By Digital Transactions News Staff
The big SIM and EMV chip manufacturer Gemalto NV on Wednesday acknowledged that an alleged operation by U.S. and British electronic spy agencies targeting the company “probably happened,” but the Amsterdam-based firm downplayed its impact.
The alleged operation in 2010 and 2011 by the United Kingdom’s Government Communications Headquarters and the U.S. National Security Agency was disclosed last week by an online news site, The Intercept, which reports on the thousands of NSA documents taken by former NSA contractor Edward Snowden. The Intercept said the agencies remotely penetrated Gemalto’s computer network and stole the encryption keys that secure SIM cards, which run mobile phones. The agencies’ apparent ultimate intent was to monitor the mobile-phone communications of terrorists, mostly in the Middle East, after intercepting encryption keys as they were transferred to phone companies.
Gemalto today issued a detailed response to The Intercept’s report without naming the publication. “The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened,” the company’s statement says. But it goes on: “The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.”
In addition, any stolen keys would have given the agencies the ability to spy only on communications going over second-generation (2G) mobile networks. Newer “3G and 4G networks are not vulnerable to this type of attack,” the company said. But consumers still use 2G phones in many countries to make billions of connections, according to Reuters.
At a news conference today, Gemalto chief executive Olivier Piou said the company has no plans to take legal action against the spy agencies, saying such an effort would have a minuscule chance of success, Reuters reported.