British and American spy agencies allegedly hacked into a Dutch company that makes SIM cards to obtain encryption keys used to shield the cellphone communications of millions of customers around the world, according to a report in the Intercept. <\/p>\n
Citing documentsobtained by former intelligence contractor Edward Snowden, the online publication reported Thursday that Britains GCHQ and the National Security Agency targeted Gemalto, the worlds largest manufacturer of SIM cards. <\/p>\n
The multinational firms clients include AT&T, T-Mobile, Verizon and Sprint, as well as hundreds of wireless network providers around the world. It produces 2billion SIM cards a year, the Intercept reported. <\/p>\n
The cards, which are chips barely larger than a thumbnail, are inserted into cellphones. Each card stores contacts, text messages, the users phone number and an encryption key to keep the data private. <\/p>\n
Gemalto produces the SIM cards for cellphone companies, burns an encryption key onto each and sends a copy of the key to the provider so its network can recognize an individuals phone. <\/p>\n
According to the Intercept, GCHQ targeted Gemalto employees, scouring their e-mails to find individuals who might have access to the companys core networks and systems that generate the encryption keys. The goal, the publication said, was to steal large quantities of keys as they were being transmitted between Gemalto and its wireless network providers. <\/p>\n
The NSA did not immediately respond to a request for comment. <\/p>\n
Stealing the encryption keys makes it possible to eavesdrop on otherwise-encrypted communications without undertaking the more difficult challenge of cracking the encryption. It also avoids alerting the wireless company or the person using the phone. <\/p>\n
The NSAs interception of phone calls and other content is bound by different legal standards. A warrant is required to target an Americans calls and e-mails. In general, targeting a foreigners communications for collection overseas does not require a warrant. <\/p>\n
The publication cited one 2010 GCHQ document that said that agency personnel developed an automated technique with the aim of increasing the volume of keys that can be harvested. <\/p>\n
<\/p>\n