GCHQ, NSA stole Gemalto encryption keys - report

News Wireless Global 20 FEB 2015
GCHQ, NSA stole Gemalto encryption keys - report

US and UK intelligence workers hacked into Sim card maker Gemalto’s computer network and stole encryption keys used to protect mobile phone communications privacy around the world, according to a document provided by whistleblower Edward Snowden to The Intercept. The 2010 document from Britain’s GCHQ stated that GCHQ operatives, with support from the NSA, mined the private communications of Gemalto engineers and other operators in multiple countries.

The bulk theft of encryption keys allow police and other agencies to sidestep the need for a wiretap warrant, as well as unlocking any encrypted communictions that is already intercepted but unreadable. Gemalto, which produces about 2 million Sim cards a year and has the motto “Security to be Free”, counts among its clients AT&T, Sprint, T-Mobile and Verizon in the US and around 450 other operators around the world.

Executive vice president Paul Beverly told The Intercept, “I’m disturbed, quite concerned that this has happened. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”

In reaction to the news, Gemalto said "We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation." It said it is especially vigilant against hackers, and has detected, logged and mitigated many types of attempts over the years. "At present we cannot prove a link between those past attempts and what was reported yesterday. We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques."



Categories:

MobileIT

Companies:

Gemalto

Regions:

Global

Tags:

Voice services, Data services, Messaging, Security, Wireless, Sim cards

Related Articles

GLOBAL 8 DEC 2016

UK intelligence targeted telecom operator staff – report

The employees of telecom operators going up to company directors were targets of British intelligence organisation GCHQ (Government Communications Headquarters), claims Le Monde and The Intercept based on the analysis of documents leaked by Edward Snowden. Targets included the founder of French hosting company OVH, Octave Klaba. His email address and pseudonym (Oles) were reportedly found in a list of personalities deemed of interest, created in 2009 as the GCHQ investigated the possibility of intercepting

EUROPE 8 AUG 2016

Privacy group challenges GCHQ hacking in European court

Global privacy network Privacy International and five internet and communications service providers have filed an application with the European Court of Human Rights to challenge the UK Government's use of bulk hacking abroad. Privacy International says the UK Government is currently hacking abroad based on a very vague and broad power that provides few if any safeguards. The co-complainants are Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First (US) and RiseUp (US).

GLOBAL 30 JUN 2015

Gemalto launches multi-link network encryptor product

Gemalto released its new SafeNet Multi-Link High Speed Encryptor (HSE) product that provides the equivalent of 10 by 10 Gbps high-speed encryptors in one unit. With a total encrypted bandwidth of 100 Gbps, the CN8000 is designed to help enterprises and service providers protect sensitive data transmitted across their increasingly large-scale data networks. The SafeNet CN8000 enables organisations to encrypt multiple network links and more traffic while providing security for organisations that operate large

GLOBAL 25 FEB 2015

Gemalto says agencies could have spied on 2G communications

Gemalto has completed its investigation into the alleged hacking of Sim card encryption keys by GCHQ and the NSA in 2010 and 2011, finding that the operation probably did happen. The company said the attack only breached its office networks and therefore could not have resulted in a massive theft of encryption keys. The operation aimed to intercept the keys as they were exchanged between mobile operators and suppliers, but by 2010, Gemalto had already deployed a secure transfer system with customers, that c

GLOBAL 23 FEB 2015

Gemalto to announce in-house probe's results on 25 Feb

Sim card maker Gemalto said it is pursuing its investigations following an article reporting that GCHQ and the NSA hacked Sim card encryption keys engraved in Gemalto and possibly other Sim vendors' cards. Gemalto's initial conclusions show that its Sim products, as well as bank cards, passports and other products, are secure. The company does not expect to endure a significant financial prejudice. It said it would announce the results of the investigation on 25 February.

BELGIUM 23 FEB 2015

Gemalto komt woensdag met verklaring over hack

Gemalto zal woensdag 25 februari een verklaring uitgeven met betrekking tot de hack die de Amerikaanse inlichtingendienst NSA en diens Britse evenknie GCHQ volgens uitgelekte documenten van klokkenluider Edward Snowden hebben gepleegd. De verklaring zal mondeling om 10:30 in Parijs worden gegeven terwijl ook een persbericht zal worden verstuurd. Gemalto is een van oorsprong Franse aanbieder van onder meer beveiligde simkaarten. De onderneming heeft zijn hoofdkantoor in Nederland staan.

BELGIUM 23 FEB 2015

Mogelijk ook Belgische operators slachtoffer hack Gemalto

De NSA en GCHQ zouden Gemalto gehackt hebben om mobiele communicatie in België af te luisteren. Zowel Proximus, Mobistar als Base zijn klant bij de Nederlandse maker van sim-kaarten, schrijft Datanews na navraag bij de drie providers. Vorige week werd bekend dat in Nederland KPN, Vodafone en T-Mobile klant zijn van het bedrijf. Vodafone en T-Mobile lieten toen weten de zaak in onderzoek te hebben. Alle drie de Belgische operators hebben hierover nauw contact met Gemalto terwijl Base ook overleg voert met mo

GLOBAL 20 FEB 2015

'NSA en GCHQ hadden via hack Gemalto toegang tot SIM's'

[Update: reacties Vodafone en T-Mobile toegevoegd] De Amerikaanse inlichtingendienst NSA en diens Britse evenknie GCHQ hebben het netwerk van de Nederlandse chipmaker Gemalto gehackt. Dat meldt de website The Intercept, dat zich baseert op documenten van klokkenluider Edward Snowden. Door deze hack hadden de inlichtingendiensten toegang tot miljoenen encryptiesleutels om telefoonverkeer af te tappen dat verliep via de SIM-kaarten waarop de chips van Gemalto werden gebruikt. Gemalto heeft wereldwijd meer dan

JAPAN 19 FEB 2015

Gemalto launches anti-fraud m-banking platform in Japan

Gemalto launched Ezio Mobile Out-of-Band Server, a mobile platform designed to protect Japanese people from "Ore-Ore" ("It's me, it's me") scams in Japan. The platform is a server offering and open authentication (OATH) notification app that can be used to prevent frauds across a variety of transaction types and channels, including ATM withdrawals, eBanking, mBanking, telephone banking and NFC payment. According to the National Police Agency in Japan, 2014 recorded about 11,000 "Ore-Ore" cases, with total l

UNITED KINGDOM 8 FEB 2015

UK court says GCHQ-NSA bulk intercept sharing was illegal

The UK Investigatory Powers Tribunal (IPT) has found that the regime governing the sharing of bulk-intercepted electronic communications between the UK and the US was unlawful until 2014, the Guardian repots. The secretive court found that the regulations allowing GCHQ access to calls and e-mails intercepted by the NSA violated European human rights law. The ruling suggests that aspects of the operations were unlawful for at least 7 years. It is the first time the 15 year-old body has upheld a complaint rel

UNITED STATES 16 JAN 2015

US, UK to conduct joint cyber war games

British Prime Minister David Cameron and US President Barack Obama will announce a rolling programme of transatlantic cyber war games to be conducted by UK and US intelligence agencies to test their systems' resilience to cyber-attacks, reports the Guardian. The heads of government began two days of talks in Washington on 15 January. As a first step, a simulated attack will be targeted later this year at banks in the City of London and Wall Street. The war games against the financial sector will be co-ordin

UNITED STATES 15 DEC 2014

Gemalto close to completing SafeNet acquisition - CEO

French smartcard and security group Gemalto is close to completing its USD 890 million acquisition of US data protection specialist SafeNet, with the only authorisation pending being that of the Committee on Foreign Investment in the US, Gemalto CEO Olivier Piou told La Tribune. The "very complementary" acquisition will allow Gemalto to offer end-to-end security combining its traditional business of security in bank cards, mobile phones and passports, and SafeNet's security in the cloud and core networks. S

UNITED KINGDOM 17 JAN 2014

NSA collects millions of SMS daily - report

The US National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to an investigation by the Guardian and the UK's Channel 4 News, based on material provided by NSA whistleblower Edward Snowden. The documents also reveal that UK intelligence agency GCHQ has made use of the NSA database to search the metadata of "untargeted and unwarranted" communications belonging to p

BELGIUM 23 SEP 2013

UK intelligence service behind Belgacom cyber hit - report

The UK's GCHQ intelligence service was behind a cyber attack against Belgacom, Der Spiegel reported, citing documents from the archive of Edward Snowden. The goal of project, conducted under the codename "Operation Socialist," was "to enable better exploitation of Belgacom" and to improve understanding of the provider's infrastructure. The presentation is undated, but another document indicates that access has been possible since 2010. The document shows that the Belgacom subsidiary Bics, a joint venture be

GLOBAL 6 SEP 2013

US, UK intelligence crack global encryption - report

US and British intelligence agencies have successfully cracked much of the online encryption used to protect personal data, online transactions and e-mails, according to the latest top-secret documents revealed by former contractor Edward Snowden. The news was revealed by the New York Times, the Guardian and ProPublica based on documents obtained by the Guardian. The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees from internet companies that

Just In

16:42

SLT-Mobitel launches 5G network in Sri Lanka

16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.