Explosive new Snowden doc: NSA/GCHQ stole vital cellphone encryption keys

New reporting by The Intercept, based on documents leaked by whistleblower, reveals how spy agencies hacked world’s largest SIM card manufacturer

By Jon Queally | Common Dreams

Explosive new reporting by The Intercept published Thursday, based on documents obtained by NSA whistleblower Edward Snowden, reveals how the U.S. spy agency and their British counterpart, the GCHQ, worked together in order to hack into the computer systems of the world’s largest manufacturer of cell phone SIM cards – giving government spies access to highly-guarded encryption codes and unparalleled abilities to monitor the global communications of those with phones using the cards.

Following its publication, journalist Glenn Greenwald called it “one of the biggest Snowden stories yet.”

According to fellow journalists Jeremy Scahill and Josh Begley, who did the reporting on the top-secret documents and detail the implications of the program, the target of the government hacking operation was a company called Gemalto, based in the Netherlands, which makes SIM cards for some of the best known makers of cell phones and other portable electronic products, including AT&T, T-Mobile, Sprint, and hundreds of other global brands. The acronym SIM stands for “subscriber identity module” and is a small intergrated circuit within a phone that is used to authenticate users and relay key information to the network on which the phone is operating.

As Scahill and Begley report:

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Read full article via Common Dreams