tag:blogger.com,1999:blog-4559002410879446409.post6836313633388329104..comments2024-03-16T19:01:08.288+01:00Comments on Electrospaces.net: NSA and GCHQ stealing SIM card keys: a few things you should knowP/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4559002410879446409.post-20743302034529222132022-06-17T03:02:43.726+02:002022-06-17T03:02:43.726+02:00Controlling could be a process used by carriers to...Controlling could be a process used by carriers to thrust SIMs to associate with a particular predefined organization. The objective is to spare operations' taken a toll and gain bigger edges by setting the SIM to a low-cost arrangement. Some of the time at the cost of organizing quality.Global IoT SIM Cardhttps://iot.onesimcard.com/noreply@blogger.comtag:blogger.com,1999:blog-4559002410879446409.post-35790518561454568302015-02-24T00:29:25.330+01:002015-02-24T00:29:25.330+01:00Thank you too for your reaction and the questions!...Thank you too for your reaction and the questions!<br /><br />1. Yes, there's probably quite a lot by catch through such overseas collection systems and this indeed could contain data that may become useful in the future. That's one of the things that Snowden is warning for: what when a future government is going to misuse the data that are collected today? That's a legitimate concern, and it can only be addressed by destroying all collected data after say 5 years. <br /><br />But still, when government agencies should do that (which is highly unlikely), we still have the private companies, like Google, Facebook, etc, who store really much more personal data indefinitely - also ready for an evil government to take over. But on the other hand, we should also try to see this in a bit more realistic perspective: for example the SIM card keys are collected for military operations, so whatever accidently comes in with that, is quite random, so the chance it will contain communications of people the NSA is also interested in, whether now or in the future, is way too small to be useful.<br /><br />2. No problem asking this, these things are often quite complex, and that's why I always try to explain it in a way that is understandable for ordinary people. Between the mobile phone and the cell tower, voice and data are encrypted, so without a key, some intercepting that radio transmission cannot read it or listen to it. <br /><br />But when it arrives at the provider's system, it is decrypted again. So someone eavesdropping on the backbone networks gets text messages, phone calls, etc without being encrypted. Of course these data are in a digital form according to various protocols describing how to digitalize voice communications for example. Also providers compress these data, so more of them will fit into the bandwidth of the cables. But these methods are (mostly) standardized and publicly known protocols, so a professional eavesdropper can easily decompress these data and make them readable or audible.P/Khttps://www.blogger.com/profile/12681178058475882593noreply@blogger.comtag:blogger.com,1999:blog-4559002410879446409.post-79847755251143295922015-02-23T16:02:43.836+01:002015-02-23T16:02:43.836+01:00Thanks for clarifying and putting things in perspe...Thanks for clarifying and putting things in perspective. I'm not a security expert myself, and therefore appreciate your efforts to put technological details in general terms understandable for laymen. <br /><br />I also have two issues I hope you can comment upon.<br />1) it may very well be that the reason for hacking the SIM card database was mainly a military one and only a tiny fraction of the data was used to intercept calls in war zones. But your argumentation doesn't rule out that other data (the by catch, so to speak) was also used for other tactical purposes (Iceland)? Furthermore, can one rule out the possibility that these data might come in handy in other political/military circumstances in the future?<br />2) You write 'Once the communications arrive at the provider's network, they are decrypted and sent over telephone backbone networks to the cell tower near the receiving end <b>as plain text</b>.' What do you mean by plain text here: transferral of text messages, or do you mean some (hexadecimal?) transfer of digitized voice communications? (Not only am I not a security expert, neither am I a techie, so this might be a very silly question - excuse me for that…)Frank Huysmanshttps://www.blogger.com/profile/17478421167690207333noreply@blogger.comtag:blogger.com,1999:blog-4559002410879446409.post-86329978521241136452015-02-23T09:52:36.494+01:002015-02-23T09:52:36.494+01:00Thank you for your question and the remarks!
- Re...Thank you for your question and the remarks!<br /><br />- Regarding your question:<br /><br />Several revelations indeed looked as if they were more or less aimed at influencing public opinion right before an election. I am not really sure if that's also the case this time, but it is certainly possible.<br /><br />What would speak against it is that the original story wasn't that much focussed on Gemalto as a Dutch company; it were Dutch media that made it look like Gemalto being a well established Dutch company. But maybe that was also (partly) because they were eager to have a story again about NSA operations against the Netherlands.<br /><br />On the other hand, it would have been more responsible when The Intercept would have left the name of Gemalto out of the story, because other companies were apparently just as affected by this operation. So it could be they decided to mention Gemalto because of the connection with Holland, hoping this would be picked up by Dutch news media.<br /><br />But if influencing Dutch opinion was their aim, and this were the most disturbing facts regarding the Netherlands they could find in all those documents, then it seems that NSA really wasn't very interested in Holland. But maybe there's more to come as the decision about the new law comes closer ;-)<br /><br />- Regarding your remarks:<br /><br />I follow a lot of media and people and hardly anyone came up with the idea of the military purpose, but you are right, it wasn't the right way I wrote that down. Of course I know there are more people aware of the military goal for these keys, so I will correct that sentence to reflect that. Nonetheless I think it is a shame that such big stories are spread without mentioning even the most obvious goals, and thereby misleading many people.<br /><br />You are right that the SIM card and a phone number are not necessarily tied together forever and we don't know whether Merkel may have had a new SIM card over time, but I mentioned her (probably the most famous subject of NSA surveillance) as an example for where it could be the case that a target uses an old SIM card and stealing keys would bring no advantage.P/Khttps://www.blogger.com/profile/12681178058475882593noreply@blogger.comtag:blogger.com,1999:blog-4559002410879446409.post-43549846038744705812015-02-23T08:21:10.251+01:002015-02-23T08:21:10.251+01:00Thanks for yet another informative post!
One ques...Thanks for yet another informative post!<br /><br />One question: <br /><br />*) the timing of publication by The Intercept is interesting: GG et al. were in possession of the Snowden docs for some 20 months, yet this huge-impact news involving the Netherlands in global news is published two months before the Dutch govt is expected to publish its new intelligence bill. What is your opinion on that?<br /><br />Two comments:<br /><br />*) "it seems only two security experts have noticed this"<br />--> that statement ignores all security experts who noticed it but didn't mention it, or not in a place that you observed or even can observe. While your posts largely aim to fact-check, some observations are expressed in a slightly politicized or moralized way, or based on implicit assumptions. We're only human, of course, but IMHO posts would be even better if those aspects would be addressed.<br /><br />*) "This method is also useless against people using an old SIM card, which could be the case for German chancellor Merkel, who has a phone number that was already used in 1999"<br />--> Phone number != SIM card. The implicit assumption here is that Merkel used the same Ki since 1999. There is neither evidence for that assumption to be true nor for it to be false, but it would certainly be a statistical outlier if true.mrkoothttps://www.blogger.com/profile/10604065316036053539noreply@blogger.com