SIM card maker Gemalto has responded to claims made in recent Snowden leaks that government spies hacked encryption keys it used to protect cell phone communications.
In a Friday statement, Gemalto, which has headquarters in Austin, Texas as well as in France and Singapore, said it will “devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques” outlined in a Thursday article published in The Intercept.
Gemalto, the largest SIM card maker in the world, makes 2 billion SIM cards each year, which are then used in mobile devices distributed by major providers like Verizon, AT&T and Sprint.
The company was reportedly hacked in 2010 and 2011 by a operatives working for the National Security Agency (NSA) and its British equivalent GCHQ, leaks revealed. By utilizing intelligence from NSA's X-KEYSCORE program (which obtained emails hosted by SIM card, mobile firm and tech company servers), GCHQ operatives “cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company's core networks and Ki-generating [or encryption key-generating] systems,” The Intercept article said.
UK spies apparently targeted employees of other telecom companies and SIM card makers, in order to steal as many encryption keys for SIM cards as possible while they were “in transit between mobile network operators and SIM card personalization centres,” a leaked document from April 2010 revealed.
With the encryption keys, government spies could gain direct access to the cell phone communications of a large segment of the globe, specifically by unlocking protected SMS and phone calls without having to go through mobile service providers or foreign governments.
Tech companies have increasingly challenged secret government requests for consumers' communications, through legal provisions such as national security letters (NSLs).
On Tuesday, a group of major media organizations, including The Washington Post, National Public Radio (NPR), and BuzzFeed, as well as an internet company and mobile service provider (which were forced to remain anonymous) filed court documents in support of Twitter, which is fighting the U.S. government's use of NSLs to request customer data, while simultaneously invoking gag orders to keep companies from disclosing their demands.
The latest revelations that GCHQ and NSA allegedly targeted Gemalto show that government operatives may have found a way to avoid leaving any indications of their mass surveillance efforts, including through data requests backed by court orders.