On Friday, The Intercept published some astounding claims under the headline The Great SIM Heist: How spies stole the keys to the encryption castle. The story claims that Five Eyes spooks had achieved a major breakthrough in their ability to monitor mobile communications.
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden…
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
The company in question is Gemalto. With headquarters in Amsterdam, and 28 “personalisation facilities” around the world that burn the encryption keys into SIM cards, it has nearly 30% of the market — making it an obvious target for spooks.
The story started to filter through to the mainstream media on Monday in the US, or Tuesday Australian time, and I’ve already done two radio spots on the topic — and doubtless there’ll be more to come.
The first spot was an interview for ABC Radio, and parts of it ended up in this report on The World Today.
[The three Australian mobile network operators] Telstra, Vodafone and Optus have all confirmed that Gemalto has supplied their SIM cards. Sarah Sedghi reports.
This is the full five-minute report.
Podcast: Play in new window | Download (Duration: 4:59 — 2.3MB)
The audio is ©2015 Australian Broadcasting Corporation. It’s served here directly from the ABC website, where you can also read a transcript.
Urgh, not that old trope “if you have nothing to hide you have nothing to worry about”. The fact that the CIA/GCHQ can get in and steal keys just makes it less improbable that someone more nefarious can do (or has done) the same.
Urgh, that should be NSA, not CIA. Got my nasty TLAs mixed up.