In Wake of Report, GSM Association Denies NSA Breach
A key mobile trade group was the subject of a recent story suggesting it may have been targeted by National Security Agency surveillance efforts. But in a response this week, the group denied that its systems were infiltrated.
Now it’s possible that, at least in one case, an association was the direct target of surveillance efforts, though the association denies it.
The GSM Association (GSMA), the London-based trade organization that develops many of the standards on which the modern wireless industry is based, was reportedly targeted in a covert operation intended to discover flaws in cellphone networks so that NSA could hack into them to conduct surveillance. The news, first reported last week by journalist Glenn Greenwald’s news site, The Intercept, was based on documents handed to the news outlet by whistle-blower Edward Snowden that reveal the details of an operation known as Auroragold.
The article notes that NSA’s infiltration of GSMA’s systems is particularly inappropriate, as the federal government’s National Institute for Standards and Technology provided an $800,000-plus grant to the association to work on security and privacy issues that mobile-device users experience.
“By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States,” the publication’s Ryan Gallagher wrote.
NIST has previously butted heads with NSA and was forced to tell companies to stop using one of its own security standards that the spying agency helped write.
Denying the Report
In the article, NIST denied knowledge of “any activities by NSA related to the GSMA,” while GSM deferred comment until it had a chance to examine documents given to it by The Intercept.
On Monday, however, GSMA was ready to talk, and in a news release it said it had found “no evidence of active targeting or compromise of GSMA systems, communications and stored documentation.”
The association noted that the information about GSMA working groups featured in the documents could be found in sources that are publicly accessible. And while the document did contain data related to an alleged compromise of a technical network, the group says it did not appear to come from a GSMA source.
“Although we see no evidence of a breach of GSMA-held assets, we are very concerned at any attempt to access or interfere with our members’ data,” the group wrote. “We will continue to stringently monitor access to GSMA systems, communications, and stored documentation, and will work with all stakeholders to put in place further measures to ensure that our collective data management and security protections remain robust.”
Edward Snowden, illustrated above, was the source of leaked documents tying GSMA to NSA surveillance efforts. (Thierry Ehrmann/Flickr)