Lorenzo Franceschi-Bicchierai, Vice:
In the press release, Gemalto refers to two “sophisticated” hacking attempts it detected in 2010 and 2011, which at the time it didn’t think were coming from NSA or GHCQ. But now, given the Snowden documents, the company believes those attacks actually came from the spy agencies.
The two “sophisticated” attacks are described pretty vaguely. The statement refers to one attempt to “spy on the office network” of one of Gemalto’s French sites, and another involving emails that tried to trick receivers into installing malware.
But for Ronald Prins, the founder of Dutch security firm Fox-IT, Gemalto has “no clue if the traces they’ve seen were from the NSA,” since the spy agency is “very good” at removing evidence of its attacks, and using phishing emails with malware is not the way the NSA hacks its targets.
Apparently, Gemalto thinks it can dust its hands after six days of investigation and they think it’s sufficiently thorough. Weak.