NSA Mass Cell-Phone SIM Hack... or maybe not

[Steve_MB]

Currently, the SIM manufacturer identified as a target in the latest round of Snowden whistleblower leaks claims that their keys are still safe:

The firm allegedly hacked by the NSA and GCHQ has stated that it cannot find any evidence that the US and UK security services breached and stole the encryption keys billions of Sim cards.

The alleged hack was revealed by documents from the NSA files provided by Edward Snowden, which detailed attacks on Gemalto – the world’s largest Sim card manufacturer – which allegedly saw them steal encryption keys that allowed them to secretly monitor voice calls and data from billions of mobile phones around the world…

The possibilities would appear to be:

1. There never was a hack – the leaked document describes a plan that never came off in reality.

2. There was a hack, but it didn’t get the SIM security keys.

3. There was a hack, it got the SIM security keys, Gemalto doesn’t realize the full extent of the intrusion.

4. There was a hack, it got the SIM security keys, Gemalto is in self-defensive coverup mode.

The question becomes: Is there a way to independently determine which of the possible scenarios actually played out?

[Stringbean]

If the US government wants it, the US government gets it.

Gemalto is almost assuredly in self-defense mode and the government obviously will call Snowden the bad guy, once again, whilst the security apologists explain that having no privacy is a good thing for all of us.

[theR]

The attack was allegedly about five years ago. There is no company that could effectively investigate an incident that old, particularly in the small number of days Gemalto had before they started issuing press releases saying everything was fine.