Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto's network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.
The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It's called Operational Security (OPSEC), a topic that hasn't received much coverage — but it should.
They say the two agencies were trying to intercept encryption keys that were being exchanged between mobile operators and the companies (like Gemalto) who supplied them with SIM cards. The company said it had noticed several security incidents in 2010 and 2011 that fit the descriptions in The Intercept's documents. Gemalto had no idea who was behind them until now. They add, "These intrusions only affected the outer parts of our networks – our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks." They claim proper use of encryption and isolation of different networks prevented attackers from getting the information they were after.