Edward Snowden is back with one of the biggest revelations about the government's widespread surveillance program.
The US National Security Agency (NSA) and British counterpart Government Communications Headquarters (GCHQ) hacked into the networks of the world's biggest SIM card manufacturer, according to top-secret documents given to The Intercept by former NSA-contractor-turned-whistle blower, Edward Snowden.
OPERATION DAPINO GAMMA
The leaked documents suggests that in a joint operation, the NSA and the GCHQ formed the Mobile Handset Exploitation Team (MHET) in April 2010, and as the name suggests, the unit was built to target vulnerabilities in cellphone.
Under an operation dubbed DAPINO GAMMA, the unit hacked into a Digital security company Gemalto, the largest SIM card manufacturer in the world, and stole SIM Card Encryption Keys that are used to protect the privacy of cellphone communications.
Gemalto, a huge company that operates in 85 countries, creates about 2 Billion SIM cards each year for AT&T, T-Mobile, Verizon, Sprint and about 450 manufacturers worldwide. The SIM card manufacturer giant also produces banking cards, electronic passports, identification cards and other digital security solutions.
HOW DID SPIES HACKED INTO GEMALTO ?
As The Intercept describes, it was a real caper. MHET targeted individual employees in major telecom corporations and SIM card manufacturer companies by accessing their email and Facebook accounts using the NSA's XKeyscore.
XKeyscore surveillance program was designed by the NSA to collect and analyse intercepted data it finds traveling over a network. XKeyscore is powerful enough to be able to pull up more than 20 terabytes of information daily, including emails, chats, social media interactions, and even browsing histories all in real-time, as The Hacker News reported in 2013.
"In effect, GCHQ clandestinely cyber stalked Gemalto employees," the report reads, digging up all information they could find that would lead them back to Gemalto's systems and made it possible to steal large quantities of SIM Card Encryption Keys.
In one case, the report claims, the GCHQ operatives suspiciously targeted a Gemalto employee in Thailand because he was using PGP to encrypt data, who they think "would certainly be a good place to start" for their operation.
The document also noted that some of the companies involved in SIM production didn't take strong measures to protect users’ personal and sensitive data. According to report, "many" SIM card manufacturers sent the encryption keys to wireless network providers with weak encryption methods that can be broken or no encryption at all.
HOW SPY AGENCIES MONITOR YOU MOBILE COMMUNICATION ?
All mobile communications are private because of the encrypted connection between an individual's mobile and the wireless carrier's network. The encryption keys to decrypt that communication is in every phone's SIM card.
These keys basically allow mobile communications – both voice and data – to be decrypted without alerting the users, networks or governments of any activity.
Once stolen, the SIM Card Encryption Keys grants the US and British agents the ability to secretly monitor "a large portion of the world’s cellular communications," both voice calls and data, from 450 wireless network providers without the approval of telecom companies or foreign governments.
HOLY SHIT! MY VOICE AND DATA ARE MONITORED ?
This may have given the spying agencies power to silently and effortlessly eavesdrop on anyone’s communications done over a cellphone without leaving any tell-tale trace.
NSA and its counterpart GCHQ could intercept and decrypt any communications, anytime and anywhere they want. This could make it a lot easier for the agencies to conduct widespread surveillance of wireless communications without getting warrants or asking permission from telecom companies or foreign governments.
HELL OF A HEIST
The breach is devastating for mobile security, which has been targeted a numerous of times. According to the Intercept, it’s hell of a heist. "Gaining access to a database of keys is pretty much game over for cellular encryption," said cryptography specialist Matthew Green.
NSA’s attempt to break into a major corporation and steal private encryption keys that protect hundreds of millions of users worldwide isn't surprising behavior. Because, past two years revelations about the NSA and its allies taught us that they can go to any extent in order to collect data and break or interfere with security on the Internet.
At the beginning of the month, Snowden revealed about the NSA and GCHQ efforts to track and monitor the activities of independent and state-sponsored hackers, some security researchers and news agencies, including The Hacker News, in order to pilfer the stolen data from hackers' archives and to gather information on their targets respectively.
Apart of this, the latest revelation is really a bad news for pretty much everyone around the world having cellphones in their pockets, since it's highly likely that your mobile phone contains a Gemalto-manufactured SIM card, and which means your conversations can be easily monitored.
The revelation is also a bad news for countries, except the U.S. and U.K., since these SIM Card Encryption Keys give them an easy way to spy on foreign countries without asking permission. And last but not the least, it’s really bad news for the biggest SIM card manufacturer Gemalto, as the agencies cyber stalked and hacked its employees to obtain the private encryption keys.