It was revealed last month that the National Security Agency in the United States, and Government Communications Headquarters in the United Kingdom, were behind the SIM card hack. They were able to steal encryption keys that are used in order to protect the privacy of cellular communication around the world. They got their access through a Dutch company, called Gemalto, its clients include AT&T, T-Mobile, Sprint, Verizon (in the United States of America) & Vodafone, O2, EE, 3 Mobile, Virgin and Orange (in the United Kingdom). These are just to name a few, it was confirmed later on that four hundred and fifty wireless networks were compromised, globally.
“This is a company that provides these microchips to wireless carriers around the world, and these are the chips that provide the security that’s in our phones,” says Christopher Soghoian, a privacy researcher, activist and the principle technologist at the American Civil Liberties Union, referring to Gemalto. “They secure the communications between our phone and the phone network and are intended to protect our calls and text messages from interception by private parties.”
The agents at the NSA & GCHQ stalked and targeted engineers and employees at the SIM card company. They were able to get access to their email accounts and Facebook accounts, and once they were able to get access to other relevant information, they ultimately gained access into the Gemalto servers.
Image Source: Google Image – Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme.
As we know, due to the massive amount of data, the cellular companies are not very good at securing their communications. The encryption technology that protects your calls and messages once they are transmitted was created somewhere between the mid 80’s and the 90’s, and it was broken by a graduate student in the late 90’s.
Furthermore, the Silicon Valley tech giants are more interested in providing good security – that is to the extent that their business models permit. For instance, since you are not paying Yahoo for their services they might want to read your emails. But for companies like Apple, that make big bucks by selling you their phones, such companies will provide you with better security and encryption services.
How to Protect your Cell Phone Communications:
At present, there are various applications and Internet-based services that you can run on your cell phone that will provide for you significantly more secure correspondences. Alongside this, Apple has incorporated iMessage with its iPhone for quite a while. If you have an iPhone and you are sending an instant message to another person who has an iPhone, the message runs through iMessage, if not disabled. Those messages are encrypted in various ways and to a great length, and they are sent through Apple’s framework, making it extremely troublesome and difficult for governments to hack into them. If you are using WhatsApp to send messages, which is now owned by Facebook and used by a large number of individuals around the globe, those too are encrypted and in an extremely solid manner.
Image Source: Google Image – In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the message or information, referred to as plain text, is encrypted using an encryption algorithm, generating cipher text that can only be read if decrypted – an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is, in principle, possible to decrypt the message without possessing the key but, with a well-designed encryption scheme, large computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator, but not to unauthorized interceptors.
So if you have an Android or iPhone, you can download different applications to suit this need, the best of which are:
- Signal (iOS)
- TextSecure (iOS)
- T-E-X-T Secure (Android)
These are the ‘best of the best,’ free applications made by top security specialists and financed by the State Department and by the United States taxpayers. You can download them today, start sending encrypted texts and really protect your communication.
But just so you know, if you are on ‘the list,’ these applications will not stop them from hacking into your system, but it will make it difficult for them.
So that deals with the matter of text messages, but what if you want to make secure calls? Well not to worry, if you have an Apple gadget, you can use FaceTime – it is installed on your iPhone by default. So if you make a FaceTime call from your iPhone to another person’s iPhone or iPad, that call will be encrypted with extremely solid innovation, and it will be exceptionally troublesome for government to intercept. In the event that you do not prefer not to utilize an Apple encryption service, there is a fabulous (FREE) application in the AppStore, called Signal. It is an open source application that enables you to make encrypted phone calls from any place in the world, for nothing. Regardless of the fact that you may or may not be agonizing over security, it is really a method for sparing cash from being spent on your telephone bill.
If you are an Android user, there is an extraordinary application by the same individuals who created Signal, called RedPhone (also FREE). Like Signal, it enables you to make free, encrypted phone calls. It is backed by the United States government, so essentially you are paying for it anyway, why not use it?
Anonymous recommends: Protect your PC & mobile devices from hackers and governments & surf and download anonymously
SOURCES:
http://files.dubfire.net/csoghoian-dissertation-final-8-1-2012.pdf
http://www.zdnet.com/article/0-day-exploit-middlemen-are-cowboys-ticking-bomb/
http://www.forbes.com/fdc/welcome_mjx.shtml
http://www.wired.com/2009/12/gps-data/
http://cdn.ca9.uscourts.gov/datastore/opinions/2010/08/12/08-30385.pdf
http://www.cloudprivacy.net/letter/
http://bits.blogs.nytimes.com/2009/06/16/gmail-to-get-more-protection-from-snoops/
I appreciate the information provided, but I have a question. If the US is responsible for the hack of our SIM cards (via the NSA) then why should we trust the State Department? What makes the State Department a reliable source that we can trust is actually doing what is in the best interest of the people? Thanks in advance.
Hi! Theres a big case going on in India regarding the punishment of some rape convicts, we would love for you to share the case as it will attract more people to sign it, please do have a look at the link
I just signed the petition “Supreme Court of India, Tilak Marg, New Delhi-110 201 (India) PABX NOS.23388922-24,23388942-44, FAX: Hang the juvenile.” and wanted to see if you could help by adding your name.
Our goal is to reach 1 million signatures and we need more support. You can read more and sign the petition here:
https://www.change.org/p/supreme-court-of-india-tilak-marg-new-delhi-110-201-india-pabx-nos-23388922-24-23388942-44-fax-hang-the-juvenile?recruiter=160406214&utm_source=share_petition&utm_medium=email&utm_campaign=share_email_responsive
Thanks!
Is Cyber Dust really secure and safe in regards to privacy and protection? Please advise.
LEO Privacy is the best privacy app for me. It has applock, hide images/videos, call blocker, mobile protection… all features are best. We all need privacy in our life but still there are people with whom it’s difficult to maintain our personal privacy. This app is best to lock your private chats and personal app. It is also an all in one solution for our smartphone.