The digital security company said the attacks breached its office networks but did not result in a massive theft of SIM encryption keys. The operation was allegedly intended to intercept the encryption keys as they were exchanged between mobile operators and suppliers.
“The sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA [the US’ National Security Agency] and GCHQ [the UK’s Government Communications Headquarters] probably happened,” said the company.
Gemalto conducted an investigation after The Intercept reported last week that US and UK intelligence spies allegedly hacked into its computer network, citing documents from former NSA contractor Edward Snowden.
Gemalto said that by the time the attacks took place, it had “already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft.”
The company said the intrusions only affected the external parts of its networks – its office networks – which are in contact with the outside world and nothing was detected in other parts of its network.
Reiterating its commitment to providing the best security levels, Gemalto said state agencies have the resources and support that go far beyond that of typical hackers and criminal organisations.
“We are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion,” it said.