SIM Card Maker Gemalto Bewildered Following Encryption Code Theft By US And British Spy Agencies
It hasn't even been a single week since we learned that the NSA could have been involved in creating a bunch of malware that trickled out over the past decade, and already we have another scandal to munch on. Unfortunately, this one is even more disgusting -- if you can believe that.
Via documents leaked to The Intercept by Edward Snowden, it's been revealed that both the US' NSA and Britain's GCHQ have been teaming-up since 2010 to bypass the security of mobile SIM cards the world over. Kicking this off, the intelligence agencies broke into the network of the largest manufacturer of SIM cards, Gemalto. As of the time of writing, Gemalto has been unable to find traces of a breach.
Gemalto is no small player in the SIM game; it currently produces over 2 billion cards each year. Over 450 wireless carriers use these cards across the globe, and it can name AT&T, T-Mobile, Verizon, and Sprint as some of its notable customers.
With access to Gemalto's network, both intelligence agencies gained access to encryption keys, which allowed it to immediately begin monitoring virtually anyone that they wanted. One good comparison to this is gaining access to the master keyring of an apartment building -- both the NSA and GCHQ weren't just able to track people, but could decrypt both data and voice communications.
That's not all: GCHQ had the ability to access billing servers of cellular companies to skew customer bills in such a way that they'd go unnoticed. That's a rather brilliant move, because if that wasn't done, users might notice something out-of-the-ordinary on their bills. You could say that neither the NSA nor GCHQ left any stone unturned.
One of the biggest perks of these agencies having such unparalleled access to these systems and also customer communications is that permissions would never have to gained in order to begin their spying.
As a result of this information coming out, Gemalto's stock dropped 7.5%. That's a little unfortunate, as the company probably did nothing wrong -- it's hard to protect yourself when the likes of two massive government agencies want access to your data. Fortunately, Gemalto (and others) should soon be better able to protect themselves.
At the moment, there's not too much to speculate on; we're just going to have to wait and see how things play out. However, it goes without saying that this latest revelation is not going to bode well for the friends of both the US and UK. As if the trust situation was not bad enough already, it's soon to get even worse.