Spy agencies in the US and UK hacked computers belonging to the world's largest SIM card manufacturer to gain access to access billions of phones across the globe. The National Security Agency (NSA) and GCHQ, in the UK, hacked Dutch SIM card maker Gemalto, according to the latest document leak from whistleblower Edward Snowden. The documents, provided to The Intercept, reveal that the NSA hacked chips on SIM cards used by AT&T, Verizon, Sprint and about 450 other network carriers around the world.
The documents reveal how the NSA and GCHQ stole encryption keys from Gemalto and used them to monitor communications on phones using Gemalto's SIM cards.
Gemalto, which makes around 2 billion SIM cards a year, said it was unaware that its data was being stolen. Paul Beverly, a Gemalto executive vice president, said he was "disturbed" by the alleged breach. Experts have said the NSA's actions were in violation of international laws and equivalent to thieves obtaining the master key to a building filled with private homes.
The hacks date back at least as far as April 2010, when the NSA and GCHQ formed the Mobile Handset Exploitation Team (MHET). According to The Intercept's report, the main goal of MHET was to hack SIM card manufacturers and inject malware into their products that would give full access to the data passing to and from the cards.
According to US law, national security agencies can gain access to customer data on US mobile networks after obtaining a court order specifically to do so, but previous Snowden leaks revealed that the NSA was gathering data on a mass scale without obtaining these orders.
To legally hack a Dutch SIM card manufacturer, the NSA would need permission from the Dutch interior minister to go ahead with the operation. Dutch lawmakers are currently investigating whether such permission was given, or if the the NSA did it illegally. "I don't believe he [the interior minister] has given his permission for these kind of actions," said Dutch MP Gerard Schouw.
The number of revelations regarding the NSA's mobile communications surveillance continues to grow.