NSA leak reveal plans to subvert mobile network security around the world

The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.

One major target of the NSA's infiltration and sabotage program is the London-based GSM Association, the trade body that American, European and other tech companies and carriers use to set and maintain mobile networking standards.

Undermining security is the most controversial type of NSA dirty tricks, the thing that frustrates industry players and friendly governments alike. The revelations about the Bullrun/Edgehill sabotage programs have opened rifts between the NSA and the security community (including the US government's National Institute for Standards and Technology, NIST, which was targeted by the program).

By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices.

The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.

Jennifer Huergo, a NIST spokewoman, told The Intercept that the agency was “not aware of any activities by NSA related to the GSMA.” Huergo said that NIST would continue to work towards “bringing industry together with privacy and consumer advocates to jointly create a robust marketplace of more secure, easy-to-use, privacy-enhancing solutions.”

Operation Auroragold
How the NSA Hacks Cellphone Networks Worldwide
[Ryan Gallagher/The Intercept]

(via /.)