Wednesday, April 15, 2015

US & UK spies hacked SIM card manufacturer to steal codes

Another example of North American & European hypocrisy. Spying is all good & necessary exercise, as long as, countries from North America & Europe (US' & UK's allies) are doing it but forbidden, when a country like, e.g. North Korea or Iran, does it.
 
Providing beautiful names to immoral, illegal, & unethical practices is the hobby of North American & European countries. Heck, they don't stop there, they just make the illegal activity legal through the judicial & parliamentary process & then claim, our activities are all legal. Hey, slavery was legal, too, at one time. Does it mean that slavery is an activity that all countries should actively engage in?
 
When a kid in the school yard punches another kid & he is also the one who threw the first punch, that kid is punished for unnecessarily punching the other kid & is labelled a "bully". So what then do you call the leaders of US, UK, & their allies, who engage in these activities?
--------------------------------------------------------------------------------
British & American spies reportedly stole confidential codes from Dutch SIM card manufacturer to eavesdrop on mobile phones around the world, an intelligence leak has revealed.

NSA whistleblower Edward Snowden gave leaked files to The Intercept detailing how the American agency & its British counterparts GCHQ stole encryption keys that keep mobile communications private.
 
The company targeted was Gemalto who produce billions of electronic chips for mobile phones & next generation credit cards.
 
It operates in 85 countries & its SIM cards cover more than 1.5 billion mobile users globally for clients such as AT&T, T-Mobile, Verizon & Sprint.
 
The hacks are thought to have taken place in 2010 & 2011 & led to the theft of 300,000 keys from Somalia, Iran, Afghanistan, Yemen, India, Serbia, Iceland & Tajikistan.
With these encryption keys, the intelligence agencies would have the ability to collect both voice & data information - such as text messages - from a large portion of the world's communications.
 
The keys are used to decipher the communications between mobile phones & their network providers which would otherwise be received as a 'garbled mess'.
 
Stealing them also sidesteps the need to get permission from telecom companies or a warrant for a wire-tap - & it leaves no trace on the wireless provider's network that communications have been hacked into.
 
The Intercept claims GCHQ planted malicious software on several of Gemalto's computers to gain access to its internal network in order to obtain these keys.
 
It also received slides from GCHQ in which the author boasted: 'Successfully implanted several machines & believe we have their entire network.'
 
A document from the NSA revealed the US agency could process between 12 & 22 million keys by 2009, which could later be used to spy on targets. It predicted that more than 50 million keys could be accessed every second in the future.
 
The GCHQ's operation to target Gemalto was called 'Dapino Gamma' & in 2011, it launched an attempt to harvest the email accounts of Gemalto employees in France & Poland.
 
A top-secret document said one of the aims of the operation was 'getting into French HQ' of Gemalto - one of its global headquarters - 'to get into core data repositories'.
 
Another GCHQ document from May 2011 indicated it was in the process of 'targeting' more than a dozen Gemalto facilities across the globe including in Germany, Mexico, Brazil, Canada, China, India, Italy, Russia, Sweden, Spain, Japan & Singapore.
 
The file also suggested GCHQ was preparing similar key theft operations against one of Gemalto's competitors - German SIM card giants Giesecke & Devrient.
 
It also penetrated 'authentication servers' which allow it to decrypt data & voice communications between a target's mobile phone & the connection it makes with its network provider.
 
An accompanying slide read: 'Very happy with the data so far & working through the vast quantity of product.'
Gemalto was unaware of the hack & the spying on its employees according to its executive vice president Paul Beverly.
 
A spokesperson from GCHQ said it does not comment on intelligence matters, but added: 'All of GCHQ's work is carried out in accordance with a strict legal & policy framework, which ensures that our activities are authorised, necessary & proportionate, & that there is rigorous oversight, including from the Secretary of State, the Interception & Intelligence Services Commissioners & the parliamentary Intelligence & Security Committee.
 
'All our operational processes rigorously support this position. In addition, the UK's interception regime is entirely compatible with the European Convention on Human Rights.'

No comments:

Post a Comment