American and British spies hacked into the world’s largest SIM card manufacturer, compromising the privacy of mobile devices across the world, according to a report that cites newly revealed documents leaked by NSA whistleblower Edward Snowden. The documents are dated from 2010.
The hack gave the NSA and British Government Communications Headquarters the “potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data,” according to The Intercept.
The company named in the report is Gemalto, a Netherlands company that makes SIM cards, with clients reportedly including Verizon, AT&T, T-Mobile, Sprint and 450 more providers from around the world. The spy agencies obtained encryption keys — which The Intercept described as “the keys to the castle” — allowing American and British government officials to monitor mobile communications, potentially without warrants or wiretaps.
Gemalto has a presence in 85 countries. The monitoring was untraceable, according to the report. A Gemalto representative said “the most important thing for us now is to understand the degree” of the breach, the report said.
“The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years,” Paul Beverly, Gemalto executive vice president, told The Intercept.
One privacy expert, with the American Civil Liberties Union, told The Intercept that “will send a shock wave through the security community.” The information obtained by state-backed hackers is essentially the master keys to mobile devices.