We are already aware of NSA, had (has) monitoring access to most of Pakistani telecom operators, Internet Service Providers and other government departments, but recently a leak provides undeniable evidence that it was indeed happening.
Credited goes to ShadowBrokers — a hackers’ group who published tools, hacks and other exploits used by NSA to infiltrate networks and governments across the world — leaked a new dump few hours ago, has information about more ways through which NSA accessed mobile companies, private and public networks in various countries.
ShadowBrokers initially had put up this data online for auction, but since no one bought it, the group shared the password of the entire dump in protest. Leaked dump of NSA, which is encrypted, is in terabytes in size and security researchers have already started to decrypt it.
Initial decrypted files reveal step by step guide of how NSA used to gain access to Mobilink’s network. NSA accessed servers, data and other information related to mobile phone users of Pakistan.
Method shows that NSA had access in arround ‘2006’ — to CDR (call detail record) of any Mobilink user and also that how many SIMs had been used on a single handset (to identify if the user had more than one SIMs). NSA’s operators get alerts in case a new call was made. They also had mechanism to clear any access records or logs to wipe out any traces.
These methods, which is believed to be patched now, was made possible only after NSA hacked/exploited Solaris (Oracle’s proprietary) operating system, which was otherwise considered very solid and hack-proof. As security researchers are in process of decrypting more leaked data, it’s likely that guides of hacking other Pakistani telcos and ISPs will also be revealed.
You will be wondring if NSA will be held accountable for all the steals (read crimes) or if Pakistani government, will protest against such naked hacks, then its not happening.
Exactly like the elites in Pakistan are free to do, whatever they want to, in Pakistan, global elites enjoy similar sort of immunity and they can do whatever they feel like.
Whats Up Next !
No matter how secure you get, the devices that are built (in west) are going to reveal your data to outsiders one day.
The only way forward, if possible, is to manufacture your hardware and write your code yourself to protect it. Even then you will just minimize the chances of it being getting hacked, but it won’t be as easy as it seems from above incidents.
It is an open secret now that certain loopholes are left on purpose, for activities like above. It is just like you are building a house and keep a back-door for emergency entries/exits, just in case. These back-doors, are then exploited and used by agencies like NSA.