Rights groups around the world criticise US and UK spies for hacking into the Dutch sim card manufacturer, Gemalto's encryption keys, providing unrestricted access to mobile communications around the globe. Suspected to have made this attack, the NSA and GCHQ were told not to take the law into their hands.
The new reports produced by Edward Snowden, the NSA whistleblower, claimed that the two spy agencies hacked into the largest sim card manufacturer, Gemalto and secretly monitored data and voice calls by stealing its encryption keys. The documents also revealed that the intercept provided the agencies the privilege to monitor chunks of cellular data across the world, infringing international laws.
The target sim card company, Gemalto operates in 85 countries and produces about 2 billion sim cards for clients such as Sprint, Verizon, AT&T and T-Mobile. "This mass sim hacking allegation seems be just the latest disturbing revelation about how GCHQ has overreached", Rachel Logan, UK's legal director told the officials. She also said that such agencies claim to be obeying the law but end up getting caught in court.
The covert operation stole Gemalto's encrypted keys by targeting the Facebook and email accounts of key Gemalto executives and other employees. They intercepted a message sent by a Gemalto employee in Thailand which contained valuable information in the encrypted format. "They have the functional equivalent of our house keys," a staff attorney at the Electronic Frontier Foundation, Mark Rumold said.
The Obama administration is still recovering from the Snowden leak's damage and this breach will have serious impact on the diplomatic community.
"The problem is that the attacks could still be ongoing"said Matthew Green, a cryptologist at the Johns Hopkins Information Security Institute. According to Tim Berners-Lee, "the agencies think that they are above the law". Although 3G and 4G networks are encrypted, the experts say that the encryption keys can provide access to phone calls unless it is protected with an additional layer of encryption.