In 2010, GCHQ and the NSA hacked a company responsible for producing a huge number of mobile SIMs and stole all the security keys:
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
It’s not so much the brazen nature of the hack – mostly built on social engineering through hacking their personal emails – as it is their ability to wiretap without any kind of oversight or leaving a trace. This exports the fundamentally digital nature of these communications, that a tap is easy and undetectable because bits leave no fingerprints and suffer no degradation.
That the agencies for the UK and the USA have done it so broadly – not merely looking at services within their jurisdictions, but globally – is now standard fare. You can only imagine the furore if it had been perpetrated by China, Russia or even puny little North Korea. It’d be evidence of the police state, the surveillance possible too massive to ignore.
That these revelations continue to come years after Manning and Wikileaks, that this is still Snowden’s work coming to light, is likely a good thing, but in the short term, I despair at what this indicates is happening behind the scenes, stuff that we wouldn’t even believe would be happening, because that truth would be stranger than fiction.