att_simJeremy Scahill & Josh Begley

The Intercept

Another mildly mind-boggling espionage exploit unveiled. American and British spies cracked the encryption used in mobile phone networks around the world by a simple piece of direct action. No maths involved. They hacked the factories that made the SIM cards for the phone companies. “The pipeline for producing and distributing SIM cards was never designed to thwart mass surveillance efforts”

(…)With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.