Each passing leak from former National Security Agency (NSA) contractor Edward Snowden seems to paint a darker picture of the state of privacy and data security in the United States, and the world at large. At this point we’ve heard about mass surveillance of nude Webcam chats, the NSA tapping international leaders’ phones, mass metadata collection, spies pretending to be Facebook to infect computers, and countless other programs. Now, an even more frightening Snowden leak has appeared on the Intercept.
The NSA and GCHQ have had access to the vast majority of cell phone communications around the world since 2010.
Updated on 02-25-2015 by Malarie Gokey: Added statement from Gemalto, acknowledging that its systems were targeted by unknown hackers. The report also denies that the hackers were successful in spying on users through Gemalto’s SIM cards.
In other words, the NSA and GCHQ have had access to the vast majority of cell phone communications (even encrypted communication) around the world since 2010. They’ve listened to your phone calls; they’ve read your texts; and they’ve almost certainly monitored the websites you’ve visited on your mobile devices.
To make matters worse, the same hacked company that makes SIM cards also makes the chips that are embedded into your next-generation credit cards and next-generation passports.
Here’s everything you need to know about how these agencies pulled off this massive hack without anyone noticing, who they targeted, and how to protect yourself from surveillance.
How does the security of a SIM card work?
Every single text sent, call made, and website accessed on a mobile device is secured via an encrypted connection between the SIM card that’s installed on the device and the wireless carrier’s network. Important information such as your phone number, text messages, and other personal content is often stored on the SIM itself, so that the carrier can identify and distinguish your phone from all the others on its network. The keys for the encryption of all your most personal data are stored on the SIM card itself and given to the wireless network. SIMs play the same function as social security numbers — They identify their users. SIMs were never intended to be used to secure information, but that’s exactly what they have become.
When a SIM card is manufactured, an encryption key called the “Ki,” is burned onto the chip. The SIM card manufacturer gives the same Ki to the wireless network, so they can identify that particular phone. Before the phone can connect to the wireless carrier’s network, it uses the Ki on the SIM to authenticate its identity with the carrier. The phone gives what’s called a “handshake” to confirm that the Ki on the SIM is identical to the one the carrier has on file. Once the Ki have matched up, all communication between the phone and the network is encrypted, including calls, texts, and Internet access.
Supposing the GCHQ or NSA tried to intercept your phone’s signal as it moved through the air, any data the agencies picked up would be encrypted, and therefore useless to them. They’d have to decrypt it, which takes a lot of time and money, making it impossible to surveil on a mass scale. The only way for these agencies to access millions of peoples’ data all at once was to steal the encryption keys to millions of SIM cards, and that’s just what the NSA and GCHQ did.
How did the NSA and GCHQ intercept the encryption keys?
To understand how the NSA and GCHQ intercepted the encryption keys, it’s important to understand who provides and encrypts the SIM cards in the first place.
The U.S. and U.K. governments stole the encryption keys from the company that makes around 2 billion SIM cards a year.
Gemalto also happens to be the SIM card manufacturer that the NSA and GCHQ hacked.
GCHQ hackers didn’t break into Gemalto in person — They did it remotely remotely through the company’s computer network to steal the encryption keys for massive numbers of SIM cards all at once, as they were on their way to the carriers. The hackers were able to collect the keys in bulk thanks to the very insecure way Gemalto sent the keys to carriers. Gemalto sent the master key files to carriers over email or through File Transfer Protocol (FTP). Sometimes no encryption was used to protect the keys at all, making them easy pickings for the hackers.
The agencies used the NSA’s X-Keyscore program to access private email and Facebook accounts of engineers, employees of major telecom companies, SIM card manufacturers, and people from Yahoo and Google in search of the keys. Specific companies and employees were targeted, based on how many keys they could provide. By 2010, the GCHQ had figured out a way to maximize the number of keys stolen in one shot to frightening levels. It all escalated very quickly.
“In one two-week period, the team accessed the emails of 130 people associated with wireless network providers or SIM card manufacturing and personalization. This operation produced nearly 8,000 keys matched to specific phones in 10 countries,” the Intercept writes. “In another two-week period, by mining just six email addresses, they produced 85,000 keys. At one point in March 2010, GCHQ intercepted nearly 100,000 keys for mobile phone users in Somalia. By June, they’d compiled 300,000 … A top-secret NSA document asserted that, as of 2009, the U.S. spy agency already had the capacity to process between 12 and 22 million keys per second for later use against surveillance targets.”
Privacy and security experts told the Intercept that stealing these SIM card encryption keys is “tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment.”
Christopher Soghoian, the principal technologist for the American Civil Liberties Union, explained that not only can the agencies use the keys to access future communications, they can look back at older ones, too.
“Key theft enables the bulk, low-risk surveillance of encrypted communications,” Soghoian said. “Agencies can collect all the communications and then look through them later. With the keys, they can decrypt whatever they want, whenever they want. It’s like a time machine, enabling the surveillance of communications that occurred before someone was even a target.”
For its own part, Gemalto is investigating the claims and is severely disturbed by the idea that its secure technology is being used to spy on innocent people. The company issued a statement on its website, which says. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ”
What does the SIM card maker say about the hack?
SIM card maker Gemalto is currently investigating the hack, but it says the preliminary results indicate that its SIM products like banking cards, passports, and “other products” are secure. The company did not initially note whether or not its SIM cards that were built for mobile phones are safe or not. However, its follow up statement on February 25 confirms that although hackers targeted its system aggressively during the dates mentioned in the Snowden leaks, the hackers were not successful in their attempts to infiltrate Gemalto’s SIM cards. As such, the SIM card maker claims that the NSA and GCHQ cannot spy on users’ communications through the Gemalto SIM cards on their phones.
The company referred to two specific attacks on its network:
- June 2010: Found evidence that a third party was trying to spy on the office network of one of the company’s French sites. The office network is typically used by employees to communicate with each other and people outside of the company. Gemalto took action to stop the spying quickly.
- July 2010: Hackers sent emails to one of Gemalto’s mobile operator customers using fake Gemalto email addresses, pretending to be employees of the SIM card maker. The fake emails came with an attachment that could download malicious code. Gemalto told its customer of the attack and alerted the authorities, as well.
- 2010: Gemalto discovered several attempts to access its employees’ PCs, especially those who often spoke with customers like mobile service providers and so on.
“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation,” Gemalto stated. “These intrusions only affected the outer parts of our networks — our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks. It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data.”
In conclusion, Gemalto believes that although its network was definitely targeted and even infiltrated to some extent, its SIM cards are safe and no encryption keys were stolen by either agency. The company stated that it had already enacted stronger security measures to protect its networks — especially those in Pakistan, which were targeted more heavily — before the hacks even occurred.
“While the intrusions described above were serious, sophisticated attacks, nothing was detected in other parts of our network,” Gemalto said in a statement. “No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks.”
Gemalto explained that while SIM cards used on 2G networks could easily be hacked, those of 3G and 4G networks could not have been infiltrated. As such, the NSA and GCHQ’s main targets in Africa, the Middle East, and parts of Asia may have been spied on via their SIM cards, assuming they were on 2G networks. Meanwhile, the U.S. and Europe, which mainly use 3G or 4G networks, would have been safe.
“If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications. Therefore, 3G and 4G cards could not be affected by the described attack,” Gemalto stated. “However, though backward compatible with 2G, these newer products are not used everywhere around the world as they are a bit more expensive and sometimes operators base their purchasing decision on price alone.”
Additionally, Gemalto says it never sold SIM cards to four of the 12 carriers listed in the leaked documents, one of which was the Somali carrier that reportedly had 300,000 keys stolen. The SIM card maker also didn’t have SIM card personalization centers in Japan, Colombia, and Italy. during the time of the hacks. To further reassure its customers and mobile users around the world, Gemalto reiterated the security standards its SIM cards are expected to meet and stated that third-party security experts even vet its products before they reach customers.
You can read the company’s full report on its website.