Gemalto: NSA/GCHQ Hack ‘Probably Happened’ But Didn’t Include Mass SIM Key Theft

Gemalto — the world’s biggest maker of SIM cards for mobile phones — says that it has “reasonable grounds” to believe that the NSA and GCHQ carried out an operation to hack its network in 2010 and 2011, but the consequences of those actions were not as far-reaching as has been reported. The hack breached Gemalto’s office networks, but it “could not have resulted in a massive theft of SIM encryption keys,” and “in the case of an eventual key theft, the intelligence services would only be able to spy on communications on second generation 2G mobile networks. 3G and 4G networks are not vulnerable to this type of attack.”

The conclusions were published today by Gemalto in a final report from an investigation that it carried out in response to an article in The Intercept. They follow on from an initial statement Gemalto issued earlier in the week. Using more documents leaked by whistleblower Edward Snowden, the Intercept article alleged that the two government agencies from the U.S. and UK stole millions of SIM encryption keys to gather private data.

But Gemalto’s statement, devoid of specific numbers, may leave questions hanging over just how many encryption keys were stolen from its own services.

Gemalto also reconfirmed that none of its other products were affected in the attack. Among these, company works with third parties to provide security and encryption for cloud services, such as in a recent deal with Box.

Gemalto says that while it doesn’t doubt the fact of the breach taking place, it says that by 2010 it had “widely deployed” a secure transfer system with customers and “only rare exceptions” to the scheme could have potentially led to theft. In those cases, the keys that would have been breached would have only been those for 2G networks, not 3G or 4G networks. “3G and 4G networks are not vulnerable to this type of attack,” the company says.

Gemalto goes into some historical detail of what the hacks might have looked like from its side. It says that in 2010 and 2011, it detected two “particularly sophisticated intrusions which could be related to the operation” carried out by the government agencies:

“In June 2010, we noticed suspicious activity in one of our French sites where a third party was trying to spy on the office network. By office network we mean the one used by employees to communicate with each other and the outside world. Action was immediately taken to counter the threat.

In July 2010, a second incident was identified by our Security Team. This involved fake emails sent to one of our mobile operator customers spoofing legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code. We immediately informed the customer and also notified the relevant authorities both of the incident itself and the type of malware used.

During the same period, we also detected several attempts to access the PCs of Gemalto employees who had regular contact with customers.”

Gemalto says that at the time it couldn’t identify who the hackers were, “but we now think that they could be related to the NSA and GCHQ operation. These intrusions only affected the outer parts of our networks — our office networks — which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks. It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data.”

It also noted that, “While the intrusions described above were serious, sophisticated attacks, nothing was detected in other parts of our network. No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks.”

It also went into some detail to try to respond to allegations of thefts related to specific countries, pointing the finger at other SIM card suppliers and others that supply encryption keys. For example, it notes that Gemalto has never sold SIM cards to four of the twelve operators listed in the Intercept report, “in particular to the Somali carrier where a reported 300,000 keys were stolen.”

Gemalto also highlights communications in Pakistan in particular. “We can confirm that the transmission of data between Pakistani operators and Gemalto used the highly secure exchange process at that time,” the company writes. “In 2010 though, these data transmission methods were not universally used and certain operators and suppliers had opted not to use them. In Gemalto’s case, the secure transfer system was standard practice and its non-use would only occur in exceptional circumstances.”

Older, 2G Networks Targeted

So if the keys stolen were only potentially for 2G network SIMs, what does that mean in terms of impact? Today, in 2015, it is true that we are seeing increasing deployment of smartphones and 2G networks are even getting shut off in the most advanced countries, but it’s wrong to think that 2G networks are nonexistent. And back in 2012, that was even less the case.

In that year, 2G networks accounted for the vast majority of connections in China and India. And in the U.S. according to research from the GSMA, about 25% of the U.S. was still on 2G connections, and in Western Europe the split between 2G and more advanced networks was roughly half and half.

As Gemalto points out, “In 2010-2011 most operators in the targeted countries were still using 2G networks. The security level of this second generation technology was initially developed in the 1980s and was already considered weak and outdated by 2010. If the 2G SIM card encryption keys were to be intercepted by the intelligence services, it would be technically possible for them to spy on communications when the SIM card was in use in a mobile phone. This is a known weakness of the old 2G technology and for many years we have recommended that operators deploy extra security mechanisms. However, even if the encryption keys were intercepted by the Intelligence services they would have been of limited use. This is because most 2G SIMs in service at that time in these countries were prepaid cards which have a very short life cycle, typically between 3 and 6 months.”

And Gemalto reiterates that this is unlikely to be related to a “large number” of SIM cards. “It is extremely difficult to remotely attack a large number of SIM cards on an individual basis,” the company writes. “This fact, combined with the complex architecture of our networks explains why the intelligence services instead, chose to target the data as it was transmitted between suppliers and mobile operators as explained in the documents.”

Gemalto is also planning a press conference later today to go through more details of its findings and to take more questions. We’ll update this post with any new information that develops from that.