New Snowden Documents Reveal American and British Spies Hacked SIM Card Manufacturer

Derek Broze
Ben Swann : February 20, 2015

New documents from whistleblower Edward Snowden reveal the National Security Agency (NSA) and the British GCHQ hacked into a SIM card manufacturer in the Netherlands and now has access to encryption keys that allow monitoring of voice calls and metadata.

The Intercept released the new documents which detail the existence of the Mobile Handset Exploitation Team (MHET), a team formed in April 2010 to study and target cellphones and hack computer networks of manufacturers of SIM cards. The team specifically targeted Gemalto, a SIM card manufacturer based in the Netherlands that produces SIM cards for 450 wireless companies, including AT&T, Sprint, T-Mobile, and Verizon. Gemalto has operations in 85 countries around the world.

Internal slides from the NSA and GCHQ show that the team was after encryption keys that “live in” the SIM cards. By possessing these keys the spy agencies are able to access wireless networks without leaving any clues and without the need for a warrant. Beyond simply accessing current communications, accessing “authentication servers” allows the agencies to unlock past encrypted communications they may not have had the ability to decrypt. One agent wrote on a slide that he was “very happy with the data so far and [was] working through the vast quantity of product.”

The 2010 document refers to this as “PCS Harvesting at Scale,” or harvesting large amounts of encryption keys as the data passed between the wireless providers and the “SIM card personalisation centres,” such as Gemalto. The NSA boasted at having the ability to process 12 to 22 million keys per second. The spy agency was aiming to process more than 50 million per second. These keys are processed and made available for use against surveillance targets.

Indeed, the GCHQ specifically targeted individuals in key positions within Gemalto and began accessing their emails in hopes of following their trail into the SIM card manufacturers servers. The team of spies even wrote a script which allowed them to access private communications of employees for telecommunication and SIM “personalization” companies in search of technical terms that might be used in assigning encryption keys to cellphone customers.

Paul Beverly, a Gemalto executive vice president, told The Intercept he believed,“The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”

More than likely the NSA and the GCHQ violated international law every time they covertly accessed the emails of employees in foreign nations. Dutch officials are already calling for an investigation into who knew the American and British agencies were conducting such a program, and if so, under what doctrine is such a policy allowed.

(read the full article at Ben Swann)


Alternative Free Press