* U.S., UK spies hacked SIM card maker Gemalto's system-Intercept
* News website cites documents from Edward Snowden
* Says gave spies ability to monitor calls on billions ofphones
* Franco-Dutch firm Gemalto says it is investigating report (Adds information from European security source)
By Eric Auchard
FRANKFURT, Feb 20 (Reuters) - U.S. and British spies hackedinto the world's biggest maker of phone SIM cards, allowing themto potentially monitor the calls, texts and emails of billionsof mobile users around the world, an investigative news websitereported.
The alleged hack on Gemalto, if confirmed, wouldexpand the scope of known mass surveillance methods available toU.S. and British spy agencies to include not just email and webtraffic, as previously revealed, but also mobile communications.
The Franco-Dutch company said on Friday it was investigatingwhether the U.S. National Security Agency (NSA) and Britain'sGCHQ had hacked into its systems to steal encryption keys thatcould unlock the security settings on billions of mobile phones.
The report by The Intercept site, which cites documentsprovided by former NSA contractor Edward Snowden, could prove anembarrassment for the U.S. and British governments. It opens afresh front in the dispute between civil liberties campaignersand intelligence services which say their citizens face a gravethreat of attack from militant groups like Islamic State.
It comes just weeks after a British tribunal ruled that GCHQhad acted unlawfully in accessing data on millions of people inBritain that had been collected by the NSA.
The Intercept report (http://bit.ly/19E0KUK) said the hackwas detailed in a secret 2010 GCHQ document and allowed the NSAand GCHQ to monitor a large portion of voice and data mobilecommunications around the world without permission fromgovernments, telecom companies or users.
"We take this publication very seriously and will devote allresources necessary to fully investigate and understand thescope of such sophisticated techniques," said Gemalto, whoseshares sunk by as much as 10 percent in early trading on Friday,following the report.
The report follows revelations from Snowden in 2013 of theNSA's Prism programme which allowed the agency to access emailand web data handled by the world's largest Internet companies,including Google, Yahoo and Facebook.
A spokeswoman for Britain's GCHQ (Government CommunicationHeadquarters) said on Friday that it did not comment onintelligence matters. The NSA could not be immediately reachedfor comment.
A European security source said that mobile devices werewidely used by terrorist groups and that intelligence agencies'attempts to access the communications were justified if theywere "authorised, necessary and proportionate." The source didnot confirm or deny that the documents were from GCHQ.
The source also said Western agencies would sometimes holdon to data over time in order to decrypt the communications ofspecific intelligence targets.
The source added that wireless networks in Iran, Afghanistanand Yemen were viewed as having significance intelligence value.These were identified by the Intercept as countries whereBritain's GCHQ intercepted encryption keys used by localwireless network providers.
SURVEILLANCE
The new allegations could boost efforts by major technologyfirms such as Apple Inc and Google to make strongencryption methods standard in communications devices they sell,moves attacked by some politicians and security officials.
Leaders including U.S. President Barack Obama and BritishPrime Minister David Cameron have expressed concern that turningsuch encryption into a mass-market feature could preventgovernments from tracking militants planning attacks.
Gemalto makes SIM (Subscriber Identity Module) cards forphones and tablets as well as "chip and pin" bank cards andbiometric passports. It produces around 2 billion SIM cards ayear and counts Verizon, AT&T Inc and Vodafone among hundreds of wireless network provider customers.
The European security source said that an assertion by TheIntercept that GCHQ had taken control of Gemalto's internalnetwork was speculative and not supported by documentationpublished by the website.
The Intercept, published by First Look Media, was founded bythe journalists who first interviewed Snowden and made headlinesaround the world with reports on U.S. electronic surveillanceprogrammes.
It published what it said was a secret GCHQ document thatsaid its staff implanted software to monitor Gemalto's entirenetwork, giving them access to SIM card encryption keys. Thereport suggested this gave GCHQ, with the backing of the NSA,unlimited access to phone communications using Gemalto SIMs.
French bank Mirabaud said in a research report the attacksappeared to be limited to 2010 and 2011 and were aimed only atolder 2G phones widely used in emerging markets, rather thanmodern smartphones. It did not name the source of theseassertions.
Some analysts argued that if a highly security-consciouscompany like Gemalto is vulnerable, then all of its competitorsare as well.
Gemalto competes with several European and Chinese SIM cardsuppliers. A spokesman for one major rival, Giesecke & Devrienof Germany, told Reuters: "We have no signs that something likethat happened to us. We always do everything to protect ourcustomers' data."
But while security experts have long believed spy agenciesin many countries have the ability to crack the complexmathematical codes used to encrypt most modern communications,such methods remain costly, limiting their usefulness totargeted hijacking of individual communications.
(Additional reporting by Abhirup Roy and Supantha Mukherjee inBengaluru; Leigh Thomas, Cyril Altmeyer, Blaise Robinson andNicholas Vinocur in Paris, Mark Hosenball in Washington,; JensHack in Munich; and Harro ten Wolde in Frankfurt; Editing byAndrew Callus and Pravin Char)