back to article Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked

Swiss encryption machine company Crypto AG was secretly owned by the CIA and a West Germany spy agency at the height of the Cold War, according to explosive revelations in Swiss and German media today. Although rumours had swirled for decades around Crypto AG and the backdooring of its products by the West – cough, cough, NSA …

Page:

  1. Wellyboot Silver badge

    The two nations agreed to let Swiss spies in on their secret

    Unless anyone thinks they were let in on the operation because it was "Be nice to the Swiss" week, it sounds to me that the Swiss have a reasonably good security agency over there and found out who the ultimate owners were.

    1. Claptrap314 Silver badge

      Re: The two nations agreed to let Swiss spies in on their secret

      It sounds to me more like, "we don't want to **** off the Swiss, so let's read them in at the beginning". But in either event, I would expect the Swiss to have a pretty solid security service. You really cannot keep their reputation without it.

      1. Doctor Syntax Silver badge

        Re: The two nations agreed to let Swiss spies in on their secret

        "You really cannot keep their reputation without it."

        This hasn't done that reputation much good.

        1. Claptrap314 Silver badge

          Re: The two nations agreed to let Swiss spies in on their secret

          Your understand of their reputation and mine are rather different, apparently.

    2. phuzz Silver badge

      Re: The two nations agreed to let Swiss spies in on their secret

      The Swiss were unlikely to become direct enemies of Germany and the US, so why not chat to some of their top spies, let them in on the idea, and probably sweeten the deal by promising to let them in on anything that might concern them, all they have to do is look the other way...

      What's the chances that the finances for the whole operation went through some Swiss banks as well, that way everyone gets their cut.

  2. Anonymous Coward
    Joke

    "over a hundred states paid billions of dollars for their state secrets to be stolen"

    So kind of like being a Microsoft shop, then? :)

    (Thank you!! I'm here all week!!!)

    1. Paul Crawford Silver badge
      Devil

      Re: "over a hundred states paid billions of dollars for their state secrets to be stolen"

      You are welcome. But I'm here till the end of time =>

  3. cantankerous swineherd

    have to wonder about the likes of threema and protonmail trumpeting their swissness...

  4. Long John Silver
    Pirate

    Perhaps I misunderstood but ...

    Some of the discussion concerns feasibility of governments, commerce, etc., creating in-house encryption technology rather than reliance upon external suppliers. I grasp how such reliance may have been necessary for all but very big players during the early Cold War period but not in its latter days nor now.

    Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical. Given expected large traffic flow, pre-WW2 encryption/decryption using cypher clerks with pencil and paper became impracticable, so mechanical aids were introduced. Design and manufacture was both a highly skilled task and very expensive. Recipients of these devices would indeed be unwise to attempt their own modifications to the mechanism, there being risk of a botched job increasing vulnerability rather than improving security.

    Gradual post-WW2 introduction of digital computers could not at its early stages easily benefit people engaged in encrypted/obfuscated communication. National agencies in some NATO countries and in the USSR immediately latched onto the new technology as aid to breaking encryption but rarely could deploy it to enhance encryption when messages were transmitted between local 'head office' and remote outposts; early digital computers were expensive, took up a lot of space, were temperamental, and required dedicated technicians to keep them operating: hardly things to be installed in the average embassy and consulate. Similarly, for military communication it may have been feasible to house digital computers on aircraft carriers for secure communication with base but not on aircraft, submarines, or with mobile ground forces.

    Only upon advent of minicomputers and especially of what now are known as desktop devices could centres communicate at higher levels of security with peripheries, and could outstations thus communicate amongst themselves.

    Software mediated encryption/decoding changed the game utterly. It cannot have been widespread much before the 80's and soon thereafter it became common in commercial settings and eventually for individual users. As someone here mentioned, home-brew encryption algorithms are fraught with dangers unless devised, and evaluated, by highly skilled and experienced people. However, there is little need for this other than in centres like the NSA, GHQ, and equivalents elsewhere. Open source algorithms, most scrutinised by many people outside state agencies, have been available for three decades and more. None such can be declared free of vulnerabilities, these either intrinsic or arising from a range of code-breaking techniques some of which are brute force and others more subtle; as supercomputer technology advances and becomes more cheaply available then so must feasibility of even brute force methods.

    Yet, that's not the point. Nobody, professional or amateur, need fiddle with extant algorithms or attempt to make new ones in a hurry. A set of algorithms can easily be assembled to sequentially encrypt/decrypt. Indeed, this nowadays is commonly done. For very secure communication among designated individuals the chosen algorithms and their order of use can be kept private. For general use, openly published combinations offer considerable resistance to brute force attack. Nowadays simple 'consumer' devices are capable of immensely complicated computation with multiple algorithms.

    One assumes agencies intent on decrypting private communications (military, diplomatic, commercial, personal, and criminal) have developed elaborate automated means for digging into encrypted communications to gain insight into the techniques used and to best target known means of attack. However, even these tools can be stymied, as we shall see, by very simple means when communication is between designated persons/agencies (e.g. embassies) each in possession of the master template.

    What fool would these days use letter substitution? A non-fool might incorporate this obfuscation technique in his sequence of algorithms. What's more letter mappings could be triggered to differ according to some simple circumstance dictated by the message sender and known to the recipient. Incorporating naive obfuscation methods, of which there are many, into sequential encryption makes more difficult the task of code-breakers imagining their opponents to be highly technologically orientated. Another, rather better, simple minded approach entails taking the entire message as a sequence of binary digits and then interleaving the digits according to specified (changeable between messages) rules. Even should the attacker be able to break complicated individual algorithms by subtle means he is obliged to consider need for brute force at unspecified stages in the decryption process; the longer the message (perhaps padded) the greater the force needed. The upshot being of simple obfuscation, not necessarily resource intensive, adding confusion to the mix.

    1. Peerie

      Re: Perhaps I misunderstood but ...

      The spy agencies don't really need your crypto keys since they already own the operating system, be it Windows, Unix or whatnot.

      But they like to collect them just the same. Do you remember that five years ago the NSA & British GCHQ hacked a SIM card maker to steal encryption keys.

    2. Cave-Homme

      Re: Perhaps I misunderstood but ...

      “What fool would these days use letter substitution?“

      These “fools” who are yet to be deciphered, some after hundreds of years?

      https://en.wikipedia.org/wiki/Category:Undeciphered_historical_codes_and_ciphers

    3. Arthur Daily

      Re: Perhaps I misunderstood but ...

      You DONT have to roll your own. WireGuard / Salsa is sufficient if you have good key hygiene.

      Paranoid? Other crypto libraries are available. Just make sure you compile SSL and ONLY have three or so algorithms and nothing to fall back to. The three letter mobs have enjoyed complicated protocol fallbacks and defective checksum/certificate checking . Failing that, auto updates can be another way in for difficult punters. Plus horrible 'Management' chips on the motherboards. That screams compromised.

      Plus the IOT thing means you can impose a raspberry PI as a pass through router/encryption box with keys on USB sticks that NEVER touch your main computer. But if paranoid, compile a passthrough on an obsolete CPU type with no baggage, no onboard bootstraps, and no cpu buffer speculative execution leaks such as MIPS.

      Then get a zener diode and a transistor and generate lots of random noise, and pretend to swap torrents. If you buy off the shelf, all bets are off.

    4. phuzz Silver badge

      Re: Perhaps I misunderstood but ...

      "Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical."

      Enigma machines were electro-mechanical. Each of the code wheels was full of wires, and each time it turned it changed what was (electricially) connected where, thus scrambling the input.

  5. First Light

    Ireland?

    I assume spying on Ireland had to do with NI-related stuff. Otherwise in the old days, I can't see how it was that interesting (I grew up there).

    Nowadays with all the data centres, it might be worth a look-see from an intelligence agency's perspective.

    1. GrumpyKiwi

      Re: Ireland?

      Also Ireland is not, and never has been a NATO member.

      1. Yet Another Anonymous coward Silver badge

        Re: Ireland?

        So it was important to know, in the event of a Nato/cccp thermonuclear war in Europe, which bloc Eire would throw its military weight behind

        1. GrumpyKiwi

          Re: Ireland?

          Yes those 10 armoured cars and five aircraft would make a real difference.

  6. Version 1.0 Silver badge
    Big Brother

    It is not news

    Come on, you would have to be a typical innocent to have ever thought that every encryption corporation was not "owned" in some way. Every government is pushing for backdoors in all encryption methods because they can't break the encryption - MRDA applies and has always applied.

    But encryption is OK, most common encryption methods are not broken in public at least - you might be safe from the wife, your employer, or the police but someone somewhere can read it if they want to but they are never going to admit it in public.

    1. Anonymous Coward
      Anonymous Coward

      Re: It is not news

      "Come on, you would have to be a typical innocent to have ever thought that every encryption corporation was not "owned" in some way."

      Um...what about THEIR OWN communications? Don't they want THOSE to be secure? And they can't trust ANY encryption with a backdoor to remain secure because they always have to worry about a double agent.

  7. Anonymous Coward
    Anonymous Coward

    What's so bad about private ciphers?

    1. Just use a book cipher. One of the Beale Papers has still not been deciphered after more than 100 years.

    2. Make sure that the message has unknowable end points (such as a post in El Reg -- from an AC, readable by who-knows-who).

    *

    0mWt1CZe1LuS0WCe14SX0j8A12dO0i9H1Bkg0w27

    10V11H3G01BS0zcr1D8b0BOu19l71Hxo0dso1X6O

    0XvY08Y90E9Q1PZG1AL61Zk=1Xn21XUu1iMr1V4Y

    1VOg17CB09Y1095Y0osf0byJ0i0e0X4F0Ucc0VQc

    0kjV0w3O18Br04XO0f$x1LuZ11yg0Olk0s6z0ouP

    0Lwm0wIn0P220RcK14eT0heb1jY$16Z50MrH0Nvc

    0Xsz17421UhC0hBs0ISx0U$q0NqD0wK51MGK171X

    0=Po0oCz1SOG1n0C1j0o1MQg0S=A16Uy0yRD0fyn

    18fo17CI1M3W1gwO0k480Zzi1Iub0XFy0Asd0lBW

    0sxL1Exg1maQ0K3q1hfP1CBR0mW71Blu0LRH0KdX

    0bvb0qco0XTn0j2$1MEq0J=Y1emt0Ww30zfH1PP0

    1ReF0atJ0OqQ1WdZ0UtS05FN0nY=12ve1DzZ1XlR

    05yb0sTr02oF1E2Q0oC21dg01Vu$0vLH0=3D0vwT

    0Sv50Xys0yy11VD81cB2163g0XOd0o1=08dH1LQ=

    12ZE0M$X0VVg02ke1HjU1H9y0=cm0H4M0=rg0PSe

    0tSq1JLI0x4M0AET1kS30NiD1eVq1Lms19r30WOn

    0W2S0x6V0jDG0sil0$C41V6Y10Ki1Zbr0VHR0VY8

    05cS09ew1WSb0RIn1B$j0UhW1liB0H$B19K71aPN

    1J6l0Xum1TJQ0gWc0qJg0TgI0qtL05$G1LIq0C7I

    1cKT1iXx1L4j0TIw0fZb0lln0CdA05IF1fgD1F13

    0c8P086H1JJJ18531GyW00P00GE40P9Y

    *

    1. Anonymous Coward
      Anonymous Coward

      Re: What's so bad about private ciphers?

      1. If one of the Beale Papers hasn't been decoded by now, odds are it can never be decoded as the key to it has probably been lost, meaning it's useless.

      2. The key to a book cipher is to use something all parties have in common, and it pretty much can't be something an outside party has access (so nothing available to the Library of Congress, for example; it would have to be something like an unpublished text). As for dead-dropping, the availability of timestamping just about anything on the Internet, publicly-posted or not, can allow for time correlation, which is one known way of identifying accomplices.

      PS. How resistant is a book cipher against a quantum computer and Shor's Algorithm?

      1. Anonymous Coward
        Anonymous Coward

        Re: What's so bad about private ciphers?

        Item #1. The point is that the message has not been deciphered IN PUBLIC. This does not mean that no one has read it....SOMEONE out there may know what it says! So....not necessarily "useless"!

        Item #2. Shor's Algorithm is about finding the prime factors of some huge number...i.e. looking to break ciphers like PGP or RSA. But suppose a book cipher is used......no huge prime numbers. And suppose that the book has been randomised. In that case the snooper (if they know which book) has to search through a very large number of possible random sequences. In the case of a "book" like linux.words, the number of possible random sequences is a number two million decimal characters long. Good luck with that!

        *

        And you ddn't comment about unknown end points. Having the deciphered message is one thing....knowing who is involved is quite another thing.

  8. Arachnoid

    Without a key the source is difficult

    "Is de Gaulle's prick//Twelve inches thick//Can it rise//To the size//Of a proud flag-pole//And does the sun shine//From his arse-hole?"

  9. Steve Crook

    Explosive docs?

    So Q has been at it again?

  10. Mike 137 Silver badge

    So much for banning Huawei

    In view of the US ban on Huawei kit, the message seems to be "Only we are allowed to spy on people". Gooooooogle seem to be saying much the same when they bark about the importance of user privacy. What a world we've inherited.

  11. Arachnoid

    dead-dropping

    Set up a battery powered pseudo mobile Wifi Hotspot near say the local Mcdonalds with onboard storage , all the sender and recipient has to do is log in to transfer the data with little risk of interception as it never hits the NSA internet servers.

    1. Graham Cobb Silver badge

      Re: dead-dropping

      Doesn't sound any better than just leaving the SD card in a flowerpot outside said McDonalds. If the opposition know it is there it is trivial for them to replace with their own hotspot and capture all sorts of info about the device which connect to it. If they don't, then the sdcard on the ground is just as good.

  12. Toilet Duk

    And this why I trust no electronic comms whatsoever. Every VPN, every "secure" service is compromised, usually by design. Face-to-face communications, couriers and one-time pads are the way to go.

    1. Claptrap314 Silver badge

      Key management for one-time pads is a bear.

      Just sayin'.

    2. Anonymous Coward
      Anonymous Coward

      Not to mention face-to-face communications may have you seeing Mallory or Gene pretending to be Bob. Plus couriers and even top-tier men can be tailed or doubled. Remember how they got bin Laden...

  13. one crazy media

    Lesson is very simple.

    It is known fact that every country spies on every other country, friend of foe.

    If you want to keep your national secrets, secret make your own.

    This is not the end or the beginning and spying will continue unabated and intensively.

    No one trusts anyone.

    We humans are selfish, greedy untrustworthy animals!

  14. Jake Maverick

    old news...but these days it's irrelevant as their isn't an operating system available that hasn't been compromised/ back doors builtin by these 'people' :-(

  15. John Savard

    Out of Control

    I have to wonder why this was leaked.

    It's not as if you can call it whistleblowing. This isn't the CIA or NSA doing something that involves monitoring ordinary citizens of the U.S. to create a surveillance state - or even ordinary citizens of other countries. This is eavesdropping on the secret communications of foreign governments, particularly including hostile ones.

    I thought that constitutes doing their job. So what is the motive for the leak? To ruin Donald Trump's morning? To make a big spectacle of Trump going after their source that is presumed to be damaging to him electorally?

    It would serve the public interest if thie were evidence the CIA and/or NSA were out of control, trying to subvert U.S. democracy. There doesn't appear to be anything of the sort to see here, however.

    1. Claptrap314 Silver badge

      Re: Out of Control

      Embarrassing Republican administrations is a WaPo specialty.

    2. werdsmith Silver badge

      Re: Out of Control

      I would say that the timing of the revelation is interesting considering what’s going on with Huawei right now.

  16. Anonymous Coward
    Anonymous Coward

    RE. Out of Control

    I note that the folks at Cheltenham have yet to decode the chip(s) I sent them.

    Intriguingly it suggested a possible BIOS, optical drive and USB malware that is otherwise unknown and alas I sent them the only sample that wasn't in use (now isolated and offline!)

    Not sure but could the issue with FTDI have been some sort of experiment that went wrong? It was once suggested that the whole FTDIGate fiasco was actually a secret project to prevent counterfeit chips with possible embedded spyware from stealing valuable information.

  17. herman
    Black Helicopters

    Old hat

    This is very old news - fossilized fish wrap. It was documented in Cryptome - remember Cryptome grampaw? Yes, it is that old.

  18. HammerOn1024

    Ladies and Gentleman...

    Ladies and Gentleman... HAHAHAHAHAHAHHAHAHAHAHAHAHahahaahahaahahaahahaha!

    AAAAAAahahhahahahahaahahahahahahahahahahahahahahahaahahahahahahaaaaa!

    <falls to floor>

    SUCKERS!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon