Investigative reporters Jeremy Scahill and Josh Begley have an explosive article in The Intercept based on yet more documents provided by Edward Snowden that shows that the intelligence agencies of the US and Britain have no compunction whatsoever about engaging in illegal actions and hacking into private companies in their desire to get as much spying power over everyone as they can.
This time the documents show that they hacked into a Dutch company called Gemalto, that promotes itself as the world leader in digital security and manufactures the SIM cards that are in our phones, to get the encryption keys used to guard the privacy of the devices, enabling them to capture all the communications by the users of the phones.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
The infiltration of Gemalto was done by a unit called the Mobile Handset Exploitation Team (MHET) whose existence was not known before. This unit was created because the newer 3G, 4G, and LTE protocols have sophisticated encryption systems that were hard to hack and so the NSA and GCHQ decided to go for the easier route and steal the keys at the source. They did this by cyberstalking Gemalto’s employees in order to find out more about them and what they do and thus be able to intercept the encryption keys as they were being shipped from Gemalto to the wireless network providers.
As usual, president Obama and British leaders have been brazenly lying about their governments’ actions.
On January 17, 2014, President Barack Obama gave a major address on the NSA spying scandal. “The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures,” he said.
The monitoring of the lawful communications of employees of major international corporations shows that such statements by Obama, other U.S. officials and British leaders — that they only intercept and monitor the communications of known or suspected criminals or terrorists — were untrue. “The NSA and GCHQ view the private communications of people who work for these companies as fair game,” says the ACLU’s Soghoian. “These people were specifically hunted and targeted by intelligence agencies, not because they did anything wrong, but because they could be used as a means to an end.”
Ryan Devereaux and Cora Currier of The Intercept report that Gemalto and Dutch security agencies say they had no knowledge of this hacking operation. Now some European lawmakers are demanding an investigation into how the theft was carried out. While the violation of the privacy of their citiznes has not caused too much distress for governments (unless it is of high-ranking officials like German chancellor Angela Merkel), nations tend to be protective of their own industries and the fact that Gemalto’s stock took an immediate dive on the news may influence how seriously they view the matter. The European parliament cannot itself carry out such an investigation, only individual governments can, but opposition members of the Netherlands parliament are raising the issue.
It is not clear if the Dutch government colluded with the US and UK in this effort. The US, with its sidekick the UK, essentially runs a Mafia-style protection racket. Smaller nations know that the US can hurt them in many ways if they don’t turn a blind eye to their illegalities. These nations tend to look the other way in order not to anger the big international bullies.
Gemalto and other companies say that they have changed their systems to improve security. I feel that we cannot depend upon governments to protect our privacy. It is only if private companies see it as being in their own business interests to improve their security and not collude with governments to spy on us that we will get anywhere.