Gemalto Has No Clue Whether It Was Hacked by the NSA

Gemalto has “reasonable grounds” to think that the NSA and GCHQ hacked it, but does the company actually have any clue?

Last week, new documents leaked by Edward Snowden revealed one of the NSA and GCHQ's most daring operations: the heist of thousands of encryption keys from cellphone SIM card maker Gemalto, which potentially gave the spy agencies the ability to eavesdrop on the phone calls of millions of people all over the world.

Now, Gemalto says it's done a "thorough" investigation and has "reasonable grounds" to believe it was, indeed, hacked by the American and British spies—but the company goes out of the way to downplay the breach.

"The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys," the company said in a press release published on Wednesday. This would mean that the attackers couldn't have gained the ability to eavesdrop on cellphone calls.

But cybersecurity experts are very skeptical of Gemalto's conclusions.

In the press release, Gemalto refers to two "sophisticated" hacking attempts it detected in 2010 and 2011, which at the time it didn't think were coming from NSA or GHCQ. But now, given the Snowden documents, the company believes those attacks actually came from the spy agencies.

The two "sophisticated" attacks are described pretty vaguely. The statement refers to one attempt to "spy on the office network" of one of Gemalto's French sites, and another involving emails that tried to trick receivers into installing malware.

But for Ronald Prins, the founder of Dutch security firm Fox-IT, Gemalto has "no clue if the traces they've seen were from the NSA," since the spy agency is "very good" at removing evidence of its attacks, and using phishing emails with malware is not the way the NSA hacks its targets.

Prins would know, since he was part of the investigation into the GCHQ hack on the Belgian telecom provider Belgacom.

"That's not the way we've seen the NSA work, which is very much more sophisticated," Prins told Motherboard.

Gemalto seems to conclude that since it only detected hacking attempts into its networks' outer layer, there were no breaches into their more sensitive internal network—but experts aren't sold.

"It's possible that they only breached office network," Matthew Green, a cryptography professor at a Johns Hopkins University, told Motherboard. "But what we know is that these organizations are pretty good at quietly hacking things."

In other words, Gemalto might never really find out how badly it got hacked.

Moreover, some are surprised at the quickness of Gemalto's investigation, given that these type of probes usually take weeks or months. The investigation on the Belgacom attack, for example, took months, and its results aren't even out yet. Same with the Sony hack—it took weeks to hear from the authorities, and Mandiant, the firm hired to investigate it, has yet to release any public information on it.

"I cannot imagine that they've actually done a thorough forensic [investigation] into their current network," Prins said, adding that it seems the company just analyzed the results of previous investigations.

Green, the cryptographer, also said he was "very dubious" of Gemalto's claim that even in the case of an "eventual key theft" only old-generation 2G networks would be vulnerable, and not more recent 3G or 4G networks—which would mean only a small fraction of users were affected.

"Technically I have no idea what they're talking about," he said, adding that the whole point of the SIM heist was to get access to the keys that would allow NSA and GCHQ to bypass the encryption on 3G and 4G phone calls, allowing the agencies to spy on phone calls that were supposed to be secure. "If they're confident that those keys could not have been stolen, then they should explain why," Green added. "Probably this is just 'we don't have any evidence that those keys were stolen.'"

Asked about this, a Gemalto spokesperson said that thanks to the "introduction of proprietary algorithms" and the "additional encryption" on 3G and 4G SIM cards, the NSA and GCHQ—even if they stole the encryption keys— "would not be able to connect to the networks and consequently would be unable to spy on communications."

Gemalto is also vague about how it's trying to avoid similar attacks in the future. So if you're worried that your cellphone communications could be eavesdropped, "encryption is key," Prins said. Not the encryption provided by the SIM card, Prins added, but rather an "extra layer" of protection provided by end-to-end encryption apps such as RedPhone, or Signal.

It's unclear if Gemalto's veiled admission that it was hacked by the NSA and GCHQ will lead to legal actions or any sort of repercussions to the American and British governments. The Belgacom hack, which was a similar attack on a company based in a Western country, has so far resulted in nothing more than outrage within the security community.

In other words, we still know very little about Gemalto's hack -- and chances are we won't know much more anytime soon.

"We do not plan to communicate further on this matter," Gemalto wrote at the end of its wordy press release, "unless a significant development occurs."

UPDATE 02/25/2015, 12:05: This story has been updated to include Gemalto's response to Motherboard questions on its press release. Gemalto also declined to say what its new "highly secure exchange processes" to transmit data with its customers actually consists of, saying that it's "confidential information." And the company also declined to say how many of its customers had implemented these methods in 2010.