NSA hacks 70% of global mobile phone networks

American spy agency NSA infiltrated most of the world's smartphone networks.

Germans reveal new NSA XKeyScore internet monitoring
Germans reveal new NSA XKeyScore internet monitoring

The US NSA intelligence agency, supported by Britain's GCHQ, spied on hundreds of telecoms companies and their employees – including London-based trade body GSMA – to infiltrate and plant backdoors in mobile phone networks worldwide, according to the latest Snowden revelations.

Under its AURORAGOLD programme, the NSA tapped into 70 percent of the world's mobile phone networks between 2010 and 2012, a total of 701 of the estimated 985 networks.

It did this by intercepting the communications from around 1,200 email accounts associated with major mobile phone network operators.

This enabled the NSA to find security weaknesses and hack into the networks, by gaining details of their latest technology and encryption standards.

But according to documents seen by The Intercept - which has published a series of revelations based on material from whistleblower Edward Snowden - the spy agency also planted its own backdoors.

The Intercept says: “The documents reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into - a controversial tactic that security experts say could be exposing the general population to criminal hackers.”

The report adds that “one of the prime targets monitored” was the UK-based GSMA (the GSM Association) which represents the interests of nearly 800 mobile operators worldwide.

“The files reveal that the NSA specifically targeted the GSMA's working groups for surveillance,” The Intercept says.

The NSA focused on intercepting ‘IR.21' documents shared among GSMA members, which detail the new technology and encryption methods used by mobile phone network operators. Its aim was to circumvent the latest mobile phone encryption algorithms such as A5/3 – and in this it was supported by GCHQ.

The Intercept says: “In 2009 GCHQ conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a ‘crypt attack' to penetrate the A5/3 algorithm.

“By 2011 GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption.”

The report shows AURORAGOLD helped the US military hack into cellphone networks in ‘hostile' countries, such as Libya in 2011. But the NSA also targeted allied states.

The Intercept says a “top-secret world map” dated June 2012 “suggests that the NSA has some degree of ‘network coverage' in almost all countries on every continent, including in the US and closely allied countries such as the UK, Australia, New Zealand, Germany and France”.

The information obtained was also shared with the UK, Canada, Australia and New Zealand.

The revelations have raised concerns within the UK cyber-security community over the security of mobile phone networks, and the extent to which the NSA has planted backdoors or left open security gaps within them.

Tom Gaffney, a UK security consultant with F-Secure, told SCMagazineUK.com: “What it reveals is in addition to what Snowden's already shown us - which is that governments have various taps into the telecoms networks globally.

“Previously we always understood this was backdoors into them, and as we've seen with Vodafone through Cable & Wireless, occasionally the surveillance authorities would employ people to go and work at those telecoms.

“But this takes it another full step beyond that. They're trying to influence not only how the networks operate, but actually how they're designed. And fundamentally, putting backdoors into the networks is a very bad idea because of course they're open to anybody else.”

Gaffney explained: “There is no such thing as backdoors only for governments. They will be exploited by criminals, by totalitarian governments. They will all use the same techniques once discovered. It absolutely opens the backdoor in for the kind of people monitoring networks that we don't want, that will affect democracy.”

He was also concerned at the surveillance of GSMA as the trade body “crosses into standards and has influence on how networks standards are applied across the world”.

John Walker, a Professor at Nottingham-Trent University and director of cyber-security consultancy ISX, was equally worried over the direction cyber-security is now moving.

He told SCMagazineUK.com via email: “For many years now there have been suspicions that products like encryption applications have been backdoor-ed, and there has been concerns that folk like the NSA have some very cosy relationships with telcos, and so their potential to access what is supposed to be secure is high.

“Realising we live in dangerous times, such actions should be anticipated. However, if this also dictates that applications are allowed to be compromised, or remain extant with known vulnerabilities, then I am really not sure what this says for the future of what we now call 'cyber-security'.”

Asked for its response to The Intercept report, GSMA spokesperson Claire Cranton told SCMagazineUK.com via email: “We are currently investigating the claims made in the piece and are unable to offer any further comment at this time.”

* The latest revelations coincide with the introduction of a new bill to the US Senate on 4 December that would specifically ban government agencies from introducing backdoors or security vulnerabilities into US mobile phones and computers. The bill's backer, Senator Ron Wyden, said his Secure Data Act aims “to protect Americans' privacy and data security”.