Gemalto has conducted a thorough investigation based on the purported NSA (National Security Agency) and GCHQ (Government Communications Headquarters) documents which were made public, supported by Gemalto’s own internal monitoring tools and their past records of attempts of attacks. Considering the period covered by the documents from the NSA and GCHQ, 2010 to 2011, Gemalto detected two particularly sophisticated intrusions which could be related to the operation.
In June 2010, Gemalto noticed suspicious activity in one of its French sites where a third party was trying to spy on the office network.
In July 2010, a second incident was identified by Gemalto’s Security Team. This involved fake emails sent to one of the mobile operator customers spoofing legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code.
During the same period, Gemalto also detected several attempts to access the PCs of Gemalto employees who had regular contact with customers.
These intrusions only affected the outer fringes of Gemalto’s networks, including office networks, which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks.
No such intrusions were detected in other parts of Gemalto’s network. No breaches were found in the infrastructure running their SIM activity or in other parts of the secure network which manages their products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks.
Gemalto cited in an official press release: “It is extremely difficult to remotely attack a large number of SIM cards on an individual basis. This fact, combined with the complex architecture of our networks explains why the intelligence services instead chose to target the data as it was transmitted between suppliers and mobile operators as explained in the documents.”
The analysis of the documents shows that the NSA and GCHQ targeted numerous parties beyond Gemalto. As the leader in the market, Gemalto may have been the target of choice for the intelligence services in order to reach the highest number of mobile phones.
Gemalto further cited in an official press release: “Nevertheless, we are conscious that the most eminent state agencies, especially when they work together, have resources and legal support that go far beyond those of typical hackers and criminal organizations. And, we are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion.”
In today's world, any organization could be subject to a cyber-attack. Therefore, it has never been more important to follow security best practices and adopt the most recent technologies. These include advanced data encryption, so that even if networks are breached, third parties will not be able to access any of the stolen information. Gemalto will continue to monitor its networks and improve its processes.