Documents leaked by whistleblower Edward Snowden revealed that American and British spies had broken into networks of the digital security company Gemalto to steal encryption keys that are used to safeguard the privacy of cellphone communications worldwide, The Intercept reported Thursday.
The hack was carried out by the American National Security Agency (NSA) and its British counterpart, Government Communications Headquarters (GCHQ), in 2010, according to the Intercept report. A top-secret GCHQ document accessed by the Intercept provided details about the breach that allowed the agencies to secretly monitor cellphone communications, including calls, texts and emails.
Netherlands-based Gemalto, which makes Subscriber Identity Modules (SIM) cards that are used in cellphones and credit cards, was reportedly targeted in the hack. The company, which is the world's largest SIM-card manufacturer, is headquartered in Amsterdam and has several subsidiaries across the world. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers worldwide.
“With stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments,” the report revealed. “Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.”
According to The Intercept, Gemalto was unaware of the breach, and Paul Beverly, an executive vice president of the company, said that “the most important thing for us now is to understand the degree” of the breach, according to media reports.
“I’m disturbed, quite concerned that this has happened,” he added.
A Gemalto spokeswoman told Reuters: "From what we gathered at this moment, the target was not Gemalto, per se - it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible.
"We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data," she reportedly said.
Christopher Soghoian of the American Civil Liberties Union, said: “Once you have the keys, decrypting traffic is trivial,” according to The Intercept. “The news of this key theft will send a shock wave through the security community.”
As of now, NSA and GCHQ have not responded to the allegations, according to media reports.