Gemalto Does Not Know What It Does Not Know
Comment of the Day

March 02 2015

Commentary by Eoin Treacy

Gemalto Does Not Know What It Does Not Know

This article by Jeremy Scahill for The Intercept may be of interest to subscribers. Here is a section: 

The documents published by The Intercept relate to hacks done in 2010 and 2011. The idea that spy agencies are no longer targeting the company — and its competitors — with more sophisticated intrusions, according to Soghoian, is ridiculous. “Gemalto is as much of an interesting target in 2015 as they were in 2010. Gemalto’s security team may want to keep looking, not just for GCHQ and NSA, but also, for the Chinese, Russians and Israelis too,” he said.

Green, the Johns Hopkins cryptographer, says this hack should be “a wake-up call that manufacturers are considered valuable targets by intelligence agencies. There’s a lot of effort in here to minimize and deny the impact of some old attacks, but who cares about old attacks? What I would like to see is some indication that they’re taking this seriously going forward, that they’re hardening their systems and closing any loopholes — because loopholes clearly existed. That would make me enormously more confident than this response.”

Green says that the Gemalto hack evidences a disturbing trend that is on the rise: the targeting of innocent employees of tech firms and the companies themselves. (The same tactic was used by GCHQ in its attack on Belgian telecommunications company Belgacom.)

“Once upon a time we might have believed that corporations like this were not considered valid targets for intelligence agencies, that GCHQ would not go after system administrators and corporations in allied nations. All of those assumptions are out the window, so now we’re in this new environment, where everyone is a valid target,” he says. “In computer security, we talk about ‘threat models,’ which is a way to determine who your adversary is, and what their capabilities are. This news means everyone has to change their threat model.”

Eoin Treacy's view

This has been a very active few weeks in terms of news flow from the cyber security sector. First we learn from Kaspersky that the firmware of our computers may be infected by an NSA Trojan and there is next to nothing that can be done about it. The story of the Gemalto breach broke last week and opens up the potential that all of our phone calls can be hacked without the least bit of trouble. I’m in awe at the ability of state sponsored operators’ ability to get the information they want but unsettled that we are all so exposed when online. Imagine then how the Chinese feel about these breaches. 

Dutch listed Gemalto (Est P/E 21.8, DY0.52%) continues to hold a progression of higher reaction lows from its October nadir and pushed back above the 200-day MA last week. Considering the import of the above revelations the share has been relatively unaffected. 

Belgian listed Zetes Industries (Est P/E 25.6, DY 1.91%) is in the same sector and  remains in a steep uptrend. The first clear downward dynamic is likely to signal a peak of a least near-term significance. 

China has been looking for a reason to favour domestically manufactured technology and these types of news stories give it the fuel it needs. We can anticipate that the domestic Chinese technology sector is going to become the subject of aggressive state investment to beef up the nation’s ability to meet its own requirements. 

The CSI 300 Information Technology Index is currently testing its 2008 and 2011 peaks and while somewhat overbought in the very short-term, a sustained move below 200-day MA would be required to question medium-term scope for additional upside. 

 

Back to top

You need to be logged in to comment.

New members registration