US, UK hacked into systems of SIM card firm: report
FRANKFURT: American and British spies hacked into systems of the world’s biggest maker of phone SIM cards, allowing them to potentially monitor the calls, texts and emails of billions of mobile phone users around the world, an investigative news website reported.
The alleged hacking of Gemalto’s systems, if confirmed, would expand the scope of known mass surveillance methods available to the US and British spy agencies to include not just email and web traffic, as previously revealed, but also mobile phone communications.
Know more: New Snowden documents say NSA can break common Internet encryption
The Franco-Dutch company said on Friday it was investigating whether the US National Security Agency (NSA) and Britain’s GCHQ had hacked into its systems to steal encryption keys that could unlock the security settings on billions of mobile phones.
The report by The Intercept site, which cites documents provided by former NSA contractor Edward Snowden, could prove an embarrassment for the US and British governments.
It opens a fresh front in the dispute between civil liberties campaigners and intelligence services which say their citizens face a grave threat of attack from militant groups like Islamic State.
Also read: Snowden says NSA also spies on industry
It comes just weeks after a British tribunal ruled that GCHQ had acted unlawfully in accessing data on millions of people in Britain that had been collected by the NSA.
A spokesman for GCHQ (Government Communication Headquarters) said on Friday that it did not comment on intelligence matters. The NSA could not be immediately reached for comment.
‘The move allowed the NSA and GCHQ to monitor voice and data mobile communications around the world without permission from govts, telecom firms or users’
The Intercept report (http://bit.ly/19E0KUK) said the hack was detailed in a secret 2010 GCHQ document and allowed the NSA and GCHQ to monitor a large portion of voice and data mobile communications around the world without permission from governments, telecom companies or users.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques,” said Gemalto, whose shares sunk by as much as 10 per cent in early trading on Friday, following the report.
The report follows revelations from Mr Snowden in 2013 of the NSA’s Prism programme which allowed the agency to access email and web data handled by the world’s largest Internet companies, including Google, Yahoo and Facebook.
The new allegations could boost efforts by major technology firms such as Apple Inc and Google to make strong encryption methods standard in communications devices they sell, moves attacked by some politicians and security officials.
Leaders including US President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such encryption into a mass-market feature could prevent governments from tracking militants planning attacks.
Gemalto makes SIM (Subscriber Identity Module) cards for phones and tablets as well as “chip and pin” bank cards and biometric passports. It produces around two billion SIM cards a year and counts Verizon, AT&T Inc and Vodafone among hundreds of wireless network provider customers.
The Intercept, published by First Look Media, was founded by the journalists who first interviewed Mr Snowden and made headlines around the world with reports on US electronic surveillance programmes.
It published what it said was a secret GCHQ document that said its staff implanted software to monitor Gemalto’s entire network, giving them access to SIM card encryption keys. The report suggested this gave GCHQ, with the backing of the NSA, unlimited access to phone communications using Gemalto SIMs.
French bank Mirabaud said in a research report the attacks appeared to be limited to 2010 and 2011 and were aimed only at older 2G phones widely used in emerging markets, rather than modern smartphones. It did not name the source of these assertions.
Some analysts argue that if a highly security-conscious company like Gemalto is vulnerable, then all of its competitors are as well. Gemalto competes with several European and Chinese SIM card suppliers.
Published in Dawn February 21th , 2015
On a mobile phone? Get the Dawn Mobile App: Apple Store | Google Play