Gemalto Denies Knowledge Of NSA Cellphone SIM Tampering

The world’s largest manufacturer of cellphone SIM cards said it can’t prove the veracity of a new report that U.S. and British intelligence agencies hacked into its corporate systems to tamper with its SIM cards and monitor mobile communications.

The report from The Intercept on Thursday said leaked documents from former National Security Agency contractor Edward Snowden reveal a program to infiltrate Gemalto's corporate systems to gain access to the encryption keys that protect SIM card data, and essentially create a back door. Those SIM cards are used in cellphones sold by AT&T, Verizon, Sprint and hundreds of other telecommunications providers globally. The joint campaign, along with the British equivalent GHCQ agency, cracked the encryption algorithm used to protect the mobile cards in support of both countries' global surveillance activities, according to the report.

It points to a secret 2010 GCHQ document that names Gemalto and indicates that the agencies "successfully implanted several machines and believe we have their entire network." The network infiltration included gaining access to billing servers to "suppress SMS billing;" authentication servers to gain access to account credentials; and the systems of sales and network engineers to bilk the company of its customer information.

[Related: 10 Ways NSA Surveillance Revelations Could Impact The Channel]

Sponsored post

The campaign was undertaken by a Mobile Handset Exploitation Team, which was formed in April 2010 to target vulnerabilities in cellphones, according to The Intercept report. ’One of its main missions was to covertly penetrate computer networks of corporations that manufacture SIM cards, as well as those of wireless network providers."

In a statement issued today, Gemalto said it couldn't verify the validity of the report and affirmed its commitment to the security of its SIM cards.

"We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation. Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday."

NEXT: Kaspersky Lab Identifies Spy Agency Equation Group

In a second spy agency revelation this week, Kaspersky Lab issued research that identified a group it calls the Equation Group, which is said to have embedded a back door on the firmware of hard drives of major manufacturers. Kaspersky Lab researchers uncovered the malware used by the group, designed to crack encryption. CRN reported this week that the five top storage vendors -- EMC, Hewlett-Packard, Hitachi Data Systems, NetApp and Dell -- refused to comment on any of the report's implications.

The Kaspersky Lab report documents the sophisticated hacking tools, zero-day exploits and other tactics used by the group, and said the malware was uncovered from the firmware in hard drives manufactured by Seagate, Western Digital and Toshiba. Security researchers surmise that the U.S. and Israel are behind the Equation Group due to its close ties to the Stuxnet Trojan, which was unleashed to disrupt Iran's nuclear centrifuge program.

Solution providers told CRN that business owners are deeply concerned about data security and privacy, but are relatively powerless to do anything about it other than to demand transparency from technology vendors.

The average person would not likely be able to identify malware on their device or know what to do to protect their communication, said Rob Kraus, director of research at Omaha, Neb.-based managed security services provider, Solutionary, a subsidiary of NTT Group.

"This really confirms a lot of people's worst nightmares about how much monitoring is taking place," Kraus said. "We have a certain-level expectation of privacy as a basic human right, and we understand that there is a significant need for having visibility for the sake of national security, but that is a gray line that can be easily crossed."

Snowden's allegations first surfaced in December 2013 that the spy agencies established a back door into widely deployed networking gear. Technology giants Cisco Systems, Juniper Networks and Dell issued statements, expressing concern about reports that were based on the leaked documents.

The report in German news publication Der Spiegel pointed to secret NSA documents that included a catalog of software and hardware implants allegedly used by NSA employees for hacking, monitoring and data-skimming their targets' technologies.