Inside the NSA & British Intel's Successful Hacking into Billions of Cellphones
In an interview with Democracy Now!, Chris Soghoian, principal technologist at the American Civil Liberties Union, spoke about the 'great SIM Heist.' It pertains to a published story by The Intercept by Jeremy Scahill and Josh Begley about how the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. On the significance of this news, Soghoian told Amy Goodman: "What we’ve learned just yesterday is that by hacking into one of the largest manufacturers of SIM card keys—or, of SIM cards and the keys that are on them, GCHQ has really acquired a huge amount of information that will make—that will make bulk surveillance of telephone communications very, very easy."
Watch Part 2 of the interview:
Security Researcher Christopher Soghoian on How to Use a Cellphone Without Being Spied On
Below is an interview with Soghoian, followed by a transcript:
JUAN GONZÃLEZ: A new investigation by The Intercept reveals the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. It produces two billion SIM cards a year. According to The Intercept, the stolen encryption keys give intelligence agencies the ability to monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.
AMY GOODMAN: Agents from the NSA and the GCHQ formed the Mobile Handset Exploitation Team in 2010 to specifically target vulnerabilities in cellphones. The intelligence agencies obtained the encryption keys by hacking into the email and Facebook accounts of engineers and other employees of Gemalto and other major companies. Some of the employees were singled out for sending PGP-encrypted files. The Intercept’s report was written by Jeremy Scahill and Josh Begley. It was based on documents leaked by NSA whistleblower Ed Snowden.
To talk more about the significance of this story, we’re joined by Chris Soghoian. He is the principal technologist at the American Civil Liberties Union, also a visiting fellow at Yale Law School’s Information Society Project. "The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle" is the name of the story.
Chris, welcome to Democracy Now!, joining us from Charlottesville, Virginia, today. Talk about the significance. What is the great SIM heist?
CHRISTOPHER SOGHOIAN: Well, what we’ve learned is that GCHQ has been engaged in an extremely aggressive effort to obtain these encryption keys. In essence, over the last probably five years or so, telecom companies, wireless carriers around the world have upgraded their networks and moved from older, less secure, second-generation phone technology to more secure, 3G and 4G technology, and as the networks have moved to this newer technology, it’s become much more difficult for governments to spy on communications that take place outside of their own countries. So, for GCHQ, for NSA, for the Chinese and for the Russian governments to be able to spy on telephone calls everywhere in the world, they need these kinds of keys. What we’ve learned just yesterday is that by hacking into one of the largest manufacturers of SIM card keys—or, of SIM cards and the keys that are on them, GCHQ has really acquired a huge amount of information that will make—that will make bulk surveillance of telephone communications very, very easy.
JUAN GONZÃLEZ: [inaudible] technically work? Would they be sweeping up in real time all of the conversations and then storing them someplace to be able to look back at them further? I mean, how exactly would it work?
CHRISTOPHER SOGHOIAN: Right. So there’s a special NSA outfit, an NSA-CIA outfit called the Special Collection Service, SCS. And so, they’re based out of embassies and consulates around the world, and they install these antennas on the roofs of embassies and other buildings. And with those antennas, they’re able to grab the data from phones as it’s sent over the air. And so, what they’ll do is they’ll set up these what are called spy nests and grab as many telephone communications as they possibly can and save them. But these telephone communications, telephone calls, text messages and other information are encrypted. And so they save the information, and then once they have the keys, either because they hack into a company like Gemalto or they bribe an engineer or blackmail an engineer, then they can decrypt the communications. And so, essentially, wiretapping then just becomes a mere task of installing an antenna somewhere and recording data.
AMY GOODMAN: You compare the use of encryption keys on SIM cards to the way Social Security numbers are used today. Can you explain?
CHRISTOPHER SOGHOIAN: Sure. So, Social Security numbers were designed in the 1930s for a pretty mundane and basic task, which was keeping track of one’s contributions to their retirement account, their government retirement account. But today they’re used as a quasi-national identification number. We’re supposed to give our Social Security numbers to, you know, a huge number of organizations. It’s how we’re tracked. And the reason we sort of have this system is because there was no formal national identity number. Everyone wants to have one, and so the Social Security number has sort of been forced into that role, but it’s a role that it was never designed or intended for.
By the same token, SIM cards were never really intended to provide strong confidentiality of communications. They weren’t intended to provide strong encryption or strong protection of our communications. Instead, they were really intended to protect telephone numbers and telephone accounts from fraud. In the '80s and 1990s, there was a huge wave of fraud where people were doing what's called cellphone cloning, and they were billing calls to other people’s accounts. And this was a huge problem for the phone companies. They needed a solution. And SIM cards and the encryption keys within them were the solution that they came up with.
You know, we should understand that SIM cards probably cost, you know, 50 cents or a dollar in bulk. These are not, you know, extremely sophisticated, high-security devices. They are basic bits of technology that are designed for one job, which is fraud, that we now depend on for so much more. And if this story demonstrates one thing and one thing alone, it’s that SIM cards and the system of security that surrounds them just isn’t up to the job of protecting our communications.
JUAN GONZÃLEZ: But I want to go back to something you said before about U.S. embassies being used basically as the centers for grabbing this data in these different countries. In effect, what you’re saying is that virtually every U.S. embassy is basically a spying operation, possibly breaking laws in the very countries that they are—that they’re located in.
CHRISTOPHER SOGHOIAN: My understanding is that’s the norm for embassies around the world, not just the U.S. You know, intelligence agencies operate out of embassies, sometimes with cover. You know, last summer, Der Spiegel published a slide listing the locations of NSA-CIA Special Collection Service sites around the world. This is something that’s been written about in books before. It’s not a big secret. And after the Merkel, Angela Merkel, spying story first broke, one of the German newspapers even published thermal imaging photographs of the spy nest on the roof of the U.S. Embassy in Berlin before the story and after the story, showing that the station had been shut down and was—as it was thus generating much less heat and using much less electricity.
AMY GOODMAN: Chris, when asked for comment by Reuters, GCHQ said its work, quote, "is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate," they said. Can you respond to that and—we just have less than a minute—how the GCHQ and NSA hacked into the emails and Facebook accounts of employees of telecom companies?
CHRISTOPHER SOGHOIAN: Right. So GCHQ and NSA believe that, essentially, anything is justified as long as it gets them to where they want to be. The engineers at Gemalto were not accused of breaking the law. Gemalto itself is not a criminal enterprise. But these governments want the keys that Gemalto has, and so they’re willing to do anything it takes to get that.
You know, in the last few moments that I have, I really want to let your listeners know that there are things that you can do right now to protect your communications, that the telephone companies have not shown any interest in providing us with secure communications. You cannot trust the voice or text message services provided by your wireless carrier, so you need to download apps. There are some built into the iPhone—iMessage and FaceTime. There are tools like WhatsApp that are—that’s distributed by Facebook. And there are some even better tools like Signal, which is supported by the U.S. government, actually. You can download apps and services and make encrypted telephone calls, send encrypted text messages, that governments cannot easily intercept. But those tools will not be provided to you by your telephone company. You need to take steps and take matters into your own hand.
AMY GOODMAN: Chris Soghoian, I want to thank you for being with us, privacy researcher and activist with the ACLU.