NSA, British spies 'hack SIM card company'
February 20, 2015Operatives from Britain and the NSA hacked into the internal network of Dutch company Gemalto, the world's largest manufacturer of SIM cards for mobile phones, The Intercept reported on Thursday, saying it had the information from documents provided by NSA whistleblower Edward Snowden.
Glenn Greenwald, founder of The Intercept and the man who made Snowden's leaks public tweeted the news:
Access to private information
Gemalto produces two billion SIM cards every year. Its clients include T Mobile, Verizon and AT&T and operate in 85 countries. Its motto is: "Security to be free."
Journalists Jeremy Scahill and Josh Bigley wrote in their findings that the spies breached Gemalto's core networks and could eavesdrop on data and voice communications of a targeted individual's phone.
Hacking mobile encryption systems gave spy agencies the potential to monitor a substantial portion of global cellular communications.
"Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment," the authors wrote in their article, citing a classified document from 2010.
'Disturbing' news
The multinational firm was caught unawares by the news. "I'm disturbed, quite concerned that this has happened… The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it does not happen again," Paul Beverly, Executive Vice President in Gemalto told The Intercept's journalists.
Dutch leaders also expressed concern over the leak, especially since it concerned foreign agencies spying on Dutch territory where hacking is illegal. Parliamentarian Gerard Schouw tweeted that his country would demand an explanation about the incident.
FBI and other US agencies can ask for court orders to be able to intercept phone companies' customers in the US, but this is more difficult on an international level. Cryptography specialist Mathew Green told The Intercept's journalists that this kind of access to a database of keys is "bad news for phone security."