Slashdot Mirror


NSA, GHCQ Implicated In SIM Encryption Hack

First time accepted submitter BlacKSacrificE writes Australian carriers are bracing for a mass recall after it was revealed that a Dutch SIM card manufacturer Gemalto was penetrated by the GCHQ and the NSA in an alleged theft of encryption keys, allowing unfettered access to voice and text communications. The incident is suspected to have happened in 2010 and 2011 and seems to be a result of social engineering against employees, and was revealed by yet another Snowden document. Telstra, Vodafone and Optus have all stated they are waiting for further information from Gemalto before deciding a course of action. Gemalto said in a press release that they "cannot at this early stage verify the findings of the publication" and are continuing internal investigations, but considering Gemalto provides around 2 billion SIM cards to some 450 carriers across the globe (all of which use the same GSM encryption standard) the impact and fallout for Gemalto, and the affected carriers, could be huge.

10 of 155 comments (clear)

  1. Fallout? by The+Rizz · · Score: 5, Insightful

    the impact and fallout for Gemalto, and the affected carriers, could be huge.

    Why is it that the fallout is centered on these companies, instead of on the NSA and GHCQ? Why are these criminal enterprises masquerading as government agencies so completely above the law?

    1. Re:Fallout? by Anonymous Coward · · Score: 5, Insightful

      It would be nice to know who will pay the damages or that NSA and GHCQ can just destroy businesses as they please.

  2. Damages by Anonymous Coward · · Score: 5, Insightful

    So who does Gemalto sue when the bankrupting recall they are forced to do is the result of a government approved hack?

    1. Re:Damages by AmiMoJo · · Score: 4, Insightful

      How would they ever prove it? The stolen documents will be inadmissible. Everything will be protected as a state secret. Their customers won't care of course, but the courts will.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Taxpayers by Anonymous Coward · · Score: 5, Insightful

    So, not only do we fund the hack, but now we need to fund the compensation for it.

    Wonderful job.

    1. Re:Taxpayers by transporter_ii · · Score: 5, Insightful

      They want to know what you are saying, and they are willing to spend every penny you have to find out. And then some.

      --
      Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
  4. We're Number 1! We're Number 1! by Anonymous Coward · · Score: 5, Insightful

    Welcome to the USSA. Just like the old USSR, with better technology.

  5. Sanctions by Anonymous Coward · · Score: 5, Insightful

    The world should introduce trade-sanctions against the USA and the UK, until they stop attacking other countries, and fall in line.

  6. Even if the courts punish US/UK by EmagGeek · · Score: 4, Insightful

    The governments will simply say "come and take it, if you can."

  7. Re:even more interesting by ledow · · Score: 4, Insightful

    Gemalto do the majority of the smartcard market these days.

    I've used them for everything for business banking to access control.

    Is it not scary enough that they have been compromised to the point of making almost every SIM on the planet useless? By comparison a banking smartcard here or there is nothing.

    Ironically, every few months our bank will tell us that we have to replace the PIN-pads/smartcards/whatever for a newer model "to be secure". Nobody's yet answered then why their software only works on IE (and older versions at that).