​Snowden docs reveal mass cell phone hack through ‘Great SIM Heist’

19 Feb, 2015 21:48 / Updated 10 years ago

Top secret documents previously provided by former NSA contractor Edward Snowden have revealed that the US and Britain broke into the network of the world’s largest SIM card maker to compromise global communications.

According to the documents obtained by The Intercept, the online news magazine founded by Snowden collaborator Glenn Greenwald, the US National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ), stole the encryption keys used to secure voice calls and texts from Gemalto, the largest manufacturer of SIM cards in the world.

Two billion SIM cards are made annually by Gemalto. They are used by 450 wireless network providers around the world, including AT&T, T-Mobile, Verizon and Sprint, subsequently effecting the bulk of the world’s telephonic communications. Gemalto has headquarters around the globe, including a US office in Texas, but is incorporated in the Netherlands and traded on the Eurolist.

By compromising the company’s internal computer network and stealing valuable encryption keys, the NSA and GCHQ have been able to render as useless the security measures used to protect communications sent through hundreds of networks the world over.

NSA/GCHQ hack empowered them "to secretly monitor a large portion of the world’s cellular communications, including both voice and data."

— Glenn Greenwald (@ggreenwald) February 19, 2015

According to Jeremy Scahill and Josh Begley at The Intercept, classified files supplied by Snowden, including one GCHQ document from 2010 in particular, show how US and UK intelligence together conspired to compromise the SIM card maker.

One slide contained in the document showed that the GCHQ got inside of the manufacturer’s network, then stealthily installed malware that is believed to have opened up access to the SIM card maker’s entire computer system.

By possessing a copy of the encryption keys, US and UK intelligence agencies are believed to be able to crack into any affected communication, allowing authorities to eavesdrop internationally and on a mass scale without serving search warrants to local telecoms or requesting assistance from host countries.

“Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian, the principal technologist for the American Civil Liberties Union, told the magazine.

Classified documents supplied by Snowden earlier revealed how the NSA compels American telecoms to hand over millions of call records through a secret court order, along with other offensive operations that have targeted the communications of foreign leaders and some state-owned energy companies, including Brazil’s Petrobras.

Earlier this week, researchers at Kaspersky Labs in Russia said they had identified a sophisticated group of hackers that have successfully been able to target computer systems in dozens of countries using malware and tactics not unlike those previously attributed to the NSA. A former employee of the US agency confirmed the authenticity of the allegations and suggested that the NSA has, in fact, been able to infiltrate the firmware that runs on hard drives installed in computers worldwide.

We “believe we have their entire network,” the spies boasted in a PowerPoint presentation about the operation against Gemalto.

— Kim Zetter (@KimZetter) February 19, 2015

Security experts say they are appalled to hear of what Scahill and Begley dubbed “The Great SIM Heist,” and Gemalto officials say they were completely unaware of the intrusion until tipped off by The Intercept.

Security engineer Tony Arcieri wrote on Twitter that the revelation was “Bad news for anyone with a Gemalto SIM card” — which may be in the billions given the company’s output.

Soghoian of the ACLU added that “The news of this key theft will send a shock wave through the security community,” and Paul Beverly, an executive vice president at Gemalto, told the website he is “disturbed” over the revelations.

“The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers,” Beverly said.

The Intercept journalists acknowledged that the revelations contrast heavily with remarks made by US President Barack Obama in 2014, well after the first Snowden disclosures concerning surveillance had already damaged America’s reputation.

“The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures,” Obama said at the time, the Intercept reported.

Last month, the White House’s own Privacy and Civil Liberties Oversight Board said in report that, despite the Obama administration previously accepting nearly all of the 22 recommendations made by the group with regards to intelligence gathering reform, only one suggestion has been fully implemented.