Gemalto: No SIM keys stolen in secret services attack
After investigation, Gemalto believes that he was indeed the victim of an attack by the NSA and GCHQ in 2010 and 2011. Although unauthorized persons have penetrated the network of the group, the company claims that no SIM encryption keys were stolen in the attack.
Gemalto says after investigation he has reason to believe that an operation by NSA and GCHQ has indeed taken place. The company examined the methods described in the Snowden documents published last week and the attacks the company itself detected in 2010 and 2011. “In those attacks against Gemalto, only the company’s network was penetrated and they cannot reach led to a large-scale theft of SIM encryption keys,” however, the company claims.
No evidence has been found that the secure networks, such as those for the SIM keys, have been compromised, Gemalto said. Due to the complexity of the Gemalto networks, the secret services would have tried to intercept the keys exchanged between mobile operators and suppliers worldwide, but Gemalto would have switched to a secure exchange method by then. The services allegedly targeted mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, and Pakistan.
However, the group leaves open the possibility that keys have been obtained ‘in exceptional cases’. If any keys did end up in the hands of the intelligence services, they can only eavesdrop on connections via second-generation 2G networks, Gemalto claims: “3G and 4G networks are not susceptible to this type of attack.” Furthermore, the company says that the best measures against the attacks are systematically encrypting data, using the latest generation SIM cards and own algorithms for each mobile operator.
Gemalto claims to suffer from attacks often but that those of 2010 and 2011 were ‘advanced’. After the discovery of the intrusion of the company network in one of the French branches, the group would have taken immediate action. Among other things, it was discovered that mobile operators were receiving emails containing spoofed Gemalto addresses, with malware attachments attached.
Furthermore, Gemalto points out that it has not sold SIM cards to four of the twelve mobile providers mentioned in the Snowden documents, including the Somali provider from which 300,000 keys were stolen. The attacks would therefore have targeted more parties.
Update, 12.00: According to Electrospaces, which analyzes the revelations of Snowden documents, it is likely that the intelligence services are using the stolen SIM card keys mainly for tactical military operations. That would explain the countries mentioned in the documents, with Iceland being mentioned due to the presence of Wikileaks employees in that country in 2010. That year, the site unveiled a controversial video about an American attack.