Have British and American intelligence agencies been caught with their collective hands in the cookie jar?

Well, yes, is the conclusion of a “thorough investigation” of the illegal hacking of computer systems belonging to SIM card manufacturer Gemalto.

SIM Heist

The investigation came after The Intercept claimed last week to have received information from whistleblower Edward Snowden of a joint operation between GCHQ and the US National Security Agency (NSA) that took place in 2010 to steal thousands of encryption codes from Gemalto.

Both the UK and US intelligence agencies were accused of illegally hacking the systems of SIM card manufacturer Gemalto to try and gain the encryption keys that could allow the interception of some of the world’s voice, text and data traffic.

At the time, it was alleged that the agencies cyber-stalked Gemalto employees before penetrating its networks and planting malware on a number of machines in an attempt to gain thousands of keys. These keys would allow spies to decode communications between a 2G mobile phone and a mast without the need to gain legal permission or place a wiretap. Furthermore, the agencies would also be able to decrypt encrypted data that had previously been intercepted.

At the time, Gemalto said that it could not “verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.”

But now, Gemalto has published the results of its investigation into the matter, and it has concluded that GCHQ and the NSA was probably behind the attack in 2010 and 2011.

NSA/GCHQ Collaboration?

“As a digital security company, people try to hack Gemalto on a regular basis,” said the company. These intrusion attempts are more or less sophisticated and we are used to dealing with them. Most are not successful while only a few penetrate the outer level of our highly secure network architecture.”

“If we look back at the period covered by the documents from the NSA and GCHQ, we can confirm that we experienced many attacks,” Gemalto said. “In particular, in 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation.”

Gemalto said that it noticed suspicious activity in June 2010 in one of its French sites where a third party was trying to spy on the office network. Gemalto immediately took action to counter this threat. Then a month later in July 2010, a second incident happened, which involved fake emails sent to one of its mobile operator customers that spoofed a legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code. Again, Gemalto reacted quickly to close down the vulnerability and reported the malware to both the customer and authorities.

And Gemalto said that during the same period, it also detected several attempts to access the PCs of Gemalto staffers who had regular contact with customers.

“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation,” said Gemalto. “These intrusions only affected the outer parts of our networks – our office networks – which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks.”

And even if the encryption keys had been stolen, the intelligence services would only be able to spy on communications on 2G mobile networks, because 3G and 4G networks aren’t vulnerable to this type of attack, Gemalto said.

“It is extremely difficult to remotely attack a large number of SIM cards on an individual basis,” said the company. “This fact, combined with the complex architecture of our networks explains why the intelligence services instead, chose to target the data as it was transmitted between suppliers and mobile operators as explained in the documents.”

“We are conscious that the most eminent state agencies, especially when they work together, have resources and legal support that go far beyond that of typical hackers and criminal organisations,” said the Franco Dutch firm. “And, we are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion.”

Shhh! Don’t look at our whistleblowers quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Smartphone Shipments To Rebound In 2024, Says Counterpoint

Relief for Apple, Samsung etc after smartphone shipments are predicted to recover in 2024, as…

33 mins ago

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

22 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

23 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

23 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 day ago