Search the Community
Showing results for tags 'agencies'.
The world's biggest SIM card manufacturer, Gemalto, revealed yesterday to have been hacked by the NSA and GCHQ, has taken a $470m hit in its stock price. Gemalto was caught unawares by the revelation that the US and UK intelligence agencies had compromised its systems, and stole potentially millions of SIM card keys used to encrypt phone calls around the world. Gemalto supplies SIMs to 450 networks on Earth, from AT&T to T-Mobile, and launched an investigation. Speculation that the Dutch manufacturer may be forced to recall chips, incurring huge costs, caused its share price to fall eight per cent in early trading before recovering a little to four per cent down on closing. Obtaining SIM card private keys allows intelligence agencies to decrypt intercepted calls without anyone knowing – not the users, the network operators nor the handset manufactures. Communications eavesdropped today, yesterday or five years ago can be decoded once a SIM's Ki key is obtained. The company issued a statement today in which it promised to get to the bottom of the hack: "Gemalto is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.” Incensed Security watchers praised the company for its prompt and forthright response. But privacy and communications experts are incensed by the latest revelations about GCHQ/NSA warrantless mass surveillance. The World Wide Web Foundation has called for urgent steps to be taken to secure private calls and online communications. Its chief exec Anne Jellema commented: "The news that US and UK spy agencies hacked the network of a Dutch company to steal encryption keys for billions of SIM cards is truly shocking. "Possession of these keys would allow these agencies to access private calls, web browsing records and other online communications without any of the legal safeguards and processes in place to prevent abuses of power.” Jellema argued that the surveillance would undermine trust in mobile payments, among other concerns. “This is yet another worrying sign that these agencies think they are above the law. Apart from its blatant disregard for multiple human rights, this foolish move undermines the security and future of the global mobile payments industry." She noted that any security weakness or backdoors into a cryptographic system might also be exploited by third-party cybercriminals and called for an investigation into GCHQ including "a full and frank disclosure as to why they hacked a private company, and one headquartered in an ally country." Other security experts warned that other intelligence agencies may be up to the same tricks. Andrew Conway, research analyst at Cloudmark, said: “The ease with which the NSA and GCHQ were able to compromise all mobile communications is shocking. But there are other nation state actors with just as much determination and sophisticated hackers. In particular, China's Axiom Group has shown remarkable abilities to penetrate targets in the West.” Not just the NSA? He highlighted other worrying accounts of mobile companies being targeted: "Last year, mobile security company ESD revealed that they had detected a network of fake mobile phone towers intercepting communications near US military bases. It was assumed that whoever was responsible was just collecting metadata, because 3G and 4G communications are encrypted. Could it be that this was some foreign espionage agency with the ability to listen to US mobile phone calls? Or perhaps it was the NSA monitoring all civilian phone calls near military bases for possible terrorist activity? Regardless, it is clear that mobile communications have been badly compromised.” A complete revamp of mobile comm security may eventually be required, Conway concluded. "In the short term organizations requiring secure voice communications can consider deploying mobile devices with another layer of encryption, such as Blackphone or Cryptophone. In the long term, we need to do a better job of end-to-end encryption of all mobile and fixed line communications - which will include not relying on a single master key for all communications." Source
Crypto pioneer Phil Zimmermann has labelled UK Prime Minister David Cameron’s anti-encryption plans as "absurd". Zimmermann, creator of the PGP email privacy package, countered Cameron's argument that encryption is creating a means for terrorists and child abusers to communicate in private, arguing instead that intelligence agencies such as GCHQ and the NSA have "never had it so good". Strong encryption technology is one of the few success stories in online security, according to the co-founder of secure communications firm Silent Circle. Cameron is pushing the idea of banning crypto products that UK spies are unable to access, an idea he first floated in a recent speech before lobbying US President Barack Obama on the issue. Unsurprisingly, Zimmermann is unimpressed with an anti-encryption policy the Conservative Party plans to write into its manifesto for the forthcoming UK general election. "It’s absurd," Zimmermann told The Guardian. "We fought the crypto wars in the 1990s, and that matter has been settled. End-to-end encryption is everywhere now: in browsers, online banking. If you have strong encryption between your web browser and your bank, you can’t have a man in the middle from the government wiretapping that." The FBI and intel agencies such as MI5 have been vocal in complaining that strong encryption technologies are paving the path toward a dark web where they will no longer be able to intercept terrorists' communications. Zimmermann said ubiquitous CCTV cameras and other technologies mean that spy agencies are enjoying a "golden age of surveillance" comparable with the world as depicted by TV show Person of Interest. "They can see everything: they’ve got face recognition algorithms looking through cameras on the streets, optical recognition cameras at bridges, tunnels and traffic lights," Zimmermann said. "They can track movements, transactions, who’s having lunch with whom, who’s sleeping with whom. They can see everything!" "To complain that end-to-end encryption is crippling them, well, it's like having a couple of missing pixels in a large display. They have the rest of the display! They’ve never had it so good. They didn’t have this stuff 20 years ago," he added. Cameron's anti-encryption policies would reduce the UK to the level of Colombia 10 years ago, when not even banks were allowed to use encryption, said Zimmermann, who addressed Colombian lawmakers debating the introduction of encryption at the time. "Not even banks! And the banks were getting robbed by hackers (accounts were getting cleaned out) because people like David Cameron who don’t like encryption said nobody could use it," he added. Rather than being fearful of encryption the government should be encouraging enterprises to adopt it in order to safeguard privacy in cases where corporate system are breached. Zimmermann hopes that more enterprises will take lessons from the Sony Pictures megahack and use it as a spur to kick ahead with encryption projects, an idea he explores in greater depth in a post on Silent Circle's blog. Source