Internet security is a subject of constant hacking bids but now Euorpean SIM maker Gemalto has openly accused the US and UK spy agencies NSA and GCHQ of constant hacking attempts on its data.
The company has released a report after a thorough investigation on the purported NSA and GCHQ documents which were made public by Euronext website, and its internal monitoring tools and past records of attempts of attacks that occurred during 2010 and 2011.
“If we look back at the period covered by the documents from the NSA and GCHQ, we can confirm that we experienced many attacks. In particular, in 2010 and 2011, we detected two particularly sophisticated intrusions which could be related to the operation,” it said.
In June 2010, Gemalto said it noticed suspicious activity in one of its French sites where a third party was trying to spy on the office network that was used by employees to communicate with each other and the outside world. Next month, a second incident was identified by its security team involving fake emails sent to one of its mobile operator customers spoofing legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code.
Gemalto swung into action, informed the customer and also notified the relevant authorities. During the same period, Gemalto said it detected several attempts to access the PCs of Gemalto employees who had regular contact with customers.
“At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation.” The company said the SIM encryption keys and other customer data in general, are not stored on these networks. “It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” said the company.
The report indicates that attacks were targeted at mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikistan but “failed to produce results against Pakistani networks” as the transmission of data between Pakistani operators and Gemalto used the highly secure exchange process at that time.
Gemalto, however, clarified that it has never sold SIM cards to four of the 12 operators listed in the documents, especially to the Somali carrier where a reported 300,000 keys were stolen. It has also denied another aspect of the report that said Gemalto had SIM card personalization centers in Japan, Colombia and Italy. “We did not operate personalization centers in these countries at the time,” it said.
The company said in 2010-2011 most operators in the targeted countries were still using 2G networks but now with 3G and 4G networks, the security has been heightened. “If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications,” it noted.
While NSA and GCHQ have denied the report, it is a known fact that many government intelligence agencies do swoop around users for specific information and it is high in nations like India where terrorist threats are a constant worry. The modus operandi is to snoop around the communication sent from or received by a specific SIM card and find out its encryption key set by the manufacturer and listen to the conversation.
However, communication sent via mobile applications such as Whatsapp, iMessage and Gmail have separate encryption systems.