How the CIA used Crypto AG encryption devices to spy on countries for decades

Reading between the lines on this, it&#x27;s plainly apparent why there&#x27;s been repeated attacks on encrpytion by the US government. From this, through RSA&#x27;s Dual_EC_DRBG, to the present day, it&#x27;s obvious that the US highly values rigging the deck to aid their decryption, and that the current democratisation of encrpytion protocols is a threat to them.<p>I mean, you only need to read their repeated admissions that without MINERVA their intelligence recovery would&#x27;ve dropped from ~80% to ~10% to see why they&#x27;re trying to play the same game plan again and again. Whether that&#x27;s through puppetmastering encryption companies like in this article, sneaking it in via bribes (RSA&#x27;s Dual_EC_DRBG), or most recently trying to legislate it through (FB, Whatsapp, etc. E2E encryption), it&#x27;s all essentially the same play.<p>As a corollary to all this, it&#x27;s another point of evidence that strong encryption really is beyond the reach of even the biggest three-letter-acronyms, and that there&#x27;s no secret sauce technology out there letting them mass-decrypt everything. If there was, then perhaps there wouldn&#x27;t be such a strong push to rig the deck in the first place. At least that&#x27;s heartening.

It has been known for a pretty long time that the Crypto AG is affiliated with or controlled by intelligence services. It was also always firmly in the &quot;security through obscurity of our own cipher designs&quot; department. Their C-52 (52 as in &quot;1952&quot;) cipher machines were designed to enable decryption by Western intelligence.<p>&gt; Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig manuals after the wishes of the NSA. These claims were vindicated by US government documents declassified in 2015.<p><a href="http:&#x2F;&#x2F;www.spiegel.de&#x2F;spiegel&#x2F;print&#x2F;d-9088423.html" rel="nofollow">http:&#x2F;&#x2F;www.spiegel.de&#x2F;spiegel&#x2F;print&#x2F;d-9088423.html</a> (1996) <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Crypto_AG#Compromised_machines" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Crypto_AG#Compromised_machines</a>

Gives you a sense of why the U.S. intelligence community is so nervous about having Huawei at the core of the domestic 5G network. Would not be fun for the U.S. to have done to them what they&#x27;ve done to others.<p>And as a U.S. resident, even as I acknowledge and deplore what the U.S. intelligence services have done to others, I still don&#x27;t want China to do that to me. This is not an area where equitable (but bad) treatment makes things right IMO.

What a treat to read a well written piece based on decent research. It&#x27;s a long read but well worth your time. Kudo&#x27;s to the journalists who helped uncover it.<p>And the &#x27;coup of the century&#x27; is far from clickbait, it&#x27;s definitionally warranted for what the CIA and BND did here.<p>It&#x27;s a little ironic as well, especially since the US is so keen on blocking Huawei over espionage concerns.

The popular belief is that the CIA and its intelligence colleagues will go to any lengths to protect its power and secrecy. But apparently a Crypto engineer discovered the secret conspiracy in 1977, and even fixed vulnerabilities on behalf of the Syrian state – and the CIA was content to leave him alone for the next 40 years?<p>&gt; <i>In 1977, Heinz Wagner, the chief executive at Crypto who knew the true role of the CIA and BND, abruptly fired a wayward engineer after the NSA complained that diplomatic traffic coming out of Syria had suddenly became unreadable. The engineer, Peter Frutiger, had long suspected Crypto was collaborating with German intelligence. He had made multiple trips to Damascus to address complaints about their Crypto products and apparently, without authority from headquarters, had fixed their vulnerabilities.</i><p>&gt; <i>Frutiger “had figured out the Minerva secret and it was not safe with him,” according to the CIA history. Even so, the agency was livid with Wagner for firing Frutiger rather than finding a way to keep him quiet on the company payroll. Frutiger declined to comment for this story.</i>

Two parts of interest that jumped out to me:<p>&gt; The overlapping accounts expose frictions between the two partners over money, control and ethical limits, with the West Germans frequently aghast at the enthusiasm with which U.S. spies often targeted allies.<p>&gt; Hagelin had once hoped to turn control over to his son, Bo. But U.S. intelligence officials regarded him as a “wild card” and worked to conceal the partnership from him. Bo Hagelin was killed in a car crash on Washington’s Beltway in 1970. There were no indications of foul play.

&gt; U.S. officials were even more alarmed when Wagner hired a gifted electrical engineer in 1978 named Mengia Caflisch. ... But NSA officials immediately raised concerns that she was “too bright to remain unwitting.”<p>Wow, those are words to aspire to

This story was originally reported in CovertAction Quarterly 22 years ago: <a href="https:&#x2F;&#x2F;covertactionmagazine.com&#x2F;wp-content&#x2F;uploads&#x2F;2020&#x2F;01&#x2F;CAQ63-1997-4.pdf" rel="nofollow">https:&#x2F;&#x2F;covertactionmagazine.com&#x2F;wp-content&#x2F;uploads&#x2F;2020&#x2F;01&#x2F;...</a> (Page 36)

It follows that private VPN firms would be a similar target for deep pocketed state intelligence agencies. What do you think the chances are that the VPN service or software you use hasn&#x27;t been co-opted, compromised or is outright owned by state actors in China, Europe or the US?

It certainly does make one wonder who else in the worlds of high technology (and journalism!) May be – wittingly or unwittingly – working for Uncle Sam.<p>I&#x27;ve seen some deep integrations that have made me despair of any organization being free from the overweening influence of the &quot;security services.&quot; I&#x27;m talking about groups as large as multi-billion dollar public US technology infrastructure companies and as small as anarchist cells planning to attend a political convention.<p>Sometimes it seems that internal turf battles, budget disputes, careerism, and rank incompetence are our only protections against the machinations of the National Security State.

The same report by the ZDF (second german television): <a href="https:&#x2F;&#x2F;www.zdf.de&#x2F;nachrichten&#x2F;politik&#x2F;cryptoleaks-bnd-cia-operation-rubikon-100.html" rel="nofollow">https:&#x2F;&#x2F;www.zdf.de&#x2F;nachrichten&#x2F;politik&#x2F;cryptoleaks-bnd-cia-o...</a>

The CIA&#x27;s current strategy is placing spies in all major tech companies: <a href="https:&#x2F;&#x2F;news.yahoo.com&#x2F;shattered-inside-the-secret-battle-to-save-americas-undercover-spies-in-the-digital-age-100029026.html" rel="nofollow">https:&#x2F;&#x2F;news.yahoo.com&#x2F;shattered-inside-the-secret-battle-to...</a>

Being able to read diplomatic messages is a definite gold-mine.<p>Of course, knowing the contents of diplomatic messages isn&#x27;t always enough. A good example is described in Peter Wright&#x27;s Spycatcher: the Brits were breaking the French diplomatic cipher, using an ingenuous attack on the electromagnetic noise of the cipher machine in the embassy. But all this intelligence was unable to stop De Gaulle thwarting their entering the European Common Market.

This article has made me decide to never mistake Huawei&#x27;s ties to Chinese government surveillance for US political nonsense ever again.<p>I may not like our current US president, but it doesn&#x27;t mean he can&#x27;t use truths as political instruments.<p>Due to China&#x27;s and Russia&#x27;s human rights abuses, they are who I dislike the most. It might be by a small margin, but I would feel more comfortable having the CIA and NSA spy on me any day, than China or Russia.<p>What&#x27;s wild is that I know many in China would feel the same way - but in the reverse.

&gt;Their [Soviet Union &amp; China] well-founded suspicions of the company’s ties to the West shielded them from exposure, although the CIA history suggests that U.S. spies learned a great deal by monitoring other countries’ interactions with Moscow and Beijing.<p>Fascinating use of &#x27;negative space&#x27; in intelligence. Also appreciated the dig at Reagan, apparently gross intelligence breaches at the highest levels aren&#x27;t anything novel.

Related question: do modern diplomats&#x2F;negotiators automatically assume their comms are compromised? Are their &quot;secure&quot; lines ever truly secure? Surely they know the NSA&#x2F;CIA would be listening.

<a href="https:&#x2F;&#x2F;outline.com&#x2F;tTTmh6" rel="nofollow">https:&#x2F;&#x2F;outline.com&#x2F;tTTmh6</a><p>And<p><a href="http:&#x2F;&#x2F;archive.is&#x2F;1w61P" rel="nofollow">http:&#x2F;&#x2F;archive.is&#x2F;1w61P</a>

A slightly related article is this [1].<p>[1] <a href="https:&#x2F;&#x2F;www.bell-labs.com&#x2F;usr&#x2F;dmr&#x2F;www&#x2F;crypt.html" rel="nofollow">https:&#x2F;&#x2F;www.bell-labs.com&#x2F;usr&#x2F;dmr&#x2F;www&#x2F;crypt.html</a>

TL;DR Swiss firm Crypto AG sold tech to governments for decades, but turns out to be owned and operated by CIA and BND who benefited from backdoors. From their POV, a wildly successful operation, beyond imagination.<p>&gt; At times, including in the 1980s, Crypto accounted for roughly 40 percent of the diplomatic cables and other transmissions by foreign governments that cryptanalysts at the NSA decoded and mined for intelligence, according to the documents.

Makes you wonder about other Swiss based encryption providers like Proton Mail?<p>Proton Mail would be a great honey pot for the CIA.

Same story from the Associated Press: <i>Switzerland investigating alleged CIA, German front company</i> - <a href="https:&#x2F;&#x2F;apnews.com&#x2F;fbd5fe4261c8b326f860936de7c32a87" rel="nofollow">https:&#x2F;&#x2F;apnews.com&#x2F;fbd5fe4261c8b326f860936de7c32a87</a>

Would be cool if the Agency did relatively more of this kind of thing and relatively less of, for example, paying psychotic Afghan pedophile warlords hundreds of millions of dollars for reneged-upon power sharing agreements and HUMINT of dubious value.

It has long been known that the NSA had their hooks into Crypto AG; for example, that&#x27;s how they managed to intercept Libyan communications. What&#x27;s new is the report that the CIA actually partly owned the company.

My new startup focuses on human nervous system faraday cages embedded into next generation fashion technology. This tech covers your entire body, keeping you safe from remote scans, and includes realistic facial and body disguises. For your safety, our tech constantly scans your thought patterns and memories and keeps them safe with a static filled triple scrambled encryption method, and encodes them into specially placed augmented cellular technology at undisclosed locations in the body.<p>For funding, please visit <a href="https:&#x2F;&#x2F;CE.YA&#x2F;" rel="nofollow">https:&#x2F;&#x2F;CE.YA&#x2F;</a>

Can anyone here point out an actual case where the NSA was able to break or legitimately hack someone&#x27;s crypto? I was under the impression that their track record was basically nil on this, and that virtually every instance of them spying on encrypted info boiled down to some sort of inside job that actually resulted in the encryption being weakened or thwarted. People speak about these guys like they have off the charts abilities, yet the available evidence is not so indicative of that. Just looks like a big government operation kinda bumbling along to me.

There may be some new documents available now, but the story as such seems to have been known for a while. I first learned of it last summer while reading some of the drafts for Ross Anderson&#x27;s update of his excellent <i>Security Engineering</i>.<p>See chapter 26, <a href="https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~rja14&#x2F;book.html" rel="nofollow">https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~rja14&#x2F;book.html</a>

There was a documentary about this company and other surveillance topics aired on Swiss TV in last November.<p><a href="https:&#x2F;&#x2F;www.rts.ch&#x2F;dossiers&#x2F;la-suisse-sous-couverture&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.rts.ch&#x2F;dossiers&#x2F;la-suisse-sous-couverture&#x2F;</a><p>It&#x27;s in French and may not be accessible outside Switzerland but I highly recommend it.

It&#x27;s weird this article talks like this is new information. I guess it&#x27;s not probably not widely known, but this stuff was discussed in James Bamford&#x27;s Puzzle Palace, published in the early 1980&#x27;s (nearly 35 years ago).

John Schindler (Former NSA) has hinted Signal isn&#x27;t secure either...

This is one of the reasons why my tinfoil hat has been shinier than ever;

I’m surprised no one is talking about all the companies that have In-Q-Tel as an investor.

Anyone have a link to the leaked doc referenced in the article?

And that&#x27;s why we can&#x27;t trust Uncle Sam with backdoors. You bet your ass they&#x27;ll be reading <i>everything</i> and we won&#x27;t find out for decades, if ever.

Is there a list somewhere of companies who are known to have bought and installed Crypto AG devices?

I have to disagree with the headline. The &quot;intelligence coup of the century&quot; came much earlier, during WWII.<p>The Allies were reading a good deal of both Japanese and German encrypted communications. This saved the lives of many Allied solders and, perhaps, tipped the balance of the war.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Magic_(cryptography)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Magic_(cryptography)</a> <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Ultra" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Ultra</a><p>David Kahn&#x27;s book, the Codebreakers, is a good introduction to cryptography and has a lot of this history in it.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Codebreakers" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;The_Codebreakers</a>