An announcement from Edward Snowden overnight has thrown light on a terrifying new development in the surveillance of private citizens by governments in the UK and US. According to a new report from The Intercept, government operatives from the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ) hacked into the network of SIM manufacturer Gemalto and stole top level encryption keys allowing them to potentially access almost any mobile communication in the world.
Gemalto is the company who manufactures the majority of SIM cards each year, manufacturing around 2 billion SIM cards a year. The company has contracts with around 450 wireless network operators in 85 countries around the world. The theft of the keys potentially allows unprecedented access to mobile communications. As The Intercept points out
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
According to The Intercept, the breach occured in 2010, so this ability to access communications has been around for at least five years. There’s a lot more information and analysis in The Intercepts article, which we recommend you check out.