NSA's Auroragold spies on carriers to breach cell networks, report says

The US National Security Agency has the ability to target cellular networks around the world and collect information at will, a new report from The Intercept claims.

Dubbed Auroragold, the previously undiscovered NSA program allows the clandestine agency to exploit security vulnerabilities -- and even to introduce new ones -- in cell networks to help it eavesdrop on calls and text messages. Information on the program was amid the copious files leaked by former NSA contractor Edward Snowden files and obtained by reporter Glenn Greenwald, who co-founded The Intercept.

According to the report, the Auroragold program has been in full swing for the last few years and continuously monitors communications by more than 1,200 e-mail accounts associated with major cell phone network companies.

Chief among the targets, the Intercept claims, is the UK-based GSM Association. which counts among its members some of the largest tech and telephony companies in the world, including AT&T, Cisco, Microsoft, Samsung and Vodafone. The group provides guidance on new technologies and techniques related to all things mobile and plays a crucial role in enhancing the security of cellular networks around the world.

Of particular interest to the NSA has been the GSMA's technical documents connected to roaming arrangements that let mobile phone owners use their devices when they travel abroad. Those so-called IR.21 documents highlight new technologies as well as encryption methods being used by carriers.

The report is the latest in a string of revelations from documents leaked by former NSA contractor Edward Snowden. In 2013, Snowden provided Greenwald and fellow journalist Laura Poitras reams of information on the NSA and its inner workings, and new reports on the agency's inner workings have appeared regularly since then. The Snowden leaks have scalded the public perception of the NSA and caused friction with international intelligence agencies.

Snowden has found a haven for now in Russia, while the US government has revoked his passport and has been anxious to get him back to the country to face prosecution.

While the NSA would not confirm the details of the latest Snowden leak, agency spokesperson Vanee Vines said in an e-mailed statement that it operates within the law in its attention to everyday means of communication, as it adheres to a presidential mandate "that signals intelligence activities take into account the globalization of trade, investment, and information flows -- and the commitment to an open, interoperable, and secure global Internet."

NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements -- regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications. Terrorists, weapons proliferators, and other foreign targets often rely on the same means of communication as ordinary people. In order to anticipate and understand evolving threats to our citizens and our allies, NSA works to identify and report on the communications of valid foreign targets.

According to The Intercept, Auroragold is controlled by a "specialist" unit within the NSA, called the Wireless Portfolio Management Office. Its logo says that its three charges are to "predict, plan, [and] prevent."

Some 70 percent of the cellular networks around the world, including nearly all in North Africa, many in the Middle East, and nearly three-quarters in China, have had their technical information obtained by that NSA office and potentially exploited, according to the Intercept's report. The US is surprisingly low on the list for network information obtained.

Of late, the NSA has, at least publicly, attempted to play nice with technology companies. Last month, NSA director Adm. Michael Rogers said that he would want to work with Silicon Valley to ensure an open line of communication is established between the parties. He also indicated that while he might not always agree with technology companies and their general discontent over the NSA's practices, he understands their point of view.

"It doesn't do us any good to villainize either side of this argument," Rogers said to about 100 professors, students and reporters at Stanford University. "Reasonable people can come to different conclusions about what is appropriate and not appropriate."