For decades the American CIA and German BND spied on governments of at least 120 countries through cryptography products sold through a Swiss company called Crypto AG. None of Crypto AG’s customers knew that the company was secretly owned by the CIA and BND. Here’s from the Washington Post, “‘The intelligence coup of the century’” (February 11th 2020):
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
The operation, known first by the code name “Thesaurus” and later “Rubicon,” ranks among the most audacious in CIA history.
“It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
The German spy agency, the BND, came to believe the risk of exposure was too great and left the operation in the early 1990s. But the CIA bought the Germans’ stake and simply kept going, wringing Crypto for all its espionage worth until 2018, when the agency sold off the company’s assets, according to current and former officials.
The company’s importance to the global security market had fallen by then, squeezed by the spread of online encryption technology. Once the province of governments and major corporations, strong encryption is now as ubiquitous as apps on cellphones.
Even so, the Crypto operation is relevant to modern espionage. Its reach and duration helps to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei.
All the while, Crypto generated millions of dollars in profits that the CIA and BND split and plowed into other operations.
The revelations in the documents may provide reason to revisit whether the United States was in position to intervene in, or at least expose, international atrocities, and whether it opted against doing so at times to preserve its access to valuable streams of intelligence.
Nor do the files deal with obvious ethical dilemmas at the core of the operation: the deception and exploitation of adversaries, allies and hundreds of unwitting Crypto employees. Many traveled the world selling or servicing rigged systems with no clue that they were doing so at risk to their own safety.
The CIA history all but gloats about crossing this threshold. “Imagine the idea of the American government convincing a foreign manufacturer to jimmy equipment in its favor,” the history says. “Talk about a brave new world.”
The NSA didn’t install crude “back doors” or secretly program the devices to cough up their encryption keys. And the agency still faced the difficult task of intercepting other government’s communications, whether plucking signals out of the air or, in later years, tapping into fiber optic cables.
But the manipulation of Crypto’s algorithms streamlined the code-breaking process, at times reducing to seconds a task that might otherwise have taken months. The company always made at least two versions of its products — secure models that would be sold to friendly governments, and rigged systems for the rest of the world.
The CIA and BND agreed on a series of code names for the program and its various components. Crypto was called “Minerva,” which is also the title of the CIA history. The operation was at first code-named “Thesaurus,” though in the 1980s it was changed to “Rubicon.”
Each year, the CIA and BND split any profits Crypto had made, according to the German history, which says the BND handled the accounting and delivered the cash owed to the CIA in an underground parking garage.
To its frustration, Germany was never admitted to the vaunted “Five Eyes,” a long-standing intelligence pact involving the United States, Britain, Australia, New Zealand and Canada. But with the Crypto partnership, Germany moved closer into the American espionage fold than might have seemed possible in World War II’s aftermath. With the secret backing of two of the world’s premiere intelligence agencies and the support of two of the world’s largest corporations, Crypto’s business flourished.
And yet, those who worked most closely with the encryption designs seemed constantly to be getting closer to uncovering the operation’s core secret. The engineers and designers responsible for developing prototype models often questioned the algorithms being foisted on them by a mysterious external entity.
Crypto executives often led employees to believe that the designs were being provided as part of the consulting arrangement with Siemens. But even if that were so, why were encryption flaws so easy to spot, and why were Crypto’s engineers so routinely blocked from fixing them?
In 1977, Heinz Wagner, the chief executive at Crypto who knew the true role of the CIA and BND, abruptly fired a wayward engineer after the NSA complained that diplomatic traffic coming out of Syria had suddenly became unreadable. The engineer, Peter Frutiger, had long suspected Crypto was collaborating with German intelligence. He had made multiple trips to Damascus to address complaints about their Crypto products and apparently, without authority from headquarters, had fixed their vulnerabilities.
U.S. officials were even more alarmed when Wagner hired a gifted electrical engineer in 1978 named Mengia Caflisch. She had spent several years in the United States working as a radio-astronomy researcher for the University of Maryland before returning to her native Switzerland and applying for a job at Crypto. Wagner jumped at the chance to hire her. But NSA officials immediately raised concerns that she was “too bright to remain unwitting.”
The warning proved prescient as Caflisch soon began probing the vulnerabilities of the company’s products. She and Spoerndli, a colleague in the research department, ran various tests and “plaintext attacks” on devices including a teletype model, the HC-570, that was built using Motorola technology, Spoerndli said in an interview.
“We looked at the internal operations, and the dependencies with each step,” Spoerndli said, and became convinced they could crack the code by comparing only 100 characters of enciphered text to an underlying, unencrypted message. It was an astonishingly low level of security, Spoerndli said in an interview last month, but far from unusual.
For years, BND officials had recoiled at their American counterpart’s refusal to distinguish adversaries from allies. The two partners often fought over which countries deserved to receive the secure versions of Crypto’s products, with U.S. officials frequently insisting that the rigged equipment be sent to almost anyone — ally or not — who could be deceived into buying it.
In the German history, Wolbert Smidt, the former director of the BND, complained that the United States “wanted to deal with the allies just like they dealt with the countries of the Third World.” Another BND official echoed that comment, saying that to Americans “in the world of intelligence there were no friends.”
And here’s more from “Cryptoleaks: geheime evaluatierapporten CIA en BND uitgelekt” (February 11th 2020):
In 1982 Turkey wanted to buy dozens of Aroflex devices. The American intelligence service NSA wanted to secretly weaken the encryption in the devices. Turkey was a member of NATO and therefore officially an ally. The Germans therefore refused to cooperate in building a ‘special’ Aroflex for Turkey. Eventually the Dutch BVD (the forerunner of the AIVD) and Philips came to the aid of the NSA, allowing the Americans to read confidential Turkish communications in the following years.
Philips was also deployed by the intelligence services in another operation. Last year, Argos revealed how Philips bought all PX1000 devices from the Dutch company Text Lite, and replaced the unbreakable DES algorithm with a weakened version developed by the NSA. The secret evaluation reports show that this operation was also part of RUBICON. “The biggest threat to the operation was DES”, according to the CIA evaluation report of RUBICON.
This shows again how difficult it is to trust anybody and any product available today. There are spies and “back doors” everywhere. You can’t be paranoid enough.