SIM company Gemalto says NSA, GCHQ, likely hacked its network

Photo illustration.

Photo illustration.  (REUTERS/Dado Ruvic )

The NSA and its British counterpart GCHQ likely hacked Dutch SIM card giant Gemalto, the company said on Wednesday, but added that there was no major theft of SIM encryption keys.

Last week, citing documents provided by NSA whistleblower Edward Snowden, The Intercept reported that the intelligence agencies hacked Gemalto’s computer networks, allowing them to spy on cellphones across the globe.

The report prompted a major investigation by Gemalto. The company presented the findings of its probe on Wednesday, noting that “an operation by NSA and GCHQ probably happened.”

Citing the results of its investigation and sophisticated attacks it detected in 2010 and 2011, Gemalto said there are “reasonable grounds” to believe that it was targeted by the NSA and GCHQ. However, the attacks only breached Gemalto’s office networks, it said, and could not have resulted in a massive theft of SIM encryption keys. The keys, and other customer data in general, are not stored on the networks, Gemalto explained.   

The attacks aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally, according to the Amsterdam-based firm. “By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft,” it added.

The company also noted that, even in the case of an eventual key theft, the agencies would only be able to spy on 2G mobile networks. “3G and 4G networks are not vulnerable to this type of attack,” it added.

Gemalto, which also makes financial smart card and payment technology, said that none of its other products were affected by the hack.

The NSA has not yet responded to a request for comment on this story. GCHQ declined to comment when contacted by

Nonetheless, the alleged Gemalto hack keeps the NSA and GCHQ firmly in the surveillance spotlight. Security researchers at Kaspersky Lab, for example, recently unearthed malware that can place spying software in hard drives, fueling suspicion that the National Security Agency may be behind a new breed of cyber espionage technology.

Muddu Sudhakar, CEO of cybersecurity and threat detection specialist Caspida told that he was not surprised by the allegations of NSA and GCHQ cellphone snooping.

“We should assume by now that many nation states, cybercriminals, hardware manufactures and agencies like the NSA are spying on broad segment of bad and good people,” he wrote, in an email.  “Let’s develop [a] bill of rights for mobile/cell phones so we know who, what, and when communications are being sent from our devices.”

However, Roger Kay, president of research firm Endpoint Technologies, told that he won’t be losing any sleep over the reports of cellphone surveillance.

“This is the reality of the world we live in,” he said. “I think that there’s a balance between paranoia and reasonable prudence.”

Follow James Rogers on Twitter @jamesjrogers