Sim card database hacked: NSA and GCHQ stole details to listen in on phone calls

The breach has been compared to getting the master key for a block of flats — making breaking into any one of them much easier

Andrew Griffin
Friday 20 February 2015 05:00 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

British and American spies hacked the biggest Sim card manufacturer in the world, allowing them to listen in on much of the world’s phone communications.

Gemalto, the company targeted by the hack, makes 2 billion Sim cards per year for 450 networks in most large countries around the world. Users would have no idea that their phone calls and data had been intercepted, and the breach appears to have been in effect for years.

The NSA and GCHQ broke into Gemalto to find the encryption keys for Sim cards, the small cards put in phones to allow them to access cellular networks. That gave them full access to communications, according to a GCHQ document leaked by Edward Snowden and reported by The Intercept.

The keys allow the intelligence agencies to listen in on communications without getting approval from either telecom companies or the governments of the people that they are listening in on.

(ITN)

They also leave no trace on the phone, or on the network of the network provider, that communications have been monitored.

Gemalto’s executive vice president told The Intercept that the company was unaware of the breach but was now working to stem its effects.

“I’m disturbed, quite concerned that this has happened,” Paul Beverly said. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years.”

Privacy and security experts said the breach was akin to stealing the master key for a block of flats, The Intercept said. “Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian from the American Civil Liberties Union told the site.

The encryption used by Sim cards has long been criticised as being built on 1970s standards that are easy to break into — in 2013, analysts showed that it was possible to break into one of the cards just by sending a text.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in