Mobile Handset Exploitation Team from NSA and GCHQ Stole SIM Card Encryption Keys
Top-Secret documents reveal American and British spy agencies hacked into the world’s largest SIM card distributor, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to newly leaked documents by ex-NSA contractor Edward Snowden.
In the ongoing leak of National Security Agency documents by ex-NSA employee, Edward Snowden, recently revealed an undisclosed sector of the intelligence agencies had been caught hacking into the largest SIM card manufacturer in the world, essentially stealing the keys to unlocking the worlds mobile communications.
The agencies never before disclosed sector, known as the Mobile Handset Exploitation Team (MHET), was formed in April of 2012, aimed to target vulnerabilities within cellphones. One mission highlighted in MHET’s documentation was to covertly penetrate computer networks of corporations that manufacturer SIM cards, including wireless network providers as well. The exploitation team included agents from both the American NSA and British GCHQ.
Shortly after operatives had stolen encryption keys, the agencies were able to begin monitoring mobile communications without requiring any approval from telecom companies or foreign governments. While the agencies were in the possession of the keys, they could also overstep the need for a government approved warrant or wiretap, allowing them to spy and leave no trace of suspicious activity within wireless provider’s networks. The bulk key theft also enabled the agencies to unlock any previously intercepted and encrypted communications.
Gemalto, the SIM card company the Mobile Handset Exploitation Team targeted did an internal system audit after the whistleblower surfaced the documents, in attempt to try and assess the scope of the breach, but found no results.
Privacy advocates and security experts told journalists the theft of encryption keys is severe. “Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian said, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”
When journalists asked if Gemalto had ever had a government request for Gemalto-manufactured encryption keys from the NSA or GCHQ, the company said to the best of their knowledge, no.
Housed inside the leaked GCHQ document, one slide shows the British intelligence agency penetrated the company’s internal networks, including planting malware on machines giving GCHQ front line access. We “believe we have their entire network,” the leaked slide boasts in their operation against Gemalto.
The agency targeted a number of unnamed cellular companies’ core networks, giving them access to employee machines, alongside giving additional access to customer and network engineering information. The British intelligence agency also had access to billing servers, to help suppress charges for customers the agency was targeting. The GCHQ also broke into the “authentication servers,” allowing the agency to decrypt data and voice communications between targeted individuals.
To further their amass of cellular data collection, one document reveals the agencies accessed the email and Facebook accounts of engineers and employees of other telecom corporations and SIM card manufactures to secretly obtain insider information that could give the agencies access to millions of encryption keys.
GCHQ secretly cyberstalked Gemalto employees, scouring emails in an effort to find individuals who may have had been in possession of information or had access to the company’s core networks or encryption key generating systems. The agency hoped to intercept files containing the keys as they were in transit between Gemalto and their wireless network provider.
Documents reveal that GCHQ targeted key individuals by their positions within Gemalto by digging into their emails. Documents reference zeroing in on certain Gemalto employee’s the agency believed was in the hands of potentially valuable information.
The intelligence agencies cyberstalking operations were not limited to Gemalto, operatives wrote scripts allowing the agency to mine private communication information for employee’s related to other massive telecommunication and SIM card companies, in effort the steal secret keys to mobile customers. Secret operatives “developed a methodology for intercepting these keys as they are transferred between various network operators and SIM card providers.” Later the GCHQ developed “an automated technique with the aim of increasing the volume of keys that can be harvested.”
The breach of Gemalto’s networks by intelligence agencies could far-exceed expectations, reaching a global impact. The company is a global leader in digital security, producing banking cards, mobile payment systems, two-factor authentication devices used for online security, hardware tokens used for securing buildings and offices, electronic passports and identification cards. They also provide chips to Vodafone located in Europe, along with several other telecoms around the world.
Gemalto chips are used worldwide in a number of nations. The company’s security technology is utilized in more than 3,000 financial institutions and 80 government organizations currently. Clients list among Visa, Mastercard, American Express, JP Morgan Chase and Barclays. The company also provides chips for luxury car manufactures, including those of Audi and BMW.
The only way for individuals to protect themselves against the SIM key theft is to rely on secure communication software, rather than SIM card-based technology. Software and solutions exists but have easy loopholes if the government can install hardware surveillance tools, allowing them to overhear, record or analyze several scenarios.
Security experts say we need to stop relying on phone companies to provide a secure method of transmitting communication. Meaning we need to take action and build other secure infrastructures.