|Headquarters||Steinhausen (Canton of Zug), Switzerland|
Crypto AG is a Swiss company specialising in communications and information security. With headquarters in Steinhausen, the company is a long-established manufacturer of encryption machines and a wide variety of cipher devices. It is criticised for its links with the American National Security Agency and the British Government Communications Headquarters.
The company has about 230 employees, has offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and does business throughout the world. The owner(s) of Crypto AG are unknown, supposedly even to the managers of firm, and they hold their ownership through bearer shares.
Crypto AG was established in Switzerland by the Russian-born Swede, Boris Hagelin. Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before the Second World War, Cryptoteknik came under the control of Boris Hagelin, an early investor, and during the War essentially operated in the United States, where 140,000 units were made under licence as C-38 (see M-209). In the early 1950s, it was transferred from Stockholm to Zug as a result of a planned Swedish government nationalisation of militarily important technology contractors and was incorporated in Switzerland in 1952.
In 1994, Crypto AG bought InfoGuard AG, a company providing encryption solutions to banks.
The company has radio, ethernet, STM, GSM, phone and fax encryption systems in its portfolio.
Crypto AG has been accused of rigging its machines in collusion with intelligence agencies such as the German Bundesnachrichtendienst (BND), the British Government Communications Headquarters (GCHQ) and the United States National Security Agency (NSA), enabling such organisations to read the encrypted traffic produced by the machines. Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar al-Gaddafi of Libya was behind the 1986 Berlin discotheque bombing in which two US service personnel were killed and another fifty injured. President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation. There is no conclusive evidence that there was an intercepted Libyan message.
Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shahpour Bakhtiar in 1991. On 7 August 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments were able to decipher this transmission, causing Iranian suspicion to fall upon their Crypto AG equipment.
The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran. Soon after Buehler's release Crypto AG dismissed him and charged him the $1m. Swiss media and the German magazine Der Spiegel took up his case in 1994, interviewing former employees and concluding that Crypto's machines had in fact repeatedly been rigged.
Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation." Subsequent commentators  are unmoved by this denial, stating that it is likely that Crypto AG products were indeed rigged. Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig manuals after the wishes of the NSA.
Notes and references
- (French) Mehdi Atmani, "Agents doubles", Le Temps, Friday 21 August 2015, page 11.
- "Headquarters and regional offices worldwide". Crypto AG. Retrieved 2008-01-06.
- Leo Müller. "Espionage: A Spooky Cooperation" (PDF). Bilanz.
- ""Wer ist der befugte Vierte?" Geheimdienste unterwandern den Schutz von Verschlüsselungsgeräten". Der Spiegel (in German). 1996-09-02. 36/96. ]
- Madsen, Wayne (1999). "Crypto AG: The NSA's Trojan Whore?". Covert Action Quarterly.
- Schneier, Bruce (2004-06-15). "Breaking Iranian codes". Crypto-Gram newsletter.
- Shane, Scott; Tom Bowman (1997-03-08). "No Such Agency, part four: Rigging the game". The Baltimore Sun. pp. 9–11.
- De Braeckeleer, Ludwig (2007-12-29). "The NSA-Crypto AG Sting". OhmyNews.
- Grabbe, J. Orlin (1997-11-02). "NSA, Crypto AG, and the Iraq-Iran conflict". Archived from the original on 2007-06-07.
- Schneier, Bruce (2008-01-11). "NSA Backdoors in Crypto AG Ciphering Machines". Schneier on Security blog.
- Baranyi, Laszlo (1998-11-11). "The story about Crypto AG".
- Atmani, Mehdi (2015-07-30). "Depuis 1956, l’entreprise suisse Crypto AG collaborait avec le renseignement américain, britannique et allemand".
- Baranyi, Steven (2015-07-30). "Cryptologie: un lecteur du "Temps" raconte les dessous de l’alliance entre la Suisse et les Anglo-saxons".