GCHQ and the US National Security Agency hacked into the internal network of the largest makers of mobile phone SIM cards in the world in order to steal encryption keys and compromise the security of mobile phones on the Vodafone, EE and O2 networks.
That is the latest claim to come out of the cache of documents leaked by NSA whistleblower Edward Snowden and published this evening by The Intercept.
Gemalto, the company targetted by the two intelligence agencies, makes two billion SIM cards every year, which are used by more than 400 mobile phone networks around the world, including all the US networks.
By being able to crack the encryption that protects mobile phones, the security services were able to tap communications at will of anyone without the approval of either governments or telecoms companies. It also enabled them to break encrypted communications that had already been intercepted, but which it lacked the ability to decrypt.
According to The Intercept, the initiative required a major effort to compromise the security of engineers working for Gemalto and its contractors across the world – without raising suspicion of the company, which also makes smartcards for the banking industry. The company only began investigating the breach yesterday after being contacted by the investigative news website.
“According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We ‘believe we have their entire network’, the slide’s author boasted about the operation against Gemalto,” The Intercept reports.
It continues: “Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to ‘sales staff machines for customer information and network engineers machines for network maps’. GCHQ also claimed the ability to manipulate the billing servers of cell companies to ‘suppress’ charges in an effort to conceal the spy agency’s secret actions against an individual’s phone.
“Most significantly, GCHQ also penetrated ‘authentication servers’, allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was ‘very happy with the data so far and [was] working through the vast quantity of product’.”
The compromise was the work of the Mobile Handset Exploitation Team, which was only set-up in April 2010 to target vulnerabilities in mobile phones and the cellular network. One of its main objectives was to penetrate the networks of companies that manufacture mobile phone SIM cards, as well as the mobile phone operators themselves.
MORE TO FOLLOW