Digital security company Gemalto said an internal investigation showed that an alleged hack by British and American spies “probably happened” between 2010 and 2011 -– but said the breach did not result in the large-scale theft of SIM encryption keys that keep mobile phone communications secure.
The company’s probe into its systems began after online publication The Intercept, citing documents provided by NSA whistleblower Edward Snowden, said the two countries' intelligence agencies had broken into Gemalto’s systems in a bid to monitor voice and digital communications around the world.
“The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened,” Gemalto said in a report on its investigation on Wednesday. “At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation.”
The company’s investigation has not revealed that the intelligence agencies successfully retrieved large numbers of SIM keys, it said.
“The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys,” the company found.
--- Matthew DeLuca