Crypto AG

Last updated

Crypto AG
Industry Cryptography
Predecessor Cryptograph
Founded1952
Founder Boris Hagelin
Defunct2018
Headquarters
Steinhausen, Zug
,
Switzerland
Owner Central Intelligence Agency (1970–2018)
Federal Intelligence Service (1970–1993)

Crypto AG was a Swiss company specialising in communications and information security founded by Boris Hagelin in 1952. The company was secretly purchased for US $5.75 million and jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018. [1] [2] The mission of breaking encrypted communication using a secretly owned company was known as "Operation Rubikon". With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices. [2]

Contents

The company had about 230 employees, had offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and did business throughout the world. [3] The owners of Crypto AG were unknown, supposedly even to the managers of the firm, and they held their ownership through bearer shares. [4]

The company has been criticised for selling backdoored products to benefit the American, British and German national signals intelligence agencies, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), and the BND, respectively. [5] [6] [7] Crypto AG sold equipment to more than 120 countries, including India, Pakistan, Iran, and multiple Latin American nations although neither the Soviet Union nor People's Republic of China were customers of Crypto AG, several of their friendly countries had the company's equipment. [1] [8] [9] On 11 February 2020, The Washington Post , ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages. The operation was known first by the code name "Thesaurus" and later the BND called it "Rubicon" (German : Rubikon) and the CIA called it "Minerva". [1] [9] According to a Swiss parliamentary investigation, "Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying". [10]

History

Crypto AG was established in Switzerland by the Russian-born Swede, Boris Hagelin. [5] Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before the Second World War, Cryptoteknik came under the control of Hagelin, an early investor.

Hagelin's hope was to sell the device to the United States Army. [11] When Germany invaded Norway in 1940, he moved from Sweden to the US and presented the device to the military, which in turn brought the device to the Signal Intelligence Service, and the code-breakers in Arlington Hall. In the end he was awarded a licensing agreement. 140,000 units were made during the war for American troops.

During his time in United States, Hagelin became close friends [12] with William F. Friedman, who in 1952 became chief cryptologist for the National Security Agency (NSA) and whom Hagelin had known since the 1930s. [11] [1] The same year, Hagelin's lawyer, Stuart Hedden, became deputy commander in CIA, Inspector General.

In 1948 Hagelin moved to Steinhausen in Switzerland to avoid taxes. [11] In 1952 the company, which until then had been incorporated in Stockholm, also moved to Switzerland. [5] The official reason was that it was transferred as a result of a planned Swedish government nationalization of militarily important technology contractors. [11] A holding company was set up in Liechtenstein.

During the 1950s, Hagelin and Friedman had frequent mail correspondence, both personal and business alike. Crypto AG sent over new machines to the NSA and they had an ongoing discussion concerning which countries they would or would not sell the encryption systems to, and which countries to sell older, weaker systems. In 1958 when Friedman retired, Howard C. Barlow, a high-ranking NSA employee, and Lawrence E. Shinn, NSA's signal intelligence directory in Asia, took over the correspondence.

In June 1970, the company was bought in secret by the CIA and the West-German intelligence service, BND, for $5.75 million. [1] This was effectively the start of Operation Rubikon. [13] Hagelin had first been approached to sell to a partnership between the French and West-German intelligence services in 1967, but Hagelin contacted CIA and the Americans did not cooperate with the French. At this point, the company had 400 employees and the revenue increased from 100,000 Swiss franc in the 1950s to 14 million Swiss franc in the 1970s.

In 1994, Crypto AG bought InfoGuard AG a company providing encryption solutions to banks. [5]

In 2010, Crypto AG sold G.V. LLC, a Wyoming company providing encryption and interception solutions for communications. [14]

In 2018, Crypto AG was liquidated, and its assets and intellectual property sold to two new companies. CyOne was created for Swiss domestic sales, while Crypto International AG was founded in 2018 by Swedish entrepreneur Andreas Linde, who acquired the brand name, international distribution network, and product rights from the original Crypto AG. [15]

In 2020, it was established following a parliamentary investigation that the Swiss government and its intelligence services were aware of the spying activities of Swiss-based Crypto for many years and had "benefited from the US-led spying". [16]

The company and its history were the subject of BBC Radio 4's Archive on 4 programme in May 2021. [17]

Products

The CX-52 Hagelin CX-52-IMG 0568-white.jpg
The CX-52

The company had radio, Ethernet, STM, GSM, phone and fax encryption systems in its portfolio.

Machines: [18]

Compromised machines

According to declassified (but partly redacted) US government documents released in 2015, in 1955 (just after encryption was added to the US Munitions List on November 17, 1954) Crypto AG's founder Boris Hagelin and William Friedman entered into an unwritten agreement concerning the C-52 encryption machines that compromised the security of some of the purchasers. [6] Friedman was a notable US government cryptographer who was then working for the National Security Agency (NSA), the main United States signals intelligence agency. Hagelin kept both NSA and its United Kingdom counterpart, Government Communications Headquarters (GCHQ), informed about the technical specifications of different machines and which countries were buying which machines. Providing such information would have allowed the intelligence agencies to reduce the time needed to crack the encryption of messages produced by such machines from impossibly long to a feasible length. The secret relationship initiated by the agreement also involved Crypto AG not selling machines such as the CX-52, a more advanced version of the C-52, to certain countries; and the NSA writing the operations manuals for some of the CX-52 machines on behalf of the company, to ensure the full strength of the machines would not be used, thus again reducing the necessary cracking effort.

Crypto AG had already earlier been accused of rigging its machines in collusion with intelligence agencies such as NSA, GCHQ, and the German Federal Intelligence Service (BND), enabling the agencies to read the encrypted traffic produced by the machines. [5] [19] Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar Gaddafi of Libya was behind the West Berlin discotheque bombing in 1986. [20] President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation.

Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shapour Bakhtiar in 1991. On 7 August 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments deciphered this transmission, causing the Iranians to suspect their Crypto AG equipment. [21]

The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran. [22] Soon after Buehler's release Crypto AG dismissed him and sought to recover the $1m bail money from him personally. Swiss media and the German magazine Der Spiegel took up his case in 1994, interviewing former employees and concluding that Crypto's machines had in fact repeatedly been rigged. [23]

Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation."[ citation needed ] Subsequent commentators [24] [25] [26] [27] were unmoved by this denial, stating that it was likely that Crypto AG products were indeed rigged. Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig instruction manuals for the machines on the orders of the NSA. [28] [29] These claims were vindicated by US government documents declassified in 2015. [6]

In 2020, an investigation carried out by The Washington Post , Zweites Deutsches Fernsehen (ZDF), and Schweizer Radio und Fernsehen (SRF) revealed that Crypto AG was, in fact, entirely controlled by the CIA and the BND. The project, initially known by codename "Thesaurus" and later as "Rubicon" operated from the end of the Second World War until 2018. [1] [30] [13]

The Swiss government's decision to impose export controls on Crypto International AG in the wake of the Crypto AG disclosures caused diplomatic tensions with Sweden, reportedly leading to the latter cancelling plans to celebrate 100 years of diplomatic relations with Switzerland. [31] [32] The export controls preventing Swedish authorities from obtaining equipment from Crypto International was reportedly a reason behind Sweden's decision. [31] [32] [33]

See also

Related Research Articles

<span class="mw-page-title-main">ECHELON</span> Signals intelligence collection and analysis network

ECHELON, originally a secret government code name, is a surveillance program operated by the five signatory states to the UKUSA Security Agreement: Australia, Canada, New Zealand, the United Kingdom and the United States, also known as the Five Eyes.

<span class="mw-page-title-main">Industrial espionage</span> Use of espionage for commercial purposes rather than security

Industrial espionage, also known as economic espionage, corporate spying, or corporate espionage, is a form of espionage conducted for commercial purposes instead of purely national security.

<span class="mw-page-title-main">National Security Agency</span> U.S. signals intelligence organization

The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The NSA has roughly 32,000 employees.

<span class="mw-page-title-main">Boris Hagelin</span> Swedish businessman and inventor (1892–1983)

Boris Caesar Wilhelm Hagelin was a Swedish businessman and inventor of encryption machines.

<span class="mw-page-title-main">David Kahn (writer)</span> American historian and writer (1930–2024)

David Kahn was an American historian, journalist, and writer. He wrote extensively on the history of cryptography and military intelligence.

<span class="mw-page-title-main">Federal Intelligence Service</span> Foreign intelligence agency of Germany

The Federal Intelligence Service is the foreign intelligence agency of Germany, directly subordinate to the Chancellor's Office. The BND headquarters is located in central Berlin. The BND has 300 locations in Germany and foreign countries. In 2016, it employed around 6,500 people; 10% of them are military personnel who are formally employed by the Office for Military Sciences. The BND is the largest agency of the German Intelligence Community.

<span class="mw-page-title-main">C-52 (cipher machine)</span> 1950s cipher machines by Crypto AG

The (Hagelin) C-52 and CX-52 were cipher machines manufactured by Crypto AG starting 1951/1952. These pin-and-lug type cipher machines were advanced successors of the C-38/M-209. The machine measures 8+12 by 5+38 by 4+38 inches. The device is mechanical, but when combined with an electric keyboard attachment, the B-52, the resultant system is termed the BC-52. The B-52 is larger, measuring 12+12 by 8+12 by 6+38 inches.

<span class="mw-page-title-main">Iran–Switzerland relations</span> Bilateral relations

Iran–Switzerland relations are foreign relations between the Islamic Republic of Iran and the Swiss Confederation.

The following outline is provided as an overview of and topical guide to cryptography:

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">2010s global surveillance disclosures</span> Disclosures of NSA and related global espionage

During the 2010s, international media news reports revealed new operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly relate to top secret documents leaked by ex-NSA contractor Edward Snowden. The documents consist of intelligence files relating to the U.S. and other Five Eyes countries. In June 2013, the first of Snowden's documents were published, with further selected documents released to various news outlets through the year.

<span class="mw-page-title-main">Global surveillance</span> Mass surveillance across national borders

Global mass surveillance can be defined as the mass surveillance of entire populations across national borders.

<span class="mw-page-title-main">Timeline of global surveillance disclosures (2013–present)</span>

This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.

The United States is widely considered to have one of the most extensive and sophisticated intelligence network of any nation in the world, with organizations including the Central Intelligence Agency and the National Security Agency, amongst others. It has conducted numerous espionage operations against foreign countries, including both allies and rivals. Its operations have included the use of industrial espionage, cyber espionage. and mass surveillance.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

<span class="mw-page-title-main">National Intelligence Agency (Thailand)</span>

The National Intelligence Agency (NIA) is an intelligence and security agency of Thailand. It serves as part of the Office of the Prime Minister. Its headquarters is in Paruskavan Palace, Bangkok.

<span class="mw-page-title-main">Maximator (intelligence alliance)</span> Intelligence alliance comprising Denmark, Germany, France, the Netherlands, and Sweden

Maximator is an alliance between the secret services of Denmark, Germany, France, the Netherlands and Sweden, comparable to the Five Eyes. It was founded in 1976 on the initiative of the Danish secret service and has operated largely undetected since then. The most important tool for reconnaissance and decryption was the sale of encryption devices with weak encryption methods. This was done via Crypto AG, a supposedly private Swiss company secretly owned by the BND and the CIA.

<span class="mw-page-title-main">Operation Rubicon</span> Covert operation

Operation Rubicon, until the late 1980s called Operation Thesaurus, was a secret operation by the West German Federal Intelligence Service (BND) and the U.S. Central Intelligence Agency (CIA), lasting from 1970 to 1993 and 2018, respectively, to gather communication intelligence of encrypted government communications of other countries. This was accomplished through the sale of manipulated encryption technology (CX-52) from Swiss-based Crypto AG, which was secretly owned and influenced by the two services from 1970 onwards. In a comprehensive CIA historical account of the operation leaked in early 2020, it was referred to as the "intelligence coup of the century" in a Washington Post article.

References

  1. 1 2 3 4 5 6 Miller, Greg (11 February 2020). "The intelligence coup of the century". The Washington Post. Archived from the original on 11 February 2020. Retrieved 11 February 2020.
  2. 1 2 Paul, Jon D. (31 August 2021). "The Scandalous History of the Last Rotor Cipher Machine". IEEE . Retrieved 15 September 2021.
  3. "Headquarters and regional offices worldwide". Crypto AG. Archived from the original on 16 May 2011. Retrieved 6 January 2008.
  4. Müller, Leo (18 September 2013). "Spionage: Unheimlich kooperativ". Bilanz (in Swiss High German). Archived from the original on 22 August 2016. Retrieved 30 March 2017.
  5. 1 2 3 4 5 Atmani, Mehdi (21 August 2015). "Agents doubles". Le Temps (in French). p. 11. Retrieved 13 February 2020.
  6. 1 2 3 Corera, Gordon (28 July 2015). "How NSA and GCHQ spied on the Cold War world". BBC News . Retrieved 9 October 2015.
  7. "Swiss machines 'used to spy on governments for decades'". BBC News. 11 February 2020. Retrieved 13 February 2020.
  8. "The CIA's 'Minerva' Secret | National Security Archive". nsarchive.gwu.edu. Retrieved 23 April 2023.
  9. 1 2 Шаталин, Вадим (Shatalin, Vadim) (12 February 2020). "ЦРУ и БНД десятилетиями прослушивали более 100 стран: В ходе операции "Рубикон" ЦРУ и БНД получали доступ к секретной зашифрованной переписке в 120 странах. Расследование ZDF, Washington Post и SRF" [The CIA and BND have been wiretapping more than 100 countries for decades: During Operation Rubicon, the CIA and BND gained access to secret encrypted communications in 120 countries. Investigation by ZDF, Washington Post and SRF.]. Deutsche Welle (in Russian). Retrieved 11 October 2023.{{cite news}}: CS1 maint: multiple names: authors list (link) Alternate archive as ЦРУ и БНД полвека прослушивали дипканалы 120 стран: Через оборудование подконтрольной спецлужбам швейцарской Crypto AG в 1980-х шло до 40% всей секретной дипломатической переписки в мире. Оригинал этого материала "Русская редакция Deutsche Welle": Спецслужбы США и Германии десятилетиями прослушивали более чем сто стран (For half a century, the CIA and the BND have been tapping the diplomatic channels of 120 countries: In the 1980s, up to 40% of all secret diplomatic correspondence in the world went through the equipment of the Swiss Crypto AG, controlled by special services. Original of this material "Russian edition of Deutsche Welle": The intelligence services of the United States and Germany have been listening to more than a hundred countries for decades)
  10. "Swiss intelligence benefited from CIA-Crypto spying affair". 10 November 2020. Archived from the original on 11 November 2020.
  11. 1 2 3 4 Dugstad, Line; Kibar, Osman (2 January 2015). "Den skjulte partneren". Dagens Næringsliv (in Norwegian). Archived from the original on 13 June 2019. Retrieved 13 February 2020.
  12. Bamford, James (2 October 2014). "The NSA and Me". The Intercept.
  13. 1 2 "Operation Rubikon" (in German). ZDFmediathek. 11 February 2020. Retrieved 12 February 2020.
  14. "Business Entity Detail - Wyoming Secretary of State". wyobiz.wy.gov. Retrieved 8 March 2020.
  15. Miller, Greg (11 February 2020). "The intelligence coup of the century". The Washington Post. Retrieved 8 March 2020.
  16. "No official outcry in Swiss Crypto spying affair". 25 December 2020.
  17. Presenters: Peter F Muller, David Ridd; Producer: John Forsyth; Readers: Lanna Joffrey, Annette Kossow, Blanca Belenguer, Mike Christofferson and Thilo Buergel (15 May 2021). "A Spy in Every Embassy". Archive on 4 . BBC. BBC Radio 4 . Retrieved 15 May 2021.
  18. "Crypto and cipher machines - A list of popular machines and a history of Crypto AG". www.cryptomuseum.com. Archived from the original on 30 September 2009. Retrieved 22 February 2020.
  19. "Wer ist der befugte Vierte?". Der Spiegel (in German). No. 36. 2 September 1996. pp. 206–207. Retrieved 13 February 2020.
  20. Dymydiuk, Jason. "RUBICON and revelation: the curious robustness of the 'secret'CIA-BND operation with Crypto AG". Intelligence and National Security.
  21. Madsen, Wayne (1999). "Crypto AG: The NSA's Trojan Whore?". CovertAction Quarterly . Archived from the original on 27 September 2007. Retrieved 11 February 2020.
  22. Schneier, Bruce (15 June 2004). "Breaking Iranian Codes". Crypto-Gram. Schneier on Security. Retrieved 9 October 2015.
  23. Shane, Scott; Bowman, Tom (4 December 1995). "No Such Agency, part four: Rigging the game". The Baltimore Sun. pp. 9–11. Archived from the original on 1 March 2019. Retrieved 9 October 2015.
  24. De Braeckeleer, Ludwig (29 December 2007). "The NSA-Crypto AG Sting". OhmyNews. Archived from the original on 29 December 2008.
  25. Grabbe, J. Orlin (2 November 1997). "NSA, Crypto AG, and the Iraq-Iran conflict". Associated Communications Internet. Archived from the original on 7 June 2007. Retrieved 13 February 2020.
  26. Schneier, Bruce (11 January 2008). "NSA Backdoors in Crypto AG Ciphering Machines". Schneier on Security. Retrieved 9 October 2015.
  27. Baranyi, Laszlo (11 November 1998). "The story about Crypto AG". Archived from the original on 14 December 2010 via biphome.spray.se.
  28. Atmani, Mehdi (28 July 2015). "Depuis 1956, l'entreprise suisse Crypto AG collaborait avec le renseignement américain, britannique et allemand". Le Temps (in French). Archived from the original on 16 August 2015. Retrieved 13 February 2020.
  29. Bammerlin, Steven (30 July 2015). "Cryptologie: un lecteur du "Temps" raconte les dessous de l'alliance entre la Suisse et les Anglo-saxons". Le Temps (in French). Archived from the original on 17 August 2015. Retrieved 13 February 2020.
  30. "#cryptoleaks: Wie die Crypto AG weltweit agierte". heute (in German). ZDF. 11 February 2020. Retrieved 12 February 2020.
  31. 1 2 "Crypto affair prompts tensions between Switzerland and Sweden". Swissinfo . 20 September 2020. Retrieved 22 September 2020.
  32. 1 2 Mikael Grill Pettersson; Fredrik Laurin (22 September 2020). "Uppgifter: Sverige avbokade firande med Schweiz efter konflikt om kontroversiellt krypteringsföretag". SVT Nyheter (in Swedish). Retrieved 22 September 2020.
  33. Mariano Sciaroni (2 April 2024). "El arma más letal de los ingleses en Malvinas: cómo descifraban los mensajes en clave de Argentina casi en tiempo real". infobae (in Spanish). Retrieved 2 April 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.