Last week, The Intercept reported, citing documents leaked by NSA whistleblower Edward Snowden, that UK’s Government Communications Headquarters (GCHQ) and the US National Security Agency (NSA) had hacked into Gemalto’s networks and stolen its encryption keys.
“The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened," Gemalto said in a press release.
As the market leader, Gemalto may have been the main target for intelligence services who wished to reach the maximum number of mobile phones, it said.
“The operation aimed to intercept the encryption keys as they were exchanged between mobile operators and their suppliers globally,” according to Gemalto.
However, the attacks only breached office networks and “could not have resulted in a massive theft of SIM encryption keys.” In addition, the intelligence services could only have spied on communications on 2G mobile networks in case of key theft, the company said.
