SIM maker Gemalto to investigate if NSA and GCHQ hacked its systems

20 Feb 2015

Gemalto, the Dutch SIM card maker that manufactures the majority of SIMs in the world, has pledged to investigate claims that the NSA and GCHQ hacked its systems to get encryption keys.

In a fresh raft of revelations by Edward Snowden it was claimed that the NSA and GCHQ spied on Gemalto and its employees in order to be able to access voice and data communications without networks or phone owners being aware.

As well as Gemalto’s network, the spy agencies are understood to have targeted unnamed mobile operators’ core networks, gaining access to sale staff’s machines as well as network engineer’s computers for network maps.

They also used the operators’ billing servers to suppress charges to conceal spying activities on an individual’s phone.

The spy agencies also penetrated authentication servers to decrypt data and voice communications between a target’s phone and the network, according to Snowden’s revelations.

Spy agencies cast a wide net

In a statement Gemalto suggested it wasn’t the only SIM maker to fall victim to the alleged activities.

“The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent.

“We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.”

It said that in previous years it has detected, logged and mitigated attempts to access its systems

“At present we cannot prove a link between those past attempts and what was reported yesterday. 

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques. ​

“There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasises how serious cyber security is in this day and age,” Gemalto said.

SIM security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years