Exposed: NSA program for hacking any cellphone network, no matter where it is
Source: ars Technica/Intercept
The National Security Agency has spied on hundreds of companies and groups around the world, including in countries allied with the US government, as part of an effort designed to allow agents to hack into any cellphone network, no matter where it's located, according to a report published Thursday.
Armed with technical details of a specific provider's current or planned networks, agents secretly attempt to identify or introduce flaws that will make it possible for communications to be covertly tapped, according to an article published by The Intercept. Security experts warned that programs that introduce security flaws or suppress fixes for existing vulnerabilities could cause widespread harm, since the bugs can also be exploited by criminal hackers or governments of nations around the world.
"Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities," Karsten Nohl, a cryptographer and smartphone security expert, told The Intercept. "Because once NSA introduces a weakness, a vulnerability, it's not only the NSA that can exploit it."
It's not the first time the US agency has been reported to introduce backdoors into widely used technologies. Last year documents provided by former NSA subcontractor Edward Snowdenthe same source for documents supporting Thursday's story by The Interceptshowed that the NSA worked with standards bodies to adopt encryption technologies with known vulnerabilities in them. Two weeks later, the RSA division of EMC warned customers to stop using the default configuration of its BSAFE BSAFE toolkit and Data Protection Manager because it contained code reported to contain an NSA-engineered vulnerability.
Read more: http://arstechnica.com/tech-policy/2014/12/exposed-nsa-program-for-hacking-any-cellphone-network-no-matter-where-it-is/
bemildred
(90,061 posts)One of the Senates biggest critics of the National Security Agencys (NSA) contentious spying programs wants President Obama to make drastic reforms himself, after a congressional plan was blocked on the Senate floor last month.
A day before a key NSA program comes out for court renewal, Judiciary Committee Chairman Patrick Leahy (D-Vt.) on Thursday called for Obama to take action into his own hands.
The President can end the NSAs dragnet collection of Americans phone records once and for all by not seeking reauthorization of this program by the [Foreign Intelligence Surveillance Act] Court, and once again, I urge him to do just that, Leahy said in a statement. Doing so would not be a substitute for comprehensive surveillance reform legislation but it would be an important first step.
The NSAs ability to collect and search Americans phone records for metadata such as which numbers a person dialed and how long the conversation lasted needs to be reauthorized by the secretive surveillance court every 90 days. The current authorization is up for renewal on Friday and the administration is expected to ask for it to continue for another 90 days.
http://thehill.com/policy/technology/226064-leahy-obama-should-end-nsa-program-now
PSPS
(13,620 posts)cstanleytech
(26,334 posts)gather and collect information from potential threats?
delrem
(9,688 posts)Is a potential threat to the maximization of Microsoft profits a potential threat to the US economy, therefore to the USA? What about a potential threat to the maximization of Goldman Sachs' profits? Or the profits of Haliburton, and Acadami? Well, it's a good thing that questions like that don't come to mind, since a noun, a verb and 9/11, y'know? And since people don't even know what they lost.
cstanleytech
(26,334 posts)Well atleast partly right, the threats can come from many regions on the planet as it couldnt be the planet itself as its only a planet.
delrem
(9,688 posts)bemildred
(90,061 posts)making it hackable. Making sure it does not work so that YOU can be sure of getting in. Unfortunately there is just no way to guarantee that other parties will not also use your hacks. Since most computers are notoriously insecure anyway, this is just piling wood on the fire.
It is indeed true that the NSAs job is intelligence gathering, but it is not true that they are allowed to do it however they like. If they work for us, they must observe the boundaries we set.
Veilex
(1,555 posts)quadrature
(2,049 posts)Demeter
(85,373 posts)by making dragnets illegal, and by prosecuting violators to the fullest extent of the law.
If we don't even have the law on our side, we are truly disenfranchised from citizenship.
bemildred
(90,061 posts)The US National Security Agency (NSA) spied on the GSM Association to identify and exploit security vulnerabilities in mobile phone networks, documents leaked by whistleblower Edward Snowden reveal.
This has raised concerns about the security of the worlds mobile networks amid speculation that the NSA
http://www.computerweekly.com/news/2240236096/NSA-mobile-phone-network-hacking-raises-security-concerns
bemildred
(90,061 posts)Octafish
(55,745 posts)NSA spying pays big rewards, but for Whom? Heh heh heh.
Blue_Tires
(55,445 posts)London: The GSMA provided the following statement addressing a recent article appearing in The Intercept.
The GSMA is aware of the recent article in The Intercept entitled How the NSA Hacks Cellphone Networks Worldwide. Our initial analysis of the claims contained in the article has focussed on the possibility of a compromise of GSMA systems, communications and stored documentation. Our preliminary conclusion is that there is no evidence of active targeting or compromise of GSMA systems, communications and stored documentation.
The article references surveillance of GSMA Working Groups, but again, no evidence is attainable from the published documents that suggests GSMA Working Group activities have been compromised. The documents do contain some details of GSMA Working Groups but the names and structures, which are incomplete, are openly available from a large variety of public sources.
The article also references the alleged compromise of IR.21 data (technical network data shared across operators and other industry stakeholders). We have closely examined the documents published, and given inconsistencies in the data, we believe it is unlikely that the GSMA is the source of the data. It is important to note that the information contained in an IR.21 is not sufficient to hack a cellphone network.
Although we see no evidence of a breach of GSMA-held assets, we are very concerned at any attempt to access or interfere with our members data. We will continue to stringently monitor access to GSMA systems, communications and stored documentation, and will work with all stakeholders to put in place further measures to ensure that our collective data management and security protections remain robust.
ENDS
About the GSMA
The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and Internet companies, as well as organisations in adjacent industry sectors. The GSMA also produces industry-leading events such as Mobile World Congress, Mobile World Congress Shanghai and the Mobile 360 Series conferences.
For more information, please visit the GSMA corporate website at www.gsma.com. Follow the GSMA on Twitter: @GSMA.
http://www.gsma.com/newsroom/press-release/gsma-statement-intercept-article/