SIM Card Hacks: Gemalto And Dutch MEP Respond To GCHQ And NSA Allegations

After yesterday's report that the GCHQ and NSA have managed to break into the largest SIM card manufacturers' computers in order to steal all the encryption keys, the company itself, Gemalto, issued a response:

"Gemalto, the world leader in digital security, is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday.We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.​"

Besides being the world's largest SIM card manufacturer, Gemalto is also a major security services company. It has been offering these services in 113 countries and to over 3,000 financial institutions and 450 carriers. In addition to making SIM cards for carriers and chips for credit cards, Gemalto offers other mobile security services, as well. With the NSA and GCHQ boasting about having almost full access to Gemalto's systems beginning back in 2010, it's now likely that all of Gemalto's security products and services have been compromised.

A Dutch MEP, from Gemalto's home country Netherlands, also responded to the hack:

"Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet. In fact, those very same governments push for ever more surveillance capabilities, while it remains unclear how effective these practices are. How is it possible that they have developed so much capacity, while the rise of IS stayed unnoticed?", stated Sophie In't Veld.

In her post, In't Veld also asked the European Union Commission to address this important problem of having the U.S. government hack into major European companies such as Gemalto or Belgacom to undermine the security of hundreds of millions, if not billions, of people. She also asked the EU Commission to address the issue of having some EU members hack into other EU member states (such as UK's GCHQ hacking Gemalto).

With hacking apparently on the rise lately from criminal groups, it doesn't help that allied governments also hack each other and undermine each other's security, exposing themselves even more to other criminal groups or rival states. If anything, they should help increase each other's security, rather than undermine it.

All of this hacking between allied countries seems rather ironic, considering it's mainly the same countries who seem to promote a need for increased cybersecurity in public while hacking each other in secret. If allied countries were serious about cybersecurity, they could sign some sort of a "non-aggression pact" for the cyberworld that bans any of the members from hacking each other. A disregard for that ban should also have serious and immediate consequences explicitly stated when the pact is signed, so there's no room for ambiguities or interpretations. 

Currently, there is little hope for any real change in how countries conduct themselves in cyberspace, specifically because no one ever seems to be punished for the illegal and human rights-infringing acts. When there are no consequences, it's easy to see why nothing needs to change. 

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Onus
    Currently, there is little hope for any real change in how countries conduct themselves in cyberspace, specifically because no one ever seems to be punished for the illegal and human rights-infringing acts. When there are no consequences, it's easy to see why nothing needs to change.
    Nailed it right there. Willful Wrongdoing has become a big game, and it will remain so until there are dire consequences for it, such as holding their heads in a bucket (to catch the mess) when someone musses their hair with a single large caliber round. Too harsh? Then don't do it.
    Reply
  • wysiwygbill
    I wonder if the Russian FSB got in on the fun. That might get western governments to be more interested in better security protocols.
    Reply
  • Reepca
    "If anything, they should help increase each other's security, rather than undermine it"

    To be fair, the best way to convince someone to improve their security is to exploit the lack thereof (or vulnerabilities therein). It's the capitalist way of "increasing each other's security" ;).
    Reply
  • Onus
    ^There is some truth to that, especially if it's being done by White Hat hackers, specifically hired for that purpose. Neither of those two descriptors fits the NSA (nor any other government intelligence agency).
    Reply