Crypto AG is a Swiss company specialising in communications and information security. With headquarters in Steinhausen, the company is a long-established manufacturer of encryption machines and a wide variety of cipher devices. The company has about 230 employees, has offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and does business throughout the world.
Crypto AG was established in Bern by Russian-born Swede, Boris Hagelin. Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before World War II, Cryptoteknik came under the control of Boris Hagelin, an early investor, and during the War essentially operated in the United States, where 140,000 units were made under licence as C-38 (see M-209). In the early 1950s, it was transferred from Stockholm to Zug as a result of a planned Swedish government nationalisation of militarily important technology/contractors, and was incorporated in Switzerland in 1952.
Crypto AG has a sister company, InfoGuard AG.
Crypto AG has Layer 1,2,3 devices at very high speed such as 10 Gbit/s with unnoticeable delays. The company has radio, ethernet, STM, GSM, phone and fax encryption systems in its portfolio.
Crypto AG has been accused of rigging its machines in collusion with intelligence agencies such as the German Bundesnachrichtendienst (BND) and the United States National Security Agency (NSA), enabling such organisations to read the encrypted traffic produced by the machines. Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar al-Gaddafi of Libya was behind the 1986 Berlin discotheque bombing in which two US service personnel were killed and another fifty injured. President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation. There is no conclusive evidence that there was an intercepted Libyan message.
Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shahpour Bakhtiar in 1991. On August 7, 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments were able to decipher this transmission, causing Iranian suspicion to fall upon their Crypto AG equipment.
The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG paid a $1m ransom to Iran. Soon after Buehler's release Crypto AG dismissed him and charged him the $1m. Swiss media and the German magazine Der Spiegel took up his case in 1994, pursuing the question of whether Crypto's machines had in fact been rigged by Western intelligence.[dead link]
Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third-parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation.". Subsequent commentators  are unmoved by this denial, stating that it is likely that Crypto AG products were indeed rigged.
In 1982, James Bamford confirmed the story in his book The Puzzle Palace ,on the NSA:The operation was codenamed the "Boris project." In effect, Friedman and Hagelin had reached an agreement that was going to pave the way to cooperation of Crypto AG with the NSA.
- "Headquarters and regional offices worldwide". Crypto AG. Retrieved 2008-01-06.
- ""Wer ist der befugte Vierte?" Geheimdienste unterwandern den Schutz von Verschlüsselungsgeräten". Der Spiegel (in German). 1996-09-02. 36/96. ]
- Madsen, Wayne (1999). "Crypto AG: The NSA's Trojan Whore?". Covert Action Quarterly.
- Schneier, Bruce (2004-06-15). "Breaking Iranian codes". Crypto-Gram newsletter.
- Shane, Scott; Tom Bowman (1997-03-08). "No Such Agency, part four: Rigging the game". The Baltimore Sun. pp. 9–11.
- De Braeckeleer, Ludwig (2007-12-29). "The NSA-Crypto AG Sting". OhmyNews. Archived from the original on 2007-12-29.
- Grabbe, J. Orlin (1997-11-02). "NSA, Crypto AG, and the Iraq-Iran conflict". Archived from the original on 2007-06-07.
- Schneier, Bruce (2008-01-11). "NSA Backdoors in Crypto AG Ciphering Machines". Schneier on Security blog.
- Baranyi, Laszlo (1998-11-11). "The story about Crypto AG".