Too many holes in this backdoor - Swiss Cryptography company under investigation for ties with the CIA

[williamcll]

Crypto AG, a company responsible for many encryption technology globally for the past few decades has been recently revoked of their export license as well as being investigated for connections with the CIA. It should be known that the company has been previously criticized for selling compromised/backdoored machines for years.

Quote

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software. The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.

 

“It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.” From 1970 on, the CIA and its code-breaking sibling, the National Security Agency, controlled nearly every aspect of Crypto’s operations — presiding with their German partners over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets. Then, the U.S. and West German spies sat back and listened. They monitored Iran’s mullahs during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

 

There were also security breaches that put Crypto under clouds of suspicion. Documents released in the 1970s showed extensive — and incriminating — correspondence between an NSA pioneer and Crypto’s founder. Foreign targets were tipped off by the careless statements of public officials including President Ronald Reagan. And the 1992 arrest of a Crypto salesman in Iran, who did not realize he was selling rigged equipment, triggered a devastating “storm of publicity,” according to the CIA history.

 

Crypto’s products are still in use in more than a dozen countries around the world, and its orange-and-white sign still looms atop the company’s longtime headquarters building near Zug, Switzerland. But the company was dismembered in 2018, liquidated by shareholders whose identities have been permanently shielded by the byzantine laws of Liechtenstein, a tiny European nation with a Cayman Islands-like reputation for financial secrecy. Two companies purchased most of Crypto’s assets. The first, CyOne Security, was created as part of a management buyout and now sells security systems exclusively to the Swiss government. The other, Crypto International, took over the former company’s brand and international business. Each insisted that it has no ongoing connection to any intelligence service, but only one claimed to be unaware of CIA ownership. Their statements were in response to questions from The Post, ZDF and Swiss broadcaster SRF, which also had access to the documents. CyOne has more substantial links to the now-dissolved Crypto, including that the new company’s chief executive held the same position at Crypto for nearly two decades of CIA ownership.

 

“We at Crypto International have never had any relationship with the CIA or BND — and please quote me,” he said in an interview. “If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers.” The Swiss government announced on Tuesday that it was launching an investigation of Crypto AG’s ties to the CIA and BND. Earlier this month, Swiss officials revoked Crypto International’s export license.

Source: https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

https://www.theregister.co.uk/2020/02/11/crypto_ag_backdoored_german_swiss_news_allegs/

https://www.zdf.de/nachrichten/politik/cryptoleaks-bnd-cia-operation-rubikon-100.html

Thoughts: It's not often that news regarding espionage from the States would appear as it is normally drowned in similar news from Slavic/Middle East/China/North Korea. With whistleblowers like Snowden and Assange in dire situations I doubt future details could be found easily. I do wonder how deep current spy affairs go and if all those conspiracies people on twitter says are true.

[Donut417]

Considering the NSA was caught with equipment in a AT&T datacenter a few years back this does not surprise me. 

[thorhammerz]

Those who forget history are doomed to repeat it.

 

Many countries in the world will soon be picking sides (those who have a choice, that is): you can pick your imperial overlord, but you won't be around without one.

 

[spartaman64]

Why did he bring his family into this that's a bit of a weirdchamp

[Taf the Ghost]

Quote

But the CIA bought the Germans’ stake and simply kept going, wringing Crypto for all its espionage worth until 2018, when the agency sold off the company’s assets, according to current and former officials.

That's really burying the lede, but that's what is actually going on. The CIA was finished with this project, they control the replacements, and are simply burning off the expired project. Now all of the customers will have to buy new products. Who controls those? Not sure, but it opens up new and fun surveillance opportunities. 

 

Given the WaPo is the clearing ground for CIA information dumps and I believe ZDF is quite friendly with German Intelligence, odds are the CIA report was "leaked" from CIA's Directors office. Almost assuredly completely intentionally. Bezos controls the WaPo and Amazon has the CIA Cloud contract. This story goes no where if the CIA doesn't want it out.

 

As a historical note, the UK sold Enigma systems to countries across the globe after WW2, and was pretty much until the information release of Ultra. (Which appears to be 1974.) So there's kind of a "you probably should have figured this out decades ago" aspect to this.

[ravenshrike]

Since the CIA willingly sold it off I wouldn't be surprised if they had at least 2 other unconnected fronts in the same business running for the last decade or two. Maybe since the 90's given Clinton's fetish for SigInt.

[Taf the Ghost]

26 minutes ago, ravenshrike said:

Since the CIA willingly sold it off I wouldn't be surprised if they had at least 2 other unconnected fronts in the same business running for the last decade or two. Maybe since the 90's given Clinton's fetish for SigInt.

Deep in the story, as a comment from a Western Intelligence source, in the 2000s (after Germany sold its stake) one of Crypto's competitors closed up shop.