Sim card maker Gemalto says it was hacked by GCHQ and NSA but encryption keys are safe

Intelligence agencies tried to steal important data as it was passed between phone networks and Sim card maker

Andrew Griffin
Wednesday 25 February 2015 06:06 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Dutch Sim card maker Gemalto was hit by a huge hack by the British and American intelligence agencies, but they were probably unable to steal the encryption keys that they were after, the company has claimed.

It was reported last week that GCHQ and the NSA had broken into the company’s databases and stolen encryption keys, which was compared to getting a master key for a block of flats and helping the two organisations listen in on communications. But at a press conference this morning the company said that the 2010 and 2011 attacks “only breached its office networks and could not have resulted in a massive theft of Sim encryption keys".

The company makes Sim cards for many of the biggest phone networks across the world. If intelligence agencies had got hold of the keys users would have no idea that the data had been intercepted.

The hacking attempted to steal the keys as they were sent between networks and the company itself. “By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft,” the company said in a statement.

The company said that it had “reasonable grounds to believe” that the cyberattacks “probably happened”. But it also said that such an attack could not have given the organisations access to the keys.

The hack, first reported by The Intercept, was revealed in documents leaked by Edward Snowden.

The company said that its comments “assume that the published documents are real and refer accurately to events that occurred during 2010 and 2011”.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in