Mass surveillance by America’s National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) cast its net even wider than previously thought.
The Intercept, a website that publishes stories based on documents provided by NSA whistleblower Edward Snowden, reports today that the two agencies hacked the networks of Gemalto, a Dutch company that is the world’s largest provider of SIM cards, and possibly other SIM makers too.
According to the Intercept, American and British spies in 2010 stole thousands of encryption keys that keep communications between mobile phone users and their networks secure. Once they have these keys, the agencies can listen in on voice calls, read text messages and see all internet traffic between an subscriber and the network without the need for a court order and without any telecom operators or individuals being made aware of the fact that their communications had been compromised. Gemalto produces 2 billion SIM cards annually and supplies some 450 operators worldwide.
The lengths to which the spies went to steal encryption keys is breathtaking, and very likely illegal, According to the Intercept, “the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers.” It used X-KEYSCORE, another mass data collection tool in order to gain access. The agencies used this access to identify high-value targets within the companies, whose communications it then monitored in order to collect intelligence about keys being transferred from Gemalto to the telecom operators it was supplying. The agencies succeeded in getting keys for telcos in over half a dozen countries, including Iran, Yemen, and Afghanistan.
Gemalto neither confirmed nor denied the breach. “At present we cannot prove a link between those past attempts [to hack into Gemalto’s systems] and what was reported yesterday,” the company said in a statement. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.”