British and American spies stole the encryption keys from the largest SIM card manufacturer in the world to eavesdrop on calls, a US news website says.
Calls made on the 3G and 4G networks are encrypted – but by stealing the keys, intelligence agencies were able to monitor mobile phone communications without the permission or knowledge of customers, phone companies and foreign governments.
The UK intelligence agency Government Communications Headquarters (GCHQ) teamed up with the US’ National Security Agency (NSA) to target Dutch SIM card manufacturer Gemalto.
The company creates around two billion SIM cards annually for 450 wireless networks around the world.
It is believed that employees of Gemalto had their emails penetrated after being contacted via Facebook.
In one GCQH slide cited by The Intercept, the agency said it had access to Gemalto’s “entire network”.
A spokesman for Gemalto said the firm will “devote all resources necessary” to understand the “sophisticated techniques” used to get the SIM card data.
The breach was revealed in documents handed to The Intercept, a website edited by Glenn Greenwald and owned eBay founder Pierre Omidyar.
The GCHQ document cited – dated 2010 – states that the operation allowed it and the NSA to monitor phone activity without leaving a trace.
Gaining decryption keys also meant that previously uncrackable information held by the agencies could be understood.
GCHQ said it does not comment on intelligence matters, but said all of its work is legal.