According to documents provided by NSA whistleblower Edward Snowden the National Security Agency and British Security services worked in conjunction to hack the internal computers of the biggest SIM card provider in the world.
The breach, detailed in a 2010 NSA classified document, targeted a Netherlands company called Gemalto. They provide SIM cards for AT & T, T-Mobile, Verizon, Sprint and some 450 wireless providers around the world. Gemalto produces roughly 2 billion SIM cards a year.
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
Matthew Green is a cryptography specialist at Johns Hopkins University. He says the stolen encryption keys means its "game over" for cellular encryption. The story was first reported by the publication The Intercept.