Author Topic: Gemalto Says Hack Didn’t Result in Massive Theft of SIM Keys  (Read 2314 times)

0 Members and 1 Guest are viewing this topic.

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
Gemalto Says Hack Didn’t Result in Massive Theft of SIM Keys
« on: February 25, 2015, 11:04:03 AM »
Gemalto Says Hack Didn’t Result in Massive Theft of SIM Keys


Company detects ‘sophisticated intrusions’ in 2010, 2011

 
SIM-card company Gemalto said it detected two “sophisticated intrusions” in 2010 and 2011 following a probe into alleged hacks by U.S. and U.K. intelligence agencies. PHOTO: BLOOMBERG NEWS

By
SAM SCHECHNER and
 
INTI LANDAURO
Updated Feb. 25, 2015 4:31 a.m. ET 
PARIS—Security-chip maker Gemalto NV said Wednesday that American and British intelligence services could be responsible for a “particularly sophisticated intrusion” of its networks several years ago, but denied that the alleged hack could have widely compromised encryption it builds into chips used in billions of cellphones world-wide.

The company, one of the world’s largest makers of cellphone SIM cards, on Wednesday disclosed the first details of an internal investigation it launched in response to a report Friday that the U.S. National Security Agency and the U.K.’s Government Communications Headquarters, or GHCQ, had hacked Gemalto systems.
The company, based in France and listed in the Netherlands, said that it had in 2010 and 2011 detected intrusions in the outer parts of its network that it now believes could have been carried out by the NSA and GCHQ, and sounded an alarm over potential government overreach.

“We are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion,” the company said in a news release.

The person in charge of the matter at the NSA wasn’t immediately available for comment, an NSA official said Wednesday. GCHQ declined to comment.
  •  
Big telecommunications carriers said last week they would work with Gemalto to assess any vulnerability to customers, and some European government officials lashed out at the alleged hack. Gemalto counts some of the world’s biggest telecoms carriers as customers, including Vodafone Group PLC and Verizon Communications Inc.

On Wednesday, China weighed in, saying it was concerned about the reported hack. Gemalto provides SIM cards for China Mobile Ltd. , the world’s largest carrier by subscribers. At a daily press briefing, China Foreign Ministry spokesman Hong Lei said, “We are concerned about” reports of the hacking attempt into Gemalto.
“We are opposed to any country attempting to use information technology products to conduct cyber surveillance,” Mr. Hong said. “This not only harms the interests of consumers but also undermines users’ confidence.”

The alleged hack was reported last week by the Intercept, a news website that has been a conduit of leaks from former NSA contractor Edward Snowden . It alleged the agencies had intercepted data transfers between Gemalto and clients that included encryption keys for Gemalto-made SIM cards. Those keys encrypt radio transmissions between individuals’ cellphones and cellular antennas operated by telecommunications companies.

Gemalto said Wednesday the hackers it encountered in 2010 and 2011 had used spoofed emails sent to its clients. The company said the hackers had also likely managed to access computers in its office network, but not a separate network it used to store SIM-card encryption codes or customer data.

“It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data,” the company said.
Gemalto’s report said that the intelligence agencies could have only intercepted a small number of its communications with operators, as it had already by 2010 rolled out a secure system to transfer the keys.

 ‘It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data’
—Security-chip maker Gemalto 

The company added that the latest generations of its SIM cards for 3G and 4G networks have additional encryption measures that would have made the stolen keys unusable.

It wasn’t immediately possible to verify Gemalto’s claims. Last week, a former European intelligence official said that 2G networks were already easy to penetrate, and that the theft of keys would be primarily useful for decrypting radio communications on 3G and 4G cellular networks.

Gemalto did acknowledge in its news release Wednesday that not all operators pay for or use the most up-to-date security features, which could make encryption easier to penetrate.

The firm has 450 mobile-network operators as customers. It recorded €2.4 billion ($2.72 billion) in revenue in 2013.

Write to Inti Landauro at [email protected]

http://www.wsj.com/articles/gemalto-says-hack-didnt-result-in-massive-theft-of-sim-card-keys-1424851298