Gemalto: Spy Agencies 'Probably' Hacked Us, But Encryption Keys Secure

Posted: March 10, 2015 at 3:50 am

The NSA and GCHQ probably hacked SIM card maker Gemalto, but didn't nab any encryption keys, the firm said.

SIM card maker Gemalto today said it believes the NSA and GCHQ did indeed breach its systems, but the firm found that the agencies were unable to swipe any encryption keys.

The news comes after a recent report, based on documents leaked by Edward Snowden, said that the NSA and its U.K. counterpart hacked Gemalto in order to steal encryption keys and spy on wireless communications.

A multinational chipmaker based in The Netherlands, Gemalto supplies SIM cards used by all four of the top U.S. carriers and 450 wireless network providers around the world. Access by intelligence agencies, therefore, would allow the monitoring of mobile communications without approval, warrant, or wiretap.

Gemalto's subsequent investigation found that the agencies' "intrusions only affected the outer parts of our networksour office networks," Gemalto said. SIM encryption keys and customer data is stored on other networks.

The Dutch tech giant said its networks are frequently under attack, but that very few efforts actually succeed. Two sophisticated attacks in 2010 and 2011, however, caught Gemalto's eye and "could be related" to the reported NSA and GCHQ breaches.

One of those attacks focused on suspicious activity on one of its French sites, while another involved fake emails sent to mobile operator customers. At the same time, Gemalto detected numerous attempts to access the employees' PCs.

Though unable to identify the intruders at the time, the company now believes the NSA and GCHQ were behind the breaches. "An operation by NSA and GCHQ probably happened," it said.

"It is important to understand that our network architecture is designed like a cross between an onion and an orange," the report said. "It has multiple layers and segments which help to cluster and isolate data."

The breach was allegedly detailed in a "secret" 2010 GCHQ document, but was only just made public via the Snowden data dump.

Read this article:
Gemalto: Spy Agencies 'Probably' Hacked Us, But Encryption Keys Secure

Related Posts