A New Report by The Intercept, Details a Stunning Heist Made by US and UK Spies that Have Given Intelligence Agencies the Ability to Break through the Privacy of Smartphone Communications. An Operation by the GCHQ, the UK's Signals Intelligence Agency and a Counterpart of the US National Security Agency, Targeted, Gemalto: a Major Manufacturer of the SIM Cards Used in Mobile Phones Around the World. The Report Claims that, the NSA and GCHQ Successfully Hacked Gemalto's Network and Obtain the Secret Keys to its SIM Cards. In Short, it's a Massive Security Breach that Means your Phone could be Vulnerable to the Whims of the World's Most Powerful Spy Agencies.
We still Don't Know the Full Scope of the Breach or How Many People May be Affected but, it's Safe to Say that, the Number could be Significant; All 4 Major US Carriers are Customers of Gemalto and The Intercept Reports that, the Company Produces around 2 Billion SIM Cards Each Year. We Have Asked the Big Carriers — AT&T, Verizon, T-Mobile and Sprint — to Comment on Story. Gemalto Told The Intercept that, it was Completely Unaware of the Security Breach until Now. The Breach is Disastrous for Mobile Security, which has Historically already been on Shaky Ground. "Gaining access to a database of keys is pretty much game over for cellular encryption", Cryptography Specialist, Matthew Green, Told The Intercept.
Today's Report Potentially Fills Some Gaps in What we Know about How the NSA Collects Data over the Internet.
The Agency has 2 Main Sources of Data: "Downstream" Collection, which Involves Explicit Requests to Technology Companies for User Data and "Upstream" Collection, which Pulls Data Directly from the Cables and Airwaves that Facilitate the Internet. The NSA is Sophisticated in Both Methods but, One Big Outstanding Question has been just How Effective the Agency's Upstream Collection is. It's Simply Too Expensive to Decrypt Massive Amounts of Data with Brute Force — but, it's a Different Story if you Possess the Encryption Keys for, Say, a Secure Email Client. Or Billions of Mobile SIM Cards. So, How did Spies Get their Hands on the Goods ? As The Intercept Describes it, it was a Real Caper. The Report Describes How GCHQ Spies Targeted Individual Employees in Major Telecom Corporations and SIM Card Manufacturers, Accessing their Email and Facebook Accounts. "In effect, GCHQ clandestinely cyberstalked Gemalto employees", The Intercept Writes — Scooping Up Whatever Breadcrumbs they Could Find that, would Lead them Back to Gemalto's Systems. In One Instance, the Report Claims, the GCHQ Suspiciously Targeted a Gemalto Employee in Thailand because, he was Using PGP to Encrypt Data. But, it also Appears that, Some of the Companies Involved in SIM Production, Didn't Take Strong Measures to Protect Sensitive Data; the Report Says that "Many" SIM Card Manufacturers Sent Keys with Weak or No Encryption.
The Attempt to Break into a Major Corporation to Steal Private Encryption Keys that Protect Millions of People Around the World is certainly Brazen but, it's Not Surprising Behavior. Part of What we've Learned in the Past 2 Years is that, the NSA and its Allies Go to Great Lengths to Collect Data, to Break or Interfere with Security on the Internet and to Embarrass their Adversaries.
The SIM Heist is the Latest Revelation to Come from the Efforts of Edward Snowden. Snowden, a Former NSA Contractor, Started a Worldwide Conversation about Boundless Government Surveillance, When he Leaked a Trove of Top Secret Files to Journalists in 2013. The 1st of the Stories that Resulted from the Leak, Came on June 5, 2013, When The Guardian Reported that, the NSA had been Collecting the Phone Records of Millions of Verizon Customers on a Daily Basis. Since then, the Public has Learned about Dozens of Surveillance Programs and Secret Plots that Critics Say, Have Undermined the Security and Privacy of the Internet for Everyone Who Uses it.
Info Source:
https://firstlook.org/theintercept/2015/02/19/great-sim-heist
_Robot_Glove_Pics_1.jpg)
0 comentários:
Enviar um comentário