Update: Spy agencies hacked SIM card maker's encryption


The NSA and the UK's GCHQ were able to monitor a large portion of the world's mobile traffic

U.S. and U.K. intelligence agencies have reportedly hacked into the computer network of giant SIM card maker Gemalto and taken smartphone encryption keys potentially used by customers of hundreds of mobile phone carriers worldwide.

The Gemalto hack, by the U.S. National Security Agency and the U.K. Government Communications Headquarters (GCHQ), allowed the two spy agencies to monitor a large portion of the world's mobile phone voice and data traffic, according to a story in The Intercept.

The hack was detailed in a 2010 GCHQ document leaked by former NSA contractor Edward Snowden, the story said.

It's unclear how much mobile traffic the two agencies intercepted after the reported hack.

Gemalto, based in the Netherlands, produces about 2 billion SIM cards a year. About 450 mobile carriers, including AT&T, T-Mobile, Verizon Wireless and Sprint, use the company's SIM cards.

With the compromised encryption keys, the surveillance agencies would be able to monitor mobile communications without the approval of the carriers or foreign governments, The Intercept story said. The encryption keys would allow the agencies to intercept mobile traffic without court-ordered warrants or wiretaps, the story said.

Representatives of the NSA did not respond to requests for comment on the story. Gemalto's website was down Thursday afternoon.

Gemalto will devote "all resources necessary" to investigate the reported compromise, the company said in a statement.

The company is "especially vigilant against malicious hackers, and of course, has detected, logged and mitigated many types of attempts over the years," the statement continued. Gemalto "can make no link" between past attacks and the reported compromise by GCHQ  and the NSA, the company said.

Gemalto was unaware of the penetration of its systems, the company told The Intercept. The company is "disturbed" about the possibility, Paul Beverly, a Gemalto executive vice president, told the publication.

GCHQ compromised Gemalto's computer networks and installed malware on several computers, The Intercept story said, quoting a slide from the U.K. intelligence agency provided by Snowden. At the time GCHQ believed it had access to the company's "entire network," the slide said.

GCHQ also said it had access to billing servers of mobile carriers, allowing it to manipulate customer charges in an effort to hide surveillance on phones, the story said.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Our Commenting Policies

    14 hours ago
    Trust no-one !
    4 days ago
    Alexa Lux
    So the government infected everyone of interest with their stuxnet variations, then they ripped off all of our cell phone security, cops are maniac thugs, 99% of all so called terrorist arrests since 1981 have been retarded patsy's set up by the FBI, all afghanistani heroine is grown, protected, and imported by the U.S. Government, Fast and Furious gun running, lies about virtually everything... Is there any possibility to not have a criminal government run by psychopaths?
    4 days ago
    Fbiznot Theanswer
    We might be happy they can listen in on ISIS, but not happy when they listen in to the rest of us.
    View All 3 Comments