Slashdot Mirror
Nobody's Cellphone Is Really That Secure, Bruce Schneier Reminds (theatlantic.com)
Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one, writes Bruce Schneier. From a story: Security experts have been talking about the potential security vulnerabilities in Trump's cellphone use since he became president. And President Barack Obama bristled at -- but acquiesced to -- the security rules prohibiting him from using a "regular" cellphone throughout his presidency. Three broader questions obviously emerge from the story. Who else is listening in on Trump's cellphone calls? What about the cellphones of other world leaders and senior government officials? And -- most personal of all -- what about my cellphone calls?
There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.
Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.
There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks. The NSA seems to prefer bulk eavesdropping on the planet's major communications links and then picking out individuals of interest. In 2016, WikiLeaks published a series of classified documents listing "target selectors": phone numbers the NSA searches for and records. These included senior government officials of Germany -- among them Chancellor Angela Merkel -- France, Japan, and other countries.
Other countries don't have the same worldwide reach that the NSA has, and must use other methods to intercept cellphone calls. We don't know details of which countries do what, but we know a lot about the vulnerabilities. Insecurities in the phone network itself are so easily exploited that 60 Minutes eavesdropped on a U.S. congressman's phone live on camera in 2016. Back in 2005, unknown attackers targeted the cellphones of many Greek politicians by hacking the country's phone network and turning on an already-installed eavesdropping capability. The NSA even implanted eavesdropping capabilities in networking equipment destined for the Syrian Telephone Company. Alternatively, an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don't think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.
Remember all the whining and hand wringing over Hillary Clinton using an unsecured email server? Remember how people said she was giving away state secrets and should be in jail?
Funny how those same people are absolutely silent when the con artist gives away national secrets every day over an unsecured phone.
Everyone has got to know about this international intelligence sharing agreement Echelon UKUSA/SIGINT that created 5 eyes by now. Surely? It has been in operation since the 1940's. I shouldn't be surprised that not even the article mentions it. It is the governance document for this kind of telecommunications surveillance.
I have a scan of the agreement however I've found it difficult to find the text online. The NSA links to the UK/USA seems to be broken for me. Maybe they're just interested in who is interested. ;). However a bit more digging and I found this article from the guardian that link to UK National Archive copy of the agreement. It was not available online for some time after I got it - so I suggest you grab a copy to get some idea how this agreement works. After all that's one reason it was kept secret for so long.
Essentially agencies can't spy on domestic citizens so they ask a counterpart agency to spy for them. I read somewhere that even back as far as the 90's it was doing signal processing to "gist" (as in get the gist of) about 500,000 phone conversations using data centers the size of football fields and promote them to analysts automatically. They had two nuclear submarines that would be positioned over undersea fibre optic telecommunications nodes so I think you can surmise just how well funded this agreement is if five western nations are involved.
It is like a Berlin wall of surveillance for the western world.
My ism, it's full of beliefs.