NSA

U.S., British Spy Agencies Hacked Their Way Into Accessing Smartphone Encryption Keys

The latest Snowden bombshell is about your SIM card.

|

The latest revelation from Edward Snowden's document dumps appears to be a doozy: The National Security Agency (NSA) and England's Government Communications Headquarters (GCHQ) teamed up in 2009 and 2010 to hack its way into a company most have never heard of: Gemalto. The Amsterda

Who needs a back door when you've stolen the keys?
Credit: andrewlih / photo on flickr

m-based company manufactures SIM cards, essentially the key to your smartphone. Through this breach, the two spy agencies were able to harvest millions of encryption keys to those SIM cards, meaning the two spy agencies were able to simply access some information on those phones without having to ask for assistance from telecom companies or with the users' permission or knowledge.

Jeremy Scahill and Josh Begley have a massive piece over at The Intercept explaining how it all works:

After a SIM card is manufactured, the encryption key, known as a "Ki," is burned directly onto the chip. A copy of the key is also given to the cellular provider, allowing its network to recognize an individual's phone. In order for the phone to be able to connect to the wireless carriers' network, the phone — with the help of the SIM — authenticates itself using the Ki that has been programmed onto the SIM. The phone conducts a secret "handshake" that validates that the Ki on the SIM matches the Ki held by the mobile company. Once that happens, the communications between the phone and the network are encrypted. Even if GCHQ or the NSA were to intercept the phone signals as they are transmitted through the air, the intercepted data would be a garbled mess. Decrypting it can be challenging and time-consuming. Stealing the keys, on the other hand, is beautifully simple, from the intelligence agencies' point of view, as the pipeline for producing and distributing SIM cards was never designed to thwart mass surveillance efforts.

So remember how we were all promised that nobody was reading the e-mails of people who weren't suspected of terrorism? A lie. Not that anybody believed them anyway. They used the e-mails of Gemalto employees to try to find information that would help them know who to target to get into Gemalto's network and get access to information about the encryption keys:

In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company's core networks and Ki-generating systems. The intelligence agency's goal was to find information that would aid in breaching Gemalto's systems, making it possible to steal large quantities of encryption keys. The agency hoped to intercept the files containing the keys as they were transmitted between Gemalto and its wireless network provider customers.

The GCHQ documents only contain statistics for three months of encryption key theft in 2010. During this period, millions of keys were harvested. The documents stated explicitly that GCHQ had already created a constantly evolving automated process for bulk harvesting of keys. They describe active operations targeting Gemalto's personalization centers across the globe, as well as other major SIM card manufacturers and the private communications of their employees.

The NSA didn't respond to the story and the GCHQ apparently gave its boilerplate version of "We can't comment on the specific things we do but let us assure you it's all totally legal." Some political leaders in Holland are not happy with the news that a major business within their borders was targeted for hacking from countries they see as allies:

It is unlikely that GCHQ's pronouncement about the legality of its operations will be universally embraced in Europe. "It is governments massively engaging in illegal activities," says Sophie in't Veld, a Dutch member of the European Parliament. "If you are not a government and you are a student doing this, you will end up in jail for 30 years." Veld, who chaired the European Parliament's recent inquiry into mass surveillance exposed by Snowden, told The Intercept: "The secret services are just behaving like cowboys. Governments are behaving like cowboys and nobody is holding them to account."

Read the whole sordid story here. Among Gemalto's clients are all the major U.S. telecom providers and hundreds of others. And according to The Intercept, Gemalto had no idea they had been breached, and as of this report, which just went up this afternoon, they still don't know how it happened.

NEXT: "Limited airborne transmission of Ebola is 'very likely,'" new study says

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Governments are behaving like cowboys and nobody is holding them to account.

    Hey now… that’s pretty unfair to cowboys.

    1. I would go so far as to say even the bandits in those days had higher moral standards than these folks.

  2. So remember how we were all promised that nobody was reading the e-mails of people who weren’t suspected of terrorism? A lie. Not that anybody believed them anyway. They used the e-mails of Gemalto employees…

    See also Belgacom.

  3. Where did I put my shocked emoji..

    1. Right next to Jack’s raging bile duct.

  4. So we’ve basically reached the point where the already-fictional “rule of law” is being blatantly ignored…as long as you’re the government or a government employee. The laws don’t apply to them, but of course they do to the rest of us. They’re flat out admitting that they can do anything at all that they want and if we don’t like it?

    Fuck You That’s Why.

    This is all government ever becomes. Enjoy it, because it will never stop.

    1. And the citizens don’t really seem to care too much. /flips to another channel

      1. Which reinforces my main rule of freedom:

        You’re only as free as the average person is aware.

        1. That’s very Rawlsian. Something like “you are only as free as the most oppressed person in society”. nice.

          1. Yes. And in a practical sense, when the average level of political awareness decreases, politicians are quick to seize the initiative, and move to increase their own power by restricting freedom.

            By our disinterest, we have given them almost all the power we used to wield.

      2. And, to add to that, a large fraction of those who ostensibly care refuse to associate any culpability whatsoever with this current administration, its continuation and expansion of such policies, and its utter unwillingness to prosecute the Constitutional and legal violations thereof.

        God, I’m so fucking sick and tired of hearing “but Bush!”

        1. you sound like a ChristFag

          /shriek

        2. Imagine that from 1932-53 all you heard was “But Hoover….”. 20 f’n years of blaming your incompetence on the other guy.

          1. Well, you shouldn’t have repealed and reinstated Hoover’s programs!

  5. Well, crap. I’ve been tasked to do research on a products produced by a subsidiarity of Gemalto based on their security strength. I guess I’m going to be doing a lot of research to answer questions about this.

  6. Dear mobile phone manufacturers and carriers,
    Please implement perfect forward secrecy using on-demand generated keys on phones.

    Thank you!
    Potential Whistleblowers Worldwide

  7. And according to The Intercept, Gemalto had no idea they had been breached, and as of this report, which just went up this afternoon, they still don’t know how it happened.

    I think they have a good idea.

    In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company’s core networks and Ki-generating systems. The intelligence agency’s goal was to find information that would aid in breaching Gemalto’s systems, making it possible to steal large quantities of encryption keys.

    Pretty simple … ID the individuals that would be most useful, find the skeletons in their closets, make them an offer they can’t refuse.

  8. Once again, we owe a huge debt of gratitude to Ed Snowden, for having the balls to come forward with this.

    Thanks Ed. I for one am glad that I know what these conniving bastards are up to.

  9. This seems like the biggest revelation yet that Snowden has released.

    If an individual, corporation, or foreign government had performed this hack, it would be considered a massive crime.

    These agencies are truly lawless. They put themselves above and outside the law. What court could try them?

    Snowden is a hero. Hopefully he is the first in a new generation of “Founding Fathers”, who put everything on the line to throw off tyranny and start anew.

  10. Son zamanlarda yapilan ?al?smalarda; anne s?t?nun en agresif beyin tumoru hucrelerini oldurdugu, saglam dokulara ise zarar vermedigi ortaya cikti. Ayrica ananas ve yesil cayin da koruyucu etkisi kanitlandi

Please to post comments

Comments are closed.