Title: DAPINO GAMMA Gemalto Yuaawaa
Release Date: 2015-02-19
Document Date: 2011-01-01
Description: This Wiki page from 2011 details aspects of GCHQ’s DAPINO GAMMA operation against mobile SIM manufacturer Gemalto: see the Intercept article The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle, 19 February 2015.
Document:  Other
Gemalto Yuaawaa - secure file sharing service identified, apparently used by gemalto employees- maybe just as testers?
JTRIG research identified
as a Gemalto Technical Consultant in Prague. Searching in UDAQ revealed an item in
jvhichan email was sent from firstname.lastname@example.org to a number of @gemalto.com email addresses, including
(who is already known to us as a Tech Consultant). Investigation on the internet revealed that Yuuwaa (www.yuuwaa.com)
is a device for storing and sharing files sold by Gemalto. It consists of a USB stick and associated
management software. The device also provides access to online storage using a subscription model. It claims to use 128-bit SSL
to encrypt the traffic to the online storage location. The device is aimed at the general consumer market, so presumably Gemalto
is encouraging its employees to use it. Amusingly, the quotes from "customers” on the website all appear to be from Gemalto
is a Gemalto employee in Singapore. His job title is "Sales - Telecom Solutions and Services". He will shortly
(Feb/March 2011) be moving to Paris (still with Gemalto)
is described as a "Consumer Device - Product Marketing Manager" at La Ciotat (France). He appears to be some sort
of administrator for Yuuwaa, and we have not seen any indication that he will have any data of interest, so he is unlikely to be worth following up.
is "Technical Account Manager METNA-Telecom" and is based in Dubai (from previous knowledge). We did not see
any interesting data in collection, and since we have good coverage of the Dubai office, further investigation is probably
unnecessary at this time.
is "CITO T&I Servers Software/Cloud Computing Innovation WG Chairman" and is not likely to be of interest,
is Account Manager (Middle East) and is based in Dubai (see
appears to be Sales Manager for Gemalto (Thailand). We saw him sending PGP-encrypted output files in
XKEYSCORE. Again, if we ever become more interested in this area, he would certainly be a good place to start.
All other names (other than
For a full list of names, see the CMAPS (I
who was already known about) did not have any useful information or any details of
contacts) under OP HIGHLAND FLING.
• Hopefully some of this information will be useful in future efforts against Gemalto.