Gemalto Acknowledges NSA/GCHQ Spying, Denies Massive SIM Key Heist

Dutch SIM card maker Gemalto has been enduring unwanted media attention for the past few weeks after reports surfaced that Britain’s GCHQ and the United States’ NSA may have breached the company’s networks. Today, Gemalto released a statement acknowledging that an attack in 2010 was probably the work of the spy agencies, but denied that they now had access to the encryption keys for millions of SIM cards.

“If we look back at the period covered by the documents from the NSA and GCHQ, we can confirm that we experienced many attacks,” the company said in a statement. “In particular, in 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation."

Did GCHQ get a hold of Gemalto SIM card encryption info?

But when it comes to compromised SIM cards reaching customers, Gemalto disagrees. “Gemalto has never sold SIM cards to four of the twelve operators listed in the documents, in particular to the Somali carrier where a reported 300,000 keys were stolen,” the company states. “A list claiming to represent the locations of our personalization centers shows SIM card personalization centers in Japan, Colombia and Italy. However, we did not operate personalization centers in these countries at the time.”

Gemalto also notes that many of the SIMs in question were for prepaid phones, which generally were used for short periods of time.

If Gemalto is wrong and GCHQ and the NSA really do have access to SIM cards now, it means that the spy agencies will be able to listen in to the phone calls of ordinary citizens. Gemalto sells SIM cards to cellular service providers large and small. And, spy agencies will also be able to intercept cellular data. The fact that you’re paranoid doesn’t mean that they’re not out to get you.
Tags:  security, sim, NSA, GCHQ, gemalto