According to a secret documents leaked to The Intercept by former NSA contractor Edward Snowden, The US National Security Agency (NSA) and British counterpart Government Communications Headquarters (GCHQ) hacked and stole millions of SIM encryption keys to gather private data from the largest SIM card manufacturer in the world ‘Gemalto’ .
Gemalto, is a multinational firm incorporated in the Netherlands. It makes the chips that is used in mobile phones and next-generation credit cards and more than 450 wireless network providers including AT&T, T-Mobile, Verizon and Sprint are it’s client. The company operates in 85 countries with more than 40 manufacturing facilities. The company produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
According to report , In Mid 2010 , both US and British agencies formed a joint team named The Mobile Handset Exploitation Team . The team members were operatives from both agencies. They hacked Gemalto’s networks and used a Malware to open a backdoor. Then with the help of NSA’s XKeyscore tool, they hacked the email and social accounts of employees in search of data. Finally, The team succeeded in harvesting millions of encryption keys “kis” .
All mobile communications using Gemalto chips are private because of an encrypted connection between cellphone and the wireless carrier’s network. The key to decrypt that communication is in every phone’s SIM card called “kis” (the encrypted identifier).
The NSA and British agency stole millions of encrypted identifiers and they gained the ability to secretly monitor voice and data cellular communications from Gelmalto’s 450 wireless network providers without the approval of telecom companies or foreign governments. They could intercept and decrypt all communications, if they chose to.
“I’m disturbed, quite concerned that this has happened,”
Paul Beverly, a Gemalto exec, told The Intercept.
The leaked document only stated the number of keys that were stolen in next three months of the hacking . So how many keys NSA and British agency have stolen in between 2010 and 2015 is unclear.
It’s highly likely that your phone contains a Gemalto-manufactured SIM card, and that means any attempts on your part to encrypt communications is futile. It’s also bad news for governments other than the U.S. and U.K., since these encryption keys give them an easy way to spy in foreign countries without asking permission (that they’d never get). And it’s really bad news for Gemalto, since the NSA and GCHQ cyberstalked and hacked its employees to obtain the keys.
Image source : The Intercept