dslreports logo
spacer Home Reviews Speed Test Tools News Forums Info About Join  
 story category
Gemalto: NSA Encryption Key Hack 'Probably Happened'
by Karl Bode
Wednesday Feb 25 2015 09:04 EDT

Last week, we noted how the NSA had been caught hacking into Gemalto, the world's largest product of SIM cards for cellular carriers around the world. The report over at The Intercept went into great detail regarding how NSA hackers managed to compromise numerous PCs at the company, resulting in the theft of billions of encryption keys used by 450 different carriers in 85 countries around the world.

After initially saying they had absolutely no idea an attack occurred, Gemalto has issued a report on their investigation into the matter, and have concluded that an intrusion "probably happened."

The document is clearly aimed at damage control and keeping Gemalto stock price from plummeting further, concluding that the attacks "could not have resulted in a massive theft of SIM encryption keys." If a large-scale theft of encryption keys happened, claims the company, it was likely the fault of one of the company's many partners, claims Gemalto.

"It is extremely difficult to remotely attack a large number of SIM cards on an individual basis," claims the report. "This fact, combined with the complex architecture of our networks, explains why the intelligence services instead chose to target the data as it was transmitted between suppliers and mobile operators," stated the company.

tags: business · hardware · alternatives · privacy · consumers · cellular
Forums

Gemalto: NSA Encryption Key Hack 'Probably Happened'

 view:
topics flat nest 
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn

Member

2015-Feb-25 8:38 am

Nothing to see here move along...

so what they are saying is that they really don't know how much data was taken...

and while it's possible to use the keys it's very difficult to use them in bulk ?

Need we remind them of the att, and vzw data rape rooms ? and many carrier intercept links and ohh yeah let's not forget that huge ass datacenter they are building in utah... ironically only miles from many carriers pop... and also ironically the first pop upgraded to all 100 gig links...

Yeah that huge as datacenter will make it impossible to use these keys in bulk.
2015-Feb-25 8:38 am: · hey mods ·
Expand your moderator at work

SysOp
join:2001-04-18
Atlanta, GA

SysOp

Member

2015-Feb-25 9:59 am

Million $ question

It seems I would need a replacement SIM card with one that was manufactured after the conclusion of these attacks provided the security breach has been patched.

If no product recall, then how am I to go about finding out which SIM cards are safe?

If none are safe, would resorting to "burners" help protect my self? (New IMEI, New SIM every 30 days)

I've read that changing your IMEI is illegal, but so was hacking the SIM encryption keys. No, it doesn't make it right, but I do have the right to protect myself, by all means necessary during this illegal war on privacy.
2015-Feb-25 9:59 am: · hey mods ·
etaadmin
join:2002-01-17
united state

etaadmin

Member

2015-Feb-25 10:50 am

Gemalto was not hacked

What happened is that some 'men in black' showed up at Gemalto's offices demanding the encryption keys... and Gemalto willfully handed them the goods.

This is either you are with us or with the terrorists mentality, you work with 'us' or you are out the business.
2015-Feb-25 10:50 am: · hey mods ·

RonG
@cmc-nc.com

RonG

Anon

2015-Feb-25 11:42 am

Keys

Sense being hacked shouldn't the keys be changed?!?!?!?!
2015-Feb-25 11:42 am: · hey mods ·

firephoto
Truth and reality matters
Premium Member
join:2003-03-18
Brewster, WA

firephoto

Premium Member

2015-Feb-25 12:38 pm

No Trust

quote:
"It is extremely difficult to remotely attack a large number of SIM cards on an individual basis," claims the report. "This fact, combined with the complex architecture of our networks, explains why the intelligence services instead chose to target the data as it was transmitted between suppliers and mobile operators,"
Perhaps the accused thieves have information that allows them to easily detect and target the data (remember, they collect it all to analyze later) of a "small number of SIM cards".

AT&T, Verizon, all the carriers in the world probably don't care much about protecting metadata because it's just statistical information that doesn't reveal personal communications.

Oh, and "lots of keys stolen" talk is just to make people think that there is a single "thing" associated with every SIM card, which there is, but what about the things that generate the keys, the ability to maybe have keys that reveal enough to bypass all security on all keys, an actual theft that left some bits behind to modify particular keys and cards.

No trust, just words to keep their stock floating and the do nothings getting paid.
2015-Feb-25 12:38 pm: · hey mods ·

hayabusa3303
Over 200 mph
Premium Member
join:2005-06-29
Florence, SC

hayabusa3303

Premium Member

2015-Feb-25 2:03 pm

karl

like the pic spy vs spy... reminds me of the xbox game...
2015-Feb-25 2:03 pm: · hey mods ·
smk11
join:2014-11-12

smk11

Member

2015-Feb-25 4:37 pm

Too many devices without American backdoors...

So the NSA had to attack the SIM cards.

So the NSA has killed off the cloud, all american tech/software, contactless payments, and all SIM based communication/security.
2015-Feb-25 4:37 pm: · hey mods ·

Flyonthewall
@teksavvy.com

Flyonthewall

Anon

2015-Feb-26 12:44 pm

Does the US want to do business with anyone?

All this spying is really making it difficult for people to want to do business with that country is what I'm thinking.

Wouldn't it just be easier for the US gov to declare the world is theirs and everyone else can gtfo? The attitude they have towards people who have no criminal record is insane. That's industrial sabotage on a grand scale, but nothing will come of it.
2015-Feb-26 12:44 pm: · hey mods ·