GSMA denies latest Snowden leak
No 'current' compromise, and our standards docs are public anyway
Mobile carrier club the GSMA has hit back against the latest round of Snowden claims, saying it can't find any evidence of “active targeting or compromise of GSMA systems, communications and stored documentation”.
When The Intercept first ran its accusation – that the NSA and GCHQ successfully broke into the traffic of more than 700 of the world's 985 cellular networks in 2010 – the industry association's only response was that its lawyers were preparing a response.
The AURORAGOLD program, the latest leak alleges, managed to crack the A5/3 encryption used in 3G networks.
The GSMA's lawyers have now finished their deliberations and signed off on a statement that almost-but-not-quite denies the leaks. By limiting its denial to “active” targeting, the group leaves open the interpretation that a compromise prior to 2010 may have taken place.
Furthermore, while the spooks may have watched the activities of its working groups, the GSMA reckons “no evidence is attainable from the published documents” suggesting that the working groups were actually compromised. Furthermore, while The Intercept made much of the spooks “intercepting” IR.21 documents, these documents are made public once the working groups have signed off on a new version.
“The article also references the alleged compromise of IR.21 data (technical network data shared across operators and other industry stakeholders). We have closely examined the documents published, and given inconsistencies in the data, we believe it is unlikely that the GSMA is the source of the data. It is important to note that the information contained in an IR.21 is not sufficient to ‘hack’ a cellphone network”, the GSMA statement adds.
“Although we see no evidence of a breach of GSMA-held assets, we are very concerned at any attempt to access or interfere with our member’s data. We will continue to stringently monitor access to GSMA systems, communications and stored documentation, and will work with all stakeholders to put in place further measures to ensure that our collective data management and security protections remain robust.” ®