It was revealed last week that the GCHQ and the NSA conducted a joint operation that resulted in the theft of thousands of encryption keys from the world’s largest manufacturer of cellphone SIM cards which may have granted the two spy agencies access to the communication information of millions of people. The company, known as Gemalto, has been playing damage control ever since and, while it hasn’t denied that the hack occurred, it claims that things aren’t as bad as they seem. Many cybersecurity experts beg to differ, however.
Last week, new documents leaked by Edward Snowden revealed one of the NSA and GCHQ’s most daring operations: the heist of thousands of encryption keys from cellphone SIM card maker Gemalto, which potentially gave the spy agencies the ability to eavesdrop on the phone calls of millions of people all over the world. Now, Gemalto says it’s done a “thorough” investigation and has “reasonable grounds” to believe it was, indeed, hacked by the American and British spies—but the company goes out of the way to downplay the breach. “The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys,” the company said in a press release published on Wednesday. This would mean that the attackers couldn’t have gained the ability to eavesdrop on cellphone calls. But cybersecurity experts are very skeptical of Gemalto’s conclusions.