The intelligence services of the United States and Britain hacked into the world’s largest SIM card maker, taking encryption keys allowing them to monitor users, a report said Friday.
The hack was a joint operation by the two agencies, and would have facilitated eavesdropping on much of the world’s voice and data mobile networks, The Intercept website reported, citing a 2010 internal British document provided by former US national security contractor Edward Snowden.
The unit was set up by the US National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ).
It targeted Gemalto, the report said, which makes 2 billion SIM cards a year for 450 mobile service providers, including AT&T, T-Mobile, China Mobile and SoftBank.
The company is registered in the Netherlands and has factories around the world including in the US.
Gemalto’s executive vice president Paul Beverly told The Intercept he was “disturbed” by news of the breach.
“The most important thing for us now is to understand the degree” of the hack and data leak, he said.
After mining the private communications of employees, the surveillance unit obtained a copy of the encryption keys, which would technically enable the agencies to monitor mobile communications without the approval or knowledge of service providers or authorities, the report said.
“Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian, principal technologist for the American Civil Liberties Union activist group, was quoted as saying.