How NSA and GCHQ hacked world largest SIM card maker Gemalto: “game over for cellular encryption”

American and British spy agencies have hacked the world’s largest phone SIM card maker Gemalto, managing to steal encryption keys used to protect the privacy of phone calls, text messages and other data, according to the latest top-secret documents made public by National Security Agency whistleblower Edward Snowden.

The 2010 document shows a large-scale operation to break into the internal network of Gemalto. The stolen encryption keys allowed NSA and its British counterpart GCHQ to stealthily monitor phone communications of people across the globe without any approval from telecoms or governments. With the encryption keys, the spies could monitor communications without leaving a trace and without seeking a warrant.

Gemalto, the largest manufacturer of SIM cards in the world, is estimated to ship some 2 billion SIM cards a year. The company, based in France and listed in the Netherlands, manufactures SIM cards for the four major U.S. carriers AT&T, Verizon, Sprint, T-Mobile, and for over 450 other mobile operators across the globe. Its clients include Europe’s Vodafone and Orange, UK’s EE, China Unicom, Japan’s NTT, and Taiwan’s Chungwa.

The initial reaction from security experts: “game over for cellular encryption”

First, we ought to mention that Gemalto has been caught in the blue, and executive vice president Paul Beverly has said the following: “I’m disturbed, quite concerned that this has happened. The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.”

Today, Gemalto updates us via an official press release, saying that it has detected the 2010 and 2011 attacks, but denied that this hack has compromised the encryptions in the billions of SIM cards it ships. The company claims that a separate internal network has been used to transfer encryption keys, and the hackers could not access it.

“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” Gemalto CEO Oliver Piou said in an amusing analogy used to defeat privacy concerns.

“The operation very probably happened, but it’s difficult to prove our conclusions legally, so we’re not going to take legal action,” Piou added.


Still, a lot of serious doubts remain, especially given the fact that Gemalto seemed totally unaware of the attack prior to the Snowden revelations. Earlier, security experts described the events as catastrophic.

“Once you have the keys, decrypting traffic is trivial,” according to Christopher Soghoian, principal technologist at the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

“Gaining access to a database of keys is pretty much game over for cellular encryption,” according to cryptography specialist at the Johns Hopkins Information Security Institute Matthew Green. Green adds that this is “bad news for phone security. Really bad news.”

How did the spies hack Gemalto?

The way spy agencies attacked Gemalto is also indicative of the methods and intents at play over at the NSA and GCHQ. A secret GCHQ slide reveals that the attack first targeted Gemalto’s internal networks by installing malware on a few computers. Contrary to all of Gemalto’s recent claims, the British spies then conclude that they have gained access to the entire internal network of the SIM card maker.

"WE BELIEVE WE HAVE THEIR ENTIRE NETWORK"

In a coordinated effort, the spies also attacked cell companies’ networks, gaining access to “sales staff machines for customer information and network engineers machines for network maps.” The British spy agency also declares it has control over billing servers, allowing it to hide its hacking activities on an individual’s phone.

Interestingly, the leaked slide also mentions a ‘Mobile Handset Exploitation Team’ (MHET) founded in April 2010, and comprising of NSA and GCHQ operatives, with the sole goal to use vulnerabilities in phones. The division takes on the task of attacking SIM card manufacturers, so that it can monitor communications outside the United States (in the U.S., the spy agencies could theoretically get the records directly from the carrier, while in other countries that would be impossible).

The program targeting Gemalto was called DAPINO GAMMA, but the leaked document shows that the GCHQ had been preparing a similar attack against Gemalto rival Giesecke and Devrient.

Understanding encryption: 2G vs 3G vs 4G networks