Spooky Spooky Mobile
Hacking thyne own file
Upload and Download
And as you have your chatter
I met a Telco
That would not give its data
So I took their servers
And gave it a little patch
(Goosy, Goosy, Gander)
Yes, when we look at the article ‘US and UK accused of hacking Sim card firm to steal codes‘ (at http://www.bbc.com/news/technology-31545050) I seem to resort to nursery rhymes. There is method to my madness, just as my madness could be regarded as methodical (to the smallest degree). I read the article with other eyes, perhaps you did too? The first part is seen here “The Intercept alleges that the hack organised by Britain’s GCHQ and the US National Security Agency (NSA) began in 2010, and was organised by operatives in the “Mobile Handset Exploitation Team”. Neither agency has commented directly on the allegations“, now, I will continue on the premise that this fact is true (not whether it is correct). In 2010 there was still a massive hunt for this bearded dude underway named Osama something or other. For this part I need to take you on a side trip ‘Banking Giant HSBC Sheltered Murky Cash Linked to Dictators and Arms Dealers‘ (at http://www.icij.org/project/swiss-leaks/banking-giant-hsbc-sheltered-murky-cash-linked-dictators-and-arms-dealers). The issue might be ‘news’ now, but it had been known in the intelligence industry for some time. After 2008 several individuals with additional limitations on moral and ethics were willing to assist the grey area of free trading in setting up funds. This group had ALWAYS existed, greed is such an easy tool to grow under, yet, the fact that some would be willing to be the money orchard for terrorist organisations is decently novel. 2008 had made many hungry so some would be willing to get at what they wanted, more money. A problem that has existed for a long time, so the premise to get access to mobiles so that possible lines of communications would be uncovered make perfect sense.
The trail goes further, you see, most people have a contract, or stay with the same provider for years, this not an issue for the hunters. You (roughly 99.99993243% of the mobile users) are not an issue, but how to find the rest? Hope on some random lucky draw? Governments rely on income from lotteries, not rely on getting a price in that same way. So getting a hold of ALL Sims is a much better solution. It made perfect sense. Do I like it? I actually do not care, I lead one of the dullest mobile lives and I believe that some people must be hunted down. So to go all out on ‘Yes’, hunt them down and ‘No’, you cannot monitor me, seems to be both hypocrite and sanctimonious all in one package. In addition, I tend to not break the law, which makes it even easier. So let’s get back to the article!
The next part is seen here “A Gemalto spokeswoman said the company was unable to verify whether there had indeed been a breach, and highlighted that other Sim manufacturers could also have been targeted. She added: “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data””, so we see two parts, one that the known provider is not the only provider, were they all targeted?
Linked to this is: “Eric King, deputy director of the campaign group Privacy International, said the NSA and GCHQ had “lost sight of what the rule of law means and how to weigh what is necessary and proportionate”“. This sounds nice in theory, but after taking a look at the Privacy International site, I see him as (only) slightly sanctimonious. all this on surveillance and SIGINT (the Five Eyes group), yet, they have ZERO visibility on the issue that I have on the exchange of data on a global scale by large corporations and how people are almost lulled into a sleepy state of just agreeing with it all, not to mention the other versions of the Lenovo ‘Superfish’ instances that we have not seen brought to daylight yet. It seems that governments are not allowed any options, whilst the propulsion of greed from large corporations and their data remains uninhibited by using the ‘US-EU Safe Harbor Framework‘ (at http://genomebiology.com/2014/15/8/430), when we consider the quote “A multinational seeking approval must submit its global policies and practices to a ‘lead’ EU data protection authority (DPA) – typically in the country of its European headquarters. Once the lead DPA gives its ‘stamp of approval’, a mutual recognition scheme among most EU member states facilitates approval by other relevant DPAs. To date, over 50 corporations have received BCR approval” When we see the list (at http://ec.europa.eu/justice/data-protection/document/international-transfers/binding-corporate-rules/bcr_cooperation/index_en.htm), we see NOVARTIS, which gives us a direct link to Natixis (and the massive amounts of links that they have). Ernst & Young and Motorola among others, so how can one satellite locations allow indirectly to move data across other borders, or make them accessible for query? Is it not interesting that Privacy International has not been looking at that (as far as I could tell), so do you see the issue I have with their ‘statement’?
Linked to the ‘alleged’ sim code heist is another article. This one is a lot older. It was from July 2013 and called “Millions of Sim cards are ‘vulnerable to hack attack’” (at http://www.bbc.com/news/technology-23402988), so, yes, when we see the quote “Karsten Nohl has said he has found a way to discover some Sims’ digital keys by sending them a special text message. He warned criminals could potentially use the technique to listen in on calls or steal cash“. So, yes getting the data from the sim makers directly would make a lot of sense (an ergonomically terrific solution), but this method might be less visible. So why was another method used. Now we get back to the beginning: “US and British intelligence agencies hacked into a major manufacturer of Sim cards in order to steal codes that facilitate eavesdropping on mobiles, a US news website says“, which News website? The fact that this news is followed by “The Intercept says the revelations came from US intelligence contractor turned whistle-blower Edward Snowden” gives another pause. What is actually happening? It seems to me that the Snowden stamp is making us chase ghosts (pun intended), but overall I see less and less reliability in these ‘spectacular revelations‘ and the press does not seem to be asking the questions they should be asking. The investigations that they should do, do not seem to be done. The ‘revelation‘ is made and then we see one party line response from GCHQ “However GCHQ reiterated that all its activities were “carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate”“, which is now linked to this, but there is no evidence that this has actually happened. The subtitle ‘Full investigation‘ seems to be a header without a factual link. That subtitle ends with some group shot and the by-line “Experts say that the alleged hack is a major compromise of worldwide mobile phone security“, is that actually the fact? Would phone security be compromised? It seems to me that the 2013 is a much larger threat to phone security and Google stopping its continued development to anything before Android KitKat is just an additional cause for alarm, how did the alleged government activities create more danger? It seems to me that the BBC has not illuminated parts that should have been illuminated. When we see “The UN’s telecoms agency – the International Telecommunications Union – said that it would now contact regulators and other government agencies worldwide to ensure they were aware of the threat“, is also an issue. When we consider the UK issue of telecom caps and the fact that nothing has been done for years, can we dimensionally see that awareness of the ITU could be regarded as a similar demure step is a valid question, yet the current article does not reflect on the earlier issue. The end of the latest article gives the one part that is important as I see it “But perhaps this latest leak has done more to highlight how a single company is in control of millions of people’s private data“. So was this an actual leak, or did someone figure out a possible issue with current technology and they added the ‘Snowden’ link to give it a little more fear. The last part could have been done by any decent technologist, no MIT degree required. So what about the one time mention of ‘a US news website says‘? Who was it and how come that this media courtier, depending on visibility is reduced to 5 words, which seemed a little odd to me from the very first time I read the message.