US and UK spies hacked SIM card manufacturer to steal codes that allowed them to eavesdrop on mobile phones worldwide, according to bombshell documents leaked by Ed Snowden
- America’s NSA allegedly worked with British intelligence agency GCHQ
- The agencies stole encryption keys to hack into mobile communications
- The hacks took place between 2010 and 2011 – with 300,000 keys stolen
- Company being targeted was Gemalto who produce billions of SIM cards
- NSA whistleblower Ed Snowden gave leaked documents to The Intercept
- GCHQ planted ‘malicious software’ on Gemalto’s computers, files reveal
British and American spies reportedly stole confidential codes from Dutch SIM card manufacturer to eavesdrop on mobile phones around the world, an intelligence leak has revealed.
NSA whistleblower Edward Snowden gave leaked files to The Intercept detailing how the American agency and its British counterparts GCHQ stole encryption keys that keep mobile communications private.
The company targeted was Gemalto who produce billions of electronic chips for mobile phones and next generation credit cards.
It operates in 85 countries and its SIM cards cover more than 1.5 billion mobile users globally for clients such as AT&T, T-Mobile, Verizon and Sprint. In Australia this includes Telstra, Optus and Vodafone.
The hacks are thought to have taken place in 2010 and 2011 and led to the theft of 300,000 keys from Somalia, Iran, Afghanistan, Yemen, India, Serbia, Iceland and Tajikistan.

SIM heist: GCHQ slides revealed the spy agency wanted to steal encryption keys which help keep mobile communications private

Security breech: GCHQ also planted ‘malicious software’ on Gemalto’s computers to obtain encryption keys and boasted in a slide: ‘Successfully implanted several machines and believe we have their entire network

Phone intercepts: Leaked documents given to The Intercept by NSA whistleblower Edward Snowden (pictured) revealed how the American agency and British-based GCHQ hacked into a Dutch company
With these encryption keys, the intelligence agencies would have the ability to collect both voice and data information – such as text messages – from a large portion of the world’s communications. The keys are used to decipher the communications between mobile phones and their network providers which would otherwise be received as a ‘garbled mess’. Stealing them also sidesteps the need to get permission from telecom companies or a warrant for a wire-tap – and it leaves no trace on the wireless provider’s network that communications have been hacked into.
The Intercept claims GCHQ planted malicious software on several of Gemalto’s computers to gain access to its internal network in order to obtain these keys. It also received slides from GCHQ in which the author boasted: ‘Successfully implanted several machines and believe we have their entire network.’
A document from the NSA revealed the US agency could process between 12 and 22 million keys by 2009, which could later be used to spy on targets. It predicted that more than 50 million keys could be accessed every second in the future.
The GCHQ’s operation to target Gemalto was called ‘Dapino Gamma’ and in 2011, it launched an attempt to harvest the email accounts of Gemalto employees in France and Poland.
A top-secret document said one of the aims of the operation was ‘getting into French HQ’ of Gemalto – one of its global headquarters – ‘to get into core data repositories’. It also wanted to intercept the private communications of employees in Poland which ‘could lead to penetration into one or more’ of the factories where the encryption keys were burned onto the SIM cards.
Another GCHQ document from May 2011 indicated it was in the process of ‘targeting’ more than a dozen Gemalto facilities across the globe including in Germany, Mexico, Australia, Brazil, Canada, China, India, Italy, Russia, Sweden, Spain, Japan and Singapore.
The file also suggested GCHQ was preparing similar key theft operations against one of Gemalto’s competitors – German SIM card giants Giesecke and Devrient.
It also penetrated ‘authentication servers’ which allow it to decrypt data and voice communications between a target’s mobile phone and the connection it makes with its network provider. An accompanying slide read: ‘Very happy with the data so far and working through the vast quantity of product.’

Oblivious: Gemalto was unaware of the hack and the spying on its employees according to its executive vice president Paul Beverly, who told The Intercept: ‘I’m disturbed, quite concerned that this has happened’

Line of duty: A GCHQ spokesperson said: ‘All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate’
As part of the covert operations against Gemalto, spies from GCHQ who were supported by the NSA mined the private communications of unwitting engineers and other company employees in multiple countries. Gemalto was unaware of the hack and the spying on its employees according to its executive vice president Paul Beverly.
He told The Intercept: ‘I’m disturbed, quite concerned that this has happened.
‘The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. ‘What I want to understand is what sort of ramifications it has, or could have, on any of our customers.’
A spokesperson from GCHQ said it does not comment on intelligence matters, but added: ‘All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the parliamentary Intelligence and Security Committee. ‘All our operational processes rigorously support this position. In addition, the UK’s interception regime is entirely compatible with the European Convention on Human Rights.’
A spokeswoman for Gemalto said the manufacturer has so far ‘made no links’ between previous hacking attempts it was already aware of and the new reports. She said: ‘We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data. ‘There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasises how serious cyber security is in this day and age.’
Source: http://www.dailymail.co.uk
Pingback: The Background to the Great SIM Heist | Words, By George!