Late last night a particularly scary report surfaced online claiming that NSA and Britain s Government Communications Headquarter conducted joint operations to hack Gemalto and steal its encryption keys. The world s largest SIM card maker has reacted to the report, saying it wasn t aware of such an operation and is investigating the matter. Also Read - Hackers are successfully attacking Gmail, Yahoo Mail and ProtonMail by beating two-factor authenticationAlso Read - Gemalto issues public apology for Aadhaar data breach report
Details of the operation were revealed in a bunch of documents released by whistle blower Edward Snowden. The agencies managed to harvest encryption keys burnt on SIM cards that are used to authenticate them on cellular networks. These keys enable the spy agencies to gather surveillance data from cellular networks and decrypt any conversation both voice and data at their leisure. Also Read - NSA is getting rid of hundreds of millions of call and text records collected under Freedom Act
The SIM card maker has responded saying it had no prior knowledge of any such operations being conducted by the agencies. It further says that Gemalto wasn t the prime target and the agencies were trying to cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators’ and users’ consent.
The company has assured that it takes such reports very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.
Gemalto s statement follows.
Information regarding a report mentioning a hacking of SIM card encryption keys
Amsterdam, February 20, 2015 A publication reported yesterday that in 2010 and 2011, a joint unit composed of operatives from the British GCHQ (Government Communications Headquarters) and the American NSA (National Security Agency) hacked SIM card encryption keys engraved in Gemalto (Euronext NL0000400653 – GTO) and possibly other SIM vendors’ cards. The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.
Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday.
We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.
There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasizes how serious cyber security is in this day and age.