Gemalto Attack – We Don’t Really Know

I wrote a couple of days ago that The Intercept reported that the SIM and banking card maker Gemalto was hacked by GCHQ and NSA.

Well, now, after just a couple of days, Gemalto says not to worry, everything is cool.    We looked at our logs and while GCHQ might have gotten into our corporate network, we don’t see anything in the logs that show they got into the part of the network where SIM cards are stored and anyway, that would not affect 3G and 4G networks.  Note that they did not say that GCHQ did not get in – just that they don’t see anything in the logs to that effect. 

In addition, they said their security is so good that even GCHQ with NSA’s help could not get in.  Really?  The only network for which that is true is one that is not connected to anything.  Ever.  And I am not sure about that.  Think about Iran’s Stuxnet attack.  That network was not connected to the outside world and we managed to hack that with a couple of thumb drives.

As the cryptographer and privacy advocate Bruce Schneier said (see article) said:

“It makes no sense that in a couple of days they are anything resembling confident that the NSA didn’t break their security. An NSA attack would be undetectable,” Schneier says. Plus, it takes weeks to fully investigate attacks, not days, says Schneier, who is CTO of Co3 Systems.

After all, if you take a group of master hackers like those in NSA’s TAO (tailored access operations) group, surely, you could just look at the logs and see “Kilroy was here”. NOT!

I appreciate that they need to do damage control to salvage the mess that they were placed in by the NSA and maybe what they are saying they actually believe, but to think that in a few days they can definitively say that GCHQ or the NSA was not in here is pure bull.

I suspect we will see more.