Daily Archives: February 20, 2015

WASHINGTON -- Britain's electronic spying agency, in cooperation with the U.S. National Security Agency, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden.

A story about the documents posted Thursday on the website The Intercept offered no details on how the intelligence agencies employed the eavesdropping capability -- providing no evidence, for example, that they misused it to spy on people who weren't valid intelligence targets. But the surreptitious operation against the world's largest manufacturer of mobile phone data chips is bound to stoke anger around the world. It fuels an impression that the NSA and its British counterpart will do whatever they deem necessary to further their surveillance prowess, even if it means stealing information from law-abiding Western companies.

The targeted company, Netherlands-based Gemalto, makes "subscriber identity modules," or SIM cards, used in mobile phones and credit cards. One of the company's three global headquarters is in Austin, Texas. Its clients include AT&T, T-Mobile, Verizon and Sprint, the Intercept reported.

The Intercept offered no evidence of any eavesdropping against American customers of those providers, and company officials told the website they had no idea their networks had been penetrated. Experts called it a major compromise of mobile phone security.

The NSA did not immediately respond to a request for comment. In the past, former agency officials have defended using extra-legal techniques to further surveillance capabilities, saying the U.S. needs to be able to eavesdrop on terrorists and U.S. adversaries who communicate on the same networks as everyone else. The NSA, like the CIA, breaks the espionage and hacking laws of other countries to get information that helps American interests.

Still, the methods in this case may prove controversial, as did earlier Snowden revelations that the NSA was hacking transmissions among Google's data centers. The Intercept reported that British government hackers targeted Gemalto engineers around the world much as the U.S. often accuses Chinese government hackers of targeting Western companies -- stealing credentials that got the hackers into the company's networks. Once inside, the British spies stole encryption keys that allow them to decode the data that passes between mobile phones and cell towers. That allows them to ungarble calls, texts or emails intercepted out of the air.

At one point in June 2010, Britain's Government Communications Headquarters, or GCHQ, as its signals intelligence agency is known, intercepted nearly 300,000 keys for mobile phone users in Somalia, The Intercept reported. "Somali providers are not on GCHQ's list of interest," the document noted, according to the Intercept. "(H)owever, this was usefully shared with NSA."

Earlier in 2010, GCHQ successfully intercepted keys used by wireless network providers in Iran, Afghanistan, Yemen, India, Serbia, Iceland and Tajikistan, according to the documents provided to The Intercept. But the agency noted trouble breaking into Pakistan networks.

Read the original:
NSA helped British steal cellphone codes

The NSA could be able to listen in on your lols.

Christian Rivera

In a new report on some of the confidential documents leaked by former NSA contractor Edward Snowden, The Intercept wrote that operatives from both the National Security Administration (NSA) and the British Government Communications Headquarters (GCHQ) joined forces in April 2010 to crack mobile phone encryption. The Mobile Handset Exploitation Team (MHET) succeeded in stealing untold numbers of encryption keys from SIM card makers and mobile networks, specifically Dutch SIM card maker Gemalto, one ofthe largest SIM manufacturers in the world. Gemalto produces 2 billion SIM cards a year, which are used all over the world.

Although the SIM card in a cell phone was originally usedto verify billing to mobile phone users, today a SIM also stores the encryption keys that protect a user's voice, text, and data-based communications and make them difficult for spies to listen in on. The mobile carrier holds the corresponding key that allows the phone to connect to the mobile carrier's network. Each SIM card is manufactured with an encryption key (called a Ki) that is physically burned into the chip. When you go to use the phone, it conducts a secret 'handshake' that validates that the Ki on the SIM matches the Ki held by the mobile company, The Intercept explains. Once that happens, the communications between the phone and the network are encrypted.

To steal the SIM encryption keys, MHET exploited a weakness in SIM manufacturers' business routinethat SIM card manufacturers tend to deliver the corresponding Kis to mobile carriers via e-mail or File Transfer Protocol. By doing basic cyberstalking of Gemalto employees, the NSA and GCHQ were able to pilfer millions of SIM Kis, which have a slow turnover rate (your phone's Ki will likely remain the same as long as you keep the SIM in the phone) and can be used to decrypt data that has been stored for months or even years.

Gemalto not only makes SIM cards, but it also makes chips that are placed into EMV credit cards as well as the chips built into next-generation United States passports. Paul Beverly, a Gemalto executive vice president, told The Intercept that the company's security team began an audit on Wednesday and could find no evidence of the hacks. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesnt happen again, and also to make sure that theres no impact on the telecom operators that we have served in a very trusted manner for many years, Beverly said. Gemalto's clients include hundreds of wireless networks around the world, including all four major carriers in the US.

According to the documents procured by The Intercept, MHET was able to use the NSA's XKeyscore to mine the e-mail accounts and Facebook profiles of engineers at major telecom companies and SIM card manufacturing companies, looking for clues that would get them into the SIM Ki trove. (XKeyscore is a program designed by the NSA to reassemble and analyse the data packets it finds traveling over a network. XKeyscore is powerful enough to be able to pull up the full content of users' Web browser sessions, and it can even generate a full replay of a network session between two Internet addresses, as Ars reported in 2013.) Eventually, MHET learned enough to be able to plant malware on several of Gemalto's internal servers.

In the course of trying to break into Gemalto's internal network, the NSA and GCHQ looked for employees using encryption as preferred targets. The spy agencies also expanded their surveillance to include mobile phone companies and networks, as well as other SIM manufacturers. The Intercept explained:

In one instance, GCHQ zeroed in on a Gemalto employee in Thailand who they observed sending PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto operations, he would certainly be a good place to start. They did not claim to have decrypted the employees communications, but noted that the use of PGP could mean the contents were potentially valuable.

View original post here:
SIM card makers hacked by NSA and GCHQ leaving cell networks wide open