Sunday, February 22, 2015

Why the NSA and GCHQ stole encryption keys … – The World

. The headquarters of the British electronic intelligence (GCHQ) in Cheltenham (South West England)

The Intercept The site revealed that the British Secret Service (GCHQ), aided by the Americans (NSA) had hacked email and Facebook accounts Gemalto employees, the next world leader in the manufacture of CAC40 SIM cards. These hacks have allowed British and American agents to get their hands on SIM card encryption keys for mobile phones

Read:. The encryption keys SIM cards massively stolen by NSA and GCHQ

Here are some keys to understanding this major hacking:

  • What is a SIM card ?

The SIM card is in the form of a small plastic rectangle with an electronic chip. It is this chip that allows the telephone operator to link a telephone, number and its data (calls, SMS …). Historically, security was not very successful: the beginnings of the mobile consumer, SIM cards designed to work on 2G using poorly protected protocols, which have been replaced by more efficient protocols for 3G networks 4G. But the security of communications has never been the “mission” SIM cards: their users, namely telephone operators, seeking above all a tool that would allow them to charge communications accurately and avoid fraud

  • What is an “encryption key ” SIM card?

This “key “is a series of characters that confirms the identity of the phone on the network. In summary, each SIM card has its own key, linked to another key in possession of the telephone company. When the mobile tries to connect to the network, the operator can check the phone is what it purports to be, and establish an encrypted communication. Intercept this communication is not very difficult, but decrypt the contents of it without the key is complex and requires significant computing resources.

  • What is the role of Gemalto in this case?

almost all telephone operators do not produce their own SIM cards. It is much more economical to outsource this production, which requires factories equipped and some know-how, a specialized company. Gemalto, a Dutch company, but international teams are based in Paris and is listed on the CAC40, is precisely the world leader in the production of SIM cards. The company specializes in secure chips, and also designs for bank cards or passports. Gemalto is the main victim of piracy, which targeted some of its employees to steal encryption keys. The documents published by The Intercept shows that some of its competitors were also targeted by British and American services, including German Giesecke.

  • Why the NSA and GCHQ did they want to steal these encryption keys?

Once these keys in their possession, the intelligence agencies can implement very discreetly very thorough surveillance. By setting up their own mobile reception antennas, these agencies can then “trap” the user of a telephone, and read “in the clear” conversations and messages. Another advantage, this method leaves very little trace and is difficult to detect, for the user and the operator. It is therefore suitable for mass surveillance.

  • Can we protect against monitoring his phone if an intruder has the encryption key?

Yes, using a second encryption system – secure messaging, for example -: the intruder can not spy on the conversations in this application

  • What do GCHQ and NSA?

As usual, the two intelligence agencies have not commented on the The Intercept revelations. The NSA has simply refused to answer questions on the site, while the GCHQ merely assert that its operations are conducted “ in strict compliance with the law and procedures ,” with controls “ ensuring that they are conducted in a manner authorized, necessary and proportionate .”

  • What are the policy responses?

The answer GCHQ has boosted Dutch MEP Sophie In’t Veld, member of the Committee on Civil Liberties and very critical of the NSA surveillance methods. “ If it is ‘in the strict framework of the law’, one wonders what may be outside of the law” , she wrote on her Twitter account.

In France, nor the Elysee, and no minister has wanted to react to these revelations. Bernard Cazeneuve, which is this Friday in Silicon Valley to meet with the heads of major Web companies could, however, follow the party on this issue.

  • Will -it legal action on this matter?

Gemalto, who announced Friday morning have launched an extensive internal audit to confirm or deny the revelations of The Intercept and looking for security holes, has not announced plans to file a complaint. However, the European Commission could launch an investigation. – Sophie In’t Veld filed a parliamentary question in the sense

LikeTweet

No comments:

Post a Comment