More reports on: Defence general

US, UK intelligence agencies hacked into Sim card firm to steal codes

20 February 2015

UK's GCHQ and the US National Security Agency hacked into the internal network of the largest makers of mobile phone SIM cards to steal encryption keys and compromise the security of mobile phones on the Vodafone, EE and O2 networks.

This is the latest revelation from the cache of documents NSA whistleblower Edward Snowden leaked. It was published yesterday by The Intercept.

Gemalto, the company, the two intelligence agencies targeted makes two billion SIM cards every year, which are used in over 400 mobile phone networks around the world, including all the US networks.

With the ability to crack encryption that protected mobile phones, the security services were able to tap communications of users at will without the approval of either governments or telecoms companies.

It also allowed them to break encrypted communications that had already been intercepted, but which it lacked the ability to decrypt.

According to The Intercept, the initiative called for a major effort to compromise the security of engineers working for Gemalto and its contractors across the world. The company started investigating the breach yesterday after being it was contacted by the investigative news website.

Meanwhile BBC reported that the Dutch company, which operates in 85 countries and had 40 manufacturing facilities said it was taking the allegations "very seriously". The Intercept said that "the great Sim heist" gave US and UK surveillance agencies "the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data".

According to The Intercept the hack began in 2010, and was organised by operatives from "Mobile Handset Exploitation Team".

Though the concerned agencies did not directly respond to the allegations, the GCHQ reiterated that all its activities were "carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate".

Eric King, deputy director of the campaign group, Privacy International, in reaction to the revelations said the NSA and GCHQ had lost sight of what the rule of law meant and how to weigh what was necessary and proportionate.


 search domain-b