Snowden leak: NSA helped British steal cell phone codes (Update)

February 19, 2015 byKen Dilanian
In this June 6, 2013, file photo, a sign stands outside the National Security Administration (NSA) campus in Fort Meade, Md. Britain's electronic spying agency, in cooperation with the NSA, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden. (AP Photo/Patrick Semansky, File)

Britain's electronic spying agency, in cooperation with the U.S. National Security Agency, hacked into the networks of a Dutch company to steal codes that allow both governments to seamlessly eavesdrop on mobile phones worldwide, according to the documents given to journalists by Edward Snowden.

A story about the documents posted Thursday on the website The Intercept offered no details on how the intelligence agencies employed the eavesdropping capability—providing no evidence, for example, that they misused it to spy on people who weren't valid intelligence targets. But the surreptitious operation against the world's largest manufacturer of mobile phone data chips is bound to stoke anger around the world. It fuels an impression that the NSA and its British counterpart will do whatever they deem necessary to further their surveillance prowess, even if it means stealing information from law-abiding Western companies.

The targeted company, Netherlands-based Gemalto, makes "subscriber identity modules," or SIM cards, used in mobile phones and credit cards. One of the company's three global headquarters is in Austin, Texas. Its clients include AT&T, T-Mobile, Verizon and Sprint, The Intercept reported.

The Intercept offered no evidence of any eavesdropping against American customers of those providers, and company officials told the website they had no idea their networks had been penetrated. Experts called it a major compromise of mobile phone security.

Gemalto said in a statement Friday it could not immediately confirm the reported hack and "had no prior knowledge that these agencies were conducting this operation." The company said it "will devote all resources necessary to fully investigate" the reported hack.

A spokeswoman for Sprint Nextel said Thursday that her company had no comment on the report, while a spokeswoman for T-Mobile said her company was referring reporters to Gemalto and declined further comment.

In addition to SIM cards, Gemalto is a leading maker of encryption systems for other business and industrial uses, including electronic payment processing and "smart" key cards that businesses and government agencies use to restrict access to computers or other sensitive facilities. "Their SIM cards would be used by most of the major telecom operators," said Linley Gwennap, principal analyst at the Linley Group, a Silicon Valley tech research firm.

The NSA did not immediately respond to a request for comment. In the past, former agency officials have defended using extra-legal techniques to further surveillance capabilities, saying the U.S. needs to be able to eavesdrop on terrorists and U.S. adversaries who communicate on the same networks as everyone else. The NSA, like the CIA, breaks the espionage and hacking laws of other countries to get information that helps American interests.

Still, the methods in this case may prove controversial, as did earlier Snowden revelations that the NSA was hacking transmissions among Google's data centers. The Intercept reported that British government hackers targeted Gemalto engineers around the world much as the U.S. often accuses Chinese government hackers of targeting Western companies—stealing credentials that got the hackers into the company's networks. Once inside, the British spies stole encryption keys that allow them to decode the data that passes between mobile phones and cell towers. That allows them to ungarble calls, texts or emails intercepted out of the air.

At one point in June 2010, Britain's Government Communications Headquarters, or GCHQ, as its signals intelligence agency is known, intercepted nearly 300,000 keys for mobile phone users in Somalia, The Intercept reported. "Somali providers are not on GCHQ's list of interest," the document noted, according to the Intercept. "(H)owever, this was usefully shared with NSA."

Earlier in 2010, GCHQ successfully intercepted keys used by wireless network providers in Iran, Afghanistan, Yemen, India, Serbia, Iceland and Tajikistan, according to the documents provided to The Intercept. But the agency noted trouble breaking into Pakistan networks.

Explore further: Court: UK spies get bulk access to NSA data

Related Stories

Court: UK spies get bulk access to NSA data

October 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

NSA has 'industrial scale' malware for spying

March 12, 2014

The National Security Agency has developed malware that allows it to collect data automatically from millions of computers worldwide, a report based on leaked documents showed Wednesday.

Tribunal says UK spies' Internet surveillance was unlawful

February 6, 2015

(AP)—U.K. spies acted illegally when they scooped up data about Britons' electronic communications gathered by the U.S. National Security Agency, a court ruled Friday in a landmark judgment against Britain's security services.

Report says NSA intercepts computer deliveries (Update)

December 29, 2013

A German magazine lifted the lid on the operations of the National Security Agency's hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft's ...

Group sues UK eavesdropping agency over hacking

May 13, 2014

A rights group is suing Britain's GCHQ eavesdropping agency over cyberattacks revealed by former intelligence worker Edward Snowden, saying it's the first time the agency has been sued over hacking.

Recommended for you

Startup Pi out to slice the charging cord

September 19, 2017

Silicon Valley youngster Pi on Monday claimed it had developed the world's first wireless charger that does away with cords or mats to charge devices.


Adjust slider to filter visible comments by rank

Display comments: newest first

4 / 5 (8) Feb 19, 2015
Snowden's a sharp, forward-looking hero, the whole world owes him a debt of gratitude. His revelations have just been dwarfed, as if that were possible, by the hard work and dedication of researchers at Moscow-based Kaspersky Lab with their discovery of the "Equation group." See How "omnipotent" hackers tied to NSA hid for 14 years—and were found at last
4.3 / 5 (6) Feb 19, 2015
More entertainment value from Snowden and a little more truth in the world.

Intelligence agencies need certain capabilities to do their jobs but the evidence of mass surveillance and misuse of their capabilities shows the do cross the line to the dark side. The Snowden leaks are allowing the people to consider and discuss what they are comfortable being done in their name. It also forces companies and countries to more carefully consider their IT security which can only be a good thing.
4.4 / 5 (7) Feb 19, 2015
...shows the do cross the line to the dark side...
^ shows they do cross the line to the dark-as-it-gets side ^ Fixed :)

Seems like everything they accuse the other side of, they're actually guilty of too, and worse things, and in greater numbers, and in many different countries. Now we see accusations of harvesting organs. Unbelievable. No black hole in the universe is as dark.
5 / 5 (1) Feb 20, 2015
[Comment also placed in update]
Why encrypt in the first place, if you don't intend to do it right. There are protocols for "perfect forward security". Or, it you can break in at a manufacturers place and break security by stealing the codes, the security architecture is wrong.
But this may be by intend.

A different thing all together is when from taxpayer paid agency people covertly introduce vulnerabilities in to security infrastructure.

I wouldn't be surprised, if the other big fraud story brought to light by Kaspersky (> 100 Banks) was aided by such vulnerabilities, backdoors and stolen secrets. After being spied by rivaling agencies it may have been leaked out to criminal organizations. Particularly in countries where such agencies and criminal organizations seamlessly overlap.
3.7 / 5 (6) Feb 20, 2015
I'm wondering if that kind of behavior will ever bite these agencies (and their entire countries). They're already way beyond what is reprehensible. At the moment any new revelation just seems like a quantitative difference on the order of "Oh, they didn't mass murder a million, they mass murdered 1.5 millon".

When will countries start to boycot US/UK tech-firms (or companies just stop having offices there)? I know that surveillance and hacking by them isn't limited to their own soil, but at some point the money-men behind the respective governments need to feel the pain. And other than by a boycot I see no easy way to do this.
2.6 / 5 (5) Feb 20, 2015
So now aa is accusing western countries including his own of the mass murder of millions. This while mass murder syndicates are just gearing up in the Middle East for the real thing.

Will the impending caliphate employ lessons learned from the NSDAP in disposing of the millions of infidels who are preventing it from filling up the earth with its own Ubermenschen? Allah admires efficiency I'm sure. How about vast guillotine abbatoirs? Sounds kosher.

But aa would blame this on the west as well. For in his mind if the west didn't exist then neither would the monsters it chooses to oppose. Ghengis Khan thrived on that sort of thinking.

When will the world begin to boycott countries whose leaders share such a debauched mindset? It takes atrocities to get many of them like Denmark and egypt and Jordan to act. Luckily the enemy revels in atrocity.
5 / 5 (2) Feb 20, 2015
When will countries start to boycot US/UK tech-firms (or companies just stop having offices there)?
Our government has banned Intel and windows from government computers. A reverse-engineering analysis showed backdoors at every hardware, firmware and os level
4 / 5 (1) Feb 20, 2015
I don't see spying per se as negative - but it should be ethical spying! Ethical spying will improve security similar to ethical hacking and it should be tightly controlled by democratic institutions. After all, it is good when defunct security is exposed along the way when legitimately trying to protect society. You don't know anyway if someone did it before anyway using it for more sinister tasks.
But what's really stupid and criminal, is subverting security, especially by public funded organizations.
This is crucial in view of a humanity transforming and integrating more and faster with technology. Subverting security is suicide.
not rated yet Feb 20, 2015
⇒ To Could not edit within 3' time period.
Rating is not working too.
(Samsung Galaxy Notes, Edition 2014)
not rated yet Feb 23, 2015
Seems like everything they accuse the other side of, they're actually guilty of too, and worse things, and in greater numbers, and in many different countries. Now we see accusations of harvesting organs. Unbelievable. No black hole in the universe is as dark.

@Protoplasmix -- Are you suggesting that NSA is "harvesting organs" ? Do you have the slightest evidence?
not rated yet Feb 23, 2015
When will countries start to boycot US/UK tech-firms (or companies just stop having offices there)?

@Antialias -- Be careful what you wish for. If there is an official boycott of US companies then we are entitled to levy countervailing duties on imports (on products of our choice) from Germany, etc. The proceeds from the duties may be split between the injured parties and the US Treasury. Also, reduced imports from Germany, etc. mean more jobs in the USA and in non-boycotting countries.
not rated yet Mar 07, 2015
Having access to every cell phone is ultimately the same as having access to none of them. Cell phone and internet networks providers are extorting obscene profits from us for our communication services that cost those same companies effectively nothing after the initial startup.

The endless clown march of paranoid Bozos wailing about super brain NSA thought/mind control comes at equal mind crushing decibels from the same painted puppets who cackle that these evil, megalomaniacal, bureaucrats are also drooling morons.

If you cannot outsmart babbling bureaucrats, then don't take any chances. Certainly do not break the law with a communication device. Same advice for personal privacy and secrets. Do not record these events. The only satisfying secret is the one only you CAN ever know.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.