Is hacking of Gemalto SIM cards a surprise?

According to a report written in 2010 and 2011, the GCHQ and the NSA hacked SIM card encryption keys engraved in French company Gemalto (GTO). The announcement caused the GTO stock to slump by more than 9 percent in intraday session on February 20, 2015, before closing minus 3.7 percent. The media largely covered the news that has put the world leader in digital security in an awkward situation. With revenue worth 2.4 billion euros in 2013 and 12,000 employees, GTO offers “trusted and convenient digital services” worldwide thanks to its own “sites in operations” in 44 different countries.  While most of the media believes the GCHQ-NSA joint operation did take place, GTO has sounded more cautious in its communiqué.

First, “the publication indicates the target was not GTO per se,” second, it will need time and careful investigation to verify the findings and “the scope of such sophisticated techniques.” GTO also recalled it “had no prior knowledge that these agencies were conducting this operation.” Of course what these intelligence agencies do is classified. However there was and there is still widespread knowledge that such agencies are testing every possibilities to listen to mobile communications given their value, from business or national security standpoints. Within the framework of this state sponsored global cyber effort, it thus seemed very logical that GTO SIM cards have been targeted. It once more proved cyber security has to be a serious day-to-day preoccupation “in this day and age”, but in the end, this revelation about GTO did not really come as a surprise. Breaking codes is the “raison d’être” of these intelligence agencies.