The Great SIM Heist – How Spies Stole the Keys to the Encryption Castle by Jeremy Scahill and Josh Begley.
From the post:
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
…
Read the original post to get an idea of the full impact of this heist.
Bottom line: Anything transmitted or stored electronically (phone, Internet, disk drive) should be considered as compromised.
How can people protect themselves when their government “protectors” are spying on them in addition to many others?
There isn’t a good answer to that last question but one needs to be found and soon.
Update: Mike Masnick says theft of SIM encryption keys demonstrates that any repository of backdoors will be a prime target for hackers, endangering the privacy of all users with those backdoors. Not a theoretical risk, the NSA and others have demonstrated the risk to be real. See: NSA’s Stealing Keys To Mobile Phone Encryption Shows Why Mandatory Backdoors To Encryption Is A Horrible Idea