The Great Sim Heist- How Spies Stole The Keys To The Encryption Castle

A few days ago I read that a Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever, and today I stumbled upon another doozie...

firstlook.org

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

Ohh, thanks for protecting my freedom by stealing all the encryption keys before a dangerous government thought of doing it!!!

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

Doesn't matter where you live...

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

I want to say I am shocked, but there have been so many US spying revelations in the past few years I'm starting to become desensitized to it all. But seriously, this new world where we use Parallel Construction (wiki) to build a case against criminals because the government is doing illegal things to catch criminals is kind of depressing to me... I don't really see any moral high ground anymore.

And sadly, once again the US government sends the message that privacy is not allowed anymore (citizen of not).



Beware that, when fighting monsters, you yourself do not become a monster... for when you gaze long into the abyss. The abyss gazes also into you. --Friedrich Nietzsche

Im kind of schocked this has had no replies...
Anyway S+F and BUMP

originally posted by: funkadeliaaaa
Im kind of schocked this has had no replies...
Anyway S+F and

BUMP

Thanks!

Found an update from Gemalto company...

The publication indicates the target was not Gemalto per se - it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.

Another update: Gemalto presents the findings of its investigations (gemalto.com)

The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened

The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys

Unfortunately I am hesitant to believe them, I can not tell if it is corporate damage control or the truth...

I am curious as to what other ATS folks think.