(We) believe we have their entire network.
— from a slide by the GCHQ, the British spying agency, referring to its successful hacking into Gemalto s internal networks. The Intercept reports that the GCHQ and the NSA hacked into Gemalto, the world s largest maker of mobile SIM cards, and stole encryption keys that enabled them to spy on a large number of cell phone communications. The report is based on documents from 2010 leaked by Edward Snowden.
The great SIM heist, as the Intercept calls it, allowed the NSA and GCHQ to spy on mobile communications, undetected, without needing to get governments approval or to work with telecom companies. The agencies could access both voice and data.
Gemalto, based in Amsterdam, reportedly makes 2 billion SIM cards — chips that hold unique IDs and information for users of mobile phones, credit cards and passports — a year. Its clients include the big four U.S. wireless networks, Verizon, AT&T, Sprint and T-Mobile, and hundreds of wireless network providers around the world. The company s website says it had $2.4 billion in sales in 2013.
A Gemalto executive told the Intercept it had no knowledge of the heist, which involved spying on the communications of the company s employees around the world, including their email and Facebook accounts. A written statement by the company today said it has not verified the hack and that it is investigating.
Reaction to the report is strong.
From the co-founder of the Electronic Frontier Foundation:
Perhaps the biggest Snowden revelation yet, genuinely shocking criminal theft of SIM CODES by NSA & GCHQ
— John Perry Barlow (@JPBarlow)
From the deputy director at Privacy International:
I have no idea what the line that shouldn t be crossed is anymore.
And Christopher Soghoian of the ACLU told the Intercept:
Key theft enables the bulk, low-risk surveillance of encrypted communications. Agencies can collect all the communications and then look through them later. With the keys, they can decrypt whatever they want, whenever they want. It s like a time machine, enabling the surveillance of communications that occurred before someone was even a target.
Photo from Marin Independent Journal archives
