[kictanet] Snowden files show NSA's AURORAGOLD pwned 70% of world's mobile networks

S.M. Muraya murigi.muraya at gmail.com
Sat Dec 6 13:24:46 EAT 2014 

Thinking about the Safaricom Surveillance system...

http://www.theregister.co.uk/2014/12/04/snowden_files_show_nsas_auroragold_pwned_70_of_worlds_mobile_networks/

Snowden files show NSA's AURORAGOLD pwned 70% of world's mobile networksBrits
and Yanks snoop on security standards bods
By Iain Thomson <http://www.theregister.co.uk/Author/2395>, 4 Dec 2014

The NSA, and its British counterpart GCHQ, spied on innocent telco
employees and standards bodies to tap into mobile phone networks worldwide,
according to the latest leak from the Edward Snowden archive.

The mobile tapping system, dubbed AURORAGOLD, successfully cracked 701 of
an estimated 985 cellular networks worldwide, according to the leaked NSA
presentation released by The Intercept
<https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/>
.

This was done by snooping on the private communications of key workers
within the industry to capture technical documentation and encryption keys
that allowed the agency access to mobile calls. Between November 2011 to
April 2012, computers used by somewhere between 363 and 1,354 staff were
infiltrated to get the data the NSA required.

AURORAGOLD is managed by the NSA's Wireless Portfolio Management Office,
and the agency appears to have cracked more advanced forms of encryption
used on the networks – sometimes even before it was rolled out for
commercial use.

The encryption is supposed to prevent eavesdroppers from listening to
private phone conversations. It was assumed intelligence agencies can break
the widely used A5/1 <http://en.wikipedia.org/wiki/A5/1> algorithm; now we
know GCHQ and the NSA have been working on cracking
<https://firstlook.org/theintercept/document/2014/12/04/wolframite-encryption-attack>
the
supposedly stronger A5/3
<http://www.theregister.co.uk/2010/01/13/gsm_crypto_crack/> used in 3G. For
that, the Brits needed a £4m system to attack the cipher by 2012.

Spies do spying, of course. And to do this, the NSA's Target Technology
Trends Center (TTTC) works within standard bodies like the GSM Association
to get advanced copies of new security protocols so that it can work out
how to break them ahead of deployment. The TTTC even has a nifty little
logo of a telescope on a world map and a slogan stating "Predict – Plan –
Prevent."

The documents <https://firstlook.org/theintercept/documents/> state GSMA
members were specifically targeted
<https://prod01-cdn02.cdn.firstlook.org/wp-uploads/sites/1/2014/12/working-groups.png>
for
surveillance, but doesn't state explicitly that the intelligence community
has actively tried to introduce vulnerabilities into standards so that it
would have easier access.

"There's nothing in here that suggests that the NSA has been actively
trying to subvert standards from within," said security guru Bruce
Schneier. "In fact, it would be pretty difficult to do so. I suspect they
are just sitting back and watching others make mistakes, and then
exploiting them."

The GSMA declined to comment on the latest Snowden leaks, saying that it
would have to consult with its lawyer before making any statement,
according to its spokeswomen Claire Cranton.

"If there is something there that is illegal then they will take it up with
the police," she said.

Subverting standards from within is certainly within the NSA's playbook.
Earlier Snowden leaks suggest
<http://www.theregister.co.uk/2013/12/21/nsa_paid_rsa_10_million/> RSA was
paid $10m to use, by default in its software, the dodgy Dual EC DRBG
algorithm the agency introduced
<http://www.theregister.co.uk/2014/07/14/nist_looks_to_nip_overdependance_on_nsa_cryptography_with_new_rules/>
via
the US National Institute of Standards and Technology. RSA has consistently
denied claims it promoted weak security, and no longer uses Dual EC DRBG in
its products.

"NSA collects only those communications that it is authorized by law to
collect in response to valid foreign intelligence and counterintelligence
requirements - regardless of the technical means used by foreign targets,
or the means by which those targets attempt to hide their communications,"
said the NSA in a statement. ®
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20141206/326ded0d/attachment.htm>

More information about the KICTANet mailing list