美情報機構針對全球移動智能終端實施的監(jiān)聽竊密活動（英）

Contents11.via-SIM66810132.-of141517183.-on20202123244.-Useof26ofthe26TheUSUse2729305.Be-by333434356.to-of37383842437.–toAreUsedbytheUSandLawforand47488.-to50505153549.on-ofonandPCs 5757theof58606110.-of6262theofthe636465-of68of69of7173741–78PAGEPAGE10IntroductionThenumberofglobalmobilesmartterminalusersishuge.The2023FactsandFiguresreportreleasedbytheInternationalTelecommunicationsUnion(ITU)inNovember2023showsthatthemobilephoneownershiprateamongtheglobalpopulationaged10andaboveis78%,andthecoverageofmobilebroadbandwith3Gandaboveinthetotalglobalpopulationis95%.Smartphonesarenolongerlimitedtothetraditionalcommunicationfunctionofoperators,butbecomethebasicentrancefordailyshopping,entertainment,socialinteraction,studyandlifeservices.Theyarealsonodesformobileofficesandevenidentitytokensforaccessingvariousgovernmentandenterpriseintranets.Butatthesametime,mobilesmartterminalssuchasmobilephonesalsolurkhugecybersecurityrisks.ComparedwithtraditionalPCs,theyhavewidersensingcapabilitiesandareequippedwithhigh-precisionsensors,aswellassignalcollectiondevicessuchascamerasandmicrophones.Throughthecollectionandanalysisofdataassetsonthedevice,itispossibletoconducttargeted,accurateportraitanalysisofthetargetedpersonnel'sworkandlifetrajectory,behavioralhabits,psychologicalcharacteristics,socialrelationshipsandsurroundingenvironment,andevencontrolthemobilephonethroughvulnerabilityexploitationandmalwaredelivery,soastorealizeall-roundwiretappingandsurveillance.Acompromisedmobilephoneislikeawalkingbugormonitor.Nosecretscanbekeptwhereveritgoes,andeverythingistransparenttotheattacker's"God'sperspective".Forsmartterminaldevicessuchasmobilephonesthathavebeenintroducedintomobileofficeenvironments,oncecompromised,higher-valuedataassetsrelatedtothetargetmaybeleaked.What'sworse,theymaybecomeabreakthroughandspringboardforattackerstoinvadetheintranetsofgovernmentandenterpriseinstitutions.MobilesmartterminalssuchasmobilephoneshavebeencovetedbytheUSintelligenceagenciessincetheirappearancebecauseofthehugevalueofdataresourcestheycontain.Overthepasttwodecades,amajorchallengefacedbyglobalcriticalinformationinfrastructureoperators,securityvendorsandresearchershasbeenhowtodiscover,analyze,andrespondtocyberattackslaunchedbytheUSintelligenceagenciessuchastheNationalSecurityAgency(NSA)andtheCentralIntelligenceAgency(CIA).ComparedwithtraditionalPCs,mobilesmartterminalssuchasmobilephoneshavemorecybersecurityexposureandattacksurfaces,includingtheterminaldevicelevelinvolvinghardware,firmware,systemsandapplications,theinformationinteractionlevelinvolvingdatainterfaces,Wi-Fi,Bluetooth,cellularnetwork,geographicalpositioningservicessuchasGPS,etc..Atthesametime,thesecurityofthemobilephonesystemisrelatedtothecomplexsoftwareandhardwaresupplychainsystem,theindustrialecologyofAPPs,thesignaltransmissionofoperatorsandthedatastorageandaggregationoflargeinternetplatformvendors.ThesearethelinkscovetedbytheUSintelligenceagenciesandthekeytargetstoattack.ThisreportgatherstogetheralargenumberofdisclosuresandanalysesfromtheindustryandacademiaonthenetworkintelligenceactivitiescarriedoutbytheUSintelligenceagenciesagainstmobilesmartterminals(seethefigurebelow).Itisclassifiedandintegratedfromtheaspectsofterminalequipment,communicationinfrastructure,operatorsandinternetvendors,inordertoformanoverallunderstandingofthecyberattackactivitiesandinformationacquisitionbehaviorsoftheUnitedStatesagainstmobileterminals,mobileindustrychainsandsupplychains,operatorsandlargeinternetvendors,soastoestablishsystematicpreventioncapabilities,effectivelycoverthemobileindustrychainandapplicationecology,criticalinformationinfrastructure,andgovernmentandenterprisenetworkscenarios.Chapter1to5focusonattacksbytheUSonthehardware,firmware,systemsandapplicationsofmobilesmartterminals.Chapter6to10focusonattacksbytheUSonoperatorinfrastructureandinternalsystems,withthelattertwochaptersfocusingoncombinationattacksonoperatorsandsmarttermi+nals.Chapter11re-analyzesthePRISMprogram,exposingtheintelligenceactivitiesoftheUSintelligenceagenciestoobtainmobilesmartterminaldatathroughthesuperdataaccessinterfaceofinternetvendorsandperformbigdataanalysis(seethefigurebelow).TheanalysisandresearchresultsdisclosedbyallwalksoflifearoundtheworldhavejointlyrevealedthattheUSwiretappingandsecrettheftoperationsagainstmobilesmartterminalsaroundtheworldarepervasive,unscrupulousandintensified.Chapter1. OvertheMobilePhoneviaSMS-HighlySophisticatedAttacksSIMCardVulnerabilitiesTheSIMcardistheuseridentificationmoduleofthemobilecommunicationsystemandisusedtoregisteruseridentificationdataandinformation.AnobviousfeatureofattacksexploitingSIMcardvulnerabilitiesisthattheattacksarenotrestrictedbyhardwaretype.Theoretically,allbrandsandmodelsofmobilephones,andevenIoTdevicesandwearabledeviceswithSIMcards,regardlessoftheoperatingsysteminstalled,canbeexploitedaslongasthereisavulnerabilityintheinsertedSIMcard.InSeptember2019,anIrishcybersecuritycompanyexposedanattackexploitingtheSIMcardvulnerabilitySimjackertotargetmobilephoneusersinMexico,ColombiaandPeru.ItpointedoutthattheattackisverysimilartotwoNSASIMcardattackequipmentMONKEYCALENDARandGOPHERSETexposedbySnowden.Fig.1-1ListofCasesofNSAAttacksExploitingSimjackerVulnerabilityIncidentReviewOnSeptember2019,AdaptiveMobileSecurity,acybersecuritycompanyheadquarteredinDublin,Ireland,exposedanattacktargetingtheSimjackervulnerabilityintheS@TbrowserofSIMcards[1].ThisattackactivitysendsspeciallyformattedbinarySMSmessagestomobilephones.IfthereisS@TbrowserintheSIMcard,itwilltriggerSimjackervulnerabilityandexecutesmaliciousinstructionstoachievemaliciouspurposesincludinglocatingandstealingsecrets.TheSimjackervulnerabilityattackisonlyrelatedtothefunctionalcomponentsembeddedintheSIMcard.Intheory,allbrandsandmodelsofmobilephonesinsertedwithaSIMcardcontainingthisvulnerabilitymaybeattacked,evenIoTdevicesandwearabledeviceswithSIMcards.AlthoughAdaptiveMobileSecurityonlydetectedattacksinMexico,ColombiaandPeru,SIMcardsprovidedbytelecomoperatorsin29countriesaroundtheworldatthattimecontainedthevulnerability,involving1billionusers.AdaptiveMobileSecuritypointedoutthatontheonehand,theSimjackerattackwasverysimilarto4exposedattacksthatexploitSIMcardvulnerabilities,includingtwoNSASIMcardattackequipmentexposedbySnowden;ontheotherhand,theperpetratorhadaverybroadrangeofskills,experienceandresources,hadaccesstoSS7(SignalingSystem7)networks,andhadspecificinterestinmobileusersincountriessuchasMexico.ItisbelievedthatNSAisoneofthefewattackentitiesintheworldwiththeabovecapabilitiesandcharacteristics.AttackMethodTheSimjackerTechnicalPaper[2]releasedinOctober2019pointedoutthattheSimjackerattackexploitedthesecurityconfigurationerroroftheS@TBrowserintheSIMcardissuedbysomeoperatorsofnotverifyingthevalidityofthereceivedmessagetoperformattackssuchasremotelylocatingthetarget.S@TBrowser(SIMallianceToolboxBrowser)isSIMcardbuilt-insoftware.ItsoriginalpurposeistoenableservicessuchasobtaininguseraccountbalancesthroughSIMcards,soitisnotwidelyknown.Asof2019,theS@TBrowsertechnologyhasnotbeenupdatedfor10years,butatthattime,thebrowserwasalegacytechnologyandwasdefaultedasabuilt-incomponentofmanybrandsofSIMcards.AdaptiveMobileSecurityanalyzedSimjacker'sattacksteps:Step1:Theattackerusesanordinarymobilephone,GSMmodemorA2PSMSservicetosendSMS-PP(point-to-point)typetextmessagestotheattacktarget.ThetargetedapplicationisS@TBrowserintheSIMcard.Step2:AftertheattacktargetreceivestheSMS-PPtypemessage,thelogiconthemobilephoneistriggered,andtheS@TBrowserbecomestheexecutionenvironmentontheSIMcard.TheSIMcardtakesoverthemobilephonetoreceiveandexecutesensitiveinstructions.Step3:Oncetheattackcoderetrievesinformationsuchaslocationandspecificdeviceinformation(InternationalMobileEquipmentIdentity,IMEI)fromthephone,itcollatestheinformationandtriggersthelogiconthephoneagaintosendthecombinedinformationtothereceiverviaa"DataMessage".Fig.1-2TheTechnicalProcessofSimjackerVulnerabilityAttackAdaptiveMobileSecuritybelievesthatintheory,thecommandsthatS@TBrowsercanexecuteincludeobtainingthecurrentlocationofthedevice,IMEIinformation,networkinformation,languageinformation,sendingSMS,playingaudios,startingthebrowser,etc.,soitcanevenusemobilephonestosendfalseSMS,makephonecallstocommittelecomfraud,openmaliciouswebsites,etc.CathalMcDaid,thechieftechnologyofficerofAdaptiveMobileSecurity,said[3]thatoneofthespecialfeaturesoftheSimjackervulnerabilityattackwasthatthevictimwascompletelyunawareoftheSMSreceivedwithattackmessagesandthedatamessagessent,therewasnoindicationinanySMSinboxoroutbox.Thesecondwasthattheattackmaybe"thefirstreal-lifecaseofmalware(specificallyspyware)sentwithinanSMS".PreviousmalwaresentviaSMSsimplysentitslink,requiringtheusertoclickonthelinktodownload.PreviousmalwaresentviaSMSinvolvessendinglinkstomalware,notthemalwareitselfwithinacompletemessage.Third,manyofitsattacksseemtoworkindependentofhandsettypes,asthevulnerabilityisdependentonthesoftwareontheSIMandnotthedevice.haveobserveddevicesfromnearlyeverymanufacturerbeingsuccessfullytargeted:Apple,ZTE,Motorola,Samsung,Google,Huawei,andevenIoTdeviceswithSIMcards.TraceabilityAnalysisInDecember2013,DerSpiegeldisclosed48typesofNSA'sANTattackequipmentexposedbySnowden[4].AdaptiveMobileSecuritypointedoutthattheSimjackerattackisquitesimilartotwooftheattackequipmenttargetingSIMcards-MONKEYCALENDARandGOPHERSET.GOPHERSETusestheSIM(STK)applicationinterfacetosendSTKinstructionstothedesignatedSIMcardtocollecttheotherparty'scallrecords,SMScontentandcontactlist,andsendstheextracteddatatothedesignatednumberthroughtheSMSservice.MONKEYCALENDARisaspywareimplantedintotheSIMcardsofGSMusers.ItisalsobasedontheSIM(STK)andismainlyusedtoobtainthelocationinformationofthetargetedSIMcard.AdaptiveMobileSecuritybelievesthatthesimilaritiesamongthethreeare:first,theattacksalluseSTKinstructions;second,theattackshavethesamepurposeandcanobtainlocationinformation,contactlist,SMScontent,calllogs,etc.;third,theyalluseSMStosendoutbounddata.Fig.1-3ANT'sCyberattackEquipmentMONKEYCALENDARAgainstSIMCardsFig.1-4ANT'sCyberattackEquipmentGOPHERSETAgainstSIMCardsOrganizationscarryingoutSimjackerattacksalsohavebroadaccesstoSS7networks.AdaptiveMobileSecurityhasdiscoveredthatsomeSimjackervictimssufferedsimultaneouscyberattacksviaSS7andbelievestheattackmethodisbeingusedasafallbackintheincidentthatSimjackerexploitsareunsuccessful.SS7isacommonchannelsignalingusuallyusedamongoffices.Itissuperimposedontheoperator'sswitchingnetworkandisanimportantpartofthesupportnetwork.TheSIM卡及移動端核彈漏洞密集爆發(fā)：近期網絡戰(zhàn)頂級數字武器解析（IntensifiedOutbreakof"NuclearBomb"VulnerabilitiesinSIMCardsandMobileTerminals:AnalysisofDigitalinRecentCyberreleasedin2019pointedoutthathackerswhocanlogintotheSS7networktolaunchattackshaveahighprobabilityofnationalbackgrounds.AdaptiveMobileSecurityonlydetectedactualattacksinMexico,ColombiaandPeru.AsearlyasJuly2013,ReutersquotedOGlobo,aleadingBraziliannewspaper[6]thataccordingtotheinformationexposedbySnowden,someLatinAmericancountrieshavebecomethemaintargetsofNSAsurveillance,especiallyColombia,Venezuela,BrazilandMexico.ThereportconfirmedthattheNSAhadaspecificinterestinmobileusersincountriessuchasMexico.AdaptiveMobileSecuritydidnotdirectlyidentifytheorganizationthatcarriedouttheattackbecauseofconcernsthatdisclosingspecifictraceabilitymethodswouldundermineitscapabilitytodetectandpreventSimjackerattacksonaglobalscale.However,basedonitsanalysisoftheoverallsituationoftheSimjackerattack,technicalcharacteristics,attackweapons,attackpaths,attacktargets,etc.,themastermindNSAhiddenbehindtheSimjackerattackhassurfaced.ExtendedAnalysisBasedontheinformationexposedbySnowden,ChinesecybersecurityvendorAntiycombedandfoundthattheAdvancedNetworkTechnology(ANT),asubsidiaryofNSA,hadasmanyas15kindsofattackequipmentforscanning,monitoringanddatacollectionofmobilecommunicationdevices,accountingforaboutone-thirdofalltheexposed48kindsofequipment[7].Fig.1-5ANT'sCyberattackEquipmentArsenalTheequipmentinvolvesbothsoftwareandhardware.Theequipmentformsincludemalwarepayloads,celltowers,basestations,signaltransceivers,mobilephones,etc.,whichcanbeusedincombinationtoachievecomplexattackobjectives.Tab.1-1ANTCyberattackEquipmentAgainstMobileCommunicationDevicesAttackEquipmentTargetedDevicesandFunctionsSoftwareImplantationMethod/HardwareDeploymentLocationDROPOUTJEEPDROPOUTJEEPisasoftwareimplantforiPhonesthatcanremotelypush/pullfilesfromthedevice.Thedatathatcanbecollectedinclude:SMS,contactlist,voicemail,geolocation,hotmic,cameracapture,celltowerlocation,etc.Command,control,anddataexfiltrationcanoccuroverSMSmessagingoraGPRSdataconnection.Theinitialreleasewillfocusoninstallingtheimplantviacloseaccessmethods.Aremoteinstallationcapabilitywillbepursuedforafuturerelease.GOPHERSETGOPHERSETisasoftwareimplantforGSM(GlobalSystemforMobilecommunication)subscriberidentifymodule(SIM)cards.Thisimplantpullsdatasuchascontactlist,SMSandcallrecordsfromatargetedhandsetandexfiltratesittoauser-definedphonenumberviashortmessageservice(SMS).ItisloadedontotheSIMcardusingeitheraUniversalSerialBus(USB)smartcardreaderorviaover-the-airprovisioning.MONKEYCALENDARMONKEYCALENDARisasoftwareimplantforGSMSIMcards.Thisimplantpullsgeolocationinformationfromatargetedhandsetandexfiltratesittoauser-definedphonenumberviaSMS.ItisloadedontotheSIMcardusingeitheraUSBsmartcardreaderorviaover-the-airprovisioning.TOTECHASERTOTECHASERisaWindowsCEimplanttargetingtheThuraya2520handset.ItpullsGPSandGSMgeolocationinformation,callrecords,contactlist,andotheruserinformationfromThuraya2520handsetandexfiltratesittoauser-definedphonenumberviaSMS.TheexistingversionneedstobedeployeddirectlyontheThuraya2520handset.Aremotelydeployableversionisunderdevelopment.TOTEGHOSTLY2.0TOTEGHOSTLY2.0isasoftwareimplantfortheWindowsMobileoperatingsystemthatisbasedonStraitBizarre(aspringboardbackdoorthatenablesquantuminjectionattacks).Thisfunctionalityincludestheabilitytoremotelypush/pullfilesfromthedevice,SMSretrieval,contactlistretrieval,voicemail,geolocation,hotmic,cameracapture,celltowerlocation,etc.Command,control,anddataexfiltrationcanoccuroverSMSmessagingoraGPRSdataconnection.Theinitialreleasewillfocusoninstallingtheimplantviacloseaccessmethods.Aremoteinstallationcapabilitywillbepursuedforafuturerelease.PICASSOModifiedGSM(targeted)handsetthatcollectsuserdata,locationinformationandroomaudio.ReplacethetargetedphonewithamodifiedGSMphoneCROSSBEAMCROSSBEAMisareusableCHIMNEYPOOL-compliantGSMcommunicationsmodulecapableofcollectingandcompressingvoicedata.ItcanreceiveGSMvoice,recordvoicedata,andtransmitthereceivedinformationviaconnectedmodulesor4differentGSMdatamodes(GPRS,CircuitSwitchedData,DataOverVoiceandDTMF)backtoasecurefacility.GSMcommunicationmodule,deployedonmobilephones.CANDYGRAMMimicsGSMcelltowerofatargetednetwork.WheneveratargetedhandsetenterstheCANDYGRAMbasestation'sareaofinfluence,thesystemsendsoutanSMSthroughtheexternalnetworktoregisteredwatchphones.GSMcelltower,deployedtothetargetednetwork.CYCLONEHX9EGSM(900MGz)macro-classNetwork-ln-a-Box(NIB)system.UsestheexistingTyphonGUIandsupportsthefullTyphonfeaturebaseandapplications.Macro-classNIBsystem,deployedtobasestations.EBSRMulti-purpose.Picoclass,tri-bandactiveGSMbasestationwithinternal802.11/GPS/handsetcapabilityGSMbasestation,deployedtothetargetednetwork.ENTOURAGEDirectionFindingapplicationoperatingontheHOLLOWPOINTplatform.Thesystemiscapableofprovidinglineofbearing(LOB)forGSM/UMTS/CDMA2000/FRSsignals.DirectionFindingapplication,deployedontheHOLLOWPOINTplatform.GENESISCommercialGSMhandsetthathasbeenmodifiedtoincludeaSoftwareDefinedRadio(SDR)andadditionalsystemmemory.TheinternalSDRallowsawittingusertocovertlyperformnetworksurveys,recordRFspectrum,orperformhandsetlocationinhostileenvironments.Handheldsignaltransceiver,carryitwithyou,noneedtodeploy.NEBULAMulti-Protocolmacro-classNetwork-ln-a-Box(NIB)system.LeveragestheexistingTyphonGUIandsupportsGSM.UMTS.CDMA2000applications.LTEcapabilitycurrentlyunderdevelopment.Macro-classNIBsystem,deployedtobasestations.TYPHONHXBaseStationRouter-supportingGSMbands850/900/1800/1900andassociatedfullGSMsignalingandcallcontrol.GSMBaseStationRouter,deployedtothebasestationgateway.WATERWITCHHandheldfinishingtoolusedforgeolocatingtargetedhandsetsinthefield.Handheldfinishingtool,carryitwithyou,noneedtodeploy.SimjackervulnerabilityattackisanapplicationcaseoftheUSANTattackequipment.Thetechnology,infrastructureandmethodsusedprovethattheUScyberattackcapabilitieshavemadeahugeleap.ThemostprominentpointisthattheUSnolongerneedstoinstallimplantsviacloseaccessmethodsorremoteinstallation(inthiswaytheattackerneedstoobtainthekeyofthetargetedSIMcard).MonitoringcanbestartedsimplyviaSMS,whichismorecovert.AdaptiveMobileSecuritybelievesthattheattackerhasbeenusingtheSimjackervulnerabilitytocarryoutattacksforatleasttwoyearsandmonitoredtensofthousandsofusersbeforeitwasdiscoveredandexposed.TheUSintelligenceagencies,representedbytheNSA,haveacompletesetofstandardizedmobileattackequipment,arecapableofconductingrigorouslyorganizedoperations,andtheiroperationsarehighlycovert.ReferencesAdaptiveMobileSecurity.SimjackerTechnicalPaper.2019./Simjacker-Technical-PaperSimjacker技術分析報告.2019./s/hTgJEzbOxM5KMAIYK5ir3wCathalMcDaid.SimjackerNextGenerationspyingviaSIMCardVulnerability.2019.https:///insights/simjacker-next-generation-spying-over-mobile/JacobAppelbaum,JudithHorchert&ChristianSt?cker.CatalogAdvertisesNSAToolbox.2013.https://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.htmlSim卡及移動端核彈漏洞密集爆發(fā)：近期網絡戰(zhàn)頂級數字武器解析2019.https:///articles/14161AnthonyBoadle.NSA'spied'onmostLatinAmericannations:Brazilpaper.2013.https:///article/us-usa-security-latinamerica-idUSBRE96816H20130709/2023網絡安全威脅回顧與展望.2024./research/notice&report/research_report/2023_AnnualReport.htmlChapter2. TheStolenKey-StealingtheEncryptionKeyoftheMobilePhoneSIMCardSIMcardencryptionkeysareanimportantpartofmobilecommunicationsandoneofthefoundationsforensuringcommunicationsecurity.TheauthenticationkeyintheSIMcardencryptionkeyparticipatesinthelegalityauthenticationofmobiledevicesenteringthenetwork,andplaysanimportantroleinensuringusercommunicationsecurity.ThiskeyisflashedintotheSIMcardbytheSIMcardmanufacturerduringtheproductionprocessandprovidedtothenetworkoperator.Butitisthis"key"thatensuresthesecurityofmobilephonecommunicationsthathasbecomethetargetoftheUSandBritishintelligenceagencies.From2010to2011,theUSandBritishintelligenceagenciescarriedouttheDAPINOGAMMAoperationagainsttheDutchSIMcardmanufacturerGemaltotostealmobilephoneencryptionkeys.Fig.2-1ListofCasesofDAPINOGAMMAOperationbyNSAandGCHQIncidentReviewOnFebruary20,2015,TheInterceptpublishedanarticletitledTheGreatSIMHeist-HowSpiesStoletheKeystotheEncryptionCastle[1]basedontheNSAdocumentsleakedbySnowden.Itwasdisclosedthatbetween2010and2011,theMobileHandsetExploitation(MHET)composedoftheNSAandtheBritishGovernmentCommunicationsHeadquarters(GCHQ),animportantorganizationofthe"FiveEyes"intelligencesystem,carriedoutanoperationcalledDAPINOGAMMAagainstSIMcardmanufacturerGemalto,aimingtostealtheauthenticationkeysusedtoensurethesecurityofcommunicationsbetweenpersonalmobilephonesandmobilenetworks.ThebehavioroftheUSandintelligenceagenciestostealmobilephoneSIMcardauthenticationkeysandthenobtainmobilephonecommunicationdatahasbeenfullyexposed.TheDutchcompanyGemaltoisoneoftheworld'slargestSIMcardmanufacturers.ItwasacquiredbytheFrenchmilitaryindustrycompanyThalesin2019.Around2010,itscustomersincludednearly450mobileoperatorsin85countriesaroundtheworld,anditproducedapproximately2billionSIMcardseveryyear[1].DocumentsleakedbySnowdenshowthatinitskeyharvesting"trial"operationsinthefirstquarterof2010,GCHQsuccessfullyinterceptedkeysusedbywirelessnetworkprovidersinIran,Afghanistan,Yemen,India,Serbia,IcelandandTajikistan[2].Inaddition,theUSandBritishintelligenceagenciescooperatedcloselyduringtheoperation.GCHQusedtheNSA'sXKEYSCOREsystemtoscreenandlocktargets,andtheSIMcardkeysitobtainedwerealsosharedwithNSA.AttackMethodLockingtargetsusingtheNSA'sXKEYSCOREsystem:MHETusedtheNSA'sXKEYSCOREsystemtointerceptalargenumberofemailsontheemailserversofGemaltoandmobileoperators.Throughanalysisoftheemailcontent,keypersonnelorcluesmaybefoundwhomayhaveaccesstoGemalto'scorenetworkandkeygenerationsystem.XKEYSCOREistheNSA'ssystemforretrievingandanalyzingglobalinternetdata.TheXKEYSCOREsysteminterceptsdatasuchasemails,internetcalls,internetchatrecords,andbrowsinghistoryinrealtimethroughserversdistributedat150sitesaroundtheworld[3].Analystscanobtainthecontentdataandmetadataofthetargetednetworkactivitiesthroughvariouskeywordssuchasname,phonenumber,IPandbrowser.Withthissystem,NSAcanhaveapanoramicviewofeverymoveofaspecifictargetontheInternet.XKEYSCOREalsohasgoodscalabilityandcanbeintegratedorinteractedwithNSA'sTURBULENCEcyberattackoperatingsystemtoautomaticallyanalyzenetworkinformationcollectedthroughotherchannelsandtriggertasklogic;itcanalsoacceptdatafromotherprojecttasks(forexample,datafromforeignsatellitecommunicationscollectionprojectSKIDROWE)andprovideanalysisandprocessingfunctions;XKEYSCOREalsoprovidessupportfortheuseandsharingofintelligencebytheFiveEyes(FVEY)countries[4].Duringtheemailinvestigation,MHETfoundthatGemaltousedemailorFTPtosendSIMcardencryptionkeystoitsglobaloperatorcustomersinbatches.Whenitcametotransmittingkeyfiles,Gemaltoonlyusessimpleencryptionmethodsthatwereeasytocrack,sometimeseventransmittingthekeyfilesdirectlywithoutencryptingthem.ThisextensivetransmissionmethodcreatedconditionsfortheUSandBritishintelligenceagenciestointerceptkeyfiles.IntrusionintoGemalto'sinternalnetwork:inordertostealSIMcardencryptionkeysmoreconvenientlyandaccurately,MHETalsoinvadedGemalto'sinternalnetworkandimplantedmalwareonmultipleinternalcomputers.ItprovidesaccesstoGemalto'sintranetandfindtargetsforinterceptingkeys.DocumentsleakedbySnowdenrevealthatMHEThassuccessfullyimplantedseveralGemaltomachines,mastereditsentirenetworkandprocessedtheacquireddata[5].Developingprogramstostealkeysinbatches:basedonpreliminaryreconnaissance,MHETsuccessfullyinterceptedinternetcommunicationdatabetweenmultipleGemaltopersonalizationcentersandmobileoperatorsandobtainedencryptionkeys.AnarticleontheInterceptwebsitestated,inonetwo-weekperiod,theyaccessedtheemailsof130peopleassociatedwithwirelessnetworkprovidersorSIMcardmanufacturingandpersonalization.Thisoperationproducednearly8,000keysmatchedtospecificphonesin10countries.Inanothertwo-weekperiod,byminingjustsixemailaddresses,theyproduced85,000keys[1].InordertofurtherstealtheencryptionkeystransmittedbetweenGemaltoandmobileoperatorsonalargerscaleandinlargerquantities,theUSandBritishintelligencepersonnelalsospeciallydevelopedaprogramtoautomaticallyinterceptandcollectkeys.Ithasalsobeenshownthatalthoughtheautomatedmethodisabletoreturnarepresentativesetofitemsfrombulkdata,itoftenfailstodetectallitemsthatwouldbefoundmanually[6].Notonlythat,GCHQalsolaunchedanoperationcalled"HIGHLANDFLING"in2011,withgoalsincluding:tolookatgettingintoFranceHQtogetintocoredatarepositories;togetinformationofpossibleIPsthatcouldleadtopenetrationintooneormorepersonalisationcentres;tostartprocessforanewsupplierGieseckeandDevriente[7].ExtendedAnalysisTheSIMcardencryptionkeysisanimportanttoolforidenti