Operation Auroragold Allows NSA to Spy on Carriers Worldwide and Plant Bugs

The National Security Agency (NSA) has its claws sunk deep into the inner workings of majority of the world's wireless carriers, giving the government agency a convenient means to eavesdrop on private text messages and calls made from all over the world.

A newly discovered report from the Edward Snowden archives reveals how the NSA has been spying on some 70 percent of all mobile carriers from around the world, including those in the United States and its allies such as the United Kingdom, Germany, France, New Zealand and Australia.

In an ongoing operation dubbed Auroragold, the NSA, through an undisclosed unit called Wireless Portfolio Management Office, has hacked into a total of 1,201 email addresses of key wireless carrier employees to intercept technical data which can be used by the agency to discover network vulnerabilities that can be exploited for surveillance. Moreover, the documents, which were first reported by The Intercept, reveal how the NSA works to introduce new security flaws in communications systems by exploiting technical documents called IR.21s.

IR.21s are sent among network operators to enable call roaming for customers who travel overseas. The report says technical details included in the IR.21s tips off the NSA about new technologies being used by carriers, which they can then explore to look for new security holes they can take advantage of.

Whatever information the unit gleans from the emails and the IR.21s is passed on over to the NSA's "signals development" team, which creates mechanisms to exploit vulnerabilities and infiltrate the networks. The report also says that the NSA hands the information over to other U.S. intelligence agencies and NSA counterparts in other allied countries.

Chief among the targets is the GSM Association, a U.S.-funded, U.K.-headquartered trade group whose members include high-profile Western carriers such as Verizon, AT&T, Vodafone and international firms such as Microsoft, Facebook, Cisco, Samsung, Ericsson and Nokia. The GSM Association represents the interests of more than 800 phone and technology companies and brings its members the latest industry developments, including new security technologies, which can be incorporated into their products.

One of the documents includes a top-secret map that is said to have been used in a 2012 presentation of the operation's progress. The map shows Auroragold has an extensive reach across many countries around the world, although interestingly, the map indicates that the operation has only found 0 to 25 percent of cellular networks in the U.S.

Apart from the ethical implications of hacking into private companies and spying on their customers, security experts believe Auroragold opens cellular networks ripe for the picking not just for government agencies but also for other individuals. Security researcher and cryptographer Karsten Nohl says he finds it alarming that the NSA deliberately plotted to introduce new weaknesses in worldwide communication systems for the purpose of spying.

"Collecting an inventory [like this] on world networks has big ramifications," Nohl tells The Intercept. "Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities because once NSA introduces a weakness, a vulnerability, it's not only the NSA that can exploit it."

Mikko Hypponen, a security researcher at F-Secure, agrees. Hypponen says it is not only the NSA that will benefit from the security holes advertently created in cellphone networks. The criminals and terrorists the NSA claims to target will also be able to exploit these holes.

"If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it's quite likely they are being misused by completely other kinds of attackers," Hypponen says. "When they start to introduce new vulnerabilities, it affects everybody who uses that technology; it makes all of us less secure."

Auroragold is in direct conflict with the results of a surveillance review called by President Obama in December after Snowden's revelations elicited public furor when it first came to light. The panel concluded that the NSA should not "in any way subvert, undermine, weaken or make vulnerable generally available commercial software." It also said the NSA must inform companies of newly discovered zero-day exploits, or exploits that developers had zero days to fix. The White House confirmed these results but not without throwing in an escape clause that says the NSA is allowed not to disclose security holes if in the presence of "a clear national security or law enforcement" threat.

The NSA clearly sees this loophole to its advantage. NSA spokesperson Vanee' Vines says the agency operates within the bounds of law and only spies on terrorists, weapons distributors and "valid foreign targets," not "ordinary people."

"NSA collects only those communications that is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements - regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communication," Vines says.

Although Vines declined to comment on Auroragold, she says the NSA works hard to ensure that Internet is "open, interoperable and secure."

"NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign intelligence mission," she adds.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics