I meant to write about this article from The Intercept about GCHQ and the NSA stealing SIM card encryption keys a few days ago but didn't think I had anything to add. This is a very thorough article about the hack of Gemalto and what it means.
The job of the NSA and GCHQ is to break into communications, and they seem to have decided that they will do this using all possible methods.
These agencies are looking to exploit any available avenue for gathering information. Currently when so much information is transferred electronically this is going to involve hacking, wiretapping and breaking encryption.
I find this theft to be rather shocking and shows the power that is available when organisations have ready access to the public's email and other online services.
The weak link here appeared to be email. This is generally sent unencrypted and can be easily read by anyone with access to the wire. How long is it before companies start regularly using email encryption to keep their information safe? Email is not safe and it never has been.
Unfortunately, Gemalto comes out of this looking pretty bad. However, I think they are more of an innocent victim. The NSA and GCHQ were determined to get their hands on the SIM card encryption keys and it would have been difficult for even a secure company to fend off this attack.
This BBC article has Gemalto making bold statements about the hack but I would expect that in any competent hack they would leave no trace, especially if they are just listening to emails sent on the wire rather than getting access inside the company.