> nobody cares about how much the NSA stole from Gemalto: whatever Gemalto has and NSA wants, the NSA is most likely to get by simply asking NSA affiliates
This seems at odds with the leaked documents though. Why going to the trouble of compromising a company you've already social-engineered to the max?
Not at all. GCHQ are not usually ones to try just one approach. They often try every approach at once: partly because they can; but mostly for compartmentation; to overwhelm layered defences; and to decrease sensitive source exposure by combining the results of everything they care to try.
The doctrine has been called "penetrating targets' defences" or PTD: that's also the name of their budget/office/department/contracting scheme which is broadly equivalent to NSA's Special Source Operations/Targeted Access Operations, only more aggressive and multi-pronged. It incorporates HUMINT as well as both R&D and operational deployment of advanced technical attacks.
You may see references in the Snowden documents of this (check the bottom), or in their tenders to BAE Detica for their modular botnet software, or elsewhere. Although much of the really juicy or operational stuff is STRAP3 and thus kept off the TS//STRAP2 wiki.gchq (which the NSA have shared access to via their ic.gov portal, and which Snowden dumped - and which, yes, runs a tweaked MediaWiki on PHP).
This seems at odds with the leaked documents though. Why going to the trouble of compromising a company you've already social-engineered to the max?