Global SIM card cyber ‘heist’ organised by US and UK spy agencies
Fri 20 Feb 2015
Intelligence agencies in the UK and the United States hacked into the SIM card database of a major manufacturer in order to steal encryption codes which allowed them to decode data from mobile phones, according to a US report.
The Intercept claimed that the breach was revealed in a number of files provided by former US intelligence contractor and whistleblower Edward Snowden.
The company targeted in the illegal hacking is thought to be Gemalto, producer of around two billion SIM cards a year for SPs such as AT&T, T-Mobile and Verizon, across 85 countries. The Intercept called the hack a “great SIM heist”, and the manufacturing firm has confirmed that it is taking the allegations “very seriously.”
The website warned that the “heist” gave surveillance groups in both the US and the UK “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.”
The breach against the Dutch company was allegedly conducted by the US National Security Agency (NSA) and by the British spy agency GCHQ in 2010.
The stolen codes allowed the British and American spies to eavesdrop easily on calls, texts, and emails passing across mobile phone networks.
A spokesperson from Gemalto said that the company had identified “an attempt to try and cast the widest net possible to reach as many mobile phones as possible.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain SIM card data,” she added.
Reportedly, as well as hacking Gemalto, GCHQ breached the security of individual phone companies to remove the charges related to its malicious activity from customer bills.
Experts have underlined the embarrassment that this discovery will cause both national agencies, with the alleged breach majorly compromising global mobile phone security and serving to suggest that spying bodies are prepared to illegally cut across any law-abiding citizen and business to build their surveillance powers.
According to The Intercept, the surveillance agencies cyber-stalked Gemalto employees and intercepted their email communications in order to obtain the encryption codes.