American and British intelligence agencies hacked into the largest SIM card manufacturer in the world and stole encryption keys used to protect the privacy of cellphone communications, according to information provided by NSA whistleblower Edward Snowden.
The hack gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data, says the The Intercept, an U.S. news website that received top-secret documents from Snowden.
With the encryption keys, intelligence agencies were able to monitor mobile communications without seeking approval from anyone, with no warrants or wiretap, while leaving no trace that the communications were intercepted.
Gemalto, the targeted company, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. It operates in 85 countries and has more than 40 manufacturing facilities, with clients like AT&T, T-Mobile, Verizon, Sprint and other 450 wireless network providers around the world. In all, Gemalto produces around two billion SIM card a year.
“I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”
According to the secret documents from Edward Snowden, the British intelligence penetrated Gemalto’s networks, planting malware that gave them secret access. Additionally, unnamed cellular companies were targeted for customer information and the agencies also claimed the ability to manipulate the billing servers of cell companies in order to conceal the secret actions against an individual’s phone.
The Mobile Handset Exploitation Team, joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, was formed in April 2010 to target vulnerabilities in cellphones.