NSA and GCHQ Reportedly Hacked the World’s Largest SIM Card Manufacturer

Gemalto, the world’s largest manufacturer of SIM cards, is holding a press conference today in Paris to investigate reports that it was hacked by the National Security Agency (NSA) and the Government Communications Headquarters (GCHQ). Earlier this week, the company denied allegations that the encryption keys on its SIM cards were breached, although it promised to conduct a thorough investigation. Gemalto said that its SIM products, which includes banking cards and passports, are secure.

The scandal was first reported by the website The Intercept, which received the top-secret document from Edward Snowden. The document reveals that a joint unit comprised of agents from the NSA and GCHQ, Britain’s intelligence agency, hacked Gemalto’s computer networks and stole millions of encryption keys designed to protect cellphone signals. The document shows that the breach gave both the NSA and GCHQ the ability to monitor voice calls and other cellular data.

Moreover, the 2010 document, titled “CNE Access to Core Mobile Networks,” revealed that the NSA and GCHQ planted malware on Gemalto’s computers, gaining access to the company’s trove of sensitive data. Additionally, the agencies hacked other yet-to-be-named cellular companies, accessing machines used in storing customer information and network maps, and penetrated authentication servers, allowing agents to decrypt data and voice communications.

The allegations were based on the documents leaked by NSA whistleblower Edward Snowden. Gemalto, which produces 2 billion SIM cards each year, is based in Amsterdam. Apart from manufacturing SIM cards for giant telecom companies like Verizon, AT&T, T-Mobile, Sprint and other carriers around the world, it also supplies enterprise services to companies including Shell, Chevron, Barclays, Microsoft, Pfizer and Boeing. Ironically, Gemalto’s motto is “security to be free.”