Featured
NSA and GCHQ Have Access To BILLIONS of SIM Cards –– Latest Snowden Leak
GCHQ and the NSA have pulled off something of a coup, gaining access to BILLIONS of SIM cards. Time to get paranoid?
Until last week it was thought that America’s and Britain’s spy agencies had only been targeting the world’s largest technology companies like Facebook, Google, Apple, and Yahoo to collect everything from the webcam conversations of its users to their emails. But as The Intercept has revealed the NSA and GCHQ have gone much further than that–and the revelations will be unsettling for anyone who has ever used a mobile phone.
The latest trough of papers whistleblower Edward Snowden has dropped show that since at least 2010 Britain and America’s spy agencies have had direct access to the majority of mobile phone communications around the world. That’s right: chances are the very phone you are using can be hacked at will should the NSA or GCHQ so choose. Here’s everything you need to know and what you can do about it.
What happened?
According to classified documents leaked by Edward Snowden and published on The Intercept the NSA and GCHQ worked together in 2010 to hack into the systems of the Dutch company Gemalto. Gemalto is one of the world’s largest SIM card manufacturers, making over 2 billion of those tiny cards that fit into our mobiles every year.
During the hack the spy agencies stole the encryption keys for all the SIMs Gemalto makes. By default all the data an individual SIM transmits–from voice calls to emails to texts–is encrypted right on the SIM. A key is normally sent along with this data allowing the SIM to log into the mobile provider’s network and allowing the data being transmitted to be read. Without the key anyone who tries to intercept the data can’t read it. With the key your phone is an open book to anyone who intercepts your data.
Since the NSA and GCHQ obtained all the keys for the SIMs Gemalto produced, it’s likely that the agencies can read any of the data from mobiles using Gemalto SIM cards.
Who’s affected?
A few billion mobile phone users on the planet. The reason the NSA and GCHQ went after Gemalto is because it’s one of the largest SIM makers in the world. In the US it provides the SIM cards for AT&T, T-Mobile, Verizon, and Sprint. In the UK it provides the SIM cards for Vodafone, EE, O2 and Three. And around the world Gemalto provides the SIM cards for 450 other mobile operators.
So is GCHQ and the NSA listening in on my phone calls?
The honest answer is “who knows?” The likely answer is “probably not”. Though the spy agencies have the capabilities to monitor billions of mobile phones around the world they likely don’t have the manpower. It’s doubtful they are randomly checking in on the communications of you or your next door neighbor. Instead, should they suspect you or your neighbor of being any kind of security threat they’ll now have the option of listing into your calls and gathering your mobile data at will.
Is this legal?
Numerous civil liberty campaigners say there is no doubt GCHQ and the NSA violated Dutch law. As for violating US and British laws, the answers are inconclusive. In the UK law enforcement agencies already have the right to listen in to your phone and data communications if they suspect illegal activity thanks to the Regulation of Investigatory Powers Act (RIPA). In such cases the law enforcement agencies would need to notify the mobile phone operators who would need to comply with the request. Of course the difference between RIPA and what GCHQ and the NSA are doing now is that the latter allows them to listen in on calls without informing anyone.
Are the mobile network providers doing anything to combat this?
It’s too early to tell as the news was only made public last week. However, Chris Soghoian, principal technologist at the American Civil Liberties Union, told The Guardian that it was “very unlikely that this is an issue that is going to be fixed anytime soon. There is no reason for people to trust AT&T, Verizon or anyone at this point. Their systems are hopelessly insecure.”
What can I do to protect myself?
There are a few steps, but know that ripping out your SIM and getting a new one will probably do no good. Chances are you’ll just get another SIM made by Gemalto. And even if you don’t there’s no reason to believe GCHQ and the NSA haven’t hacked into other SIM card manufacturers too.
That being said, even if you have a SIM that has been hacked you can still encrypt your messages via other means, so even though your SIM can be decrypted your data is using an additional layer of encryption that needs a separate key to be accessed.
Apple iMessages use a separate level of encryption, so theoretically data sent through iMessages should be safe. WhatsApp also uses additional encryption and so do the default email clients on iOS and Android. As for voice encryption you can use apps like Signal, RedPhone and Silent Phone.
Using the above apps won’t make your phone hack-proof, but as The Intercept points out, it will make it much more difficult for someone to get into your phone:
“Governments still may be able to intercept communications, but reading or listening to them would require hacking a specific handset, obtaining internal data from an email provider, or installing a bug in a room to record the conversations.”
Richard Goodwin
13:22, 23 Feb 2015