Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

SIM maker Gemalto says spies probably did hack it but plays down impact

Published 02/25/2015, 10:19 AM
Updated 02/25/2015, 10:19 AM
SIM maker Gemalto says spies probably did hack it but plays down impact

SIM maker Gemalto says spies probably did hack it but plays down impact

By Nicholas Vinocur and Eric Auchard

PARIS/FRANKFURT (Reuters) - U.S. and British spies are likely to have hacked into SIM card maker Gemalto (AMS:GTO) in an attempt to steal codes that protect the privacy of billions of mobile phone users, the company said, as it sought to downplay the impact and ruled out legal action.

The Franco-Dutch firm was responding to a report on an investigative news website that said the hack allowed Britain's GCHQ and the U.S. National Security Agency (NSA) to potentially monitor the calls, texts and emails of cellphone users around the world.

"The facts are hard to prove from a legal perspective and ... the history of going after a state shows it is costly, lengthy and rather arbitrary," Gemalto Chief Executive Olivier Piou told a news conference in Paris to discuss the findings of its own investigation into the alleged hacking in 2010 and 201l.

"How many (SIM security codes) have been stolen, that's difficult to say. How many have been used, that's even harder to say," he told reporters.

Gemalto - the world's biggest maker of SIM (Subscriber Identity Module) cards, now producing nearly 2 billion a year - said the attack "probably happened" but that it "could not have resulted in a massive theft of SIM encryption keys".

It said the operation aimed to intercept encryption keys that unlock mobile phone SIM cards while they were being shipped from its production facilities to mobile network operators worldwide. SIMs are miniature cards that are used to uniquely identify phones and computer data cards on a network.

Piou said the firm had not contacted the U.S. or British intelligence agencies because doing so would have been a "waste of time" and that it did not plan to take any legal action, as chances of success were virtually non-existent.

A spokeswoman for Britain's GCHQ (Government Communication Headquarters) said on Wednesday that it did not comment on intelligence matters. The NSA could not be immediately reached for comment.

The alleged hacking was reported last week by website The Intercept, which cited documents leaked to it by former NSA contractor Edward Snowden. (http://bit.ly/19E0KUK)

Such an incursion, if confirmed, could have expanded the scope of known mass surveillance methods available to U.S. and British spy agencies to include not just email and web traffic, as previously revealed, but also mobile communications.

SOPHISTICATED

The attacks targeted email correspondence between Gemalto and some of the world's largest network equipment makers, including Ericsson and Nokia, but primarily China's Huawei [HWT.UL], the documents said.

Stolen key codes were vacuumed up on their way to network operators located mainly in Afghanistan, Somalia, Yemen, Iran and the Gulf States, but also involved countries ranging from Vietnam, Zimbabwe and Italy to Iceland, the documents said.

In the biggest example, the documents say 300,000 SIM codes destined for phone subscribers in Somalia were snatched.

Gemalto said it had never sold SIM cards to four of the 12 operators listed in the documents - naming a Somali carrier as one of those four.

It also said only older model phones that are widely used in emerging markets might have been affected and that more advanced 3G and 4G networks were not vulnerable to this type of attack.

"By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft," it said.

Even so billions of connections are still made using 2G phones, with GlobalComms forecasting 3.5 billion connections in 2018, almost the same as for 3G phones that handle not just calls and text messages but also video and Web surfing.

Gemalto confirmed that it had experienced many attacks in 2010 and 2011 and that it had found two particularly sophisticated intrusions that only states could muster and which matched the attacks described in the Intercept's report.

The company's statement outlining the likely limits of the hack helped lift its shares 3.1 percent in late afternoon trading in Amsterdam to 71.54 euros, marking a full recovery from losses of as much as 10 percent last Friday following the publication of The Intercept report.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.