Stories
Slash Boxes
Comments

SoylentNews is people

Gemalto Says Reports of its Hack by the NSA and GCHQ were Greatly Exaggerated.

posted by janrinok on Thursday February 26 2015, @12:58PM   Printer-friendly
from the what-else-would-they-say dept.

AnonTechie writes:

In a press release late Tuesday night ( http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx ), Gemalto, one of the world’s largest SIM manufacturers, denied recent allegations that the company had a vast number of sensitive SIM encryption keys stolen by the National Security Agency (NSA) and Britain’s General Communications Headquarters (GCHQ).

The company's statement addressed a number of confidential documents from 2010 which were leaked by former NSA contractor Edward Snowden and published last week by The Intercept. The documents indicated that a task force organized by the NSA and GCHQ broke into Gemalto employee e-mails and found ways to steal the encryption keys corresponding to the SIMs that Gemalto manufactured and sent to mobile carriers. Such a hack would allow state-sponsored spies to decrypt traffic coming to a fake cell tower and thereby watch voice, data, and text messages without a wiretap.

But Gemalto says that after a “thorough investigation,” it concluded that although the company did experience hacks in 2010, it suffered none that could have resulted in the loss of the vast number of SIM encryption keys that The Intercept article referenced. And, the company continued, if some keys had been stolen, then technology pertaining to the 3G and 4G networks that Gemalto builds SIMs for would have prevented substantial hacking. The company believed 2G networks were the only ones that would have truly suffered under such a hack.

http://arstechnica.com/security/2015/02/gemalto-says-reports-of-its-hack-by-the-nsa-and-gchq-were-greatly-exaggerated/

 
This discussion has been archived. No new comments can be posted.
Gemalto Says Reports of its Hack by the NSA and GCHQ were Greatly Exaggerated. | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by janrinok on Thursday February 26 2015, @01:48PM

    by janrinok (52) on Thursday February 26 2015, @01:48PM (#149941) Journal

    after a “thorough investigation,” it concluded that although the company did experience hacks in 2010, it suffered none that could have resulted in the loss of the vast number of SIM encryption keys that The Intercept article referenced

    The document that Snowden released was authentic, or at least appeared so with the correct privacy markings and codewords displayed. For the hack to be included in a formal presentation by GCHQ and the exploitation of the data collected actually being referred to suggests that the attack did take place. If Gemalto have found some signs of an attack but nothing so serious to justify the references to it in the presentation, perhaps that is because the real attack hasn't yet been identified. It could be that the level of sophistication is rather more than a simple internet attack but something far more technical, and that it is still taking place today.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Thursday February 26 2015, @02:07PM

    by Anonymous Coward on Thursday February 26 2015, @02:07PM (#149943)

    Unless someone is pushing bad information through Snowden...

    • (Score: 3, Interesting) by Anonymous Coward on Thursday February 26 2015, @02:19PM

      by Anonymous Coward on Thursday February 26 2015, @02:19PM (#149946)
      You make a good point, I would however also keep the possibilities of
      • "that's a nice SIM printing scheme you've got going there... It'd be a shame if you lost all your US customers as well as customers in countries we happen to be able to push around"
      • "Let's tell everyone that nothing of value was stolen even though it is. That's better for business."

      • (Score: 2) by janrinok on Thursday February 26 2015, @02:40PM

        by janrinok (52) on Thursday February 26 2015, @02:40PM (#149954) Journal
        That's an equally plausible explanation.

      • (Score: 4, Insightful) by Ox0000 on Thursday February 26 2015, @03:00PM

        by Ox0000 (5111) on Thursday February 26 2015, @03:00PM (#149967)

        In all fairness, it does appear that the second option is the most plausible one: "let's lie"

    • (Score: 0) by Anonymous Coward on Thursday February 26 2015, @05:53PM

      by Anonymous Coward on Thursday February 26 2015, @05:53PM (#150018)

      Gemalto admitted to being hacked just not to the extent.

      It's in their best interest to say that, yes we were hacked, we investigated, and found nothing was compromised so we are not culpable for not reporting it.