Re: Stupid Question
The Intercept says GCHQ and NSA hacked Gemalto's network, and the grammar in the lead paragraph says they stole keys from there. They point, in the second paragraph to a document they say details the operation, a PowerPoint slide in which the sole reference to Gemalto is:
"- GEMALTO - successfully implanted several machines and
believe we have their entire network - TDSD are working the
Not a lot of detail, and not overly supportive of a claim that they succeeded in getting anything specific. The note containing the remark “very happy with the data so far and [was] working through the vast quantity of product”, said to accompany the slide did not accompany the article - perhaps it was in the blacked-out area of the slide. In that context one might ask why a mass grab of IMSI/Ki data from the source would require any "working through" worth mentioning.
None of the documents linked in the article mentions the Mobile Handset Exploitation Team. That isn't to say such documents don't exist or that there is no such group, but it seems odd when many of the other claims have links to related documents, especially as the article says its existence had not previously been disclosed.
The actually meaningful documents linked in the Intercept article describe getting keys by processing mass data collections. They do not state that all, or even a significant fraction of the IMSI/Ki data was for Gemalto SIMS, although given Gemalto's size many certainly would have been. The number of keys reported in the documents to have been obtained was in the order of a half million, compared to Gemalto's reported (in the Intercept article) two billion annual SIM card production. Most of the documents derived from this one:
which describes obtaining IMSI/Ki pairs by examining data intercepted in transit between vendors and carriers or between different carriers. One of the other documents, so called, appears to be an excerpt from a document describing goals:
We may reasonably think the agencies desired direct access to Gemalto's and others' key management facilities, but not that they succeeded in getting them.
There seems generally to be a nearly total lack of scepticism about any claim of NSA, GCHQ, or other Five Eyes sins so long as it makes reference to a document that Edward Snowden is said to have provided.