December 8, 2014

Chuck Bednar for redOrbit.com Your Universe Online

US National Security Agency (NSA) employees spent years monitoring domestic and international companies to find security vulnerabilities that could be exploited for surveillance purposes, according to new reports originating from documents obtained by former NSA contractor Edward Snowden.

Ryan Gallagher of The Intercept, who first broke the story, said that the program was codenamed Auroragold and also detailed how the agency planned to secretly introduce new flaws into communication systems that it could tap into but which experts said would also have made the general public more susceptible to hackers in the process.

The covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks, Gallagher said.

One high-profile surveillance target is the GSM Association (GSMA), an influential UK-headquartered trade group that works closely with large US-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies, he added.

CNET technology columnist Don Reisinger said the NSA targeted IR.21 documents, which highlight new technologies and encryption methods used by mobile carriers, and Chris Johnston of The Guardian said that the documents reveal that the agency targeted meetings held by the trade association.

Cryptographer and cellphone security expert Karsten Nohl told Gallagher that information contained in the Auroragold documents provide hints that the volume and broad scope of data collected as part of the operation suggests the intent was to make sure that the overwhelming majority of mobile networks worldwide were NSA accessible.

Collecting an inventory [like this] on world networks has big ramifications, Nohl said, because it allows the agency to monitor and work around improvements in encryption technology cell providers utilize to protect calls and text messages from eavesdropping.

He added that evidence suggesting the NSA was deliberately attempting to weaken mobile communication infrastructure was especially alarming, since those vulnerabilities could be exploited by anyone, not just the NSA. The files also reveal that the NSA basically had unfettered access to the infrastructure of roughly 700 global wireless carriers as of May 2012, Engadgets Chris Velazco added.

Originally posted here:

NSA Accused Of Spying On Cellphone Carriers To Find Security Exploits