Gemalto believes NSA and GCHQ hacked its networks


The world’s largest SIM card maker said it has “reasonable grounds” to believe that its networks were hacked by the National Security Agency and the U.K.’s Government Communications Headquarters in 2010 and 2011. However, Gemalto does not think that SIM card encryption keys were compromised.

The French company shared the findings of the investigation it launched after Edward Snowden alleged that the two government agencies had hacked Gemalto’s networks. Gemalto said the attacks breached its office networks, but could not have resulted in massive theft of SIM card keys. Furthermore, if encryption keys were stolen, they would only enable the government agents to intercept communications on 2G networks.

If the U.S. and U.K. agencies did try to compromise Gemalto’s network, they were not alone. The company said its networks are a constant target and that it experienced many attempted hacks during 2010 and 2011. But as it looks back at the data, Gemalto said it finds “two particularly sophisticated attacks [that]could be related to the operations.”

Gemalto said it noticed suspicious activities in the summer of 2010. In one instance, someone was trying to spy on the company’s internal communications network. In another, employees at one of Gemalto’s mobile operator customers were receiving fake e-mails that purported to be from legitimate Gemalto e-mail addresses. The fake e-mails contained contaminated attachments. Gemalto said it immediately notified the mobile operator when the incident was discovered that summer. Now the company thinks both attacks may have been instigated by government agents.

Gemalto outlined three ways that it can defend against future attacks: systematic encryption of data; use of up-to-date SIM cards; and customized algorithms for each mobile operator. The company said that by 2010 it had already implemented a secure transfer system with its customers, making the actual theft of SIM card encryption keys very unlikely.

About Author

Martha DeGrasse

Wireless Martha DeGrasse has been creating content for RCR Wireless News since 2011. Recent feature reports include Building Tomorrow's Neworks, Outdoor DAS and Small Cell Case Studies, Wireless Infrastructure Service Company Review, and Investing in HetNets. (All of these can be found by clicking on Reports at the top of this page.) At RCR, Martha also developed the 5 Things to Know Today series and the Mobile Minute. Prior to joining RCR Wireless News, Martha produced business and technology news for CNN and Dow Jones in New York. Martha left Dow Jones to move to Austin, Texas, where she managed the online editorial group at Hoover’s Online before taking a number of years off to be at home when her children were young. Follow her on Twitter @mdegrasseRCR