In the latest installment of the Snowden files, it has emerged that the UK’s Government Communication Headquarters cyber spy agency and its stateside counterpart, the National Security Agency have managed to steal encryption keys used in SIM cards from Gemalto used by billions of mobile phone users.
The Netherlands-registered company makes up to two billion SIM cards a year and claims over 450 telcos as its clients.
According to an article by Jeremy Scahill and Josh Begley in the Intercept entitled the Great SIM Heist, GCHQ hacked Gemalto employees’ email accounts and in many cases found that encryption keys were emailed to telcos with simple to break encryption or even with no encryption at all.
A SIM card encryption key would allow spy agencies to listen in on conversations or data streams without the need for a court order and without leaving any trace of the interception in the network logs.
Most telcos have outsourced this tedious task of personalising SIM cards to companies such as Gemalto, which then gives the telcos the SIM cards and the corresponding keys to enter into their network.
The leaked GCHQ slide from 2010 showed that the UK spy agency had implanted software on several machines in Gemalto’s network and that they had access to their entire network.
GCHQ also had control over several telcos’ core network and billing systems, the latter being used to suppress activities that may have shown up during operations.
In April 2010, the NSA and the GCHQ jointly established its Mobile Handset Exploitation Team (MHET) to target cell phones and the computer networks of both SIM manufacturers and telcos.
The Intercept wrote about one case in particular in which GCHQ used the X-KEYSCORE mass email interception system to target a Gemalto employee in Thailand because he was sending encrypted email. The article noted that there was no suggestion that the PGP encryption was broken.
The article noted that when contacted, Gemalto was oblivious to the infiltration outlined in the GCHQ slides. However Scahill later pointed out that, “Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel,” pouring doubt on its innocence in the matter.
A 2009 NSA document cited said that the GCHQ had assigned scores to individual email addresses in telecoms firms across the world based on how often they mentioned certain technical terms. Huawei employees were often given the highest scores followed by Ericsson and Nokia.
Personal Facebook usernames and passwords of Gemalto employees were acquired by GCHQ operatives.
In other words, the US and UK spies were focusing their efforts on innocent, technical engineers with no connection to terrorism just because they were a means to an end. Barack Obama’s claim that intelligence agencies were not spying on normal people who do not pose a threat to national security was obviously a lie.
TelecomAsia asked a dozen telecom operators across the region to ask how they were responding to the Gemalto GCHQ hack and only Telenor Myanmar was able to give a definitive reply that they did not use Gemalto SIM cards on their network.
Thailand’s AIS had recently issued a press release with Gemalto on its NFC-enabled SIM cards for payments. One of its executives responded that AIS uses SIM cards from a number of suppliers, not just Gemalto.
Singapore’s StarHub said, “We are not aware of any breach of privacy for StarHub customers, but we will be working with our SIM card supplier to clarify this matter.”
Both Singtel and Optus said that they were still investigating the matter.
Many others did not get back with an answer in time of going to press.
Gemalto only had a automated reply saying their media contact being on holiday until the 23rd.
Following the report that showed redacted slides and documents, infosec activist and Der Spiegel regular Jacob Applebaum and TheIntercept’s Glenn Greenwald who was the first to break the Edward Snowden story played out an interesting conversation on Twitter as to the rights and wrongs of censoring the names of the GCHQ spies involved in the operation.
Greenwald defended the decision to black out the names identifying the operatives saying that it would not accomplish anything and would only result in low-level people being prosecuted as scapegoats while those giving orders remained above the law.
The great GCHQ SIM heist rounded up a torrid week for security professionals. On Monday the NSA hard drive firmware implant was exposed by Kaspersky Labs that allowed the spy agency control of PCs even across operating system re-installs. Tuesday saw a bug in FreeBSD’s random-number-generator that would have compromised the SSL encryption of many web servers running the operating system; and Wednesday saw the Superfish SSL man-in-the-middle root certificate attack that was pre-loaded onto Lenovo PCs.