SIM card maker Gemalto says ‘reasonable grounds’ to believe security service hack
Amsterdam-based SIM card maker Gemalto said on Wednesday it has ‘reasonable grounds’ to believe it was probably hacked by US and British secret services in 2010 and 2011.
The company said people try to hack it on a regular basis and it had identified two ‘particularly sophisticated intrusions’, which could have been made by the security services.
However, the attacks ‘only breached its office networks and could not have resulted in a massive theft of SIM encryption keys’ the company said in statement.
The operations ‘aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally’, Gemalto said.
However, by 2010 the company had ‘widely deployed’ a secure transfer system and only ‘rare exceptions’ to this system could have resulted in information being stolen, the company said.
If this did happen, the intelligence services would only be able to spy on communications on second generation 2G mobile networks because 3G and 4G networks are not vulnerable to this type of attack, the company said.
Last week the Volkskrant reported that the hack would allow the Americans to listen in to foreign telephone traffic without the knowledge of the country involved or the provider.
The paper based its claim on an article in online magazine The Intercept, which uses information from whistleblower Edward Snowden.
Gemalto, a company with offices in Amsterdam’s Zuidas district and which is listed on the Amsterdam stock exchange, is the world’s biggest provider of chips for SIM cards, bank cards and passports.
The company operates in 85 countries and has more than 40 manufacturing facilities.