According to the latest release from the Edward Snowden cache, the hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.
It all happened in 2010 when GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s mobiles, including both voice and data.
Gemalto, a multinational firm incorporated in the Netherlands, makes chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.
It makes two billion SIM cards a year and with the stolen encryption keys, intelligence agencies could monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.
British spies mined the private communications of unwitting engineers and other company employees in multiple countries.
Apparently, Gemalto did not notice and still cannot work out how it was done.
According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ access.