Crypto AG is a Swiss company specialising in communications and information security. With headquarters in Steinhausen, the company is a long-established manufacturer of encryption machines and a wide variety[which?] of cipher devices.
The company has about 230 employees, has offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and does business throughout the world. The owner(s) of Crypto AG are unknown, supposedly even to the managers of firm, and they hold their ownership through bearer shares.
The company has been criticised for selling backdoored products to benefit the American and British national signals intelligence agencies, the National Security Agency (NSA) and the Government Communications Headquarters (GCHQ), respectively.
Crypto AG was established in Switzerland by the Russian-born Swede, Boris Hagelin. Originally called AB Cryptoteknik and founded by Arvid Gerhard Damm in Stockholm in 1920, the firm manufactured the C-36 mechanical cryptograph machine that Damm had patented. After Damm's death, and just before the Second World War, Cryptoteknik came under the control of Boris Hagelin, an early investor, and during the War essentially operated in the United States, where 140,000 units were made under licence as C-38 (see M-209). In the early 1950s, it was transferred from Stockholm to Steinhausen as a result of a planned Swedish government nationalisation of militarily important technology contractors, and was incorporated in Switzerland in 1952.
In 1994, Crypto AG bought InfoGuard AG, a company providing encryption solutions to banks.
The company has radio, ethernet, STM, GSM, phone and fax encryption systems in its portfolio.
According to declassified (but partly redacted) US government documents released in 2015, in 1955, Crypto AG's founder Boris Hagelin and William Friedman entered into an unwritten agreement concerning the C-52 encryption machines that compromised the security of some of the purchasers. Friedman was a notable US government cryptographer who was then working for National Security Agency (NSA), the main United States signals intelligence agency. Hagelin kept both NSA and its United Kingdom counterpart, Government Communications Headquarters (GCHQ), informed about the technical specifications of different machines and which countries were buying which ones. Providing such information would have allowed the intelligence agencies to reduce the time needed to crack the encryption of messages produced by such machines from impossibly long to a feasible length. The secret relationship initiated by the agreement also involved Crypto AG not selling machines such as the CX-52, a more advanced version of the C-52, to certain countries; and the NSA writing the operations manuals for some of the CX-52 machines on behalf of the company, to ensure the full strength of the machines would not be used, thus again reducing the necessary cracking effort. Crypto AG claims that the products it currently sells are not compromised.
Crypto AG had already earlier been accused of rigging its machines in collusion with intelligence agencies such as NSA, GCHQ, and the German Bundesnachrichtendienst (BND), enabling the agencies to read the encrypted traffic produced by the machines. Suspicions of this collusion were aroused in 1986 following US president Ronald Reagan's announcement on national television that, through interception of diplomatic communications between Tripoli and the Libyan embassy in East Berlin, he had irrefutable evidence that Muammar al-Gaddafi of Libya was behind the 1986 Berlin discotheque bombing in which two US service personnel were killed and another fifty injured. President Reagan then ordered the bombing of Tripoli and Benghazi in retaliation. There is no conclusive evidence that there was an intercepted Libyan message.
Further evidence suggesting that the Crypto AG machines were compromised was revealed after the assassination of former Iranian Prime Minister Shahpour Bakhtiar in 1991. On 7 August 1991, one day before Bakhtiar's body was discovered, the Iranian Intelligence Service transmitted a coded message to Iranian embassies, inquiring "Is Bakhtiar dead?" Western governments were able to decipher this transmission, causing Iranian suspicion to fall upon their Crypto AG equipment.
The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran. Soon after Buehler's release Crypto AG dismissed him and charged him the $1m. Swiss media and the German magazine Der Spiegel took up his case in 1994, interviewing former employees and concluding that Crypto's machines had in fact repeatedly been rigged.
Crypto AG rejected these accusations as "pure invention", asserting in a press release that "in March 1994, the Swiss Federal Prosecutor's Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation." Subsequent commentators were unmoved by this denial, stating that it was likely that Crypto AG products were indeed rigged. Le Temps has argued that Crypto AG had been actively working with the British, US and West German secret services since 1956, going as far as to rig manuals after the wishes of the NSA. These claims were vindicated by US government documents declassified in 2015.
Notes and references
- "Headquarters and regional offices worldwide". Crypto AG. Retrieved 6 January 2008.
- "Spionage: Unheimlich kooperativ". Bilanz (in German). 1 January 2013. ISSN 1022-3487. Retrieved 30 March 2017.
- (in French) Mehdi Atmani, "Agents doubles", Le Temps, Friday 21 August 2015, page 11.
- Corera, Gordon (28 July 2015). "How NSA and GCHQ spied on the Cold War world". BBC. Retrieved 9 October 2015.
- ""Wer ist der befugte Vierte?" Geheimdienste unterwandern den Schutz von Verschlüsselungsgeräten". Der Spiegel (in German). 2 September 1996. 36/96.
- Madsen, Wayne (1999). "Crypto AG: The NSA's Trojan Whore?". Covert Action Quarterly.
- Schneier, Bruce (15 June 2004). "Breaking Iranian codes". Crypto-Gram newsletter. Retrieved 9 October 2015.
- Shane, Scott; Tom Bowman (4 December 1995). "No Such Agency, part four: Rigging the game". The Baltimore Sun. pp. 9–11. Retrieved 9 October 2015.
- De Braeckeleer, Ludwig (29 December 2007). "The NSA-Crypto AG Sting". OhmyNews. Archived from the original on 29 December 2008.
- Grabbe, J. Orlin (2 November 1997). "NSA, Crypto AG, and the Iraq-Iran conflict". Archived from the original on 7 June 2007.
- Schneier, Bruce (11 January 2008). "NSA Backdoors in Crypto AG Ciphering Machines". Schneier on Security blog. Retrieved 9 October 2015.
- Baranyi, Laszlo (11 November 1998). "The story about Crypto AG". Archived from the original on 14 December 2010.
- Atmani, Mehdi (30 July 2015). "Depuis 1956, l'entreprise suisse Crypto AG collaborait avec le renseignement américain, britannique et allemand".
- Baranyi, Steven (30 July 2015). "Cryptologie: un lecteur du "Temps" raconte les dessous de l'alliance entre la Suisse et les Anglo-saxons".