We have presented a simple-to-implement known-plaintext at-
tack on the A5/1 stream cipher, and given an implementation
on a small FPGA. The attack is novel over previous attacks
in that it needs only a very small amount of plaintext frame
data. A distributed implementation on specialized hardware
was projected to derive a key within half a minute on the av-
erage. We conclude that the A5/1 algorithm is not secure for
longer phone calls.
Actually I didn't know it was feasible for non-government groups to crack GSM... but it seems to be...
Further info on this wiki. There is even a video available, from the 2007 CCC convention.