CIA controlled global encryption company for decades, says report

Swiss government orders inquiry after revelations Crypto AG was owned and operated by US and German intelligence

The Swiss government has ordered an inquiry into a global encryption company based in Zug following revelations it was owned and controlled for decades by US and German intelligence.

Encryption weaknesses added to products sold by Crypto AG allowed the CIA and its German counterpart, the BND, to eavesdrop on adversaries and allies alike while earning million of dollars from the sales, according the Washington Post and the German public broadcaster ZDF, based on the agencies’ internal histories of the intelligence operation.

“It was the intelligence coup of the century,” the CIA report concluded. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”

The mention of five or six countries is probably a reference to the Five Eyes electronic intelligence sharing agreement between the US, UK, Canada, Australia and New Zealand.

The operation, codenamed Thesaurus and then renamed Rubicon in 1980s, demonstrated the overwhelming intelligence value of being able to insert flaws into widely sold communications equipment. The CIA’s success over many years is likely to reinforce current US suspicions of equipment made by the Chinese company Huawei.

Neither China or the Soviet Union bought Crypto encryption devices, suspicious of the company’s origins, but it was sold to more than 100 other countries.

Carolina Bohren, a spokeswoman for the Swiss defence ministry, said in an emailed statement: “The events under discussion date back to 1945 and are difficult to reconstruct and interpret in the present day context.”

Bohren said that following media inquiries about the company, the Swiss government appointed a former federal supreme court judge, Niklaus Oberholzer, in January to “investigate and clarify the facts of the matter” and report back to the defence ministry in June.

Meanwhile, Switzerland has suspended foreign sales of Crypto products.

At their height, Operations Thesaurus and Rubicon provided the US with a powerful intelligence edge. When Anwar Sadat and Menachem Begin were hosted by the former president Jimmy Carter at Camp David in 1978 to negotiate an Egyptian-Israeli peace accord, the US was able to monitor all Sadat’s communications with Cairo.

Iran was also a Crypto customer, allowing CIA and the National Security Agency (NSA) to spy on the revolutionary government in Tehran during the 1979 hostage crisis. US intelligence was also able to eavesdrop on Libyan officials congratulating each other on the 1986 bombing of a Berlin disco.

According to the CIA’s history, the US passed on intercepted communications about Argentinian military plans to the UK during the Falklands war, exploiting Argentina’s reliance on Crypto encryption equipment.

The CIA and BND agreed the purchase of Crypto in 1970 but, fearing exposure, the BND sold its share of the company to the US in the early 1990s. According to the Washington Post, the CIA continued to exploit the company until 2018, when it sold the company’s assets to two private companies.

One of those companies, CyOne Security, which is run by former top Crypto employees, issued a statement saying it could not comment on Crypto’s history.

“CyOne Security AG was founded in January 2018. The company operates exclusively in the Swiss market with a focus on state-of-the art security solutions for customers from the Swiss public sector,” the statement said. “Since the start of its business activities, CyOne Security has been 100% owned by four Swiss private individuals. It is completely independent of the former Crypto AG. CyOne Security has no ties with any foreign intelligence services.”

The firm did not respond to follow-up questions over how it could be completely independent of Crypto, having inherited its top staff.

Crypto’s foreign sales business was sold to a Swedish entrepreneur, Andreas Linde. He did not immediately respond to a request for comment but expressed shock when informed by journalists last month about Crypto’s history.

“If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers,” Linde was quoted as saying by the Washington Post, which described him as “visibly shaken”.

In a later interview, Linde said his company was checking all its products for hidden vulnerabilities.

“We have to make a cut as soon as possible with everything that has been linked to Crypto,” he said.

Crypto’s origins lie in the great conflicts of the 20th century. Its founder, Boris Hagelin, was born in Russia but fled to Sweden during the Russian Revolution. He escaped to the US when the Nazis invaded Norway in 1940, and sold his portable encryption machine to US forces.

In the US, Hagelin became friends with William Friedman, who is considered the father of American cryptology, and they remained close after Hagelin moved his company to Switzerland after the war. The two men made a secret agreement in 1951, in the Cosmos Club in Washington, to restrict sales of its sophisticated encryption products to countries approved by the US.

When encryption technology evolved from mechanical to electronic in the 1960s, the NSA manipulated the algorithms used by Crypto devices, so they could be quickly decoded. The company started making two versions of its machines – secure models sold to friendly governments and rigged systems for everyone else – before being taken over outright by the CIA and the BND.

The security of Crypto equipment began arousing suspicions after Ronald Reagan made public claims about US intercepts of Libyan officials involved in the 1986 bombing of the Berlin disco, La Belle. Iranian intelligence became suspicious and questioned a Crypto salesman, Hans Buehler, but took no action until about six years later, when they arrested Buehler as he was about to fly out of Tehran. Iran released him only after the company agreed to pay $1m, with funds provided by the BND.

Most of Crypto’s workforce was unaware of the company’s secret, but in 1977, an engineer who had grown suspicious of its algorithms was fired after he traveled to Damascus and fixed the vulnerabilities in the firm’s products operated by the Syrian government.

The link between US intelligence and Crypto was first reported by the Baltimore Sun in 1995, leading several countries to stop buying from the company. Bizarrely, however, Iran continued to purchase Crypto equipment for several years. Asked why he had not asked more questions about the company he was buying, Linde, the new owner of Crypto International, said he viewed the allegations as “just rumours”.


Julian Borger in Washington

The GuardianTramp

Related Content

Article image
US removed covert source in Russia due to safety concerns under Trump – report
Decision to carry out extraction made shortly after 2017 meeting in which Trump discussed sensitive intelligence with Russians, CNN reports

Martin Pengelly in New York, Luke Harding in London and Shaun Walker in Budapest

09, Sep, 2019 @4:00 PM

Article image
Russia investigated disappearance of suspected US spy as possible murder
Oleg Smolenkov hadn’t been seen after he went on holiday in 2017, but Russian authorities concluded he had fled abroad

Marc Bennetts in Moscow, Julian Borger in Washington and Luke Harding in London

10, Sep, 2019 @9:16 PM

Article image
European spies sought lessons from dictators’ brutal ‘Operation Condor’
CIA files show intelligence services wanted to learn from South America’s 1970s campaign of terror against leftwing subversion

Uki Goñi in Buenos Aires

16, Apr, 2019 @6:30 AM

Article image
Havana syndrome: NSA officer’s case hints at microwave attacks since 90s
When Mike Beck developed a rare form of Parkinson’s US intelligence concluded he was the victim of a hi-tech weapon

Julian Borger in Washington

02, May, 2021 @6:00 AM

Article image
Second German government worker suspected of spying for US
Accused reportedly works 'in military', as Berlin still reels after intelligence agent was accused of working for CIA last week

Philip Oltermann

09, Jul, 2014 @5:20 PM

Article image
Stasi files row as Britain refuses to return documents to Germany
The files, obtained by the CIA after the fall of the Berlin Wall, name Britons who spied for East Germany in cold war

Helen Pidd in Berlin

28, Dec, 2011 @10:04 PM

Article image
Germany 'may revert to typewriters' to counter hi-tech espionage
NSA inquiry head Patrick Sensburg claims communications technology mistrusted in wake of US spying allegations

Philip Oltermann in Berlin

15, Jul, 2014 @6:04 PM

Article image
Berlin exhibition questions CIA's influence on global art scene
The Trump era has prompted Germany to review the historic effects of America’s soft power, and debate Berlin’s future relationship with Washington

Philip Oltermann in Berlin

04, Dec, 2017 @5:00 AM

Article image
Curveball doubts were shared with CIA, says ex-German foreign minister
Joschka Fischer accuses former CIA chief George Tenet over his knowledge of Iraqi defector's sketchy background

Helen Pidd in Berlin

17, Feb, 2011 @2:08 PM

Article image
Russia accuses cybersecurity experts of treasonous links to CIA
Rumours swirl of connection to revelations about US election hacking, as state media says Sergei Mikhailov and Dmitry Dokuchayev ‘betrayed their oath’

Shaun Walker in Moscow

31, Jan, 2017 @11:19 PM