The United States National Security Agency, which is known for monitoring landline, Web and cellphone communications worldwide, also targets wireless carriers, The Intercept reported last week.
Documents released by whistle-blower Edward Snowden show the NSA has monitored more than 1,200 email accounts associated with major cellphone network operators worldwide since 2010, in a covert operation named “Auroragold,” according to the report.
Those intercepted communications help the NSA hack into phone networks.
The agency also plans to secretly introduce backdoors into new communications systems.
The GSM Association, whose members are mobile operators and related companies, and which releases standards for GSM phones, is a particular target.
“The mission of the NSA is to gather data,” said Jonathan Sander, strategy and research officer at Stealthbits Technologies.
“They will do so in whatever way they can, so long as there aren’t explicit legal limits put on them,” he told TechNewsWorld.
What the NSA’s Doing
The NSA’s Wireless Portfolio Management Office defines and carries out the agency’s strategy for exploiting wireless communications, and its Target Technology Trends Center monitors the development of new communications technology to ensure the NSA remains on top of innovation, The Intercept said. The existence of both has not been publicly disclosed.
As of May 2012, the NSA apparently had collected information from about 70 percent of cellphone networks worldwide — 702 out of about 985.
Data collected reportedly is sent to NSA “signals development” teams that infiltrate communications networks. The data is shared with other U.S. intelligence agencies and with NSA’s counterparts in the so-called Five Eyes alliance.
The NSA apparently has some degree of penetration into networks in almost every country, including other members of the Five Eyes.
Glomming On to the GSMA
The GSMA represents the interests of more than 800 major cellphone, software and Internet companies from 220 countries, including Verizon, Sprint, AT&T, Microsoft, Facebook, Intel, Cisco, Oracle, Samsung, Sony and Nokia.
The NSA reportedly conducted surveillance on the association’s working groups to identify and exploit security vulnerabilities.
Those activities seemed to undermine the U.S. National Institute for Standards and Technology’s efforts to improve cybersecurity standards in the cellphone space.
The GSMA was one of three recipients of NIST grants to improve online security and privacy, receiving US$820,000 to work on a common approach that would let consumers and businesses use mobile devices “for secure, privacy-enhancing identity and access management” across the four major U.S. wireless carriers’ networks.
NIST and the NSA “are different organizations, but it does seem counterproductive to spend millions to create security holes and thousands to figure out how to fill and prevent them,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
NSA Backdoors and Secure Mobile OSes
The NSA reportedly has forced the inclusion of backdoors in some cybersecurity protocols. The row that erupted when news that the RSA Dual Elliptic Curve Deterministic Random Bit Generator contained such a backdoor was made public led to some security firms, notably F-Secure, pulling out of the RSA 2013 security conference.
Here’s where things get murky in The Intercept’s report.
The NSA targets the GSMA’s IR.21 documents, which contain details about the encryption cellphone companies use, among other things, the report states. However, those documents are not classified.
Citing reports that the NSA has broken the A5/1 Cellphone algorithm, The Intercept states the agency has collected information that would let it crack A5/3, the latest algorithm in the line.
However, Israel’s Weizmann Institute of Science published details of an attack on A5/3 in December 2009.
The Impact of the NSA’s Actions
The latest revelations about the NSA’s activities may spur other countries to shun technology from U.S. companies.
“Just the rumor of flaws introduced into their commercial products has [hit sales of products from] Chinese networking vendors,” noted Enderle.
However, “the NSA is actually no worse than similar agencies in other countries,” contended Robert Neivert, COO of Private.me.
Such monitoring, he told TechNewsWorld, “is in effect a reversal of the assumption of innocence that is the basis for our justice system.”