U.S. and Britain Work Together to Pull off SIM Card Heist
- By Ginger Hill
- Feb 20, 2015
Ever feel like you’re being watched or followed, but when you turn around no one is there? This could also be happening in your digital life. A new report by The Intercept claims that two of the world’s most powerful spy agencies, the NSA (US) and GCHQ (UK) worked in cahoots to hack the network of Gemalto, a major manufacturer of SIM cards to obtain secret keys that unlock phone data. This massive security breach means that your phone may be vulnerable.
The total number affected is still unknown; however, I suspect the number is fairly large since Gemalto has AT&T, Verizon, T-Mobile and Sprint as their customers.
NSA collects data over the Internet in these two ways:
- Downstream collection: explicit requests to technology companies for user data; and
- Upstream collection: pulling data directly from cables/airwaves.
Here’s how this data breach went down:
- Individual employees of major telecom corps and SIM card manufacturers were targeted by GCHQ.
- GCHQ accessed the employees’ email and Facebook accounts.
- GCHQ gathered bits of information that lead them to Gemalto’s systems.
- Many SIM card manufacturers sent weak keys or non-encrypted keys.
Things you should know about the security breach:
- Gemalto produces approximately 2 billion SIM cards/year.
- Gemalto’s motto – “Security to be Free.”
- Stolen encryption keys enable monitoring of mobile communications.
- Bulk key theft enables previously encrypted communications to be unlocked.
- Gemalto seemed to be oblivious to the breach.
By pulling off this encryption key heist, these US and the UK intelligence agencies each have the ability to not only intercept but decrypt communications without informing the wireless network provider, foreign governments or the individual user targeted.
Ginger Hill is Group Social Media Manager.