NSA and GCHQ Steal Keys to SIM Cards

The Intercept has broken a major story about US and UK intelligence agencies hacking into a SIM card manufacturer and stealing encryption keys used to protect the privacy of mobile phone users worldwide; see the full story here. Whistleblower Edward Snowden provided them with a secret 2010 document from GCHQ, the UK’s electronic surveillance agency. Dutch SIM card manufacturer Gemalto is named in the document, which states:

…successfully implanted several machines and believe we have their entire network – TDSD are working the data

Gemalto is the world’s biggest manufacturer of SIM cards, making 2 billion of them every year. The firm provides a variety of encryption-based security solutions to governments, telcos and banks. Gemalto describe themselves as “a world leader in digital security” and their motto is “security to be free”.

The article also reports that:

Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The Intercept also provides some insight into how the hacking took place:

Top-secret GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

I recommend you read the full story for yourself. It makes for fascinating reading for anyone who works in the telecoms sector, describing the infiltration of mobile networks in various countries and naming Telenor, Mobilink, MTN and Belgacom amongst the victims.

This news makes me angry. Whilst the UK and US governments have repeatedly talked about the need for the legal power to intercept communications in order to protect the public from criminals and extremists, there is no legal or moral justification for how these spy agencies have behaved in this instance. The possession of these keys would allow spy agencies to spy on mobile communications, both at home and abroad, without anyone knowing. Moreover, this particular hacking was not aimed at criminals or terrorists. The targets were private companies and their employees, all of whom were going about their lawful business. Western governments have often chided the Chinese government for stealing commercial secrets, but that is exactly what the NSA and GCHQ did when they eavesdropped on the communications of employees of SIM makers, equipment manufacturers and telcos. And where is the court order that permitted them to do that? The US and UK governments have lost any moral high ground that they previously pretended to. And US President Barack Obama has been outed as a baldfaced liar, or an ignorant buffoon, when he said in January 2014:

…people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures…

You work in telcos. These governments have shown they can, and will, spy on you too, just because you work in the communications sector. You need to get angry, and stay angry. Telcos in the private sector have become increasingly robust when standing up to governments and their insatiable desire for surveillance. Yet, at the same time, politicians like Obama call for ever more government control of the communications sector. The public needs a strong, healthy, vibrant and privately-owned communications industry that will serve its customers by opposing government overreach. The public needs people like you, to stand up for them.

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.

Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.

Commsrisk is edited by Eric. Look here for more about Eric's history as editor.
  • The potential for spying on mobile phones gets worse and worse – now researchers say they have worked out how to track the location of Android phones using a malicious app that would only need permission to extrapolate from data on the power drain from the phone’s battery. See: http://arxiv.org/pdf/1502.03182v1.pdf

  • Jonathan Miller

    And I thought it was Mossad we needed to be on the look-out for in this industry.

    (hello Mossad! assuming you are watching!)

  • Mike W

    This has been an interesting development and one watched by a number of us – I wonder if data was compromised from plants that met the GSMA Security Accreditation Standards.