The US National Security Agency (NSA) and British counterpart Government Communications Headquarters (GCHQ) hacked the largest SIM card manufacturer in the world, according to secret documents leaked to The Intercept by former NSA contractor Edward Snowden.
All mobile communications are private because of an encrypted connection between an individual’s cellphone and the wireless carrier’s network. The key to decrypt that communication is in every phone’s SIM card.
Once US and British agents stole the encryption keys from the SIM manufacturer, the government agencies gained the ability to secretly monitor voice and data cellular communications from 450 wireless network providers without the approval of telecom companies or foreign governments. They could intercept and decrypt all communications, if they chose to.
The SIM card manufacturer – a huge company called Gemalto, which operates in 85 countries – still couldn’t find a trace of the hacks, even after The Intercept alerted it that GCHQ had access to its entire network.
“I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto exec, told The Intercept.
The leaked GCHQ documents only had statistics for three months of encryption key theft in 2010, but even in just that short time, it obtained millions of keys over that brief span.