Swiss government orders inquiry after revelations Crypto AG was owned and operated by US and German intelligence
www.theguardian.com
CIA controlled global encryption company for decades, says report
Swiss government orders inquiry after revelations Crypto AG was owned and operated by US and German intelligence
Julian BorgerLast modified on Tue 11 Feb 2020 20.55 GMT
‘It was the intelligence coup of the century,’ the CIA report concluded. Photograph: Saul Loeb/AFP/Getty Images
The Swiss government has ordered an inquiry into a global encryption company based in Zug following revelations it was owned and controlled for decades by US and German intelligence.
Encryption weaknesses added to products sold by Crypto AG allowed the CIA and its German counterpart, the BND, to eavesdrop on adversaries and allies alike while earning million of dollars from the sales, according the
Washington Post and the German public broadcaster
ZDF, based on the agencies’ internal histories of the intelligence operation.
“It was the intelligence coup of the century,” the CIA report concluded. “Foreign governments were paying good money to the US and West
Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
The mention of five or six countries is probably a reference to the
Five Eyes electronic intelligence sharing agreement between the US, UK, Canada, Australia and New Zealand.
The operation, codenamed Thesaurus and then renamed Rubicon in 1980s, demonstrated the overwhelming intelligence value of being able to insert flaws into widely sold communications equipment. The CIA’s success over many years is likely to reinforce current US suspicions of equipment made by the Chinese company
Huawei.
Neither China or the Soviet Union bought Crypto encryption devices, suspicious of the company’s origins, but it was sold to more than 100 other countries.
Carolina Bohren, a spokeswoman for the Swiss defence ministry, said in an emailed statement: “The events under discussion date back to 1945 and are difficult to reconstruct and interpret in the present day context.”
Bohren said that following media inquiries about the company, the Swiss government appointed a former federal supreme court judge, Niklaus Oberholzer, in January to “investigate and clarify the facts of the matter” and report back to the defence ministry in June.
Meanwhile, Switzerland has suspended foreign sales of Crypto products.
At their height, Operations Thesaurus and Rubicon provided the US with a powerful intelligence edge. When Anwar Sadat and Menachem Begin were hosted by the former president Jimmy Carter at Camp David in 1978 to negotiate an Egyptian-Israeli peace accord, the US was able to monitor all Sadat’s communications with Cairo.
Iran was also a Crypto customer, allowing CIA and the National Security Agency (NSA) to spy on the revolutionary government in Tehran during
the 1979 hostage crisis. US intelligence was also able to eavesdrop on Libyan officials congratulating each other on
the 1986 bombing of a Berlin disco.
According to the CIA’s history, the US passed on intercepted communications about Argentinian military plans to the UK during the Falklands war, exploiting Argentina’s reliance on Crypto encryption equipment.
The CIA and BND agreed the purchase of Crypto in 1970 but, fearing exposure, the BND sold its share of the company to the US in the early 1990s. According to the Washington Post, the
CIA continued to exploit the company until 2018, when it sold the company’s assets to two private companies.
One of those companies, CyOne Security, which is run by former top Crypto employees, issued a statement saying it could not comment on Crypto’s history.
“CyOne Security AG was founded in January 2018. The company operates exclusively in the Swiss market with a focus on state-of-the art security solutions for customers from the Swiss public sector,” the statement said. “Since the start of its business activities, CyOne Security has been 100% owned by four Swiss private individuals. It is completely independent of the former Crypto AG. CyOne Security has no ties with any foreign intelligence services.”
The firm did not respond to follow-up questions over how it could be completely independent of Crypto, having inherited its top staff.
Crypto’s foreign sales business was sold to a Swedish entrepreneur, Andreas Linde. He did not immediately respond to a request for comment but expressed shock when informed by journalists last month about Crypto’s history.
“If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers,” Linde was quoted as saying by the Washington Post, which described him as “visibly shaken”.
In a later interview, Linde said his company was checking all its products for hidden vulnerabilities.
“We have to make a cut as soon as possible with everything that has been linked to Crypto,” he said.
Crypto’s origins lie in the great conflicts of the 20th century. Its founder, Boris Hagelin, was born in Russia but fled to Sweden during the Russian Revolution. He escaped to the US when the Nazis invaded Norway in 1940, and sold his portable encryption machine to US forces.
In the US, Hagelin became friends with William Friedman, who is considered the father of American cryptology, and they remained close after Hagelin moved his company to Switzerland after the war. The two men made a secret agreement in 1951, in the Cosmos Club in Washington, to restrict sales of its sophisticated encryption products to countries approved by the US.
When encryption technology evolved from mechanical to electronic in the 1960s, the NSA manipulated the algorithms used by Crypto devices, so they could be quickly decoded. The company started making two versions of its machines – secure models sold to friendly governments and rigged systems for everyone else – before being taken over outright by the CIA and the BND.
The security of Crypto equipment began arousing suspicions after Ronald Reagan made public claims about US intercepts of Libyan officials involved in the
1986 bombing of the Berlin disco, La Belle. Iranian intelligence became suspicious and questioned a Crypto salesman, Hans Buehler, but took no action until about six years later, when they arrested Buehler as he was about to fly out of Tehran. Iran released him only after the company agreed to pay $1m, with funds provided by the BND.
Most of Crypto’s workforce was unaware of the company’s secret, but in 1977, an engineer who had grown suspicious of its algorithms was fired after he traveled to Damascus and fixed the vulnerabilities in the firm’s products operated by the Syrian government.
The link between US intelligence and Crypto was first reported by the
Baltimore Sun in 1995, leading several countries to stop buying from the company. Bizarrely, however, Iran continued to purchase Crypto equipment for several years. Asked why he had not asked more questions about the company he was buying, Linde, the new owner of Crypto International, said he viewed the allegations as “just rumours”.
As 2020 begins…
… we’re asking readers, like you, to make a new year contribution in support of the Guardian’s open, independent journalism. This has been a turbulent decade across the world – protest, populism, mass migration and the escalating climate crisis. The Guardian has been in every corner of the globe, reporting with tenacity, rigour and authority on the most critical events of our lifetimes. At a time when factual information is both scarcer and more essential than ever, we believe that each of us deserves access to accurate reporting with integrity at its heart.
More people than ever before are reading and supporting our journalism, in more than 180 countries around the world. And this is only possible because we made a different choice: to keep our reporting open for all, regardless of where they live or what they can afford to pay.
We have upheld our editorial independence in the face of the disintegration of traditional media – with social platforms giving rise to misinformation, the seemingly unstoppable rise of big tech and independent voices being squashed by commercial ownership. The Guardian’s independence means we can set our own agenda and voice our own opinions. Our journalism is free from commercial and political bias – never influenced by billionaire owners or shareholders. This makes us different. It means we can challenge the powerful without fear and give a voice to those less heard.
None of this would have been attainable without our readers’ generosity – your financial support has meant we can keep investigating, disentangling and interrogating. It has protected our independence, which has never been so critical. We are so grateful.
As we enter a new decade, we need your support so we can keep delivering quality journalism that’s open and independent. And that is here for the long term. Every reader contribution, however big or small, is so valuable.
Support The Guardian from as little as CA$1 – and it only takes a minute. Thank you.
www.guancha.cn
