GCHQ And NSA ‘Hacked’ SIM Card Firm To Spy On Calls And Texts

GCHQ and NSA accused of hacking Gemalto in documents allegedly leaked by Edward Snowden

UK and US intelligence agencies have been accused of illegally hacking the systems of SIM card manufacturer Gemalto to gain encryption keys that could allow the interception of much of the world’s voice, text and data traffic.

The Intercept claims to have received information from whistleblower Edward Snowden of a joint operation between GCHQ and the US National Security Agency (NSA) that took place in 2010 to steal thousands of encryption codes from Gemalto.

The ‘great SIM heist’

iphone-simIt is alleged that the agencies cyber-stalked Gemalto employees before penetrating its networks and planting malware on a number of machines to gain thousands of keys.

These keys would allow spies to decode communications between a mobile phone and a mast without the need to gain legal permission or place a wiretap. Furthermore, the agencies would also be able to decrypt encrypted data that had previously been intercepted.

Gemalto was not targeted specifically but because spooks wanted to target as many users as possible. The company’s SIM cards are used in 450 wireless networks around the world, including US operators AT&T, Verizon, Sprint and T-Mobile.

The report says Gemalto was an unwitting participant in the programme and the firm said in a statement it plans to hold a full investigation into how the codes were allegedly obtained.

Unwilling participant

Gemalto’s statement read: “A publication reported yesterday that in 2010 and 2011, a joint unit composed of operatives from the British GCHQ (Government Communications Headquarters) and the American NSA (National Security Agency) hacked SIM card encryption keys engraved in Gemalto.

“The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.

“Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.”

In November 2014, Snowden released documents claiming that Cable & Wireless (CWW) actively assisted GCHQ with the creation of its alleged surveillance programme. His leaks Snowden’s leaks have uncovered alleged mass surveillance efforts by GCHQ and the NSA, ranging from tapping Internet networks to exploiting vulnerabilities in popular mobile apps like Angry Birds and Google Maps.

Shhh! Don’t look at our whistleblowers quiz!