U.S. and Britain Work Together to Pull off SIM Card Heist

U.S. and Britain Work Together to Pull off SIM Card Heist

  • By Ginger Hill
  • Feb 20, 2015

Ever feel like you’re being watched or followed, but when you turn around no one is there? This could also be happening in your digital life. A new report by The Intercept claims that two of the world’s most powerful spy agencies, the NSA (US) and GCHQ (UK) worked in cahoots to hack the network of Gemalto, a major manufacturer of SIM cards to obtain secret keys that unlock phone data. This massive security breach means that your phone may be vulnerable.

The total number affected is still unknown; however, I suspect the number is fairly large since Gemalto has AT&T, Verizon, T-Mobile and Sprint as their customers.

NSA collects data over the Internet in these two ways:

  • Downstream collection: explicit requests to technology companies for user data; and
  • Upstream collection: pulling data directly from cables/airwaves.

Here’s how this data breach went down:

  • Individual employees of major telecom corps and SIM card manufacturers were targeted by GCHQ.
  • GCHQ accessed the employees’ email and Facebook accounts.
  • GCHQ gathered bits of information that lead them to Gemalto’s systems.
  • Many SIM card manufacturers sent weak keys or non-encrypted keys.

Things you should know about the security breach:

  • Gemalto produces approximately 2 billion SIM cards/year.
  • Gemalto’s motto – “Security to be Free.”
  • Stolen encryption keys enable monitoring of mobile communications.
  • Bulk key theft enables previously encrypted communications to be unlocked.
  • Gemalto seemed to be oblivious to the breach.

By pulling off this encryption key heist, these US and the UK intelligence agencies each have the ability to not only intercept but decrypt communications without informing the wireless network provider, foreign governments or the individual user targeted.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.