(Reuters) - Digital security company Gemalto NV was hacked by American and British spies to steal encryption keys used to protect the privacy of cellphone communications, news website Intercept reported, citing documents provided by whistleblower Edward Snowden.
The hack by the National Security Agency (NSA) and UK’s Government Communications Headquarters (GCHQ) allowed the agencies to monitor a large portion of voice and data mobile communications around the world without permission from governments and telecom companies, according to the report.
A GCHQ spokesperson said the agency did not comment on intelligence matters. NSA could not be immediately reached for comment.
Gemalto makes smart chips for mobile phones, bank cards and biometric passports and counts Verizon and AT&T Inc among its 450 wireless network provider customers around the world.
The Franco-Dutch company did not say if it was hacked.
“From what we gathered at this moment, the target was not Gemalto, per se - it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible,” a Gemalto spokeswoman said in an email.
“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data,” she said.
The breach was detailed in a secret 2010 GCHQ document, Intercept said. (bit.ly/19E0KUK)
“GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate,” a spokesperson said in a statement emailed to Reuters.
Published by First Look Media, Intercept was founded by U.S. documentary maker Laura Poitras, investigative reporter Jeremy Scahill and Glenn Greenwald, who made headlines with his reporting on U.S. electronic surveillance programs.
Reporting by Abhirup Roy and Supantha Mukherjee in Bengaluru