PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Report: NSA, GCHQ Hacked SIM Card Maker Gemalto

Stephanie Mlot
 & Stephanie Mlot Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

SIM-card maker Gemalto had its encryption keys stolen several years ago, but the alleged perpetrators were not some shadowy hacker group, but U.S. and U.K. spy agencies, according to a new report.

Citing top-secret documents provided by former NSA contractor turned whistleblower Edward Snowden, The Intercept said the hack was executed by the National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ).

Gemalto, a multinational chipmaker based in The Netherlands, supplies SIM cards used by all four of the top U.S. carriers and 450 wireless network providers around the world. Access to Gemalto's encryption keys, therefore, potentially provided intelligence agencies will the ability to monitor mobile communications without approval, warrant, or wiretap, and leave no trace on the wireless provider's network, The Intercept said.

According to the site, spies from GCHQ—with support from the NSA—"mined the private communications of unwitting [Gemalto] engineers and other company employees in multiple countries."

The breach was detailed in what The Intercept called a "secret" 2010 GCHQ document, but was only just made public via the Snowden data dump.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

"We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation," Gemalto said in a statement. "We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques."

Gemalto was not the spy agencies' only target, but in hacking the firm, "GCHQ hit the jackpot" The Intercept said.

The effort, Gemalto said. "was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent."

A GCHQ spokesman declined to comment on the situation, adding that the agency follows "strict legal and policy framework" to ensure "activities are authorized, necessary and proportionate."

The NSA did not immediately respond to a request for comment.

"There have been many reported state-sponsored attacks as of late, that all have gained attention in both the media and among businesses," Gemalto said. "This truly emphasizes how serious cyber security is in this day and age."

For more, see PCMag's lineup of The 10 Most Disturbing Snowden Revelations.

About Our Expert

Stephanie Mlot

Stephanie Mlot

Contributor

My Experience

  • B.A. in Journalism & Public Relations with minor in Communications Media from Indiana University of Pennsylvania (IUP)
  • Reporter at The Frederick News-Post (2008-2012)
  • Reporter for PCMag and Geek.com (RIP) (2012-present)

My Areas of Expertise

  • Science & Space
  • Video Streaming Services
  • Social Media
  • Cars & Auto
  • Education

The Tech I Use

  • iPhone 12 Pro
  • MacBook Air (hooked up to a 23-inch Dell monitor)
  • Google Chrome
  • Google Drive
  • Soundcore Life P3 earbuds
  • Various Amazon Echo devices

Read the latest from Stephanie Mlot

Read full bio