|
 The alleged hack on Gemalto <GTO.AS>, if confirmed, would expand the
scope of known mass surveillance methods available to U.S. and
British spy agencies to include not just email and web traffic, as
previously revealed, but also mobile communications.
The Franco-Dutch company said on Friday it was investigating whether
the U.S. National Security Agency (NSA) and Britain's GCHQ had
hacked into its systems to steal encryption keys that could unlock
the security settings on billions of mobile phones.
The report by The Intercept site, which cites documents provided by
former NSA contractor Edward Snowden, could prove an embarrassment
for the U.S. and British governments. It opens a fresh front in the
dispute between civil liberties campaigners and intelligence
services which say their citizens face a grave threat of attack from
militant groups like Islamic State.
It comes just weeks after a British tribunal ruled that GCHQ had
acted unlawfully in accessing data on millions of people in Britain
that had been collected by the NSA.
The Intercept report (http://bit.ly/19E0KUK) said the hack was
detailed in a secret 2010 GCHQ document and allowed the NSA and GCHQ
to monitor a large portion of voice and data mobile communications
around the world without permission from governments, telecom
companies or users.
"We take this publication very seriously and will devote all
resources necessary to fully investigate and understand the scope of
such sophisticated techniques," said Gemalto, whose shares sunk by
as much as 10 percent in early trading on Friday, following the
report.
The report follows revelations from Snowden in 2013 of the NSA's
Prism program which allowed the agency to access email and web data
handled by the world's largest Internet companies, including Google
<GOOGL.O>, Yahoo <YHOO.O> and Facebook <FB.O>.
A spokeswoman for Britain's GCHQ (Government Communication
Headquarters) said on Friday that it did not comment on intelligence
matters. The NSA could not be immediately reached for comment.
A European security source said that mobile devices were widely used
by terrorist groups and that intelligence agencies' attempts to
access the communications were justified if they were "authorized,
necessary and proportionate." The source did not confirm or deny
that the documents were from GCHQ.
The source also said Western agencies would sometimes hold on to
data over time in order to decrypt the communications of specific
intelligence targets.
The source added that wireless networks in Iran, Afghanistan and
Yemen were viewed as having significance intelligence value. These
were identified by the Intercept as countries where Britain's GCHQ
intercepted encryption keys used by local wireless network
providers.
SURVEILLANCE
The new allegations could boost efforts by major technology firms
such as Apple Inc <AAPL.O> and Google to make strong encryption
methods standard in communications devices they sell, moves attacked
by some politicians and security officials.
[to top of second column] |
Leaders including U.S. President Barack Obama and British Prime
Minister David Cameron have expressed concern that turning such
encryption into a mass-market feature could prevent governments from
tracking militants planning attacks.
Gemalto makes SIM (Subscriber Identity Module) cards for phones and
tablets as well as "chip and pin" bank cards and biometric
passports. It produces around 2 billion SIM cards a year and counts
Verizon <VZ.N>, AT&T Inc <T.N> and Vodafone <VOD.L> among hundreds
of wireless network provider customers.
The European security source said that an assertion by The Intercept
that GCHQ had taken control of Gemalto's internal network was
speculative and not supported by documentation published by the
website.
The Intercept, published by First Look Media, was founded by the
journalists who first interviewed Snowden and made headlines around
the world with reports on U.S. electronic surveillance programs.
It published what it said was a secret GCHQ document that said its
staff implanted software to monitor Gemalto's entire network, giving
them access to SIM card encryption keys. The report suggested this
gave GCHQ, with the backing of the NSA, unlimited access to phone
communications using Gemalto SIMs.
French bank Mirabaud said in a research report the attacks appeared
to be limited to 2010 and 2011 and were aimed only at older 2G
phones widely used in emerging markets, rather than modern
smartphones. It did not name the source of these assertions.
Some analysts argued that if a highly security-conscious company
like Gemalto is vulnerable, then all of its competitors are as well.
Gemalto competes with several European and Chinese SIM card
suppliers. A spokesman for one major rival, Giesecke & Devrien of
Germany, told Reuters: "We have no signs that something like that
happened to us. We always do everything to protect our customers'
data."
But while security experts have long believed spy agencies in many
countries have the ability to crack the complex mathematical codes
used to encrypt most modern communications, such methods remain
costly, limiting their usefulness to targeted hijacking of
individual communications.
(Additional reporting by Abhirup Roy and Supantha Mukherjee in
Bengaluru; Leigh Thomas, Cyril Altmeyer, Blaise Robinson and
Nicholas Vinocur in Paris, Mark Hosenball in Washington,; Jens Hack
in Munich; and Harro ten Wolde in Frankfurt; Editing by Andrew
Callus and Pravin Char)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
