The NSA’s far-reaching powers have been further detailed in an extensive report from The Intercept, which reveals that the agency has conducted an advanced spying operation for years in an effort to spy on mobile operators working on phone encryption. The operation reportedly also targeted bodies that oversee telecom standards, in order to stay updated on new security protocols and identify or even insert vulnerabilities into those communication networks it wanted access to.
Codenamed Auroragold and pointed out to the publication by whistleblower Edward Snowden, the operation has been active since at least 2010, though it’s not clear whether the NSA still uses it.
According to the documents provided, the NSA kept tabs on as many as 1,200 email accounts associated with major carriers around the world, in order to learn details surrounding the security in place protecting calls and data transfers between cell phone users. “As of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide,” The Intercept wrote, or 701 of an estimated 985 companies.
Furthermore, the NSA also spied on the GSM Association, an influential group that represents the interests of over 800 major carriers in 220 countries, working with them on new security measures and better encryption, among other things.
While the NSA’s worries can be understood from one point of view — its ability to intercept on the fly communications between suspects and targets of more advanced spying operations might be detrimental to the success of these operations — the fact that the agency is spying on new standards in order to find vulnerabilities that can be used for mass data collection also has a side-effect. By not disclosing them, or by inserting vulnerabilities of its own, the NSA would inadvertently help other parties looking to spy on users for malicious purposes.
The Intercept’s full report about the NSA’s Auroragold operation is available at the link in the source section below.