Metro Weekly

NSA hacked the company that makes your SIM card

6592778831_0996908373_o

If you thought things had calmed over at the National Security Agency, after a couple of years of red-faced embarrassment as leak after leak revealed the extent of its hacking capabilities, you’d be quite wrong. A fresh leak of data from the ubiquitous Edward Snowden has revealed that the NSA, with help from British counterparts GCHQ, hacked into the world’s largest manufacturer of SIM cards — the tiny bits of plastic which ensure your phone latches on to your mobile carrier of choice.

In documents obtained by The Intercept, SIM card manufacturer Gemalto — which lists AT&T, T-Mobile, Verizon and Sprint among its customers — was pinpointed as the target of the attack, which saw the NSA and GCHQ break into the company’s servers and steal the encryption keys which Gemalto uses to keep cellphone communications secure.

With the encryption keys in-hand, both agencies are able to monitor calls, texts and data usage on individual handsets without the user or the network being aware of their presence — and without the need to seek a warrant. The hacking was such a surprise, Gemalto wasn’t aware that any of the encryption keys had been taken.


The hacking was such a surprise, Gemalto wasn’t aware that any of the encryption keys had been taken.


“I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”

For individual users, what does this mean? Well, the NSA and GCHQ have had the encryption keys for several years now — the breach was mentioned in a document from the British agency dating from 2010 — so your SIM card is likely to be one manufactured using the encryption keys which were stolen. If you’d rather not have the NSA track your phonecalls and texts, switch to more secure methods of communication, such as encrypted chat services or encrypted email. If you want to keep texting, there are several SMS replacement apps which can encrypt texts, such as TextSecure, as well as apps to encrypt voice calls such as SilentCircle or RedPhone.

For an in-depth exploration of the attack — and the resulting implications for Gemalto, carriers and users — head over to The Intercept.

Image Credit: MIKI Yoshihito / Flickr

Support Metro Weekly’s Journalism

These are challenging times for news organizations. And yet it’s crucial we stay active and provide vital resources and information to both our local readers and the world. So won’t you please take a moment and consider supporting Metro Weekly with a membership? For as little as $5 a month, you can help ensure Metro Weekly magazine and MetroWeekly.com remain free, viable resources as we provide the best, most diverse, culturally-resonant LGBTQ coverage in both the D.C. region and around the world. Memberships come with exclusive perks and discounts, your own personal digital delivery of each week’s magazine (and an archive), access to our Member's Lounge when it launches this fall, and exclusive members-only items like Metro Weekly Membership Mugs and Tote Bags! Check out all our membership levels here and please join us today!