NSA spies on carriers to break call encryption, report suggests

The NSA spies on the internal emails and documents of major mobile carriers and their industry body, the GSM Association, according to an article published Thursday by The Intercept.

According to the piece, the spy agency is or was running a program called AURORAGOLD, which involved targeting the GSMA in order to find or even create weak spots in carriers’ network technology. If this is the case, it may be yet another example of the foolhardy breaking of widely used security mechanisms in ways that other spies and criminals can potentially also exploit.

The GSMA’s “IR.21” documents are shared between carriers to allow customers to roam internationally between their networks. According to the NSA documents published by The Intercept, IR.21s provide valuable information about new technology that the carriers are using, helping spies to figure out how to “discover vulnerabilities,” “introduce vulnerabilities where they do not yet exist” and find threats to the spies’ existing surveillance methods.

The GSMA is also a hub for the development of new cellular privacy technology. Worryingly, the article suggests that the AURORAGOLD program may have aided NSA attempts to crack A5/3, a type of encryption for cellular communications. Earlier stories based on the Snowden leaks indicated that the NSA has already cracked the older and weaker — but widely used — A5/1 cipher.

It’s not entirely clear whether or not the NSA and GCHQ have had success in cracking A5/3 yet, but some experts are worried:

As the piece noted, the U.K.-based GSMA receives funding from the U.S. National Institute of Standards and Technology (NIST), which has already had to warn companies off using one of its own security standards because Snowden’s leaks indicated the NSA had tampered with it.

GSMA spokeswoman Claire Cranton told me by email: “We are aware of the Intercept story and are currently investigating the claims made in the piece. We are unable to offer any further comment at this time.”

GELI’s battery operating system is here

A startup building operating systems for grid batteries has shipped its first products to NIST for testing in a net zero home project. The company is an example of the Clean Web phenomenon, where startups use information technology for cleantech aims.

U.S. government agencies prep for big data confab

All right all you big data nerds — it’s time to suit up for the NIST’s Big Data workshop slated for next week. The event will focus on what state-of-the-art core technologies will drive big data and how to ensure accuracy of big data processes.

Today in Green IT: Zipcar finally profitable

Our GigaOM Pro Green IT analyst Adam Lesser reports: Zipcar reported its third quarter after the bell yesterday and finds itself getting hammered this morning, down 5 percent. Sadly, the street is missing the story. Zipcar is finally profitable. Period.

Stopping threats like Operation Shady RAT

Security used to be fairly straightforward — put boundaries around your infrastructure-holding business data. Today, with the rapid adoption of cloud and mobile computing and the overall consumerization of IT, traditional boundaries have become fluid, which means companies must protect the data itself.

Government “Stick” Helped Move Smart Grid Standards

The threat of the government stepping in and legislating the smart grid standards making process was a useful tool for helping the process along, says Raj Vaswani, CTO of smart grid networking firm Silver Spring Networks.

ActaCell Charges Ahead With New Way to Make Batteries

A new $3 million NIST award could offer a significant boost for Austin, Tex.-based ActaCell, whose backers include Google.org, DFJ Mercury and Applied Ventures. The startup aims to scale up production of its novel nanocomposite material for lithium battery anodes by a factor of 1,000.

UPDATED: Feds Open Up $25M for Risky Research

The National Institute of Standards and Technology today announced $25 million available for high-risk research projects. The idea is to develop more efficient, lower cost, less wasteful and faster ways of making products “process-based industries.”

Sponsor post: LogMeIn Free Lets You Work From Anywhere

You know what’s a bummer? Being tied to an office answering to the man. After all, getting work done on a beach, at a café or at home is still getting work done.
That’s why LogMeIn Free is perfect for the remote or flex-time worker. It provides free remote control to your Mac or PC from any Internet-connected device. So you can get whatever you need to get done anytime, anywhere.
Getting started is easy. Just create an account with LogMeIn and make sure you install the software on any computers you’re going to access remotely. Once that’s done, simply log in through the LogMeIn web site and access the remote computer to use all your files and applications without restrictions — from design software to email to databases to word processing.
It’s as if you are sitting right in front of the remote Mac or PC. And, as it turns out, all this freedom also makes you more productive since you are no longer “away” from your computers. No matter where you happen to be.
Get started with free remote access for your PC or Mac today.