Gemalto believes the NSA and GCHQ hacked into its systems but that the data they accessed was limited
Gemalto, a SIM card maker located in the Netherlands, believes the U.S. National Security Agency and the U.K.’s Government Communications Headquarters may have breached its systems. The revelation comes after the release of more documents by NSA whistleblower Edward Snowden.
Gemalto believes the claims are true
The newest set of documents suggests that government-backed hackers from the U.S. and the U.K. may have gained the ability to monitor data and voice transmissions secretly after hacking Gemalto’s systems. Among Gemalto’s customers are the biggest U.S. mobile carriers, Verizon, AT&T, Sprint and T-Mobile, reports the BBC. The firm serves over 400 different network service providers around the globe and runs in 85 different countries.
Gemalto released a statement saying that it had investigated the claims leveled by The Intercept last week. The firm said it detected “sophisticated” hacking attacks in 2010 and 2011, which leads it to believe that the NSA and GCHQ were responsible.
Details on the alleged NSA-GCHQ hacks
In particular, the Dutch company focused on two especially sophisticated hacks. One of those involved one of its offices in France. Gemalto said hackers tried to spy on internal and external messages at the office.
In the other attack, the company said hackers sent fake emails to a customer, making them appear as if they came from Gemalto but tacking on an attachment that downloaded malware onto the reader’s computer.
Gemalto says NSA-GCHQ hack was limited
The company also said it appears as if the hackers were limited in nature, affecting only “the outer parts” of its networks, or more specifically, its office networks. Gemalto doesn’t believe the hackers were able to access SIM encryption keys or other data belonging to its customers because this information is now stored on the networks that may have allegedly been hacked by the NSA and GCHQ.
The firm further stated that it did not find any signs that hackers had broken into the parts of its systems that manage products like credit card, electronic passport and ID card encryption. Also Gemalto said calls made over 3G or 4G networks would have been protected from the hackers.
The claims made by The Intercept last week, however, suggest that hackers accessed more than Gemalto is saying. The website published a slide that it claims came from GCHQ which suggests that government hackers had compromised all of the company’s network by implanting code in a number of its machines.