Inside the NSA & British Intel's Successful Hacking into Billions of Cellphones

In an interview with Democracy Now!, Chris Soghoian, principal technologist at the American Civil Liberties Union, spoke about the 'great SIM Heist.' It pertains to a published story by The Intercept by Jeremy Scahill and Josh Begley about how the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. On the significance of this news, Soghoian told Amy Goodman: "What we’ve learned just yesterday is that by hacking into one of the largest manufacturers of SIM card keys—or, of SIM cards and the keys that are on them, GCHQ has really acquired a huge amount of information that will make—that will make bulk surveillance of telephone communications very, very easy."


Below is an interview with Soghoian, followed by a transcript:

JUAN GONZÁLEZ: A new investigation by The Intercept reveals the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. It produces two billion SIM cards a year. According to The Intercept, the stolen encryption keys give intelligence agencies the ability to monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

AMY GOODMAN: Agents from the NSA and the GCHQ formed the Mobile Handset Exploitation Team in 2010 to specifically target vulnerabilities in cellphones. The intelligence agencies obtained the encryption keys by hacking into the email and Facebook accounts of engineers and other employees of Gemalto and other major companies. Some of the employees were singled out for sending PGP-encrypted files. The Intercept’s report was written by Jeremy Scahill and Josh Begley. It was based on documents leaked by NSA whistleblower Ed Snowden.

To talk more about the significance of this story, we’re joined by Chris Soghoian. He is the principal technologist at the American Civil Liberties Union, also a visiting fellow at Yale Law School’s Information Society Project. "The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle" is the name of the story.

Chris, welcome to Democracy Now!, joining us from Charlottesville, Virginia, today. Talk about the significance. What is the great SIM heist?

CHRISTOPHER SOGHOIAN: Well, what we’ve learned is that GCHQ has been engaged in an extremely aggressive effort to obtain these encryption keys. In essence, over the last probably five years or so, telecom companies, wireless carriers around the world have upgraded their networks and moved from older, less secure, second-generation phone technology to more secure, 3G and 4G technology, and as the networks have moved to this newer technology, it’s become much more difficult for governments to spy on communications that take place outside of their own countries. So, for GCHQ, for NSA, for the Chinese and for the Russian governments to be able to spy on telephone calls everywhere in the world, they need these kinds of keys. What we’ve learned just yesterday is that by hacking into one of the largest manufacturers of SIM card keys—or, of SIM cards and the keys that are on them, GCHQ has really acquired a huge amount of information that will make—that will make bulk surveillance of telephone communications very, very easy.

JUAN GONZÁLEZ: [inaudible] technically work? Would they be sweeping up in real time all of the conversations and then storing them someplace to be able to look back at them further? I mean, how exactly would it work?

CHRISTOPHER SOGHOIAN: Right. So there’s a special NSA outfit, an NSA-CIA outfit called the Special Collection Service, SCS. And so, they’re based out of embassies and consulates around the world, and they install these antennas on the roofs of embassies and other buildings. And with those antennas, they’re able to grab the data from phones as it’s sent over the air. And so, what they’ll do is they’ll set up these what are called spy nests and grab as many telephone communications as they possibly can and save them. But these telephone communications, telephone calls, text messages and other information are encrypted. And so they save the information, and then once they have the keys, either because they hack into a company like Gemalto or they bribe an engineer or blackmail an engineer, then they can decrypt the communications. And so, essentially, wiretapping then just becomes a mere task of installing an antenna somewhere and recording data.

AMY GOODMAN: You compare the use of encryption keys on SIM cards to the way Social Security numbers are used today. Can you explain?

CHRISTOPHER SOGHOIAN: Sure. So, Social Security numbers were designed in the 1930s for a pretty mundane and basic task, which was keeping track of one’s contributions to their retirement account, their government retirement account. But today they’re used as a quasi-national identification number. We’re supposed to give our Social Security numbers to, you know, a huge number of organizations. It’s how we’re tracked. And the reason we sort of have this system is because there was no formal national identity number. Everyone wants to have one, and so the Social Security number has sort of been forced into that role, but it’s a role that it was never designed or intended for.

By the same token, SIM cards were never really intended to provide strong confidentiality of communications. They weren’t intended to provide strong encryption or strong protection of our communications. Instead, they were really intended to protect telephone numbers and telephone accounts from fraud. In the '80s and 1990s, there was a huge wave of fraud where people were doing what's called cellphone cloning, and they were billing calls to other people’s accounts. And this was a huge problem for the phone companies. They needed a solution. And SIM cards and the encryption keys within them were the solution that they came up with.

You know, we should understand that SIM cards probably cost, you know, 50 cents or a dollar in bulk. These are not, you know, extremely sophisticated, high-security devices. They are basic bits of technology that are designed for one job, which is fraud, that we now depend on for so much more. And if this story demonstrates one thing and one thing alone, it’s that SIM cards and the system of security that surrounds them just isn’t up to the job of protecting our communications.

JUAN GONZÁLEZ: But I want to go back to something you said before about U.S. embassies being used basically as the centers for grabbing this data in these different countries. In effect, what you’re saying is that virtually every U.S. embassy is basically a spying operation, possibly breaking laws in the very countries that they are—that they’re located in.

CHRISTOPHER SOGHOIAN: My understanding is that’s the norm for embassies around the world, not just the U.S. You know, intelligence agencies operate out of embassies, sometimes with cover. You know, last summer, Der Spiegel published a slide listing the locations of NSA-CIA Special Collection Service sites around the world. This is something that’s been written about in books before. It’s not a big secret. And after the Merkel, Angela Merkel, spying story first broke, one of the German newspapers even published thermal imaging photographs of the spy nest on the roof of the U.S. Embassy in Berlin before the story and after the story, showing that the station had been shut down and was—as it was thus generating much less heat and using much less electricity.

AMY GOODMAN: Chris, when asked for comment by Reuters, GCHQ said its work, quote, "is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate," they said. Can you respond to that and—we just have less than a minute—how the GCHQ and NSA hacked into the emails and Facebook accounts of employees of telecom companies?

CHRISTOPHER SOGHOIAN: Right. So GCHQ and NSA believe that, essentially, anything is justified as long as it gets them to where they want to be. The engineers at Gemalto were not accused of breaking the law. Gemalto itself is not a criminal enterprise. But these governments want the keys that Gemalto has, and so they’re willing to do anything it takes to get that.

You know, in the last few moments that I have, I really want to let your listeners know that there are things that you can do right now to protect your communications, that the telephone companies have not shown any interest in providing us with secure communications. You cannot trust the voice or text message services provided by your wireless carrier, so you need to download apps. There are some built into the iPhone—iMessage and FaceTime. There are tools like WhatsApp that are—that’s distributed by Facebook. And there are some even better tools like Signal, which is supported by the U.S. government, actually. You can download apps and services and make encrypted telephone calls, send encrypted text messages, that governments cannot easily intercept. But those tools will not be provided to you by your telephone company. You need to take steps and take matters into your own hand.

AMY GOODMAN: Chris Soghoian, I want to thank you for being with us, privacy researcher and activist with the ACLU.

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

Close
alternet logo

Tough Times

Demand honest news. Help support AlterNet and our mission to keep you informed during this crisis.