Cybersecurity

Spy agencies hacked SIM-card maker's network: Report

Balefire9 | iStock | Getty Images

The U.S. National Security Agency and the U.K.'s Government Communications Headquarters, or GCHQ, hacked the largest SIM card manufacturer's internal computer network and stole its encryption keys, according to documents provided by Edward Snowden to The Intercept from 2010, the website reported Thursday.

Gemalto, a Netherlands-based company, produces about 2 billion SIM cards every year. Some of its clients include AT&T, T-Mobile, Verizon and Sprint, the report said.

GCHQ declined to comment and the NSA did not respond to CNBC's request for comment.

Read More US government pushes companies to address cyberthreats

Biz-Gov cybersecurity collaboration
VIDEO2:5702:57
Biz-Gov cybersecurity collaboration

The Dutch multinational was unaware its network had been hacked, said Paul Beverly, executive vice president at Gemalto, according to the report. "I'm disturbed, quite concerned that this has happened," he said. "What I want to understand is what sort of ramifications it has, or could have, on any of our customers."

The stolen encryption keys allow the hacker (or hackers) to monitor mobile communications without legal approval and without leaving a trail, the report added. "Once you have the keys, decrypting traffic is trivial," Christopher Soghoian, the American Civil Liberties Union's principal technologist, told the website. "The news of this key theft will send a shock wave through the security community."

"We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such [a] highly sophisticated technique to try to obtain SIM card data. From what we gathered at this moment, the target was not Gemalto, per se—it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible," Gemalto said in a statement.

Read the full report here.