14 DAY TRIAL // National Security Agency (NSA) is in the middle of another scandal that makes it directly responsible for what could possibly be the greatest heists in the world of technology.
Documents provided by NSA whistleblower Edward Snowden to The Intercept indicate that American and British spies managed to breach the largest mobile phone and credit cards chip maker Gemalto back in 2010.
The heist was performed by a joint unit of NSA and its British counterpart Government Communications Headquarters (GCHQ) and has been detailed in a secret document issued 5 years ago.
The joint unit came up with the idea of stealing the encryption keys to the SIMs produced by Gemalto for some of the biggest carriers in the world, including four major operators in the US: AT&T, T-Mobile, Verizon and Sprint.
In total, SIM cards for no less than 450 wireless network providers may have been compromised, but the number could be higher given that the situation probably changed in the last couple of years.
World's biggest carriers' SIM cards may have been compromised
Since Gemalto produces around 2 billion SIM cards per year, if anyone manages to steal the encryption keys for these SIM cards, it would be like owning the keys to a whole castle.
NSA managed to hack Gemalto's servers by hacking into the emails of its employees and learning who's in charge with sending these encryption keys to carriers via email.
Having obtained the encryption keys to these SIM cards, NSA would not need to get a warrant or a wiretap. On top of that, the decryption of one's communication on the phone doesn't leave any trace on the carrier's network, which means they will never know they were intercepted.
By stealing these encryption keys, NSA would also gain the ability to decrypt any previously encrypted communication they intercepted in the past.
British spies from GCHQ, with the full support from the NSA, managed to mine the private communications of engineers and other company employees in multiple countries.
Gemalto was oblivious to the theft
It looks like Gemalto was unaware that it is targeted by these two intelligence services and the spying on its employees:
“I’m disturbed, quite concerned that this has happened. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years,” said Paul Beverly, a Gemalto executive vice president.
“What I want to understand is what sort of ramifications it has, or could have, on any of our customers. The most important thing for us now is to understand the degree of the breach,” he added.
Use secure communication software for protection
What exactly could the theft of these SIM decryption keys mean for mobile phone users? Well, it's pretty simple and outrageous at the same time.
Once you have these keys, any decryption traffic becomes trivial, so basically, as long as NSA or other entity has your SIM card's encryption key, it's very easy to decrypt any traffic communication.
The only way you could protect from surveillance by those who have stolen these encryption keys would be to use secure communication software, instead of relying on SIM card-based security.