VPN Articles and News

NSA And GCHQ Hacked SIM Card Encryption Keys

By
Sunday, July 19th, 2015


Just when we thought that the surveillance methods used by the American intelligence agency NSA couldn’t get any worse, Edward Snowden has dropped yet another bombshell. As per a new set of documents released by the former NSA contractor turned whistleblower, NSA and British spy agency GCHQ reportedly hacked into the computer network of the Dutch company Gemalto, one of the largest SIM card manufacturers in the world; and stole encryption keys that are used to activate and encrypt cellular communications across the globe.

The breach apparently happened in 2010 and its details were contained in a secret document published by GCHQ. Every SIM card contains a secret encryption key (known as “Ki”) that is embedded into it at the time of manufacturing. The encryption key information is also passed on to mobile carriers so that they can identify a particular SIM card (and thus the phone number and the user) from other phone numbers that are trying to connect to the network. The Ki key is an extremely important component of all the mobile communications since it helps to activate SIM cards, establish connections with network service providers as well as encrypt voice, text and internet communications. While it is easy for the spy agencies to intercept mobile communications, it is far more difficult to decrypt them. That’s because all mobile communications can only be unlocked by providing the encryption key associated with the respective SIM cards. By stealing the secret encryption keys associated with SIM cards, NSA and GCHQ could not only monitor global mobile communications without requiring a warrant or prior approval from the lawmakers or telecom companies, they could do so without leaving any kind of trace behind.

The hack also made it possible to decrypt communications that were intercepted in the past but were not yet decrypted. Before hacking into Gemalto’s computer systems, NSA and GCHQ allegedly spied on the company’s employees. The spy agencies not only monitored the private communications of Gemalto’s staff, they also hacked into their social networking and email accounts in order to learn how to get the information that they were seeking. Gemalto was reportedly not aware of the hack before the story appeared on the web. The company’s Vice President Paul Beverly said that he was shocked to learn about the breach and the spying of the employees. He also added that the first priority for the company was to find out how exactly the hack was carried out as well as the scale of the data breach so that such events don’t recur in the future. He also said that the company was trying to establish the ramifications of the event on the customers as well as trying to ensure that there is no impact on the operations of the telecom services from around the world.

Both the NSA and GCHQ have not commented so far on the allegations made by Snowden. Through their actions, the spy agencies have probably broken communication and privacy laws of many countries from around the world. The scale of the breach is scary since Gemalto also manufactures chips that are embedded into next generation passports and credit cards.


July 19, 2015
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


6 + 6 =