Gemalto admits it NSA/GCHQ hack

Global SIM card maker Gemalto released on Wednesday the findings of an investigation into allegations that it had been hacked by British and American intelligence agencies. Responding to a recent report in The Intercept based on documents provided by NSA whistleblower Edward Snowden, Gemalto said while the attack "probably occurred… [it] could not have resulted in a massive theft of SIM encryption keys."

The Intercept article said Britain's Government Communications Headquarters (GCHQ) and the US National Security Agency (NSA) had targeted Gemalto in a series of hacking attacks in 2010 and 2011. The company claimed that as a large digital security company it is often attacked, but Gemalto's investigation revealed two particular incidents during the timeframe in question that could have come from GCHQ and NSA.

The first involved suspicious activity at one of the company's French sites where a third-party attempted to spy on the company's office network. This network is used for employees to communicate with each other and the outside world, Gemalto said. The second incident involved "fake emails sent to one of our mobile operator customers spoofing legitimate Gemalto email addresses."

In both instances, which occurred in June and July of 2010, the company said immediate action was taken.

While Gemalto said the two attacks could have come from the GCHQ and NSA operation, it added that "SIM encryption keys and other customer data in general" are not stored on the networks that were attacked.

Furthermore, the company claims that even if encryption keys were stolen, they would only be able to spy on communications conducted on 2G networks. 3G and 4G networks would not be affected.

mz/sms (Reuters, dpa)