Company:Crypto AG

From HandWiki
Short description: Swiss company specialising in communications and information security
Crypto AG
IndustryCryptography
PredecessorCryptograph
Founded1952
FounderBoris Hagelin
Defunct2018
Headquarters
Steinhausen, Zug
,
OwnerCentral Intelligence Agency (1970–2018)
Federal Intelligence Service (1970–1993)

Crypto AG was a Swiss company specialising in communications and information security founded by Boris Hagelin in 1952. The company was secretly purchased for US $5.75 million and jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018.[1][2] The mission of breaking encrypted communication using a secretly owned company was known as "Operation Rubikon". With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices.[2]

The company had about 230 employees, had offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and did business throughout the world.[3] The owners of Crypto AG were unknown, supposedly even to the managers of the firm, and they held their ownership through bearer shares.[4]

The company has been criticised for selling backdoored products to benefit the American, British and German national signals intelligence agencies, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), and the BND, respectively.[5][6][7] Crypto AG sold equipment to more than 120 countries, including India , Pakistan , Iran, and multiple Latin American nations although neither the Soviet Union nor People's Republic of China were customers of Crypto AG, several of their friendly countries had the company's equipment.[1][8][9] On 11 February 2020, The Washington Post , ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages. The operation was known first by the code name "Thesaurus" and later the BND called it "Rubicon" (German: Rubikon) and the CIA called it "Minerva".[1][9] According to a Swiss parliamentary investigation, "Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying".[10]

History

Crypto AG was established in Switzerland by the Russian-born Swede, Boris Hagelin.[5] Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before the Second World War, Cryptoteknik came under the control of Hagelin, an early investor.

Hagelin's hope was to sell the device to the United States Army.[11] When Germany invaded Norway in 1940, he moved from Sweden to the US and presented the device to the military, which in turn brought the device to the Signal Intelligence Service, and the code-breakers in Arlington Hall. In the end he was awarded a licensing agreement. 140,000 units were made during the war for American troops.

During his time in United States , Hagelin became close friends[12] with William F. Friedman, who in 1952 became chief cryptologist for the National Security Agency (NSA) and whom Hagelin had known since the 1930s.[11][1] The same year, Hagelin's lawyer, Stuart Hedden, became deputy commander in CIA, Inspector General.

In 1948 Hagelin moved to Steinhausen in Switzerland to avoid taxes.[11] In 1952 the company, which until then had been incorporated in Stockholm, also moved to Switzerland.[5] The official reason was that it was transferred as a result of a planned Swedish government nationalization of militarily important technology contractors.[11] A holding company was set up in Liechtenstein.

During the 1950s, Hagelin and Friedman had frequent mail correspondence, both personal and business alike. Crypto AG sent over new machines to the NSA and they had an ongoing discussion concerning which countries they would or would not sell the encryption systems to, and which countries to sell older, weaker systems. In 1958 when Friedman retired, Howard C. Barlow, a high-ranking NSA employee, and Lawrence E. Shinn, NSA's signal intelligence directory in Asia, took over the correspondence.

In June 1970, the company was bought in secret by the CIA and the West-German intelligence service, BND, for $5.75 million.[1] This was effectively the start of Operation Rubikon.[13] Hagelin had first been approached to sell to a partnership between the French and West-German intelligence services in 1967, but Hagelin contacted CIA and the Americans did not cooperate with the French. At this point, the company had 400 employees and the revenue increased from 100,000 Swiss franc in the 1950s to 14 million Swiss franc in the 1970s.

In 1994, Crypto AG bought InfoGuard AG a company providing encryption solutions to banks.[5]

In 2010, Crypto AG sold G.V. LLC, a Wyoming company providing encryption and interception solutions for communications.[14]

In 2018, Crypto AG was liquidated, and its assets and intellectual property sold to two new companies. CyOne was created for Swiss domestic sales, while Crypto International AG was founded in 2018 by Swedish entrepreneur Andreas Linde, who acquired the brand name, international distribution network, and product rights from the original Crypto AG.[15]

In 2020, it was established following a parliamentary investigation that the Swiss government and its intelligence services were aware of the spying activities of Swiss-based Crypto for many years and had "benefited from the US-led spying".[16]

The company and its history were the subject of BBC Radio 4's Archive on 4 programme in May 2021.[17]

Products

The CX-52

The company had radio, Ethernet, STM, GSM, phone and fax encryption systems in its portfolio.

Machines:[18]

Compromised machines

According to declassified (but partly redacted) US government documents released in 2015, in 1955 (just after encryption was added to the US Munitions List on November 17, 1954) Crypto AG's founder Boris Hagelin and William Friedman entered into an unwritten agreement concerning the C-52 encryption machines that compromised the security of some of the purchasers.[6] Friedman was a notable US government cryptographer who was then working for the National Security Agency (NSA), the main United States signals intelligence agency. Hagelin kept both NSA and its United Kingdom counterpart, Government Communications Headquarters (GCHQ), informed about the technical specifications of different machines and which countries were buying which machines. Providing such information would have allowed the intelligence agencies to reduce the time needed to crack the encryption of messages produced by such machines from impossibly long to a feasible length. The secret relationship initiated by the agreement also involved Crypto AG not selling machines such as the CX-52, a more advanced version of the C-52, to certain countries; and the NSA writing the operations manuals for some of the CX-52 machines on behalf of the company, to ensure the full strength of the machines would not be used, thus again reducing the necessary cracking effort.

Crypto AG had already earlier been accused of rigging its machines in collusion with intelligence agencies such as NSA, GCHQ, and the German Federal Intelligence Service (BND), enabling the agencies to read the encrypted traffic produced by the machines.[5][19] Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar Gaddafi of Libya was behind the West Berlin discotheque bombing in 1986.[20] President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation.

Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shapour Bakhtiar in 1991. On 7 August 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments deciphered this transmission, causing the Iranians to suspect their Crypto AG equipment.[21]

The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran.[22] Soon after Buehler's release Crypto AG dismissed him and sought to recover the $1m bail money from him personally. Swiss media and the German magazine Der Spiegel took up his case in 1994, interviewing former employees and concluding that Crypto's machines had in fact repeatedly been rigged.[23]

Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation."[citation needed] Subsequent commentators[24][25][26][27] were unmoved by this denial, stating that it was likely that Crypto AG products were indeed rigged. Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig instruction manuals for the machines on the orders of the NSA.[28][29] These claims were vindicated by US government documents declassified in 2015.[6]

In 2020, an investigation carried out by The Washington Post , Zweites Deutsches Fernsehen (ZDF), and Schweizer Radio und Fernsehen (SRF) revealed that Crypto AG was, in fact, entirely controlled by the CIA and the BND. The project, initially known by codename "Thesaurus" and later as "Rubicon" operated from the end of the Second World War until 2018.[1][30][13]

The Swiss government's decision to impose export controls on Crypto International AG in the wake of the Crypto AG disclosures caused diplomatic tensions with Sweden, reportedly leading to the latter cancelling plans to celebrate 100 years of diplomatic relations with Switzerland.[31][32] The export controls preventing Swedish authorities from obtaining equipment from Crypto International was reportedly a reason behind Sweden's decision.[31][32]

See also

  • Katharine Gun
  • Operation Rubicon (Crypto AG)
  • Spying on United Nations leaders by United States diplomats

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 Miller, Greg (11 February 2020). "The intelligence coup of the century". The Washington Post. https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/. 
  2. 2.0 2.1 Paul, Jon D. (August 31, 2021). "The Scandalous History of the Last Rotor Cipher Machine". IEEE. https://spectrum.ieee.org/the-scandalous-history-of-the-last-rotor-cipher-machine. 
  3. "Headquarters and regional offices worldwide". Crypto AG. http://www.crypto.ch/index.php?id=126&L=0%5C%22%20onfocus%3D%5C%22blurLink%28this%29%3B. Retrieved 2008-01-06. 
  4. Müller, Leo (2013-09-18). "Spionage: Unheimlich kooperativ" (in de-CH). Bilanz. http://www.bilanz.ch/unternehmen/spionage-unheimlich-kooperativ. 
  5. 5.0 5.1 5.2 5.3 5.4 Atmani, Mehdi (21 August 2015). "Agents doubles" (in fr). Le Temps: p. 11. https://www.letemps.ch/suisse/lune-miel-secrete-entre-suisse-renseignement-international. 
  6. 6.0 6.1 6.2 Corera, Gordon (2015-07-28). "How NSA and GCHQ spied on the Cold War world". BBC News. https://www.bbc.com/news/uk-33676028. Retrieved 2015-10-09. 
  7. "Swiss machines 'used to spy on governments for decades'". BBC News. 11 February 2020. https://www.bbc.co.uk/news/world-europe-51467536. 
  8. "The CIA's 'Minerva' Secret | National Security Archive". https://nsarchive.gwu.edu/briefing-book/chile-cyber-vault-intelligence-southern-cone/2020-02-11/cias-minerva-secret. 
  9. 9.0 9.1 Шаталин, Вадим (Shatalin, Vadim) (12 February 2020). "ЦРУ и БНД десятилетиями прослушивали более 100 стран: В ходе операции "Рубикон" ЦРУ и БНД получали доступ к секретной зашифрованной переписке в 120 странах. Расследование ZDF, Washington Post и SRF." (in ru). Deutsche Welle. https://www.dw.com/ru/%D1%81%D0%BF%D0%B5%D1%86%D1%81%D0%BB%D1%83%D0%B6%D0%B1%D1%8B-%D1%81%D1%88%D0%B0-%D0%B8-%D0%B3%D0%B5%D1%80%D0%BC%D0%B0%D0%BD%D0%B8%D0%B8-%D0%B4%D0%B5%D1%81%D1%8F%D1%82%D0%B8%D0%BB%D0%B5%D1%82%D0%B8%D1%8F%D0%BC%D0%B8-%D0%BF%D1%80%D0%BE%D1%81%D0%BB%D1%83%D1%88%D0%B8%D0%B2%D0%B0%D0%BB%D0%B8-%D0%B1%D0%BE%D0%BB%D0%B5%D0%B5-%D1%87%D0%B5%D0%BC-%D1%81%D1%82%D0%BE-%D1%81%D1%82%D1%80%D0%B0%D0%BD/a-52345480.  Alternate archive as ЦРУ и БНД полвека прослушивали дипканалы 120 стран: Через оборудование подконтрольной спецлужбам швейцарской Crypto AG в 1980-х шло до 40% всей секретной дипломатической переписки в мире. Оригинал этого материала "Русская редакция Deutsche Welle": Спецслужбы США и Германии десятилетиями прослушивали более чем сто стран (For half a century, the CIA and the BND have been tapping the diplomatic channels of 120 countries: In the 1980s, up to 40% of all secret diplomatic correspondence in the world went through the equipment of the Swiss Crypto AG, controlled by special services. Original of this material "Russian edition of Deutsche Welle": The intelligence services of the United States and Germany have been listening to more than a hundred countries for decades)
  10. "Swiss intelligence benefited from CIA-Crypto spying affair". 10 November 2020. https://www.swissinfo.ch/eng/swiss-intelligence-benefited-from-cia-crypto-spying-affair/46153706. 
  11. 11.0 11.1 11.2 11.3 Dugstad, Line; Kibar, Osman (2015-01-02). "Den skjulte partneren" (in no). https://www.dn.no/magasinet/dokumentar/vaduz/stockholm/oslo/den-skjulte-partneren/1-1-5278127. 
  12. Bamford, James (October 2, 2014). "The NSA and Me". The Intercept. https://theintercept.com/2014/10/02/the-nsa-and-me/. 
  13. 13.0 13.1 "Operation Rubikon" (in de). ZDFmediathek. 11 February 2020. https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html. Retrieved 12 February 2020. 
  14. "Business Entity Detail - Wyoming Secretary of State". https://wyobiz.wy.gov/business/FilingDetails.aspx?eFNum=198186114178190081165085037120031245237103033255. 
  15. Miller, Greg (February 11, 2020). "The intelligence coup of the century" (in en). The Washington Post. https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/. 
  16. "No official outcry in Swiss Crypto spying affair". 25 December 2020. https://www.swissinfo.ch/eng/business/no-official-outcry-in-swiss-crypto-spying-affair/46223594. 
  17. Presenters: Peter F Muller, David Ridd; Producer: John Forsyth; Readers: Lanna Joffrey, Annette Kossow, Blanca Belenguer, Mike Christofferson and Thilo Buergel (15 May 2021). "A Spy in Every Embassy". Archive on 4. BBC. BBC Radio 4. Retrieved 15 May 2021.
  18. "Crypto and cipher machines - A list of popular machines and a history of Crypto AG". https://www.cryptomuseum.com/crypto/index.htm. 
  19. "Wer ist der befugte Vierte?" (in de). Der Spiegel (36): 206–207. 1996-09-02. http://www.spiegel.de/spiegel/print/d-9088423.html. Retrieved 2020-02-13. 
  20. Dymydiuk, Jason. "RUBICON and revelation: the curious robustness of the 'secret'CIA-BND operation with Crypto AG". Intelligence and National Security. 
  21. Madsen, Wayne (1999). "Crypto AG: The NSA's Trojan Whore?". CovertAction Quarterly. http://mediafilter.org/caq/cryptogate/. 
  22. Schneier, Bruce (2004-06-15). "Breaking Iranian Codes". Crypto-Gram. Schneier on Security. http://www.schneier.com/crypto-gram-0406.html#1. Retrieved 2015-10-09. 
  23. Shane, Scott; Bowman, Tom (1995-12-04). "No Such Agency, part four: Rigging the game". The Baltimore Sun: pp. 9–11. http://articles.baltimoresun.com/1995-12-10/news/1995344001_1_crypto-ag-nsa-headquarters-swiss. Retrieved 2015-10-09. 
  24. De Braeckeleer, Ludwig (2007-12-29). "The NSA-Crypto AG Sting". OhmyNews. http://english.ohmynews.com/ArticleView/article_view.asp?no=381337&rel_no=1. 
  25. Grabbe, J. Orlin (1997-11-02). "NSA, Crypto AG, and the Iraq-Iran conflict". Associated Communications Internet. http://www.aci.net/kalliste/speccoll.htm. Retrieved 2020-02-13. 
  26. Schneier, Bruce (2008-01-11). "NSA Backdoors in Crypto AG Ciphering Machines". Schneier on Security. http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html. Retrieved 2015-10-09. 
  27. Baranyi, Laszlo (1998-11-11). "The story about Crypto AG". http://biphome.spray.se/laszlob/cryptoag/crypto_ag.htm. 
  28. Atmani, Mehdi (2015-07-28). "Depuis 1956, l'entreprise suisse Crypto AG collaborait avec le renseignement américain, britannique et allemand" (in fr). Le Temps. http://www.letemps.ch/Page/Uuid/dcf2ecc0-352f-11e5-a242-ec54c1dd3068/Depuis_1956_une_entreprise_suisse_collaborait_avec_les_renseignements_am%C3%A9ricain_et_britannique. 
  29. Bammerlin, Steven (2015-07-30). "Cryptologie: un lecteur du "Temps" raconte les dessous de l'alliance entre la Suisse et les Anglo-saxons" (in fr). Le Temps. http://www.letemps.ch/Page/Uuid/2f083bce-36a6-11e5-a242-ec54c1dd3068. 
  30. "#cryptoleaks: Wie die Crypto AG weltweit agierte" (in de). heute (ZDF). 11 February 2020. https://www.zdf.de/nachrichten/heute-sendungen/videos/crypto-karte-100.html. Retrieved 12 February 2020. 
  31. 31.0 31.1 "Crypto affair prompts tensions between Switzerland and Sweden". 2020-09-20. https://www.swissinfo.ch/eng/crypto-affair-prompts-tensions-between-switzerland-and-sweden/46045926. Retrieved 2020-09-22. 
  32. 32.0 32.1 Mikael Grill Pettersson; Fredrik Laurin (2020-09-22). "Uppgifter: Sverige avbokade firande med Schweiz efter konflikt om kontroversiellt krypteringsföretag" (in sv). https://www.svt.se/nyheter/inrikes/uppgifter-sveriges-regering-avbokade-firande-med-schweiz. Retrieved 2020-09-22. 

External links