It’s likely that the United States National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) carried out the cyber-attack on Gemalto’s network, but the SIM maker today said the impact of the breach is not as extensive as earlier feared.
Last week, documents reported to have been leaked by NSA whistle blower Edward Snowden detailed how operatives from the British and American spy agencies hacked into the internal computer network of the Gemalto (EPA: GTO). The documents indicated that encryption keys used to protect mobile phone communications were stolen from the Dutch company which is considered to be the world’s largest SIM card manufacturer.
The company also admitted that it was attacked back in 2010 and 2011.
“The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give use reasonable grounds to believe that an operation by the NSA and GCHQ probably happened,” a statement released by Gemalto today said. “The attack against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.”
The publication quoted Matthew Green, a cryptography specialist at the John Hopkins Information Security Institute as saying, Gemalto’s investigation “seems mainly designed to produce positive statements…”
A real forencis investigation dealing with such as complex environment would not have been completed at such short a time, according to Ronald Prins, security expert and co-founder of Dutch company Fox IT.
The NSA could not be reached for comment and a spokesperson for GCHQ said the agency did not comment on intelligence matters, according to a report from the CBC.
The documents from Snowden indicated that the attacks targeted emails between Gemalto and some of the world’s biggest network equipment makers, including Ericsson and, Nokia and Huawei. Some 300,000 SIM codes enroute to mobile subscribers in Somalia were stolen, according to the document.
As many as 12 operators were listed in the document. However, Gemalto said it has never dealt with four of the operators in the list, particularly the one from Somalia.
According to Gemalto, the attack was aimed at intercepting its encryption keys as they were exchanged between mobile operators and their supplier globally. However, the company said that as early as 2010, Gemalto was already using a secure transfer system and “only rare exceptions to this scheme could have led to theft.
The company also said that only older 2G model phones might have been affected by the breach. Advance handsets using 3G and 4G networks are not vulnerable to this type of attacks.
“The best counter-measures to these type of attacks are the systematic encryption of data when stored and in transit, the use of the latest SIM cards and customized algorithms for each operator,” Gemalto said.