By Taniya Harwell |Staff Writer|
American and British spies hacked into the network of Gemalto, the largest manufacturer of cellphone SIM cards in the world, according to top-secret documents revealed by National Security Agency (NSA) whistleblower Edward Snowden.
The hack was a joint venture consisting of NSA operatives and its British counterpart Government Communications Headquarters (GCHQ). It gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice activity and data.
It is unknown what the agencies have done with the data.
This information comes from a secret GCHQ document published in The Intercept, an online publication dedicated to NSA coverage from information leaked by Snowden in 2010, according to independent.co.uk
Gemalto, the targeted company, is a Netherlands firm that makes the chips used in mobile phones and next-generation credit cards, according to firstlook.org.
Gemalto supports clients like AT&T, T-Mobile, Verizon, Sprint and over 450 wireless network providers worldwide.
Gemalto executives were completely oblivious of the hack.
“I’m disturbed, quite concerned that this has happened,” said Paul Beverly, Gemalto’s executive vice president stated in The Intercept.
GCHQ also claimed they are able to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions on a person’s cell phone.
The most disturbing piece of information for Gemalto is that GCHQ also penetrated “authentication servers,” allowing them to decrypt data and voice activity between an individual’s phone and their provider’s network, according to firstlook.org.
“The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again,” stated Beverly.
Hacking was not limited to Gemalto; the leaked documents also revealed that the agencies had accessed the e-mails and Facebook accounts of employees of other major telecom corporations and SIM card manufacturers trying to obtain information that could potentially give them access to millions of encryption keys according to The Intercept.
They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private e-mails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google, according to firstlook.org.
Although it is standard policy for the GCHQ not to comment on intelligence matters, officials stated in an e-mail to The Intercept that any work they may have done was “authorized, necessary and proportionate.”
Mobile companies are recommended to support Perfect Forward Secrecy (PFS), a type of encryption used to lessen any damaging effects caused by the theft of encryption keys.
Mobile companies that do not support this software are a target for theft.
The only effective way for individuals to protect themselves is to use secure communications software rather than relying on SIM card-based security, according to The Intercept.