NSA and GCHQ Hacked World's Largest Producer of SIM Cards and Stole Encryption Codes

American and British intelligence agencies reportedly hacked into the computer networks of the world's largest producer of mobile phone SIM cards and stole encryption keys that allow the agencies to uninhibitedly access the private data of billions of cellphone users, according to documents released by Edward Snowden.

The joint hack was perpetrated by both the National Security Agency and its British counterpart, Government Communications Headquarters (GCHQ), and targeted the Dutch company, Gemalto, a firm incorporated in the Netherlands that makes 2 billion SIM chips per year for AT&T, T-Mobile, Verizon, Sprint and around 450 wireless network providers, The Intercept reported.

"With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments," wrote The Intercept.

"Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider's network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt."

In order to obtain the encryption keys, GCHQ spies, with support from the NSA, used the NSA's infamous spy program X-KEYSCORE to access the private email and Facebook accounts of innocent engineers and other company employees.

"In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company's core networks and Ki-generating systems," Intercept wrote.

For years, President Barack Obama, other U.S. officials and British leaders promised the world that their intelligence agencies only spy on the communications of known or suspected criminals or terrorists. But with these revelations - that the NSA and GCHQ targeted the lawful communications of major international corporations - those promises have been proven to be untrue.

Privacy advocates and security experts told The Intercept that it would take billions of dollars, significant political pressure and a few years to fix the security flaws in the mobile phone system that are exploited by intelligence agencies like the NSA and GCHQ.

Gemalto, which operates in 80 countries around the world and one of three headquarters in Austin, Texas, said in a statement Friday that it has not yet confirmed the hack and "had no prior knowledge that these agencies were conducting this operation," reported The Associated Press. The company added that it "will devote all resources necessary to fully investigate" the claims.

A GCHQ spokesperson told The Intercept that the agency does not comment on intelligence matters, and the NSA could not be immediately reached for comment.

Tags
NSA, GCHQ, Hacked, Stole, Encryption
Real Time Analytics