Dutch SIM card maker Gemalto will this week reveal the results of its investigation into claims that U.K. and U.S. spy agencies hacked into its network and stole encryption keys so they could covertly monitor mobile communications.
According to a report last week by The Intercept, operatives from the U.K.’s Government Communications Headquarters (GCHQ) and its U.S. counterpart, the National Security Agency (NSA), established the Mobile Handset Exploitation Team (MHET) in April 2010, tasking it with various objectives, one of which was penetrating the computer networks of SIM card manufacturers.
The report, based on documents supplied by NSA whistleblower Edward Snowden, claimed that GCHQ managed to hack into Gemalto’s internal network and plant malware on several computers, giving it access to its systems.
Once inside, the spies allegedly stole an unspecified number of encryption keys used to safeguard the privacy of mobile voice and data communications, allowing GCHQ and the NSA to carry out surveillance without obtaining a warrant or approval from foreign governments, and without the cooperation of telcos.
When news of the breach emerged last week, Gemalto said it had detected and mitigated several attempted hacks over the years but had been unable to prove they were perpetrated by government spy agencies.
"Gemalto…is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicated that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure," said Gemalto, in a statement on Monday.
The company will hold a press conference on Wednesday to discuss the result of its investigation.
