As promised, Der Spiegel has published a more detailed story outlining how the NSA taps into our beloved BlackBerry smartphones. Unsurprisingly their methods could be considered by some to be rudimentary as all it takes is access to a back up file of the device in question, which includes contacts, drafts, search queries and other "data gold mines."
In other cases the NSA can "catch" communications mid-air from the BES or BIS servers, being able to decrypt and decode incoming or outgoing communications.
The documents cited by Spiegel once again mention the high level of interest by the NSA to keep a special "BlackBerry Working Group" dedicated to learning how to breach BlackBerry communications. Although the group which according to the documents is backed in part by the British GCHQ had few setbacks accessing BlackBerry data in 2009, due to a change in data compression, they were able to crack the new algorithm by March 2010.
Not only that, the NSA's BlackBerry group was also able to "collect and process" BIS email, which is both compressed and encrypted, unlike BES email which is only compressed but not encrypted but which also sits inside of a private server.
In a presentation entitled "Your Target is using a BlackBerry? Now what?" information suggests that the acquisition of an encrypted BES communication requires a "sustained" operation by the NSA's Tailored Access Operation department to be able to "fully prosecute the target,"and even showcases an email from a Mexican government agency as proof of concept under a section entitled "BES collection."
Spiegel claims that there may be heightened security concerns from the NSA given the declining trend of US government employees who use BlackBerry devices fell from 77% to less than 50% between August 2009 and May 2012. And that ordinary consumer devices are replacing the only certified government smartphone. Drawing the conclusion that the NSA is confident they are the only intelligence group worldwide who is capable of tapping in to BlackBerry devices.
It is definitely shocking to learn that one of the platforms with the highest security certifications could be breached, however this new report leaves many unanswered questions, such as whether or not newer BlackBerry 10 smartphones are compromised or not, and whether this work group is still in existence despite the resent discoveries about PRISM and the backlash the NSA has gotten for invasion of privacy recently.