoian\u201d— jeremy scahill (@jeremy scahill) 1424375838
\u201cThis top secret document is so damn creepy. Look at how they spied on innocent people working for a SIM card company https://t.co/vtyWP9ed1o\u201d— jeremy scahill (@jeremy scahill) 1424376167
For its part, Gemalto told The Intercept it was totally unaware of the security breach or that the encryption keys to any of its cards had been compromised. In fact, after being reached for comment on the operation, Gemalto directed its own security team to investigate the situation, but told the journalists they could find no trace of the hack. However, according to the top-secret document detailing the program leaked by Snowden, an operative with the NSA boasted, "[We] believe we have their entire network."
Technology experts who spoke with Scahill and Begley said the theft of the encryption keys was highly troubling. Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said the idea that the NSA has stolen these encryption keys "will send a shock wave through the security community."
Told about the program, Gerard Schouw, a member of the Dutch Parliament, said the revelation was "unbelievable." And repeated: "Unbelievable."
According to The Intercept:
Last November, the Dutch government amended its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. "We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed," he said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments' intelligence agencies. "I don't believe that he has given his permission for these kind of actions."
The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. "Gaining access to a database of keys is pretty much game over for cellular encryption," says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is "bad news for phone security. Really bad news."
Explosive new reporting by The Intercept published Thursday, based on documents obtained by NSA whistleblower Edward Snowden, reveals how the U.S. spy agency and their British counterpart, the GCHQ, worked together in order to hack into the computer systems of the world's largest manufacturer of cell phone SIM cards - giving government spies access to highly-guarded encryption codes and unparalleled abilities to monitor the global communications of those with phones using the cards.
Following its publication, journalist Glenn Greenwald called it "one of the biggest Snowden stories yet."
According to fellow journalists Jeremy Scahill and Josh Begley, who did the reporting on the top-secret documents and detail the implications of the program, the target of the government hacking operation was a company called Gemalto, based in the Netherlands, which makes SIM cards for some of the best known makers of cell phones and other portable electronic products, including AT&T, T-Mobile, Sprint, and hundreds of other global brands. The acronym SIM stands for "subscriber identity module" and is a small intergrated circuit within a phone that is used to authenticate users and relay key information to the network on which the phone is operating.
As Scahill and Begley report:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
As part of the covert operations against Gemalto, spies from GCHQ -- with support from the NSA -- mined the private communications of unwitting engineers and other company employees in multiple countries.
In a series of tweets, both Scahill and Greenwald offered context for the latest reporting:
\u201cThe NSA & GCHQ covertly stole millions of encryption keys used to protect your mobile phone communications: https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424374329
\u201cThis is basically what the NSA & GCHQ are doing to cell phone "privacy" https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375245
\u201cRemember how Obama says NSA only monitors private comms of bad guys? Yeah, that's BS. They cyberstalk engineers https://t.co/dVjLuxl4k3\u201d— jeremy scahill (@jeremy scahill) 1424375489
\u201c"People were specifically hunted & targeted by intel agencies, not b/c they did anything wrong, but b/c they could be used" -- @csoghoian\u201d— jeremy scahill (@jeremy scahill) 1424375838
\u201cThis top secret document is so damn creepy. Look at how they spied on innocent people working for a SIM card company https://t.co/vtyWP9ed1o\u201d— jeremy scahill (@jeremy scahill) 1424376167
For its part, Gemalto told The Intercept it was totally unaware of the security breach or that the encryption keys to any of its cards had been compromised. In fact, after being reached for comment on the operation, Gemalto directed its own security team to investigate the situation, but told the journalists they could find no trace of the hack. However, according to the top-secret document detailing the program leaked by Snowden, an operative with the NSA boasted, "[We] believe we have their entire network."
Technology experts who spoke with Scahill and Begley said the theft of the encryption keys was highly troubling. Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said the idea that the NSA has stolen these encryption keys "will send a shock wave through the security community."
Told about the program, Gerard Schouw, a member of the Dutch Parliament, said the revelation was "unbelievable." And repeated: "Unbelievable."
According to The Intercept:
Last November, the Dutch government amended its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. "We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed," he said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments' intelligence agencies. "I don't believe that he has given his permission for these kind of actions."
The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. "Gaining access to a database of keys is pretty much game over for cellular encryption," says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is "bad news for phone security. Really bad news."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.