{"id":54197,"date":"2015-02-23T12:11:29","date_gmt":"2015-02-23T12:11:29","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=54197"},"modified":"2015-05-05T21:26:03","modified_gmt":"2015-05-05T20:26:03","slug":"european-lawmakers-demand-answers-on-phone-key-theft","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2015\/02\/european-lawmakers-demand-answers-on-phone-key-theft\/","title":{"rendered":"European Lawmakers Demand Answers on Phone Key Theft"},"content":{"rendered":"
\"Peter<\/a>

Peter Dejong\/AP<\/p><\/div>\n

20 Feb 2015 – <\/em>European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world\u2019s largest manufacturer of mobile SIM cards, following a report published by The Intercept [on TMS]<\/em> Thursday<\/a> [19 Feb 2015].<\/p>\n

The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys.<\/p>\n

The European Parliament\u2019s chief negotiator on the European Union\u2019s data protection law, Jan Philipp Albrecht, said the hack was \u201cobviously based on some illegal activities.\u201d<\/p>\n

\u201cMember states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,\u201d Albrecht told the Wall Street Journal<\/em><\/a>.<\/p>\n

Sophie in \u2019t Veld, an EU parliamentarian with D66, the Netherlands\u2019 largest opposition party, added, \u201cYear after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet [\u2026] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.\u201d<\/p>\n

\u201cIf the average IT whizzkid breaks into a company system, he\u2019ll end up behind bars,\u201d In \u2019t Veld added in a tweet<\/a> Friday [20 Feb 2015].<\/p>\n

The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. \u201cWe even get letters from the U.K. government saying we shouldn\u2019t deal with these issues because it\u2019s their own issue of national security,\u201d Albrecht said.<\/p>\n

Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw\u2019s request.<\/p>\n

Additionally, European legal experts tell The Intercept,\u00a0<\/em>public prosecutors in EU member states that\u00a0are both party to the Cybercrime Convention, which\u00a0prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company\u2019s systems.<\/p>\n

According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto\u2019s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year.<\/p>\n

The company\u2019s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. \u201c[We] believe we have their entire network,\u201d GCHQ boasted in a leaked slide, referring to the Gemalto heist.<\/p>\n

In a statement<\/a> Friday, Gemalto said it was not the target of the attack \u201cper se\u201d but that the operation \u201cwas an attempt to try and cast the widest net possible to reach as many mobile phones as possible,\u00a0with the aim to monitor mobile communications without mobile network operators and users consent.\u201d<\/p>\n

\u201cWe cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,\u201d the company added. \u201cWe take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.\u201d<\/p>\n

While Gemalto was indeed another casualty in Western governments\u2019 sweeping effort to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. According to the materials published Thursday, GCHQ used<\/a> a specific codename\u00a0\u2014\u00a0DAPINO GAMMA \u2014 to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the world in an effort to steal the company\u2019s encryption keys.<\/p>\n

Evidence of the Gemalto breach rattled the digital security community.<\/p>\n

\u201cAlmost everyone in the world carries cell phones and this is an unprecedented mass attack on the privacy of citizens worldwide,\u201d said Greg Nojeim, senior counsel at the Center for Democracy & Technology, a non-profit that advocates for digital privacy and free online expression. \u201cWhile there is certainly value in targeted surveillance of cell phone communications, this coordinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.\u201d<\/p>\n

Dutch security officials have indicated that they had no part in the Gemalto hack. A spokesperson for the Dutch interior minister told The Intercept <\/em>the country\u2019s intelligence service \u201cdoes not cooperate\u201d with hacking attempts and other surveillance by \u201ca foreign service to practices that are not allowed.\u201d<\/p>\n

For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world\u2019s top spy agencies made an immediate financial impact. The company\u2019s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto\u2019s shares fell as much 10 percent Friday morning. They had recovered somewhat \u2014 down 4\u00a0percent \u2014 by the close of trading on the Euronext stock\u00a0exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall \u201ca large number\u201d of SIM cards.<\/p>\n

The French daily L\u2019Express<\/em> noted<\/a> today that Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel\u2019s board in 2002, when he was\u00a0appointed<\/a>\u00a0CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly\u00a0insinuating<\/a>\u00a0that American spies could infiltrate the company. In 2003, a group of French lawmakers\u00a0tried unsuccessfully<\/a>\u00a0to create a commission to investigate Gemplus\u2019s ties to the CIA and its\u00a0implications for the security of SIM cards.\u00a0Mandl, an Austrian-American businessman who was once a top executive at AT&T, has denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said<\/a> he did not even have a security clearance.<\/p>\n

AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world\u2019s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, \u201c[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.\u201d<\/p>\n

Deutsche Telekom AG, a German company, said it has changed encryption algorithms in its Gemalto SIM cards.<\/p>\n

\u201cWe currently have no knowledge that this additional protection mechanism has been compromised,\u201d the company said in a statement. \u201cHowever, we cannot rule out this completely.\u201d<\/p>\n

Update<\/strong>: Asked about the SIM card heist,\u00a0White House press secretary Josh Earnest said<\/a> he did not expect the news would hurt relations with the tech industry:<\/p>\n

\u201cIt\u2019s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so.\u00a0So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate on these efforts, both to keep the country safe, but also to protect our civil liberties.\u201d<\/em><\/p>\n

_____________________________<\/em><\/p>\n

Email the authors: ryan.devereaux@theintercept.com<\/a>, cora.currier@theintercept.com<\/a><\/em><\/p>\n

Go to Original \u2013 firstlook.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

20 Feb 2015 – European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world\u2019s largest manufacturer of mobile SIM cards, following a report published by The Intercept [on TMS] Thursday [19 Feb 2015].<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[51],"tags":[],"class_list":["post-54197","post","type-post","status-publish","format-standard","hentry","category-europe"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/54197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=54197"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/54197\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=54197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=54197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=54197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}