Documents provided by former U.S. National Security Agency contractor Edward Snowden reveal that the agency has covertly monitored e-mail messages of people connected to the world's top cellphone network operators. The operation, codenamed Auroragold, was apparently aimed at gaining access to confidential company information so the NSA could more easily spy on mobile phone communications.
The agency also reportedly used intercepted communications about cellphone network systems to identify security weaknesses for exploitation by NSA surveillance.
These and other details were revealed Thursday in an article by Ryan Gallagher published on The Intercept, the First Look Media publication founded by Glenn Greenwald, Laura Poitras and Jeremy Scahill. Greenwald and Poitras were the first journalists to report on the NSA's widespread surveillance programs starting in June 2013 after meeting with Snowden, who provided them with numerous classified documents.
The Auroragold documents, which The Intercept has posted on its Web site, describe the program's mission to "maintain data about international GSM/UMTS networks for the Wireless Portfolio Program Office (WPMO), the Target Technology Trends Center (T3C/SSG4), and their customers."
Looking for Vulnerabilities
Auroragold aimed at collecting so-called IR.21 technical documents used by mobile network operators to share information about roaming capabilities. Those capabilities enable customers with one network to connect to other companies' networks when traveling to other regions and countries.
Among the surveillance targets Auroragold monitored to obtain IR.21 data was the GSMA, a UK-based trade association of mobile operators and mobile technology companies around the world. Its U.S.-based members include AT&T Mobility, Dish Network, Sprint, T-Mobile and Verizon Wireless.
In his article, Gallagher writes: "The details in the IR.21s serve as a 'warning mechanism' that flag new technology used by network operators, the NSA's documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities 'where they do not yet exist.' "
'Five Eyes' Among Targets
By tracking IR.21 data, the NSA was able to gather technical information about 701 of 985 mobile networks around the world, according to a document from the Auroragold Working Group posted on The Intercept site. It found 100 percent of SSG4 networks across numerous countries, including large swaths of Africa.
Among the other countries covered by the program were those typically considered U.S. allies in international surveillance. These "Five Eyes" nations include -- in addition to the U.S. -- Australia, Canada, New Zealand and the U.K.
Gallagher wrote that The Intercept consulted with cellphone security and cryptography expert Karsten Nohl to better understand the implications of Auroragold.
He quoted Nohl as saying, "Collecting an inventory (like this) on world networks has big ramifications....Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities because once NSA introduces a weakness, a vulnerability, it's not only the NSA that can exploit it."
Skeptical in Seattle:
Posted: 2014-12-08 @ 5:16am PT
Your story is inconsistent. In the second paragraph, you state that the NSA used the information to identify vulnerabilities. In your conclusion, you state that they introduce them. This is a pretty significant leap. Systems around the world have yet unknown vulnerabilities. Take for instance the "Heart bleed" vulnerability in OpenSSL. Are the researchers that discovered it to blame? Are the unknown hackers that exploited it prior to its public reveal to blame? I would say not, as the vulnerability existed the moment the flawed code was released by the vendor.
Posted: 2014-12-04 @ 3:37pm PT
A cell phone can be stopped from tracking or bugging if it is placed in a Faraday Cage. A Faraday cage is a metal or conductive envelope that completely surrounds the electronic device and stops signals from going into or out of the cage. Two or more wraps of aluminum foil with the edges wrapped over will work. Snowden requested people to use the refrigerator as a Faraday cage for their cell phones. This can also be accomplished by making a pouch out of a metallized ie conductive fabric. Search youtube for Detracktor for a demonstration.
i hate USA:
Posted: 2014-12-04 @ 2:30pm PT
To the Intercept: hurry up and release the best stuff from the Snowden Leaks. This is all boring stuff.