Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked Swiss encryption machine company Crypto AG was secretly owned by the CIA and a West Germany spy agency at the height of the Cold War, according to explosive revelations in Swiss and German media today. Although rumours had swirled for decades around Crypto AG and the backdooring of its products by the West – cough, cough, NSA …
So, success then !
And, obviously, it is a "different company" with a "different owner, different management and a different strategy" and found the reports very "distressing"
Yeah, I'll bet. Their yearly result is likely going to find things "distressing" as well.
But the Chinese didn't know and would never pressure Huawai to do this in the past, present or future. Only the Americans and West Germans would do this ha ha.
Obviously I'm poking fun at the UK Gov't.
Huawai, Crypto AG or whomever you choose to trust - if it's going to protect my top-secret secrets, I'm not trusting one maker alone. If the information to be protected is that precious, I should probably invest in another layer.
Now you just have to find independent manufacturers that do not conspire...
And NSA expects us to just roll over and let them do it some more with today's encryption. They would be better off just doing some old fashion gum shoe work, and do what hackers do - infect the devices with malware to spy on the end points. It is probably even more effective, because it keeps the enemy guessing at just how much the opposition knows. Nation state bad actors have been doing it successfully for decades.
This post has been deleted by its author
We go through this every time. Unless "you" have the education--which would be a PhD in Algebra (one particular branch of mathematics) with some post-doc in crypto, "you" don't have the ability to make a secure cyper, period.
Rough quote from a discussion between Phil Zimmerman and someone at the NSA.
"We don't let anyone design algorithms until they have 'earned their bones' breaking them for a decade." I remarked that that would disqualify almost everyone. "Indeed. And that makes our work so much easier."
Designing a secure cipher is not that hard, provided it's just a secret-key cipher.
It's not trivial, either. If it's a block cipher, is it hardened against differential and linear cryptanalysis? What combining mode are you using? If it's a stream cipher, does it suffer from the sort of higher-order correlations that took down RC4? (It's worth noting that RC4's weaknesses are not intuitively obvious; it might be the simplest reasonably-strong machine cipher ever invented.)
Implementation is worse. Is your implementation secure against timing side channels? Is it secure against generic errors (out-of-bounds operations, for example) which could compromise it?
Also, key distribution isn't necessarily a problem, because secure anonymous key exchange is available, if you have some post-Kx or out-of-band way to verify identity. PKI isn't the only solution to the key-distribution problem.
"PKI isn't the only solution to the key-distribution problem."
Nonetheless it's a fairly good one - after describing how PGP worked to a few people who happened to be retired spooks, the response I got was "we were doing that in the 1950s. Has it taken this long to catch up?"
You can't write something from scratch and use it for communication with other countries...just like you have to use whatsapp/viber/messenger/telegram/etc. instead of your own messaging app .... 41R
Oh? I think one certainly can, 41R, for you have done practically all of that here for everywhere else with your offering above on El Reg.
IT aint rocket science, for it is much more complicated than that but some things are kept extremely easy for all the best of perfect reasons .......... and relatively free and practically simple solutions for unpleasant and unnecessary problems is just one of them.
It's not about skills, science, even cost, it's about 'industry' standards and acceptance. You can be corporation/bank with endless resources and in-house-built-from-scratch comm systems but you still have to use skype/slack/webex because of the others. Same goes for criminals (cartels, etc.), governments and other organizations
It's not about skills, science, even cost, it's about 'industry' standards and acceptance. You can be corporation/bank with endless resources and in-house-built-from-scratch comm systems but you still have to use skype/slack/webex because of the others. Same goes for criminals (cartels, etc.), governments and other organizations .... 41R
Methinks, 41R, that reveals everything revolves around and is fully dependent upon and also catastrophically vulnerable to skills in users that share greater intelligence via ubiquitous means either both secret and exclusive in a private sector or readily widely available and popular with the masses/public sector.
And skills in users in that regard is really just a euphemism for prime use of considerably more advanced greater intelligence proving itself to be, to that and those in its sights for intervention, impregnable and problematical. Such though is best realised as being a quite normal default progression in the field.
No. The whole point of publishing and widely dissmeinating crypto algorithms and code is to bring the broadest, deepest and most expert range of challengers devoted to knocking it down and finding vulnerabilities.
I would not trust crypto that only I had authored and only I had the opportunity to analyse for weaknesses. That would be crazy.
I'd bet you good money that even a guru like Bruce Schneier would say exactly the same. The best crypto is utterly transparent in algorithm and code, and has been hammered away at by experts of every stripe.
I trust crypto which the world's best minds have tried and failed to break—even knowing exactly how it works.
It is true that you have to trust whoever provides your (and your communication partners') implementations. So that leaves two sensible approaches for (so-called) non-aligned countries to use for diplomatic cables:
1) Align themselves with one of the big powers (US, Russia, China) and accept that they will be reading all the traffic and act accordingly. This includes realising that they will decide who they will share it with (which could include their enemies, or even the public. if it served a useful purpose for them).
2) Find an "independent" supplier with a strong reputation, which it will strenuously protect. Crypto AG, and Switzerland, seemed to meet that criterion. However, it turned out they were proxies of the US after all.
The biggest damage here is to the Swiss reputation for neutrality. The surprise isn't that Crypto AG was backdoored, it is that the Swiss knew about it and let it continue.
"The biggest damage here is to the Swiss reputation for neutrality. The surprise isn't that Crypto AG was backdoored, it is that the Swiss knew about it and let it continue."
The Swiss reputation for neutrality ended when the US browbeat and threatened Switzerland with sanctions over their vaunted bank account privacy.
Nah. That's just money. Switzerland's (former) reputation for banking privacy made Switzerland a lot of money, which is now reduced.
Neutrality, however, threatens the safety of their nationals and maybe even the whole existence of their country. In the 20th century wars it was convenient for all protagonists to have a (small) country that was truly neutral. Now that Switzerland has shown itself allied to the US it has become no better than Spain was in WW2 - maybe not an active protagonist but clearly supporting one side.
If I was Swiss, living in or visiting Iran or Iraq, I would be a lot more worried about being targetted as a suspected US spy now.
This post has been deleted by its author
The Swiss still have banking secrecy it's only being broken by whistleblowers. Bradley Birkenfeld is a very wanted man in Switzerland. The banking association basically write the laws regarding this. What the Swiss want you to believe is that they'll cooperate with enquiries about account holders. Good luck with that in practice.
This is really bad news for some companies. I know one country (I will not mention their name) who built a military satcoms system that use CryptoAG kit to provide COMSEC. They must now be wondering whether their entire communications system has been compromised. Some security bods are going to have a *very* bad month ahead of them.
People in general being too stupid to live, it's not always necessary to compromise the machines. In "Spycatcher", Peter Wright described how the machines at the French Embassy in London leaked the cleartext as electrical noise over the same phone lines used to send the encrypted messages. Then also there was the US Navy spy who simply purloined the paper tapes used in their machines, which were not secured. As he said "KMart has better security than the Navy".
The BND is just a GERMan speaking CIA outlet. They helped them to start the war against Iraq, by torturing an Iraqi until he told the lie they want him to tell (see: “Curveball”). They started the war in Sudan for the US, by delivering tanks and other weapons to both sides - “rebels” and government (see: “We’re Going to Take out 7 Countries in 5 Years: Iraq, Syria, Lebanon, Libya, Somalia, Sudan & Iran”). They have been spying on their own (strongly forbidden) for the US. All to no avail.
So this is why Huawei is so evil, eh?
I just love how the WaPo works so hard to make this sound immoral. What are spies supposed to do? Limit themselves to pawing through garbage?
Just because the bullets aren't flying by the tens of thousands does not mean that there isn't a war on.
To those who have been mock the concerns about Huawei--it's been done before.
Finally, at a country level, crypto is one of those things that you cannot cheap out on, and you must be VERY careful about outsourcing. If your country is poor, I'm sorry.
What are spies supposed to do? Limit themselves to pawing through garbage?
How about acting according to what their governments say they're standing for?
How are you ever going to trust a government that tramples over all the 'values' it says it stands for whenever it's convenient?
Aren't we supposed to be the 'good guys'?
How can you take the moral high ground if you're just as bad (or worse) than the so-called 'bad guys'
This is pure hypocrisy and hypocrites cannot be trusted with anything. Least of all the freedom and wellbeing of the citizens they are supposed to answer to in a (supposed) democracy.
The question of, "who do we trust enough not to **** us that we don't need to worry about what they are really up to?" is a critical (if uncomfortable) question. If that list is not empty, you need to be spying. The fact that the Germans objected to spying on Italy, which betrayed their government in both World Wars is...touching? hilarious? sad? Allies and friends are not the same thing. You don't spy (much) on your friends.
But if you trust people to be good to you because they say so, your expected lifespan as a nation is quite limited.
T.B.H. I am not toooo concerned about spy agencies spying on me, as long as it concerned with terrorism, it is more about EVERY OTHER Goverment agency that would want AND get access to all that lovely information and then letting all their industry friends have it as well (for a price or free)
No, when you are in the business, "stealing secrets" is not a dirty business, it's just your job. Your boss assures you that it needs to be done for the greater good and it's what your employer pays you for and tells you it's your duty - most of the time you're just doing the work because it needs to be done. There's a reason I'm posting that anonymously because it was once (a very long time ago) my job.
>> "stealing secrets" is not a dirty business
90% of the "secrets" are out in the open anyway, for those who care to look and put the pieces together.
WHich makes it kinda awkward for a spook who accuses someone in open court of blowing open that GCHQ was spying on Turkey to then have it proven that the information being disclosed was actually taken from open sources (including newspapers)..... It's an admission you can't walk back after you've uttered it.
" What are spies supposed to do? Limit themselves to pawing through garbage?"
The vast majority of espionage is done in the public reading rooms of local libraries - looking at local newspapers and correlating stories that don't seem to percolate through to the larger dailies or which seem to abruptly halt, along with checking up on letters to the editor complaining about XYZ activity.
"Pawing through garbage" is usually done to confirm suspicions rather than to find new stuff.
As with Duncan Campbell's investigations - there's an awful lot out there in the open that simply needs piecing together - and if you're using "Someone else's crypto" as your sole line of defence then you've probably already been compromised
It sounds to me more like, "we don't want to **** off the Swiss, so let's read them in at the beginning". But in either event, I would expect the Swiss to have a pretty solid security service. You really cannot keep their reputation without it.
The Swiss were unlikely to become direct enemies of Germany and the US, so why not chat to some of their top spies, let them in on the idea, and probably sweeten the deal by promising to let them in on anything that might concern them, all they have to do is look the other way...
What's the chances that the finances for the whole operation went through some Swiss banks as well, that way everyone gets their cut.
Some of the discussion concerns feasibility of governments, commerce, etc., creating in-house encryption technology rather than reliance upon external suppliers. I grasp how such reliance may have been necessary for all but very big players during the early Cold War period but not in its latter days nor now.
Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical. Given expected large traffic flow, pre-WW2 encryption/decryption using cypher clerks with pencil and paper became impracticable, so mechanical aids were introduced. Design and manufacture was both a highly skilled task and very expensive. Recipients of these devices would indeed be unwise to attempt their own modifications to the mechanism, there being risk of a botched job increasing vulnerability rather than improving security.
Gradual post-WW2 introduction of digital computers could not at its early stages easily benefit people engaged in encrypted/obfuscated communication. National agencies in some NATO countries and in the USSR immediately latched onto the new technology as aid to breaking encryption but rarely could deploy it to enhance encryption when messages were transmitted between local 'head office' and remote outposts; early digital computers were expensive, took up a lot of space, were temperamental, and required dedicated technicians to keep them operating: hardly things to be installed in the average embassy and consulate. Similarly, for military communication it may have been feasible to house digital computers on aircraft carriers for secure communication with base but not on aircraft, submarines, or with mobile ground forces.
Only upon advent of minicomputers and especially of what now are known as desktop devices could centres communicate at higher levels of security with peripheries, and could outstations thus communicate amongst themselves.
Software mediated encryption/decoding changed the game utterly. It cannot have been widespread much before the 80's and soon thereafter it became common in commercial settings and eventually for individual users. As someone here mentioned, home-brew encryption algorithms are fraught with dangers unless devised, and evaluated, by highly skilled and experienced people. However, there is little need for this other than in centres like the NSA, GHQ, and equivalents elsewhere. Open source algorithms, most scrutinised by many people outside state agencies, have been available for three decades and more. None such can be declared free of vulnerabilities, these either intrinsic or arising from a range of code-breaking techniques some of which are brute force and others more subtle; as supercomputer technology advances and becomes more cheaply available then so must feasibility of even brute force methods.
Yet, that's not the point. Nobody, professional or amateur, need fiddle with extant algorithms or attempt to make new ones in a hurry. A set of algorithms can easily be assembled to sequentially encrypt/decrypt. Indeed, this nowadays is commonly done. For very secure communication among designated individuals the chosen algorithms and their order of use can be kept private. For general use, openly published combinations offer considerable resistance to brute force attack. Nowadays simple 'consumer' devices are capable of immensely complicated computation with multiple algorithms.
One assumes agencies intent on decrypting private communications (military, diplomatic, commercial, personal, and criminal) have developed elaborate automated means for digging into encrypted communications to gain insight into the techniques used and to best target known means of attack. However, even these tools can be stymied, as we shall see, by very simple means when communication is between designated persons/agencies (e.g. embassies) each in possession of the master template.
What fool would these days use letter substitution? A non-fool might incorporate this obfuscation technique in his sequence of algorithms. What's more letter mappings could be triggered to differ according to some simple circumstance dictated by the message sender and known to the recipient. Incorporating naive obfuscation methods, of which there are many, into sequential encryption makes more difficult the task of code-breakers imagining their opponents to be highly technologically orientated. Another, rather better, simple minded approach entails taking the entire message as a sequence of binary digits and then interleaving the digits according to specified (changeable between messages) rules. Even should the attacker be able to break complicated individual algorithms by subtle means he is obliged to consider need for brute force at unspecified stages in the decryption process; the longer the message (perhaps padded) the greater the force needed. The upshot being of simple obfuscation, not necessarily resource intensive, adding confusion to the mix.
The spy agencies don't really need your crypto keys since they already own the operating system, be it Windows, Unix or whatnot.
But they like to collect them just the same. Do you remember that five years ago the NSA & British GCHQ hacked a SIM card maker to steal encryption keys.
You DONT have to roll your own. WireGuard / Salsa is sufficient if you have good key hygiene.
Paranoid? Other crypto libraries are available. Just make sure you compile SSL and ONLY have three or so algorithms and nothing to fall back to. The three letter mobs have enjoyed complicated protocol fallbacks and defective checksum/certificate checking . Failing that, auto updates can be another way in for difficult punters. Plus horrible 'Management' chips on the motherboards. That screams compromised.
Plus the IOT thing means you can impose a raspberry PI as a pass through router/encryption box with keys on USB sticks that NEVER touch your main computer. But if paranoid, compile a passthrough on an obsolete CPU type with no baggage, no onboard bootstraps, and no cpu buffer speculative execution leaks such as MIPS.
Then get a zener diode and a transistor and generate lots of random noise, and pretend to swap torrents. If you buy off the shelf, all bets are off.
"Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical."
Enigma machines were electro-mechanical. Each of the code wheels was full of wires, and each time it turned it changed what was (electricially) connected where, thus scrambling the input.
Come on, you would have to be a typical innocent to have ever thought that every encryption corporation was not "owned" in some way. Every government is pushing for backdoors in all encryption methods because they can't break the encryption - MRDA applies and has always applied.
But encryption is OK, most common encryption methods are not broken in public at least - you might be safe from the wife, your employer, or the police but someone somewhere can read it if they want to but they are never going to admit it in public.
"Come on, you would have to be a typical innocent to have ever thought that every encryption corporation was not "owned" in some way."
Um...what about THEIR OWN communications? Don't they want THOSE to be secure? And they can't trust ANY encryption with a backdoor to remain secure because they always have to worry about a double agent.
1. Just use a book cipher. One of the Beale Papers has still not been deciphered after more than 100 years.
2. Make sure that the message has unknowable end points (such as a post in El Reg -- from an AC, readable by who-knows-who).
*
0mWt1CZe1LuS0WCe14SX0j8A12dO0i9H1Bkg0w27
10V11H3G01BS0zcr1D8b0BOu19l71Hxo0dso1X6O
0XvY08Y90E9Q1PZG1AL61Zk=1Xn21XUu1iMr1V4Y
1VOg17CB09Y1095Y0osf0byJ0i0e0X4F0Ucc0VQc
0kjV0w3O18Br04XO0f$x1LuZ11yg0Olk0s6z0ouP
0Lwm0wIn0P220RcK14eT0heb1jY$16Z50MrH0Nvc
0Xsz17421UhC0hBs0ISx0U$q0NqD0wK51MGK171X
0=Po0oCz1SOG1n0C1j0o1MQg0S=A16Uy0yRD0fyn
18fo17CI1M3W1gwO0k480Zzi1Iub0XFy0Asd0lBW
0sxL1Exg1maQ0K3q1hfP1CBR0mW71Blu0LRH0KdX
0bvb0qco0XTn0j2$1MEq0J=Y1emt0Ww30zfH1PP0
1ReF0atJ0OqQ1WdZ0UtS05FN0nY=12ve1DzZ1XlR
05yb0sTr02oF1E2Q0oC21dg01Vu$0vLH0=3D0vwT
0Sv50Xys0yy11VD81cB2163g0XOd0o1=08dH1LQ=
12ZE0M$X0VVg02ke1HjU1H9y0=cm0H4M0=rg0PSe
0tSq1JLI0x4M0AET1kS30NiD1eVq1Lms19r30WOn
0W2S0x6V0jDG0sil0$C41V6Y10Ki1Zbr0VHR0VY8
05cS09ew1WSb0RIn1B$j0UhW1liB0H$B19K71aPN
1J6l0Xum1TJQ0gWc0qJg0TgI0qtL05$G1LIq0C7I
1cKT1iXx1L4j0TIw0fZb0lln0CdA05IF1fgD1F13
0c8P086H1JJJ18531GyW00P00GE40P9Y
*
1. If one of the Beale Papers hasn't been decoded by now, odds are it can never be decoded as the key to it has probably been lost, meaning it's useless.
2. The key to a book cipher is to use something all parties have in common, and it pretty much can't be something an outside party has access (so nothing available to the Library of Congress, for example; it would have to be something like an unpublished text). As for dead-dropping, the availability of timestamping just about anything on the Internet, publicly-posted or not, can allow for time correlation, which is one known way of identifying accomplices.
PS. How resistant is a book cipher against a quantum computer and Shor's Algorithm?
Item #1. The point is that the message has not been deciphered IN PUBLIC. This does not mean that no one has read it....SOMEONE out there may know what it says! So....not necessarily "useless"!
Item #2. Shor's Algorithm is about finding the prime factors of some huge number...i.e. looking to break ciphers like PGP or RSA. But suppose a book cipher is used......no huge prime numbers. And suppose that the book has been randomised. In that case the snooper (if they know which book) has to search through a very large number of possible random sequences. In the case of a "book" like linux.words, the number of possible random sequences is a number two million decimal characters long. Good luck with that!
*
And you ddn't comment about unknown end points. Having the deciphered message is one thing....knowing who is involved is quite another thing.
Doesn't sound any better than just leaving the SD card in a flowerpot outside said McDonalds. If the opposition know it is there it is trivial for them to replace with their own hotspot and capture all sorts of info about the device which connect to it. If they don't, then the sdcard on the ground is just as good.
Lesson is very simple.
It is known fact that every country spies on every other country, friend of foe.
If you want to keep your national secrets, secret make your own.
This is not the end or the beginning and spying will continue unabated and intensively.
No one trusts anyone.
We humans are selfish, greedy untrustworthy animals!
I have to wonder why this was leaked.
It's not as if you can call it whistleblowing. This isn't the CIA or NSA doing something that involves monitoring ordinary citizens of the U.S. to create a surveillance state - or even ordinary citizens of other countries. This is eavesdropping on the secret communications of foreign governments, particularly including hostile ones.
I thought that constitutes doing their job. So what is the motive for the leak? To ruin Donald Trump's morning? To make a big spectacle of Trump going after their source that is presumed to be damaging to him electorally?
It would serve the public interest if thie were evidence the CIA and/or NSA were out of control, trying to subvert U.S. democracy. There doesn't appear to be anything of the sort to see here, however.
I note that the folks at Cheltenham have yet to decode the chip(s) I sent them.
Intriguingly it suggested a possible BIOS, optical drive and USB malware that is otherwise unknown and alas I sent them the only sample that wasn't in use (now isolated and offline!)
Not sure but could the issue with FTDI have been some sort of experiment that went wrong? It was once suggested that the whole FTDIGate fiasco was actually a secret project to prevent counterfeit chips with possible embedded spyware from stealing valuable information.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
