U.S. and Britain Work Together to Pull off SIM Card Heist

U.S. and Britain Work Together to Pull off SIM Card Heist

  • By Ginger Hill
  • Feb 20, 2015

Ever feel like you’re being watched or followed, but when you turn around no one is there? This could also be happening in your digital life. A new report by The Intercept claims that two of the world’s most powerful spy agencies, the NSA (US) and GCHQ (UK) worked in cahoots to hack the network of Gemalto, a major manufacturer of SIM cards to obtain secret keys that unlock phone data. This massive security breach means that your phone may be vulnerable.

The total number affected is still unknown; however, I suspect the number is fairly large since Gemalto has AT&T, Verizon, T-Mobile and Sprint as their customers.

NSA collects data over the Internet in these two ways:

  • Downstream collection: explicit requests to technology companies for user data; and
  • Upstream collection: pulling data directly from cables/airwaves.

Here’s how this data breach went down:

  • Individual employees of major telecom corps and SIM card manufacturers were targeted by GCHQ.
  • GCHQ accessed the employees’ email and Facebook accounts.
  • GCHQ gathered bits of information that lead them to Gemalto’s systems.
  • Many SIM card manufacturers sent weak keys or non-encrypted keys.

Things you should know about the security breach:

  • Gemalto produces approximately 2 billion SIM cards/year.
  • Gemalto’s motto – “Security to be Free.”
  • Stolen encryption keys enable monitoring of mobile communications.
  • Bulk key theft enables previously encrypted communications to be unlocked.
  • Gemalto seemed to be oblivious to the breach.

By pulling off this encryption key heist, these US and the UK intelligence agencies each have the ability to not only intercept but decrypt communications without informing the wireless network provider, foreign governments or the individual user targeted.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities