Industry | Cryptography |
---|---|
Predecessor | Cryptograph |
Founded | 1952 |
Founder | Boris Hagelin |
Defunct | 2018 |
Headquarters | Steinhausen, Zug , |
Owner | Central Intelligence Agency (1970–2018) Federal Intelligence Service (1970–1993) |
Crypto AG was a Swiss company specialising in communications and information security founded by Boris Hagelin in 1952. The company was secretly purchased for US $5.75 million and jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018.[1][2] The mission of breaking encrypted communication using a secretly owned company was known as "Operation Rubikon". With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices.[2]
The company had about 230 employees, had offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and did business throughout the world.[3] The owners of Crypto AG were unknown, supposedly even to the managers of the firm, and they held their ownership through bearer shares.[4]
The company has been criticised for selling backdoored products to benefit the American, British and German national signals intelligence agencies, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), and the BND, respectively.[5][6][7] Crypto AG sold equipment to more than 120 countries, including India , Pakistan , Iran, and multiple Latin American nations although neither the Soviet Union nor People's Republic of China were customers of Crypto AG, several of their friendly countries had the company's equipment.[1][8][9] On 11 February 2020, The Washington Post , ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages. The operation was known first by the code name "Thesaurus" and later the BND called it "Rubicon" (German: Rubikon) and the CIA called it "Minerva".[1][9] According to a Swiss parliamentary investigation, "Swiss intelligence service were aware of and benefited from the Zug-based firm Crypto AG’s involvement in the US-led spying".[10]
Crypto AG was established in Switzerland by the Russian-born Swede, Boris Hagelin.[5] Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before the Second World War, Cryptoteknik came under the control of Hagelin, an early investor.
Hagelin's hope was to sell the device to the United States Army.[11] When Germany invaded Norway in 1940, he moved from Sweden to the US and presented the device to the military, which in turn brought the device to the Signal Intelligence Service, and the code-breakers in Arlington Hall. In the end he was awarded a licensing agreement. 140,000 units were made during the war for American troops.
During his time in United States , Hagelin became close friends[12] with William F. Friedman, who in 1952 became chief cryptologist for the National Security Agency (NSA) and whom Hagelin had known since the 1930s.[11][1] The same year, Hagelin's lawyer, Stuart Hedden, became deputy commander in CIA, Inspector General.
In 1948 Hagelin moved to Steinhausen in Switzerland to avoid taxes.[11] In 1952 the company, which until then had been incorporated in Stockholm, also moved to Switzerland.[5] The official reason was that it was transferred as a result of a planned Swedish government nationalization of militarily important technology contractors.[11] A holding company was set up in Liechtenstein.
During the 1950s, Hagelin and Friedman had frequent mail correspondence, both personal and business alike. Crypto AG sent over new machines to the NSA and they had an ongoing discussion concerning which countries they would or would not sell the encryption systems to, and which countries to sell older, weaker systems. In 1958 when Friedman retired, Howard C. Barlow, a high-ranking NSA employee, and Lawrence E. Shinn, NSA's signal intelligence directory in Asia, took over the correspondence.
In June 1970, the company was bought in secret by the CIA and the West-German intelligence service, BND, for $5.75 million.[1] This was effectively the start of Operation Rubikon.[13] Hagelin had first been approached to sell to a partnership between the French and West-German intelligence services in 1967, but Hagelin contacted CIA and the Americans did not cooperate with the French. At this point, the company had 400 employees and the revenue increased from 100,000 Swiss franc in the 1950s to 14 million Swiss franc in the 1970s.
In 1994, Crypto AG bought InfoGuard AG a company providing encryption solutions to banks.[5]
In 2010, Crypto AG sold G.V. LLC, a Wyoming company providing encryption and interception solutions for communications.[14]
In 2018, Crypto AG was liquidated, and its assets and intellectual property sold to two new companies. CyOne was created for Swiss domestic sales, while Crypto International AG was founded in 2018 by Swedish entrepreneur Andreas Linde, who acquired the brand name, international distribution network, and product rights from the original Crypto AG.[15]
In 2020, it was established following a parliamentary investigation that the Swiss government and its intelligence services were aware of the spying activities of Swiss-based Crypto for many years and had "benefited from the US-led spying".[16]
The company and its history were the subject of BBC Radio 4's Archive on 4 programme in May 2021.[17]
The company had radio, Ethernet, STM, GSM, phone and fax encryption systems in its portfolio.
Machines:[18]
According to declassified (but partly redacted) US government documents released in 2015, in 1955 (just after encryption was added to the US Munitions List on November 17, 1954) Crypto AG's founder Boris Hagelin and William Friedman entered into an unwritten agreement concerning the C-52 encryption machines that compromised the security of some of the purchasers.[6] Friedman was a notable US government cryptographer who was then working for the National Security Agency (NSA), the main United States signals intelligence agency. Hagelin kept both NSA and its United Kingdom counterpart, Government Communications Headquarters (GCHQ), informed about the technical specifications of different machines and which countries were buying which machines. Providing such information would have allowed the intelligence agencies to reduce the time needed to crack the encryption of messages produced by such machines from impossibly long to a feasible length. The secret relationship initiated by the agreement also involved Crypto AG not selling machines such as the CX-52, a more advanced version of the C-52, to certain countries; and the NSA writing the operations manuals for some of the CX-52 machines on behalf of the company, to ensure the full strength of the machines would not be used, thus again reducing the necessary cracking effort.
Crypto AG had already earlier been accused of rigging its machines in collusion with intelligence agencies such as NSA, GCHQ, and the German Federal Intelligence Service (BND), enabling the agencies to read the encrypted traffic produced by the machines.[5][19] Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar Gaddafi of Libya was behind the West Berlin discotheque bombing in 1986.[20] President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation.
Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shapour Bakhtiar in 1991. On 7 August 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments deciphered this transmission, causing the Iranians to suspect their Crypto AG equipment.[21]
The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran.[22] Soon after Buehler's release Crypto AG dismissed him and sought to recover the $1m bail money from him personally. Swiss media and the German magazine Der Spiegel took up his case in 1994, interviewing former employees and concluding that Crypto's machines had in fact repeatedly been rigged.[23]
Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation."[citation needed] Subsequent commentators[24][25][26][27] were unmoved by this denial, stating that it was likely that Crypto AG products were indeed rigged. Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig instruction manuals for the machines on the orders of the NSA.[28][29] These claims were vindicated by US government documents declassified in 2015.[6]
In 2020, an investigation carried out by The Washington Post , Zweites Deutsches Fernsehen (ZDF), and Schweizer Radio und Fernsehen (SRF) revealed that Crypto AG was, in fact, entirely controlled by the CIA and the BND. The project, initially known by codename "Thesaurus" and later as "Rubicon" operated from the end of the Second World War until 2018.[1][30][13]
The Swiss government's decision to impose export controls on Crypto International AG in the wake of the Crypto AG disclosures caused diplomatic tensions with Sweden, reportedly leading to the latter cancelling plans to celebrate 100 years of diplomatic relations with Switzerland.[31][32] The export controls preventing Swedish authorities from obtaining equipment from Crypto International was reportedly a reason behind Sweden's decision.[31][32]
Original source: https://en.wikipedia.org/wiki/Crypto AG.
Read more |