Gemalto, the world’s largest manufacturer of SIM cards, is confirming that its computer networks were indeed attacked by a sophisticated intrusion between the years 2010 and 2011, corroborating allegations that the state agencies GCHQ and NSA hacked the company and accessed a trove of encryption keys on its SIM cards used by billions of people around the world.
Last week, the website The Intercept published a story about a joint operation by the NSA and GCHQ to breach Gemalto’s computer systems. The aim, according to a top-secret document obtained by NSA whistleblower Edward Snowden, is to steal millions of encryption keys which are designed to protect cellphone signals. By doing so, the NSA and its British counterpart will be able to monitor voice calls and other cellular data; the document also revealed that malware can be installed to compromise computer networks.
In a statement released today, Gemalto said that it conducted a “thorough investigation” based on the documents obtained by The Intercept, and its own monitoring tools, which records intrusion attempts. The company confirms that it experienced a complex attack in 2010 and 2011. The first attack was on one of its French websites, and the second one involved fake emails sent to its customers. Gemalto said that its security team were able to avert both attacks.
In addition, Gemalto said that it detect several attempts to access the computers of its employees. Although the attacks are serious, the company stressed that the intrusions only affected the ”outer parts” of its networks since the SIM encryption keys are “not stored on these networks.” In describing its network architecture, Gemalto said that it is designed “like a cross between an onion and orange,“ with multiple layers and segments that isolate data.
While Gemalto’s statement is assuring, particularly to investors and its customers, security researchers are lambasting the company for jumping to conclusions and declaring such statements after a short investigation. To put things into perspective, the Sony hacking incident took weeks of investigation, and the firm hired to investigate it has yet to release an official statement. Also, the investigation of the Belgacom attack took months to finish.
How To: Buy a Pokemon Go Plus
Don't Miss: iPhone 8: Everything You Need to Know