The NSA and its British counterpart GCHQ likely hacked Dutch SIM card giant Gemalto, the company said on Wednesday, but added that there was no major theft of SIM encryption keys.
Last week, citing documents provided by NSA whistleblower Edward Snowden, The Intercept reported that the intelligence agencies hacked Gemalto’s computer networks, allowing them to spy on cellphones across the globe.
The report prompted a major investigation by Gemalto. The company presented the findings of its probe on Wednesday, noting that “an operation by NSA and GCHQ probably happened.”
Citing the results of its investigation and sophisticated attacks it detected in 2010 and 2011, Gemalto said there are “reasonable grounds” to believe that it was targeted by the NSA and GCHQ. However, the attacks only breached Gemalto’s office networks, it said, and could not have resulted in a massive theft of SIM encryption keys. The keys, and other customer data in general, are not stored on the networks, Gemalto explained.
The attacks aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally, according to the Amsterdam-based firm. “By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft,” it added.
The company also noted that, even in the case of an eventual key theft, the agencies would only be able to spy on 2G mobile networks. “3G and 4G networks are not vulnerable to this type of attack,” it added.
Gemalto, which also makes financial smart card and payment technology, said that none of its other products were affected by the hack.
The NSA has not yet responded to a request for comment on this story. GCHQ declined to comment when contacted by FoxNews.com.
Click here to read more.
SOURCE: Fox News, James Rogers