Report claims that British, US agencies tried to get encryption keys for cellphones

February 21, 2015 11:56 am

The goal, the publication
said, was to steal large quantities of keys as they were being
transmitted between Gemalto and its wireless network providers.
The NSA did not immediately respond to a request for comment.
Stealing
the encryption keys makes it possible to eavesdrop on otherwise
encrypted communications without undertaking the more difficult
challenge of cracking the encryption.
It also avoids alerting the wireless company or the person using the phone.

The goal was to steal large quantities of keys as they were being
transmitted between Gemalto and its wireless network providers. Photo /
Thinkstock

and American spy agencies allegedly hacked into a Dutch
company that makes SIM cards to obtain encryption keys used to shield
the cellphone communications of millions of customers around the world,
according to a report in the Intercept.
Citing documents
obtained by former intelligence contractor Edward Snowden, the online
publication reported yesterday that Britain’s GCHQ and the National
Security Agency targeted Gemalto, the world’s largest manufacturer of
SIM cards.
The multinational firm’s clients include AT&T,
T-Mobile, Verizon and Sprint, as well as hundreds of wireless network
providers around the world. It produces 2 billion SIM cards a year, the Intercept reported.
The
cards, which are chips barely larger than a thumbnail, are inserted
into cellphones. Each card stores contacts, text messages, the user’s
phone number and an encryption key to keep the data private.

Gemalto produces the SIM cards for cellphone companies, burns
an encryption key on to each and sends a copy of the key to the provider
so its network can recognise a phone.
According to the Intercept,
GCHQ targeted Gemalto employees, scouring their emails to find
individuals who might have access to the company’s core networks and
systems generating the encryption keys.
The goal, the publication
said, was to steal large quantities of keys as they were being
transmitted between Gemalto and its wireless network providers.
The NSA did not immediately respond to a request for comment.
Stealing
the encryption keys makes it possible to eavesdrop on otherwise
encrypted communications without undertaking the more difficult
challenge of cracking the encryption.
It also avoids alerting the wireless company or the person using the phone.
The
NSA’s interception of phone calls and other content is bound by
different legal standards. A warrant is required to target an American’s
calls and emails.
In general, targeting a foreigner’s communications for collection overseas does not require a warrant.
The
publication cited one 2010 GCHQ document that said agency personnel
developed “an automated technique with the aim of increasing the volume
of keys that can be harvested”.
The document acknowledged that in
searching for keys, operatives would harvest “a large number of
unrelated items” from targeted employees’ private communications.
However,
it said, “an analyst with good knowledge of the operators involved can
perform this trawl regularly and spot the transfer of large batches” of
keys.
The GCHQ documents also described operations targeting other major makers of SIM cards, the Intercept said.

Hack attack

• British and American spy agencies accused of hacking into Dutch SIM card maker
• It is alleged they wanted to obtain the encryption keys of mobile phones
• Gemalto, the world’s largest manufacturer of SIM cards, makes 2 billion SIM cards a year

Stealing the encryption keys would make it possible to eavesdrop on
otherwise encrypted communications without cracking the encryption

Tags:
shared on wplocker.com