Last week, a report came out that the National Security Agency (NSA) and Government Communications Headquarters (GCHQ) hacked major SIM manufacturer Gemalto to gain access to SIM encryption keys. Following the news, Gemalto said that it was going to investigate these claims, and now the company has come forward with its results.
Gemalto explains that it detected two attacks on its network that could be related to the NSA and GCHQ’s alleged operations. The first, in June 2010, Gemalto noticed that a third party was trying to spy on the office network used by its employees to talk with one another and the outside world. Gamely responded to the threat immediately.
The second attack came in July 2010 and involved fake emails that spoofed legitimate Gemalto emails and were sent to an unspecified carrier. The emails contained an attachment that could download malicious code to affected computers. Gemalto says that it informed the carrier immediately and alerted the authorities to the attack as well.
At the times of these attacks, Gemalto didn’t know who was behind them, but now it says that they could’ve been related to the NSA and GCHQ attacks mentioned in last week’s report. However, Gemalto says that the attacks only affected its outer network, not the networks that sore its SIM encryption keys and other customer data.
Gemalto goes on to point out a couple of inconsistencies in the original report. For example, Gemalto never sold SIM cards to 4 of the 12 carriers listed in the leaked documents, including a Somali carrier that allegedly had 300,000 SIM keys taken. Gemalto also says that a list that claims to show the locations of its SIM personalization centers say that it had locations in Japan, Columbia, and Italy, but Gemalto says that it didn’t have personalization centers in those countries at the time.
Finally, Gemalto says if its encryption keys were stolen, the thieves would only be able to spy on users on 2G networks due to a known weakness with 2G standards. The SIM maker says that thieves wouldn’t be able to spy on 3G and 4G SIMs because they have additional encryption.
You can find Gemalto's full report on these alleged attacks at the link below.