Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gemalto: NSA and GCHQ Probably Hacked Us, But Didn't Get SIM Encryption Keys

Posted by Soulskill on from the hand-in-the-encrypted-cookie-jar dept.

An anonymous reader writes: Last week The Intercept published a report saying agents from the NSA and GCHQ penetrated the internal computer network of Gemalto, the world's largest maker of SIM cards. Gemalto has done an internal investigation, and surprisingly decided to post its results publicly. The findings themselves are a bit surprising, too: Gemalto says it has "reasonable grounds to believe that an operation by NSA and GCHQ probably happened."

They say the two agencies were trying to intercept encryption keys that were being exchanged between mobile operators and the companies (like Gemalto) who supplied them with SIM cards. The company said it had noticed several security incidents in 2010 and 2011 that fit the descriptions in The Intercept's documents. Gemalto had no idea who was behind them until now. They add, "These intrusions only affected the outer parts of our networks – our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks." They claim proper use of encryption and isolation of different networks prevented attackers from getting the information they were after.

3 of 99 comments (clear)

  1. But can we believe them? by raburton · · Score: 3, Interesting

    as per the subject

    1. Re:But can we believe them? by AmiMoJo · · Score: 5, Interesting

      GCHQ and the NSA were bragging in their internal documents that they have those encryption keys. If true, Gemalto would need to replace billions of SIMs (they manufacture about 2 billion a year) and there is zero chance they could recover the cost from GCHQ.

      So no, we can't believe them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Let NSA+GCHQ buy Gemalto since their own their ass by ad454 · · Score: 5, Interesting

    North Korea hacks Sony => Cyber-Terrorism
    USA & Great Britain hacks Gemalto => Patriotic-Duty

    Of course Gemalto will say anything they can to limit economic damage, but without proper and transparent oversight of secret agencies they is no way to validate any claim by Gemalto that their 3G/4G SIM secrets were not stolen.

    The best course of action is for Gemalto to simply be bought out official by the NSA and GCHQ, since they already own their asses, oops I mean assets.