GCHQ and the NSA tracked and spied on innocent employees and tapped into regulatory firms into order to break into the world’s most popular mobile phone networks.
The new reveal, courtesy of whistleblower Edward Snowden, showcased how 701 of the estimated 985 mobile networks across the globe had been infiltrated by security services.
According to a leaked NSA presentation, this was achieved by spying on the private correspondence of workers within the telecoms industry. Lifting technical documents and encryption keys from these communications the NSA gained access to mobile call data.
The tapping system, named AURORAGOLD, needed between 363 and 1,354 staff to be tracked and spied on by the NSA and GCHQ. As a result, it is now assumed that intelligence agencies can crack the secure A5/3 encryption used by 3G phones to protect private phone calls.
The NSA’s Target Technology Trends Center (which works under the motto “Predict, Plan, Prevent”) actively worked within global standards bodies like the GSMA. This was in order to get advanced copies of new security protocols – presumably so they could be cracked before release.
Snowden’s documents highlight how leading members of the GSMA were targeted for surveillance, yet don’t mention whether or not the intelligence services introduced backdoors to security standards before they were released.
“There’s nothing in here that suggests that the NSA has been actively trying to subvert standards from within,” said security guru Bruce Schneier, according to The Register. “In fact, it would be pretty difficult to do so. I suspect they are just sitting back and watching others make mistakes, and then exploiting them.”
Setting up access from within is certainly one of the NSA’s favourite tactics. In 2013 it was revealed the intelligence service had created secret backdoors in many major US tech companies.
Both the NSA and the GSMA have so far declined to comment.