I want to bring a piece of information to you. In an article published today by The Intercept, Jeremy Scahill and Josh Begley reveal that British and US intelligence agencies hacked into the computer systems of the world’s largest manufacturer of SIM cards, allowing them to steal millions of encryption keys at will. Here’s the link to the article.
A brief explanation: Your mobile phone or wireless enabled tablet is essentially part radio. It communicates with the nearest cell tower using a radio signal. Therein lies a problem of privacy. Your phone and the cell tower are both broadcasting a radio signal in all directions. What if someone is listening in?
In your phone there is a small chip, about the size of a thumbnail, containing information. This subscriber identification module, or SIM, contains a code that encrypts all your phone calls and texts so that if someone intercepts the signal all they will get is a string of gibberish. Modern 3G and 4G encryption is actually rather good. So good, in fact, that GCHQ (Government Communications Headquarters, the British version of our NSA) and the NSA have trouble breaking it. Rather than breaking it, back in 2009 they decided to do an end run around it.
They hacked into the computer systems of Gemalto, the aforementioned SIM card manufacturer, and cyber-stalked its employees. (Gemalto supplies AT&T, Verizon, T-Mobile, and Sprint, along with 450 others) They figured out how to automate the theft of the codes burned into millions of SIM cards distributed worldwide. They also figured out how to associate these codes with individuals who own mobile phones.
What this means is that any time they want, the NSA and GCHQ can easily decrypt phone calls and text messages from any Gemalto-SIM phone. It is a massive, ongoing, and deliberate breach of privacy. I’ll be interested to see the reaction to this when it becomes generally known.
In the meantime, the Electronic Frontier Foundation recommends the use of apps such as Signal/Redphone (iOS/Android versions), Silent Phone, and Silent Text to encrypt your communications, if you feel the need.
Am I the only one who thinks that the NSA needs a top-to-bottom ream and steam to clean the place out?