back to article Gemalto: NSA, GCHQ hacked us – but didn't snatch crucial SIM keys

Gemalto, the world's biggest SIM card maker, has investigated the NSA's and GCHQ's infiltration of its computers – and says that while the agencies did get into its network, they didn't get in far enough to siphon off phone-call encryption keys. Files leaked by intelligence whistleblower Edward Snowden appeared to show the US …

  1. Anonymous Coward
    Anonymous Coward

    Well they would say that

    Wouldn't they

    1. Anonymous Coward
      Anonymous Coward

      Re: Well they would say that

      Sure they would say that.

      Like the NSA and GCHQ would certainly make you believe they have capabilities beyond your wildest dream.

      And maybe Snowden participate willingly to a campain of disinformation.

      1. Mark 65

        Re: Well they would say that

        @AC: The difference is that the NSA and GCHQ have proved their capability time and time again.

        <quote>

        "While the intrusions described above were serious, sophisticated attacks, nothing was detected in other parts of our network", the statement continued, adding:

        No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks.

        </quote>

        "Each of these networks is isolated from one another and they are not connected to external networks." could just mean separate VLANs. My money goes on the spooks being in their network equipment and their sysadmin accounts - remember the "I hunt sysadmins" line the other day? That they didn't detect them in other parts of the network doesn't mean they're not there. They have every incentive to go after this treasure trove of warrant avoidance.

    2. Alister

      Re: Well they would say that

      You must be Mandy Rice-Davis...

    3. Solmyr ibn Wali Barad

      Re: Well they would say that

      And of course you would say that they would say...

      Damn, that's getting complicated.

  2. PCS

    Snowden has a reputation to defend?

    1. Dave 126

      Snowden's reputation, or lack of, is largely irrelevant. The powers that be haven't really denied the documents he has leaked are geniune, but rather they have acted as if the documents are real.

      i.e They call him a traitor, not a nutter.

    2. Champ

      >Snowden has a reputation to defend?

      I think he has a tremendous reputation. He should be nominated for the Nobel Peace Prize.

      1. Anonymous Coward
        Anonymous Coward

        I think the Nobel committee should take away Obama's prize and give it to Snowden...

      2. Jamie Kitson

        > > Snowden has a reputation to defend?

        > I think he has a tremendous reputation. He should be nominated for the Nobel Peace Prize.

        You mean the one won by Henry Kissinger and Barak Obama?

        1. Champ

          > > > Snowden has a reputation to defend?

          > > I think he has a tremendous reputation. He should be nominated for the Nobel Peace Prize.

          > You mean the one won by Henry Kissinger and Barak Obama?

          Ok, yeah, good point. OK, I think Snowden should be given a prize, where the prize itself still has a positive reputation

  3. Dan 55 Silver badge
    Meh

    That they didn't find a breach doesn't mean it hasn't happened.

    It could have been an inside job, if anyone can get an impeccable CV for working at Gemalto it's a spook.

    Presumably Gemalto contracts out some operations to third parties. Whatever was found on their LAN was probably useful in infiltrating them.

    Edit: Gemalto say prepay SIMs (and in most cases that means their phones too) are chucked after 3-6 months. O'Rly?

    Etc... etc...

    1. Anonymous Coward
      Anonymous Coward

      "Edit: Gemalto say prepay SIMs (and in most cases that means their phones too) are chucked after 3-6 months. O'Rly?

      If I look at my own usage of prepaid SIMs, until recently I still used the one I bought in 1998. While that first one was bought in conjunction with an unlocked phone, I found that I could carry on using it (and thus keep my number) with locked budget phones sold with a PAYG package as long as I stayed with the same telco.

      So yes, the SIM cards that came with those cheap phones were only used until their initial credit ran out.

    2. Peter 26

      This exactly. They probably broke in and downloaded the company address book to see who worked in each department. They then used real world spying to get an employee to do the work for them.

    3. Captain DaFt

      "Edit: Gemalto say prepay SIMs (and in most cases that means their phones too) are chucked after 3-6 months. O'Rly?"

      Well, if they weren't being chucked, they are now!

  4. Mark 85

    So who is right and who is wrong? Is it possible the Snowden document was faked by someone in NSA as a red herring "just in case"? Or that Gemalto hasn't really figured out what happened? If there's truly and air-gap on their internal networks and others are to be believed, then that gap may very well have been jumped.

    It's quite possible that we'll never find out the truth. Someone could have been bought off or a 1000 and 1 things are going on.

    1. Anonymous Coward
      Anonymous Coward

      I thought of that too, but this is chicken feed compared to established Snowden stories. It is probably factual errors by the NSA drones that composed the PPT along with a successful operation undiscovered by Gemalto. Forget "Each of these networks is isolated from one another and they are not connected to external networks." This is the agency that can divert your FedEx electronics and insert extra hardware, compromise undersea cables, or get a Stuxnet thumb drive into Iran's nuclear facilities.

  5. Anonymous Coward
    Anonymous Coward

    TLA's have the ability to infect the firmware on a hard drive, run hugely effective tightly focussed attacks against persons and companies/countries of interest so how are organisations like Gemalto able to say that?

  6. sltech

    I tend to believe the hack happened, and that the original GHCQ slides were mistaken in stating some facts, as seen in this document: http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx

    Can you imagine the impact to their bottom line if they had come out and said "yeah everyone, we got hacked big time, take out those sim cards now" ?

  7. Joe Harrison

    How do SIM cards work

    I thought smartcards typically generated private keys onboard and would not release them outside the card. You could only give the card something to sign or encrypt then it would give it back to you. How were there any key copies available to steal?

    1. Dave 126

      Re: How do SIM cards work

      To answer your question:

      The target for the team was the unique Ki encryption keys baked into each of Gemalto's SIM cards. These 128-bit values are hidden away inside the SIM electronics, and are supposed to be kept secret. Every SIM has one regardless of its manufacturer.

      Mobile networks keep a copy of a SIM's Ki key before the card is given to a subscriber. This is so that the carrier can identify and authenticate the device containing the SIM when it joins a network.

      http://www.theregister.co.uk/2015/02/19/nsa_and_gchq_hacked_worlds_largest_sim_card_company_to_steal_keys_to_kingdom/

      http://en.wikipedia.org/wiki/Subscriber_identity_module#Authentication_key_.28Ki.29

      1. Joe Harrison

        Re: How do SIM cards work

        http://en.wikipedia.org/wiki/Subscriber_identity_module#Authentication_key_.28K

        Thanks for that... not very secure then by modern crypto standards. Although maybe the design decision made sense years ago with low-powered phone CPUs of the time.

  8. Andy The Hat Silver badge

    Gemalto are in a difficult situation. "We didn't find an intrusion" either means

    1) there was a really good intrusion that they didn't find.

    2) it never happened.

    or

    3) there was an intrusion but it wasn't too bad so can be swept rapidly under the carpet.

    Option 3 is always likely as Gemalto will be wriggling for their financial lives and is the safest way out (admit a bit, declare "we're great, we coped with it" and "it's self terminating over time so it's ok" or "nobody uses it anyway").

    Option 1 is scary and, if true, someone will be in a spooky bar drinking to a job well done!

    1. x 7

      "Gemalto are in a difficult situation. "We didn't find an intrusion" either means"

      or (4) - They've been instructed what to say by the security forces

  9. TeeCee Gold badge
    Black Helicopters

    On the other hand......

    The attacks therefore "could not have resulted in a massive theft of SIM encryption keys."

    So they found the deliberate traces left by the decoy operation then?

  10. Anonymous Coward
    Anonymous Coward

    I'm more apt to believe Gemalto are attempting to downplay the effect, their stock prices took a rather large hit when the news leaked and they've come out with comments like "... are secure and the Company doesn’t expect to endure a significant financial prejudice.”

    So who are they looking out for, stock prices or users?

    1. Mark 65

      I'm going to play devil's advocate and say that it happened, happened real bad, and they are totally fucked and headed to the corporate graveyard. However the top level execs are trying to keep it going long enough to offload all that stock and stock options they're sitting on which will be worth fuck all soon enough.

  11. Anonymous Coward
    Anonymous Coward

    Sue NSA and GCHQ

    Shouldn't the focus of Gemalto be on a legal challenge to NSA and GCHQ activities? This is rather unprecedented, but surely is, by any interpretation, a misuse of power and a lack of due process i.e. this ought to be pretty damn illegal?

    "But the terrorists..."

    All in all it's looking more and more like the terrorists have won, gifted to them by the very actions governments here are taking. Not educating women and a lack of civil liberties are different facets of the same issue - the lack of a fair, just and principled society.

  12. Anonymous Coward
    Holmes

    Blame everyone else

    NSA and GCHQ may have been acting illegally, so do loads of people - crooks, terrorists.

    Gematlo's product is trust, specifically to keep the bad guys (whoever they are) from knowing their customers secrets. Where is that trust now?

    They are effectively saying it didn't happen (even though GCHQ and NSA said it did) and if it did it was everyone's fault but ours.Especially our customers.

    Nice line!

  13. phuzz Silver badge

    From reading through the details in the slides that were released, GCHQ/NSA intercepted the keys when they were being sent to the network providers, not in Gemalto's central store, so perhaps they were looking in the wrong place for a breach.

    Wouldn't the easiest way for the TLAs to intercept keys be to vacuum up all emails coming out of Gemalto to grab the presumably encrypted keys, whilst also checking all other methods of communication to grab the passwords?

  14. batfastad

    Prison

    I, me, you, we would all be banged up if for industrial espionage on this scale.

    As ever, the rules are different for those that make the rules.

    I'm not condoning terrierislamopedoismists or whoever the threat to national insecurity is this week. But there's defence and there's offence. This is most definitely offence.

  15. Spaceman Spiff

    And $5usd

    This, and about $5USD will buy you a nice latte at Starbucks. Also, if you believe it, I have some futures you can buy in a very nice bridge between Manhattan island and Brooklyn NYC. It's a bit old, but in fine shape...

  16. Anonymous Coward
    Alert

    LIES!!!!!

    <lies>Everything Gemalto says</lies> .... Wouldn't you if the NSA essentially put you out of business? Again, what is the NSA's role?

  17. Gordon 10
    Black Helicopters

    And if you want to be truly paranoid

    Gemalto also make those smart cards you can use to log on to a pc too.......

  18. mikecoppicegreen

    Another predictable line of comment....

    Not bothered to go anonymous - I'm going to get downvoted to the max anyway.

    I'm not a Gemalto employee, to be clear.

    But, unlike the armchair conspiracy theorists on this page, I have actually visited a Gemalto site, I know several Gemalto employees, and I've had demo's of a number of security related experiments that they undertake. This is all in the period up to about a couple of years ago.

    I know the lengths they go to to test the protection of the private key inside SIM cards- they employ techniques far beyond the means of the average hacker to protect the private keys. I can't believe that they would miss something as obvious as not properly airgapping their network. They were intensely aware that their business relied on their security precautions. They provided superb resources to some very bright guys to try to penetrate the SIM cards and their systems. By the way, the best drive firmware hack in the world can't get data through a true air gap.

    When I say i visited a site of theirs, I mean I was allowed into a meeting room outside their secure perimeter. To get that far into their site meant a passport check and being pre- notified to their site.

    Yes, they would say that the hack did not penetrate. And It's possible that NSA/GCHQ targetted an employee to get at the data, but the security precautions I saw would have made it very difficult to get the data out.

    There is one (theoretical) exit path for the data - if the phone network was presented with the private key data for the SIM's they bought (so that symmetrical encryption was possible), then the transfer of that data may be a risk. And that would account for the 2G statements. if the report names networks that were not supplied by Gemalto then it's more likely that NSA/GCHQ compromised the private key data at the entry to the phone network, rather than within the SIM manufacturer.

    It's always fun to believe that the NSA ex-employee is telling the truth and Gemalto is lying, though :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Another predictable line of comment....

      So you blackmail/bribe/threaten an insider.

    2. PleebSmash
      FAIL

      Re: Another predictable line of comment....

      It's always fun to believe that the NSA ex-employee is telling the truth and Gemalto is lying, though :)

      Wipe that emote off your face you smug fuck. You think Snowden, Intercept, etc. altered slides to add "successfully implanted several machines and believe we have their entire network"?

      Nope, Gemalto got owned and you're in denial. I bet some higher up Gemalto employees are stitching together their golden parachutes right now.

      1. mikecoppicegreen

        Re: Another predictable line of comment....

        I don't think I'm smug. And you've never told your boss you believe something that you hope will be ok when you're not completely sure? Did they say "certain" No.

  19. DPepper
    WTF?

    Good article until the last sentence

    <i>"Just what this statement means for Snowden's reputation remains to be seen."</i>

    That sentence gives the ridiculous impression that Edward Snowden, himself, was in some way responsible for the creation of the multitude of NSA documents that he absconded with. No one from the President down to the Director of the NSA is making such a claim. It's called a "Leak" for a reason.

    <i>"Disclosures of National Security Agency secrets by the former contractor Edward Snowden have damaged U.S. efforts to battle terrorists, NSA Director Adm. Mike Rogers said on Monday."</i> Washington Post

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like