Titus Stahl

Employees of Dutch company cyberstalked by NSA and GCHQ

As The Intercept reports, the British and US intelligence services have infiltrated a Dutch company producing SIM cards for mobile phones (Gemalto) in order to acquire large numbers of encryption keys that are used to secure mobile phone calls against interception. This way, they have created the preconditions of listening to phone calls almost everyhwere on the world without having to get a court order first (i.e. bothering with the rule of law).

One disturbing detail is that they succeeded in doing so by turning internet surveillance tools against the employees of the company in question, intercepting their private emails and spying on their social media accounts:

TOP-SECRET GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

This means that the notion that surveillance is used only against people who are somehow suspicious of crimes has now proved to be false.

While the encryption keys which were stolen affect ordinary SMS and calls on mobile phones, this does not affect properly encrypted Free Software apps like TextSecure (encrypted SMS/chat) and RedPhone (encrypted calls).