Intelligence agents from the UK and US hacked international SIM card giant Gemalto’s computers and stole encryption keys that protect the privacy of billions of mobile phones across the world, a report in the Intercept has claimed. The publication said it received top secret documents containing the information from the US National Security Agency (NSA) whistle-blower Edward Snowden.

Auri Aittokallio

February 20, 2015

3 Min Read
privacy

Intelligence agents from the UK and US hacked international SIM card giant Gemalto’s computers and stole encryption keys that protect the privacy of billions of mobile phones across the world, a report in the Intercept has claimed. The publication said it received top secret documents containing the information from the US National Security Agency (NSA) whistle-blower Edward Snowden.

According to the report, the hack, apparently detailed in a document dating back to 2010, was a unified effort by the NSA and the UK Government Communications Headquarters (GCHQ). It was claimed in 2010 the two agencies formed a dedicated venture called the Mobile Handset Exploitation Team (MHET) to take advantage of vulnerabilities in mobile communications security. It was suggested Gemalto, which produces some two billion SIM cards every year, wasn’t the target as such but the idea was to cast a spy web over as many mobile phones as possible. The Dutch firm has operations globally, and hundreds of operators’ use its cards.

With the encryption keys it is possible to spy on mobile communications without obtaining official warrant for such activities, or having to implement a wiretap thus leaving no trace on providers’ networks of the intercept. Bulk key theft also enables the unlocking of any previously intercepted communications, which the agencies had not yet been able to decrypt.

Gemalto published a statement regarding the matter saying it cannot at this stage verify whether or not the report was true and that it hadn’t been aware of the possible data privacy breach. “We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” the chip firm said in a statement.

“Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday. We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ​There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasizes how serious cyber security is in this day and age.”

According to a GCHQ slide published by the Intercept, the agency believed to have successfully captured Gemalto’s entire network. The report claimed the spies managed to hack into Gemalto’s network by targeting the employees of major telcos and SIM manufacturers, collecting any sensitive information they could find by accessing email and Facebook accounts.

The news is potentially disastrous from the mobile security perspective, and likely causes a massive headache for chip vendors and telcos alike. The ability to obtain the keys to decrypt data shatters the way mobile communications have been protected. Without the encryption keys even the top intelligence agencies just don’t have the ability to decrypt such massive amounts of data but through the alleged method they are able to do this en mass, which makes it very easy for them to manage.

Although very bad news if true, this is hardly surprising in the light of other similar revelations of recent years. In 2013 Snowden revealed documents claiming the NSA had been spying on the communications of European political leaders, including Germany’s Angela Merkel, for more than a decade, as well as collecting Verizon subscribers’ data on a daily basis.

About the Author(s)

Auri Aittokallio

As senior writer for Telecoms.com, Auri’s primary focus is on operators but she also writes across the board the telecoms industry, including technologies and the vendors that produce them. She also writes for Mobile Communications International magazine, which is published every quarter.

Auri has a background as an ICT researcher and business-to-business journalist, previously focusing on the European ICT channels-to-market for seven years.

You May Also Like