If China or Russia had compromised every mobile phone, *then* would the authorities take it more seriously?

SIM cardThe latest leak from NSA whistleblower Edward Snowden suggests that the NSA and GCHQ joined forces to hack Gemalto, a company which manufactures billions of SIM cards every year, and stole encryption keys used to protect the privacy of communications around the world.

Scott Ludlam, a Greens member of the Australian Senate, had the chance last week to quiz Australian Secretary of Defence Dennis Richardson about about the recent hack revelations – which Gemalto itself has downplayed – and the response of the Australian Signals Directorate (ASD).

And Ludlam asks some very reasonable questions of the Australian spooks (most of which go unanswered).

For instance,

Sign up to our free newsletter.
Security news, advice, and tips.

Are you able to identify whether these allegations are true?

What is your advice to Australian users of telecommunication services who may not want to use devices that are compromised by overseas intelligence agencies?

But one question Australian Secretary of Defence Dennis Richardson does appear keen to answer is whether they would be treating the implications of the reported Gemalto hack with greater urgency, if it were Chinese or Russian intelligence being blamed rather than the NSA and GCHQ.

Watch this video to see what he had to say, and the questions he didn’t wish to immediately respond to.

More questions over the Gemalto hack

Some of the conversation is truly gobsmacking:

Ludlam: Do you use an encrypted phone, Mr. Richardson?

Richardson: No, I don’t.

Ludlam: Right. Okay. Do you use a commercial… I’m not asking you to name names… but do you use a commercial telecommunications provider?

Richardson: Yeah, yeah, yes.

Ludlam: So there might be a SIM card in your phone or mind. Does this alarm you at all?

Richardson: No.

Ludlam: No?

Richardson: No.

Ludlam: Why is that?

Richardson: Well, because I don’t particularly deal with people who… if anyone wants to listen to my telephone calls they can. I’d be surprised if they do, but I don’t particularly have conversations which I’m particularly worried about.


Ludlam: So it’s okay if foreign spooks have hacked every mobile handset in the country because you don’t have anything in particular…

Richardson: It’s possible some might try to.

Ludlam: It’s possible some just have.

Richardson: [Shrugging] Well, it’s possible.

Amazing, eh?

Initially, and I found this astonishing, the ASD representatives appear to claim that they have no knowledge whatsoever of the Gemalto hack, despite it being headline news around the world.

During the course of the conversation, it appears that they may have been more aware of the story than they had previously implied. Which I suppose is a relief.

But none of us should worry, apparently, because the heads of Australia’s signals intelligence division, would never consider having a sensitive conversation on a mobile phone…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “If China or Russia had compromised every mobile phone, *then* would the authorities take it more seriously?”

  1. Philip Le Riche

    GCHQ and the responsible ministers are always very keen to stress the legal underpinning of everything the security services do, and claim that the checks and balances are least as strong as in any country in the world. That may be true, though cynics would doubtless retort that it wasn't saying much.

    True or not, if I were to steal some data, any court in the UK would regard it as a clear case of theft and a breach of the Computer Misuse Act. I'm struggling to see the legal underpinning of the same action by GCHQ against Gemalto unless a warrant was issued by the Secretary of State under Section 3-(1) of the Security Service Act 1989. Was it?

    We have to accept that spying is what intelligence agencies do, but it seems to me that hacking a commercial company in a friendly European country just isn't cricket.

  2. furriephillips

    You forgot to include the words "hilarious" and "cringeworthy" in the article teaser. I watched the video a few days ago and it was truly painful to view these duffers not exactly respond to the questions.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.