- 注册
- 2012-02-27
- 消息
- 9,440
- 荣誉分数
- 2,120
- 声望点数
- 273
美英窃取全球数十亿手机SIM卡信息 zt
英国《卫报》19日报道,美国中央情报局前员工爱德华・斯诺登最新披露的资料显示,美英两国的情报机构入侵了世界最大的手机sim卡制造商,从而可以不受限制地访问全球数十亿部手机。
美国国家安全局(NSA)和英国政府通信总部(GCHQ)入侵了荷兰sim卡制造商金雅拓公司(Gemalto),窃取了加密秘钥,这样他们就能秘密地监控手机上的通话和数据信息,而不会被电信公司和外国政府所察觉。
NSA的这一计划名为X-KEYSCORE,金雅拓公司2010年4月成为他们的目标。NSA当年的机密文件显示,他们2009年就具备了每秒钟破解1200万至2200万秘钥的能力。专家表示这种行为违反了国际法。
法律援助公益组织电子前哨基金会(EFF)的律师马克・鲁莫德(Mark Rumold)表示,英美情报机构无疑违反了荷兰法律,而且极可能违反了世界其他国家和地区的法律。
“他们等于掌握了我们房门的钥匙,”鲁莫德说,“这严重干涉了隐私权,不仅是在美国,在国际上都是如此。”
这次入侵的规模及其国际影响将很可能重新撕开美国外交的伤口。在斯诺登事件的影响下,奥巴马政府面临着来自德国、巴西等国的指责。
《卫报》此前披露的文件显示,德国总理默克尔是NSA的监听对象,这让美德关系蒙上阴影。而巴西总统罗塞夫也曾公开指责NSA违法国际法。
美国政府此前还多次指责中国政府发动网络攻击,去年5月还以所谓的网络窃密为由起诉了5名中国军官。
美国约翰霍普金斯大学信息安全研究所密码学家马修・格林(Matthew Green)表示,“这是规模庞大的入侵。而问题是攻击可能还在继续。”
金雅拓公司每年生产20亿张sim卡,其客户包括美国电信公司AT&T、Sprint、T-Mobile和Verizon等。该公司的业务遍及85个国家,向全球大约450家无线网络运营商供应sim卡。金雅拓在上世纪90年代进入中国,目前跟中国移动、中国联通、中国电信等均有合作。财经网2010年的一篇报道称,中国采购量占该公司全球sim卡销量的45%
金雅拓执行副总裁Paul Beverly表示:“事情已经发生,这令我相当担心和不安。目前我们只想知道这可能会对客户产生什么样的后果”。
公益组织美国公民自由联盟(ACLU)首席技术专家克里斯・索菲安(Chris Soghoian)告诉卫报,在这次入侵之后,间谍只需“在柏林的使馆放一根天线,就能窃听该区域的任何通话。”
使用3G和4G网络的手机通信是经过加密的,但是在秘钥被破解之后,间谍就能窃听任何一通电话,除非手机用户进行额外加密。
Sim card database hack gave US and UK spies access to billions of cellphones
International row likely after revelations of breach that could have given NSA and GCHQ the power to monitor a large portion of world’s cellular communications
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. Photograph: Kimmo Mntyl /Rex Features
American and British spies hacked into the world’s largest sim card manufacturer in a move that gave them unfettered access to billions of cellphones around the globe and looks set to spark another international row into overreach by espionage agencies.
The National Security Agency (NSA) and its British equivalent GCHQ hacked into Gemalto, a Netherlands sim card manufacturer, stealing encryption keys that allowed them to secretly monitor both voice calls and data, according to documents newly released by NSA whistleblower Edward Snowden.
The breach, revealed in documents provided to The Intercept, gave the agencies the power to secretly monitor a large portion of the world’s cellular communications, which experts said violated international laws.
Mark Rumold, staff attorney at the Electronic Frontier Foundation, said there was no doubt that the spy agencies had violated Dutch law and were in all probability violating laws in many other territories when they used the hacked keys.
“They have the functional equivalent of our house keys,” he said. “That has serious implications for privacy not just here in the US but internationally.”
The scale of the hack and its international reach will likely reopen wounds in the diplomatic community. The Obama administration faced intense criticism from Germany, Brazil and other nations following the Snowden leaks and has been working hard recently to repair the damage.
Previous documents disclosed by the Guardian showed Angela Merkel, the German chancellor, was the target of an NSA spying campaign, a revelation that has soured US-German relations. Brazil’s president Dilma Rousseff has alreadyaccused the NSA of violating international law.
“It’s a big breach,” Matthew Green, a cryptologist at the Johns Hopkins Information Security Institute, told the Guardian. “The problem is that the attacks could still be ongoing.”
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. The Netherlands company operates in 85 countries around the world and provides cards to some 450 wireless network providers globally.
The stolen encryption keys would allow intelligence agencies to monitor mobile communications without the approval or knowledge of telecom companies and foreign governments.
Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Guardian the hack would allow spies to “put an aerial up on the embassy in Berlin and listen in to anyone’s calls in the area”.
Calls made on 3G and 4G mobile networks are encrypted. But with the keys, which a GCHQ slide described as living “in the phone”, spies could access any communication made on a device unless its owner uses an extra layer of encryption.
Soghoian said the latest Snowden revelations meant that it was difficult for anyone to trust the security of a mobile phone. “It is very unlikely that this is an issue that is going to be fixed anytime soon,” he said. “There is no reason for people to trust AT&T, Verizon or anyone at this point. Their systems are hopelessly insecure.”
“The real value of this is that it allows bulk surveillance of telecoms without anyone getting caught,” Soghoian said of hacks like the one at Gemalto, which he said would allow the spy agencies to target “whoever they wanted”.
“In countries where the government will not cooperate, that’s very useful,” he said. “It’s also very useful in countries where the government would help. Germany would allow spy on a suspected terrorist but not on [Angela] Merkel.”
Paul Beverly, a Gemalto executive vice president, told The Intercept that the company was totally oblivious to the penetration of its systems. “I’m disturbed, quite concerned that this has happened,” he said. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”
According to the Snowden documents, Gemalto was targeted by the Mobile Handset Exploitation Team (MHET), a unit formed by the NSA and GCHQ in April 2010 to target vulnerabilities in cell phones.
The Intercept reports that in one GCHQ slide, the British intelligence agency boasted it had planted malware – malignant software – on several of Gemalto’s computers, giving GHCQ access to “their entire network”.
Green, from Johns Hopkins, said the scale of the hack – “apparently a huge percentage” of the sim cards at Gemalto – would mean a massive replacement process.
“Suppliers are going to have to tighten up their practices before anyone can think about fixing this,” he told the Guardian, “and that’s going to be a nightmare.”
The keys were obtained after a clandestine operation targeting the email and Facebook accounts of Gemalto employees and other telecom executives. GCHQ operatives singled out key individuals within Gemalto and then hacked their private accounts.
One Gemalto employee in Thailand was identified as “a good place to start” after he was observed sending encrypted files, a move the agents suggested meant he was sending valuable information.
英国《卫报》19日报道,美国中央情报局前员工爱德华・斯诺登最新披露的资料显示,美英两国的情报机构入侵了世界最大的手机sim卡制造商,从而可以不受限制地访问全球数十亿部手机。
美国国家安全局(NSA)和英国政府通信总部(GCHQ)入侵了荷兰sim卡制造商金雅拓公司(Gemalto),窃取了加密秘钥,这样他们就能秘密地监控手机上的通话和数据信息,而不会被电信公司和外国政府所察觉。
NSA的这一计划名为X-KEYSCORE,金雅拓公司2010年4月成为他们的目标。NSA当年的机密文件显示,他们2009年就具备了每秒钟破解1200万至2200万秘钥的能力。专家表示这种行为违反了国际法。
法律援助公益组织电子前哨基金会(EFF)的律师马克・鲁莫德(Mark Rumold)表示,英美情报机构无疑违反了荷兰法律,而且极可能违反了世界其他国家和地区的法律。
“他们等于掌握了我们房门的钥匙,”鲁莫德说,“这严重干涉了隐私权,不仅是在美国,在国际上都是如此。”
这次入侵的规模及其国际影响将很可能重新撕开美国外交的伤口。在斯诺登事件的影响下,奥巴马政府面临着来自德国、巴西等国的指责。
《卫报》此前披露的文件显示,德国总理默克尔是NSA的监听对象,这让美德关系蒙上阴影。而巴西总统罗塞夫也曾公开指责NSA违法国际法。
美国政府此前还多次指责中国政府发动网络攻击,去年5月还以所谓的网络窃密为由起诉了5名中国军官。
美国约翰霍普金斯大学信息安全研究所密码学家马修・格林(Matthew Green)表示,“这是规模庞大的入侵。而问题是攻击可能还在继续。”
金雅拓公司每年生产20亿张sim卡,其客户包括美国电信公司AT&T、Sprint、T-Mobile和Verizon等。该公司的业务遍及85个国家,向全球大约450家无线网络运营商供应sim卡。金雅拓在上世纪90年代进入中国,目前跟中国移动、中国联通、中国电信等均有合作。财经网2010年的一篇报道称,中国采购量占该公司全球sim卡销量的45%
金雅拓执行副总裁Paul Beverly表示:“事情已经发生,这令我相当担心和不安。目前我们只想知道这可能会对客户产生什么样的后果”。
公益组织美国公民自由联盟(ACLU)首席技术专家克里斯・索菲安(Chris Soghoian)告诉卫报,在这次入侵之后,间谍只需“在柏林的使馆放一根天线,就能窃听该区域的任何通话。”
使用3G和4G网络的手机通信是经过加密的,但是在秘钥被破解之后,间谍就能窃听任何一通电话,除非手机用户进行额外加密。
Sim card database hack gave US and UK spies access to billions of cellphones
International row likely after revelations of breach that could have given NSA and GCHQ the power to monitor a large portion of world’s cellular communications
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. Photograph: Kimmo Mntyl /Rex Features
American and British spies hacked into the world’s largest sim card manufacturer in a move that gave them unfettered access to billions of cellphones around the globe and looks set to spark another international row into overreach by espionage agencies.
The National Security Agency (NSA) and its British equivalent GCHQ hacked into Gemalto, a Netherlands sim card manufacturer, stealing encryption keys that allowed them to secretly monitor both voice calls and data, according to documents newly released by NSA whistleblower Edward Snowden.
The breach, revealed in documents provided to The Intercept, gave the agencies the power to secretly monitor a large portion of the world’s cellular communications, which experts said violated international laws.
Mark Rumold, staff attorney at the Electronic Frontier Foundation, said there was no doubt that the spy agencies had violated Dutch law and were in all probability violating laws in many other territories when they used the hacked keys.
“They have the functional equivalent of our house keys,” he said. “That has serious implications for privacy not just here in the US but internationally.”
The scale of the hack and its international reach will likely reopen wounds in the diplomatic community. The Obama administration faced intense criticism from Germany, Brazil and other nations following the Snowden leaks and has been working hard recently to repair the damage.
Previous documents disclosed by the Guardian showed Angela Merkel, the German chancellor, was the target of an NSA spying campaign, a revelation that has soured US-German relations. Brazil’s president Dilma Rousseff has alreadyaccused the NSA of violating international law.
“It’s a big breach,” Matthew Green, a cryptologist at the Johns Hopkins Information Security Institute, told the Guardian. “The problem is that the attacks could still be ongoing.”
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. The Netherlands company operates in 85 countries around the world and provides cards to some 450 wireless network providers globally.
The stolen encryption keys would allow intelligence agencies to monitor mobile communications without the approval or knowledge of telecom companies and foreign governments.
Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Guardian the hack would allow spies to “put an aerial up on the embassy in Berlin and listen in to anyone’s calls in the area”.
Calls made on 3G and 4G mobile networks are encrypted. But with the keys, which a GCHQ slide described as living “in the phone”, spies could access any communication made on a device unless its owner uses an extra layer of encryption.
Soghoian said the latest Snowden revelations meant that it was difficult for anyone to trust the security of a mobile phone. “It is very unlikely that this is an issue that is going to be fixed anytime soon,” he said. “There is no reason for people to trust AT&T, Verizon or anyone at this point. Their systems are hopelessly insecure.”
“The real value of this is that it allows bulk surveillance of telecoms without anyone getting caught,” Soghoian said of hacks like the one at Gemalto, which he said would allow the spy agencies to target “whoever they wanted”.
“In countries where the government will not cooperate, that’s very useful,” he said. “It’s also very useful in countries where the government would help. Germany would allow spy on a suspected terrorist but not on [Angela] Merkel.”
Paul Beverly, a Gemalto executive vice president, told The Intercept that the company was totally oblivious to the penetration of its systems. “I’m disturbed, quite concerned that this has happened,” he said. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”
According to the Snowden documents, Gemalto was targeted by the Mobile Handset Exploitation Team (MHET), a unit formed by the NSA and GCHQ in April 2010 to target vulnerabilities in cell phones.
The Intercept reports that in one GCHQ slide, the British intelligence agency boasted it had planted malware – malignant software – on several of Gemalto’s computers, giving GHCQ access to “their entire network”.
Green, from Johns Hopkins, said the scale of the hack – “apparently a huge percentage” of the sim cards at Gemalto – would mean a massive replacement process.
“Suppliers are going to have to tighten up their practices before anyone can think about fixing this,” he told the Guardian, “and that’s going to be a nightmare.”
The keys were obtained after a clandestine operation targeting the email and Facebook accounts of Gemalto employees and other telecom executives. GCHQ operatives singled out key individuals within Gemalto and then hacked their private accounts.
One Gemalto employee in Thailand was identified as “a good place to start” after he was observed sending encrypted files, a move the agents suggested meant he was sending valuable information.
