NSA and GCHQ Stole Keys to SIM Cards

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

NSA and GCHQ Stole Keys to SIM Cards

Forum: General Discussion

Creator: Enigma2Illusion

Created: 2015-02-20

Updated: 2015-02-25

Enigma2Illusion - 2015-02-20

Synopsis:

According to new documents leaked by Edward Snowden, the NSA and its UK counterpart, Government Communications Headquarters (GCHQ), hacked into the computers of Gemalto, a company that manufactures SIM cards for a large number of carriers around the world. In doing so, the intelligence agencies acquired encryption keys that would allow them to intercept communications from customers of all four major U.S. carriers, along with 450 others around the world.

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mounir IDRASSI - 2015-02-21

This was a shocking news especially in France where Gemalto main R&D center is located alongside card personalization teams. Having huge agencies like NSA/GCHQ perform such hacks is disturbing because they certainly got there hand on many other sensitive information related to ID cards, biometric passports, tenders information, source code and other Gemalto intellectual property. Of course, these information can be valuable for Gemalto US competitors of Gemalto, so such attack can also be seen as economic cyber-attack.

Moreover, the individuals mentioned in the report and targeted by the NSA/GCHQ are easily identifiable internally by Gemalto and its partners even if their names were redacted. This make the attack more personal to them and they feel that their life and privacy have been violated. Knowing that someone in a desk somewhere overseas is writing reports about your life and discussing of ways to breach your privacy with no legal justification is scary and deserves contempt.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigma2Illusion - 2015-02-25

Potential for the NSA's SIM heist could have given it the power to plant spyware on any phone.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigma2Illusion - 2015-02-25

Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys located here.

The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened

The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys

The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally. By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft

In the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack

None of our other products were impacted by this attack

The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.