[url]https://firstlook.org/theintercept/2015/02/19/great-sim-heist/[/url]
[quote]AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.[/quote]
[quote][B]With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. [/B][/quote]
[editline]20th February 2015[/editline]
Anyone doubting that we're already in the middle of cyber warfare? It's just that the enemies are not the expected ones.
I'm not even fucking surprised anymore.
I'm surprised yet not because they can do whatever they want and nobody can stop them.
It would be really great if end-to-end encryption became more common.
Technically even the hardware is there, I'm 99% sure they could put a Diffie-Hellman key exchange mode into SIM cards so even dumbphones couldn't be listened to without taking over the phone network (which is really easy to detect if done wirelessly with a decent range, since you have to outshine the real network).
[video=youtube;3QnD2c4Xovk]http://www.youtube.com/watch?v=3QnD2c4Xovk[/video]
Web browsers already do this (+ authentication), which is why it's mostly impossible to MITM proper TLS.
The only part that might not work would be if it was impossible to reach the necessary key lengths, but with modern tech I highly doubt it. SIM cards run Java and are already almost fully programmable (and network operators can even push updates (which was horribly insecure until recently)).
In the worst-case scenario (if the SIMs don't support it due to performance reasons), it would have to be rolled out over time.
They already are backwards compatible to different (highly insecure) standards, so it wouldn't be an issue if the network was updated slowly.
[QUOTE=Thomo_UK;47177390]I'm surprised yet not because they can do whatever they want and nobody can stop them.[/QUOTE]People can stop them, but no one wants to. Who's ready to risk their jobs and lives to fight their spying government? Not many. We live in a fragile comfort, not willing to disturb it.
[QUOTE=Tamschi;47177418]It would be really great if end-to-end encryption became more common.
Technically even the hardware is there, I'm 99% sure they could put a Diffie-Hellman key exchange mode into SIM cards so even dumbphones couldn't be listened to without taking over the phone network (which is really easy to detect if done wirelessly with a decent range, since you have to outshine the real network).
[video=youtube;3QnD2c4Xovk]http://www.youtube.com/watch?v=3QnD2c4Xovk[/video]
Web browsers already do this (+ authentication), which is why it's mostly impossible to MITM proper TLS.
The only part that might not work would be if it was impossible to reach the necessary key lengths, but with modern tech I highly doubt it. SIM cards run Java and are already almost fully programmable (and network operators can even push updates (which was horribly insecure until recently)).
In the worst-case scenario (if the SIMs don't support it due to performance reasons), it would have to be rolled out over time.
They already are backwards compatible to different (highly insecure) standards, so it wouldn't be an issue if the network was updated slowly.[/QUOTE]
In the next video, the first version of RSA encryption was classified as top secret for some years. What if they have technology to decrypt almost all of the common schemes and are just keeping it to themselves? [img]http://i.somethingawful.com/forumsystem/emoticons/emot-tinfoil.gif[/img]
[QUOTE=mix999;47180279]In the next video, the first version of RSA encryption was classified as top secret for some years. What if they have technology to decrypt almost all of the common schemes and are just keeping it to themselves? [img]http://i.somethingawful.com/forumsystem/emoticons/emot-tinfoil.gif[/img][/QUOTE]
They're not mathematical wizards. They're more like a bunch of out of control people with statistics 101 books (RNG attacks).
[QUOTE=Tobba;47180894]They're not mathematical wizards. They're more like a bunch of out of control people with statistics 101 books (RNG attacks).[/QUOTE]
So they rely on random crits to get the job done.
[QUOTE=itisjuly;47177454]People can stop them, but no one wants to.[/QUOTE]
Not unlike the Proles in [i]1984[/i].
Sorry, you need to Log In to post a reply to this thread.
