Friam

fresh Snowden

Classic

List

Threaded

3 messages Options

Roger Critchlow-2

fresh Snowden

To facilitate listening to cell phone conversations, the NSA and GCHQ hacked the world wide supplier of SIM cards and stole the encryption keys used to secure cell phone communications between handsets and the vendor's backbone.

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

That way they didn't need to make any awkward requests for authority to eavesdrop or leave any other trace of their activities, they just record the communications to/from the handset of interest off the air and use the vendor's secret keys to decrypt the contents at their leisure.

They also decided to hack into the administrative computers at the cell phone carriers so they could erase any suspicious charges from the customer's bill.

-- rec --

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com

Marcus G. Daniels

Re: fresh Snowden

Amazing what is possible when the usual rules don’t apply, and time and money is focused on a problem, e.g. #10 below.

https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

As this is a multi-national Russian firm that deconstructed this, it alludes that all sorts of groups could now probably construct something better, given this motivation and existence proof..

Marcus

From: Friam [mailto:[hidden email]] On Behalf Of Roger Critchlow
Sent: Thursday, February 19, 2015 2:15 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: [FRIAM] fresh Snowden

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

They also decided to hack into the administrative computers at the cell phone carriers so they could erase any suspicious charges from the customer's bill.

-- rec --

Roger Critchlow-2

Re: fresh Snowden

Well, at least we persuaded Lenovo that installing an unscoped root certificate with one trivially recoverable private key on every consumer machine shipped was a bad idea. Superfish, at last report, is still insisting that it was all perfectly safe.

What do you think, was this an encouraged vulnerability or just plain stupid?

-- rec --

On Fri, Feb 20, 2015 at 7:43 AM, Marcus G. Daniels <[hidden email]> wrote:

Amazing what is possible when the usual rules don’t apply, and time and money is focused on a problem, e.g. #10 below.

https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

As this is a multi-national Russian firm that deconstructed this, it alludes that all sorts of groups could now probably construct something better, given this motivation and existence proof..

Marcus

From: Friam [mailto:[hidden email]] On Behalf Of Roger Critchlow
Sent: Thursday, February 19, 2015 2:15 PM
To: The Friday Morning Applied Complexity Coffee Group
Subject: [FRIAM] fresh Snowden

To facilitate listening to cell phone conversations, the NSA and GCHQ hacked the world wide supplier of SIM cards and stole the encryption keys used to secure cell phone communications between handsets and the vendor's backbone.

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

That way they didn't need to make any awkward requests for authority to eavesdrop or leave any other trace of their activities, they just record the communications to/from the handset of interest off the air and use the vendor's secret keys to decrypt the contents at their leisure.

They also decided to hack into the administrative computers at the cell phone carriers so they could erase any suspicious charges from the customer's bill.

-- rec --

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com