The National Security Agency (NSA) and its British equivalent, GCHQ, hacked into Gemalto, a Netherlands sim card manufacturer, stealing encryption keys that allowed them to secretly monitor voice calls and data, according to documents newly released by NSA whistleblower Edward Snowden.
The breach, revealed in documents provided to the Intercept, gave the agencies the power to secretly monitor a large portion of the world’s cellular communications, which experts said violated international laws.
Rachel Logan, Amnesty UK’s legal director, said: “This mass sim hacking allegation seems be just the latest disturbing revelation about how GCHQ has overreached. These spooks must stop pretending the law doesn’t apply to them.
“We keep seeing the intelligence agencies claiming everything’s fine and then being caught out when challenged in court.”
Mark Rumold, staff attorney at the Electronic Frontier Foundation, said there was no doubt that the spy agencies had violated Dutch law and were in all probability violating laws in many other territories when they used the hacked keys.
“They have the functional equivalent of our house keys,” he said. “That has serious implications for privacy not just here in the US but internationally.”
The scale of the hack and its international reach is likely to reopen wounds in the diplomatic community. The Obama administration faced intense criticism from Germany, Brazil and other nations following the Snowden leaks and has been working hard recently to repair the damage.
Previous documents disclosed by the Guardian showed Angela Merkel, the German chancellor, was the target of an NSA spying campaign, a revelation that has soured US-German relations. Brazil’s president Dilma Rousseff has already accused the NSA of violating international law.
“It’s a big breach,” Matthew Green, a cryptologist at the Johns Hopkins Information Security Institute, told the Guardian. “The problem is that the attacks could still be ongoing.”
The World Wide Web Foundation, founded by web inventor Tim Berners-Lee, said the hack was “another worrying sign that these agencies think they are above the law”.
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. The Netherlandscompany operates in 85 countries around the world and provides cards to some 450 wireless network providers globally.
The stolen encryption keys would allow intelligence agencies to monitor mobile communications without the approval or knowledge of telecoms companies and foreign governments.
Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Guardian the hack would allow spies to “put an aerial up on the embassy in Berlin and listen in to anyone’s calls in the area”.
Calls made on 3G and 4G mobile networks are encrypted. But with the keys, which a GCHQ slide described as living “in the phone”, spies could access any communication made on a device unless its owner uses an extra layer of encryption.
Emma Carr, director of Big Brother Watch, said: “These actions completely undermine the UK’s moral authority when talking about the importance of freedom of the internet and the discouragement of state-sponsored cyber-attacks.
“Failures to properly address these allegations makes a mockery of the trust that the public is supposed to have in both the government and the spy agencies.
Worst Spying In World History – Worse Than Any Dystopian Novel – Is Occurring RIGHT NOW
NSA Spying Worse than Stasi or Nazi Germany, J. Edgar Hoover … Or Orwell’s 1984
We noted in 2012 that Americans are the most spied upon people in world history.
Spying by the NSA is also worse than in Nazi German:
The tyrants in Nazi Germany, Stalinist Russia and Stasi Eastern Europe would have liked to easedrop on every communication and every transaction of every citizen. But in the world before the internet, smart phones, electronic medical records and digital credit card transactions, much of what happened behind closed doors remained private.
Indeed, a former lieutenant colonel for the East German Stasi said the NSA’s spy capabilities would have been “a dream come true” for the Stasi.
NSA contractor Edward Snowden said in 2013 that NSA spying was worse than in Orwell’s book 1984.
We noted at the time that the NSA is spying on us through our computers, phones, cars, buses, streetlights, at airports and on the street, via mobile scanners and drones, through our smart meters, and in many other ways.
A security expert said the same year:
We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance.