Yet another top-secret National Security Agency (NSA) program has been unearthed by Glenn Greenwald’s publication the Intercept. The report details a program called Auroragold, which according to the official documents leaked by Edward Snowden, specialized in spying on the email correspondence between carriers’ security experts to break into cellular networks and expose vulnerabilities. The unit would then exploit the flaws in the security system to listen in on the conversations and text messages carried by those cellular networks.
The program is described as the NSA’s method of staying one step ahead of carriers’ encryption, so as to ensure that the agency has access to communications held over most cellular networks. If vulnerabilities did not already exist in the security systems, the NSA would create them, the report states. The Auroragold program has been active since 2012 and regularly monitors 1,200 email accounts that are associated with major cellular networks and carriers around the world.
The Intercept revealed that the NSA has already obtained the technical security information of 70 percent of the world’s networks.
The NSA devoted special attention to monitoring communications among members of the U.K.-based GSM Association, which includes high-profile tech companies and carriers, such as AT&T, Cisco, Microsoft, Samsung, Vodafone, Facebook, Verizon, Sprint, Intel, Oracle, Sony, Nokia, and Ericsson. It is unclear how many of these high-profile companies’ security structures the NSA infiltrated.
The Intercept revealed that the NSA has already obtained the technical security information of 70 percent of the world’s networks. Although penetration into the U.S. carriers’ networks is surprisingly low, the NSA has access to nearly all the communications in North Africa, the Middle East, and China.
Claire Cranton, a spokeswoman for the GSM Association, said that the organization cannot respond to any of the details revealed by the Intercept’s report until its lawyers have seen the documents. “If there is something there that is illegal then they will take it up with the police,” Cranton told the publication.
— The Intercept (@the_intercept) December 4, 2014
The National Institute for Standards and Technology (NIST), a U.S. government agency that recommends cybersecurity measures, stated that it is unaware of any NSA surveillance of the GSM Association. However, NIST previously warned users of NSA interference with encryption standards.
In April, White House officials stated that Obama ordered the NSA alert the federal government of any security gaps it finds in cellular networks and other technology companies’ security systems. There is, however, a major loophole in the order, which allows the NSA to keep vulnerabilities to itself if it plans to use them for “a clear national security or law enforcement” purpose.
For its own part, the NSA maintains that it uses its intelligence to protect against terrorists and other threats to the United States. NSA spokeswoman Vanee’ Vines told the Intercept that the “NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements—regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications.”