Sim card maker Gemalto says it was hacked by GCHQ and NSA but encryption keys are safe

Intelligence agencies tried to steal important data as it was passed between phone networks and Sim card maker

Andrew Griffin
Wednesday 25 February 2015 11:06
Comments

Dutch Sim card maker Gemalto was hit by a huge hack by the British and American intelligence agencies, but they were probably unable to steal the encryption keys that they were after, the company has claimed.

It was reported last week that GCHQ and the NSA had broken into the company’s databases and stolen encryption keys, which was compared to getting a master key for a block of flats and helping the two organisations listen in on communications. But at a press conference this morning the company said that the 2010 and 2011 attacks “only breached its office networks and could not have resulted in a massive theft of Sim encryption keys".

The company makes Sim cards for many of the biggest phone networks across the world. If intelligence agencies had got hold of the keys users would have no idea that the data had been intercepted.

The hacking attempted to steal the keys as they were sent between networks and the company itself. “By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft,” the company said in a statement.

The company said that it had “reasonable grounds to believe” that the cyberattacks “probably happened”. But it also said that such an attack could not have given the organisations access to the keys.

The hack, first reported by The Intercept, was revealed in documents leaked by Edward Snowden.

The company said that its comments “assume that the published documents are real and refer accurately to events that occurred during 2010 and 2011”.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in