On February 25, 2015 in Amsterdam, following the a report by a news site on February 19, 2015, Gemalto has carried out a methodical examination, based on two features: the alleged NSA and GCHQ files which were posted publicly by this site, and the inside examination gadgets and their previous records of attempted attacks.
The posted files are genuine and talk accurately about the events that took place from 2010 to 2011.
As a digital safety firm, cyber criminals have tried to hack Gemalto quite frequently. These infringement attempts are usually sophisticated and the company is habitual of them. Most of them are not that successful but a few of these attempts do infiltrate the exterior of the very safe network infrastructure of the company.
Looking back at the time period covered up by these files from the NSA and GCHQ, it can be confirmed that many hacks have taken place on the company.
On June 2010, chary movements were noted on one of the French sites of the company where an intruder was attempting to spy on the network. The networks are a means of communication between the company staff and the rest of the world. Action was instantly taken to end the menace.
On July 2010, a second occurrence was recognized by the company’s Security. This occupied fake mails received by the company’s mobile operative users spoofing the actual Gemalto e-mail address. The fake mails had in them an attachment that caused a harmful code to be downloaded. Users and relevant establishments were instantly notified of both the incident and the kind of malware used.
At about the same time, the company’s security team caught hackers trying to enter the computers of Gemalto staff who had maintained frequent contact with clients.
At the time the company was not able to spot the criminals but it is suspected that they belong to the NSA and GCHQ. These infringements had only affected the exteriors of the networks, the office networks, which were linked to the outside world. The SIM encryption tools and other client information was not on these networks. It is significant to understand that the network infrastructure is made like a hybrid between an orange and a cabbage; it has numerous layers and sections that help to group and segregate information.
While the interferences were grim, sophisticated hacks, nothing was noticed in other sections of the company’s networks. No infringements were found in the architecture running the SIM movements or in other segments of the networks which run other items such as bank cards, Identification cards or digital pass ports.
It is very hard to distantly hack a large amount of SIM cards on an personal basis. This fact, joined with the compound infrastructure of the company’s networks explains why the surveillance services chose to aim at the information as it was translated between provider and mobile workers.
