Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Communications Encryption Privacy Security

The CIA Secretly Bought a Company That Sold Encryption Devices Across the World. Then, Its Spies Read Everything. (washingtonpost.com) 277

Greg Miller, reporting for Washington Post: For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software. The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages. The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project. The account identifies the CIA officers who ran the program and the company executives entrusted to execute it. It traces the origin of the venture as well as the internal conflicts that nearly derailed it. It describes how the United States and its allies exploited other nations' gullibility for years, taking their money and stealing their secrets. The operation, known first by the code name "Thesaurus" and later "Rubicon," ranks among the most audacious in CIA history.

This discussion has been archived. No new comments can be posted.

The CIA Secretly Bought a Company That Sold Encryption Devices Across the World. Then, Its Spies Read Everything.

Comments Filter:
  • Amazing operation (Score:5, Insightful)

    by Registered Coward v2 ( 447531 ) on Tuesday February 11, 2020 @09:51AM (#59715356)
    To pull something like that off for years is a pretty amazing piece of spy craft.
    • by Z00L00K ( 682162 )

      I'm not remotely surprised they did it though.

    • Re:Amazing operation (Score:5, Informative)

      by TigerPlish ( 174064 ) on Tuesday February 11, 2020 @10:06AM (#59715422)

      To pull something like that off for years is a pretty amazing piece of spy craft.

      Right up there with setting up a front company to buy from the Russians the titanium used to build the SR-71. http://www.mining.com/bbc-futu... [mining.com]

      I wonder how many 7.62 x 25 mm aneurysms there were, once *they* figured it out....

      And by the by, I'm rather baffled by the rather overt pearl-clutching about all this. Spies will spy, there is always a need for intel, even from your "friends."

      All attempts at "curtaling" this is just putting the knife closer to your nation's throat.

      • And by the by, I'm rather baffled by the rather overt pearl-clutching about all this. Spies will spy, there is always a need for intel, even from your "friends."

        All attempts at "curtaling" this is just putting the knife closer to your nation's throat.

        Exactly! We are the good guys, they are on our side, nominally, and this is, if accurate, a very good thing. Not to mention, a safe and efficient way to get the information.

      • All attempts at "curtaling" this is just putting the knife closer to your nation's throat.

        I guess this guy [c-span.org] was holding the knife, eh?

    • by goombah99 ( 560566 ) on Tuesday February 11, 2020 @10:17AM (#59715464)

      Now one can see where they got the idea to push the clipper chip and trusted platform computing. The Intel Management Engine is just a giant crypto breaking internet backdoor built into every Intel CPU running alterable encrypted proprietary code that only intel knows about.

      It also makes you wonder about those unsubstantiated reports of microchips with backdoors in the SuperMicro boards. Allegedy a chinese operation but maybe CIA? or Maybe China doing the same.

      You can see why the CIA might have wanted to keep that quiet even if china were doing it just to keep people from peering elsewhere.

      And, admittedly a stretch, all the sidechannel timing attacks on Intel chips might be another ploy to put in a deliberate but hard to find backdoor. The fact that AMD's are just as fast without these operations is indicative that there were other ways to solve the same look-ahead speculative execution challenge.

      And finally the fact that the secure compartment operations on intel have turned out to be hackable too. If your going to call someting "secure" I think you want to start with something provably secure unless of course that was the point.

      A bit paranoid yes. But then this article seems to grant that paranoia right.

      • It also makes you wonder about those unsubstantiated reports of microchips with backdoors in the SuperMicro boards. Allegedy a chinese operation but maybe CIA? or Maybe China doing the same.

        Or maybe the UK pretending to be Russia pretending to be China pretending to be the CIA?

      • call someting "secure" I think you want to start with something provably secure unless of course that was the point.

        ... becuase that works so well -- Knuth: "Beware of bugs in the above code; I have only proved it correct, not tried it". Knuth, a page or so down. [stanford.edu]

        What's the line? "Three can keep a secret, as long as two of them are dead."

      • by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday February 11, 2020 @12:18PM (#59716026) Journal

        It also makes you wonder about those unsubstantiated reports of microchips with backdoors in the SuperMicro boards. Allegedy a chinese operation but maybe CIA? or Maybe China doing the same.

        I disagree. If you wanted to backdoor systems at the hardware level, adding extra chips to the motherboard is the wrong way to go about it. The right way is to put the backdoor into the CPU itself, or into explicit control systems like the Intel Management Engine you mentioned. Given the massive complexity in CPUs, it would be much easier to hide there.

        Supply chain security is something I think about a lot, and it's a really, really hard problem. Especially if you consider China an opponent, because they manufacture most of the hardware. It may be designed by Western companies (and Chinese companies do more and more of that part all the time), but the fabs and assemblers are almost all in China.

        I work on Android, and specifically on the most sensitive parts of Android. I own Android KeyStore [android.com], among other things, and if there's a single component you'd like to backdoor in an Android device, it's Keymaster (the hardware crypto API that Keystore sits on top of). It's an essential component of the data storage encryption system, and it provides hardware-backed crypto services to system components and apps. It usually runs in a trusted execution environment (TEE), outside of the main Android system, because isolating it reduces attack surface. That's great if the TEE can be trusted, but it also means that if you can compromise the TEE in the supply chain, you own all the most sensitive data on the device.

        But Android is open source and so all of this stuff can be scrutinized, right? Not the TEE, nor the code running in it, generally. And device makers are curiously reluctant to use open source, Google-provided code even when we offer to lift the development and maintenance burden from them. (Not all of them, but many.). I provide a reference implementation of Keymaster, which is in AOSP and freely inspectable by everyone, but hardly any devices use it. Not even Google Pixels use it, for <reasons> (I'm not being evasive; it's just a topic for a different -- lengthy -- post).

        Keymaster can run in another sort of environment, which I call "StrongBox". StrongBox is a label that I use to describe discrete, dedicated and formally validated secure hardware, like an embedded Secure Element of the sort sold by smart card vendors, or integrated Secure Elements like Qualcomm's SPU. On devices with StrongBox Keymaster, we put some important keys in there, and structure things so that getting, for example, storage encryption keys, would require compromising both StrongBox and the TEE -- and even then that wouldn't give you the encryption keys, just enough information to mount an offline brute force attack on the user's PIN/pattern/password.

        But most Android devices don't (yet) have a StrongBox Keymaster -- and even when that changes, those lovely SE and SE-like devices are mostly also manufactured in China, though they do get a lot more scrutiny and are quite a bit simpler than full SoCs so the scrutiny is more effective.

        And what about entropy sources? The CIA compromised Crypto AG devices mostly by compromising the random number generation. All modern SoCs have integral hardware-based TRNGs, but are they actually good? That's very tough to know. I have partially addressed this by requiring keymaster implementations to securely mix internally-generated entropy (from the TRNG) with entropy generated by the Linux kernel, so that an attacker would have to be able to predict or control both entropy streams in order to predict the random bits generated for use by Keymaster.

        But, of course, I have no good way to verify that the closed-source Keymaster implementations actually do mix in the Linux-generated bits, short of reverse-engineering all of the binaries, which w

      • by raymorris ( 2726007 ) on Tuesday February 11, 2020 @01:01PM (#59716220) Journal

        > A bit paranoid yes.

        Yes, and sometimes a bit paranoid is a good thing.
        Not in so when you talk about the built-in security features of the CPUs ans chipsets. It may help to think of it as Intel, AMD, and other suppliers telling you which parts of their products are NOT trustworthy. As in "don't store secret keys anywhere but here, the rest of our system isn't trustworthy".

        There is a reason it's called the TRUSTED computing base and not called called the TRUSTWORTHY computing base. In order to do anything with a computer, you *have* to trust certain things. You can put read and write permissions on files - those permissions would be pointless unless you trust the part of the kernel that enforces those permissions. To trust that a file isn't readable, you have no choice but to trust that the drive won't return those disk blocks when the kernel didn't even ask for them.

        There are hardware and software parts which enforce the rule that one program can't read and write the memory of another program. You can't trust anything on the computer without trusting certain parts - you have no choice but to trust certain parts. Not that they are trustworthy, but that you don't have any choice but to trust certain parts of the cpu and kernel. The trusted computing base (TCB) is all about identifying which parts are trusted - whether you like it or not - then minimizing the scope of what must be trusted, and finally working to ensure that those parts that are trusted also become trustworthy.

        When you try to avoid the identified trusted components, first you're failing (they are in the trust chain whether you like it or not), but more importantly you are deciding to instead hand your sensitive data to components that the manufacturer has marked as not trusted and therefore not necessarily trustworthy.

    • Seems like if they had this resource why didn't the CIA do a better job.
      • It is always necessary to balance the consequences of acting on covert knowledge, which include the very real risk of the Bad Guys figuring out that someone is reading their secrets, with the consequences of not acting.

        I think it was Winston Churchill who had to send his publicity double to his death, at the hands of the Luftwaffe, because cancelling the flight that he knew the Luftwaffe was going to attack, and keeping the guy alive, would have given Germany a very strong hint that someone was reading thei

    • by stooo ( 2202012 )

      The amazing part is : Crypto AG is still in business.

      https://blog.fefe.de/?ts=a6c2b... [blog.fefe.de]

    • From an organization that has done medical experiments on US and Canadian citizens and military members! https://en.wikipedia.org/wiki/... [wikipedia.org] https://en.wikipedia.org/wiki/... [wikipedia.org] If any organization needs to be de-funded I would start there.
    • by gweihir ( 88907 )

      Actually, experts have suspected this for a long, long time. It is just the clueless that got caught by this attack.

  • by Papaspud ( 2562773 ) on Tuesday February 11, 2020 @09:53AM (#59715362)
    why the US doesn't want Chinese equipment as part of our infrastructure backbone, now you know.
    • Hell yea. If I can think it someone else is probably already doing it. So which agencies started Facebook, Alexa, and Google Assistant?

    • by ceoyoyo ( 59147 ) on Tuesday February 11, 2020 @09:59AM (#59715390)

      The whole Huawei thing is entertaining as hell. The US has been caught spying multiple times by partnering with telecom companies. But Huawei *might* be doing something shady with the Chinese government.

      If it's important, roll your own. If it's not, go with the cheapest bidder.

      • by rogoshen1 ( 2922505 ) on Tuesday February 11, 2020 @10:30AM (#59715514)

        Well things like this show why it's probably a good idea.

        If you're a spy, and you're into spycraft; and you think "hey, if I was running Huwei, this is what I'd do" -- it follows that the Chinese, who are also very into spycraft, and are not stupid, probably are doing the exact same thing you'd do.

        • by rho ( 6063 ) on Tuesday February 11, 2020 @10:39AM (#59715530) Journal

          The Chinese are also very big into industrial spying, and seeing how there's very little daylight between the Chinese government and Chinese industry, the problems with integrating Chinese tech into our communications infrastructure is compounded.

          • by Brett Buck ( 811747 ) on Tuesday February 11, 2020 @12:12PM (#59715984)

            Ang they are counting on a lot of people in the West "reasoning by analogy", and treating companies and the government as separate entities, because that's mostly how it works in the rest of the world. It's a fundamentally different arrangement in China, the government directs everything, repeat, everything, to their own ends. Economically, they are closer to facists than pure communists. That makes sense, communism as purely conceived, doesn't work even for a little while, and is economic poision. However, force all companies to work for the benefit of the state, the corruption that undermines communism is just codified as a "profitable business", but any notion of it as a company or business comparable to the West is a complete delusion. The companies operate for the state under direct state control.

                      Equating Huawei with, say, Apple, is a completely misunderstanding of the situation, and they are quite happy to take advantage of that misunderstanding.

        • by ceoyoyo ( 59147 )

          Sure. So you assume Huawei is spying on you. You *know* half of the American stuff is spying on you, and the other half probably is as well. So you assume it's all compromised, buy the most cost effective, and use your own encryption on top.

      • by Viol8 ( 599362 ) on Tuesday February 11, 2020 @11:20AM (#59715730) Homepage

        Huawai are the de facto technology arm of the chinese government. The only surprise would be if they *hadn't* put some kind of spyware either software or hardware in their chips.

        If you were a paranoid totalitarian government who had a technology arm selling high tech chips to every nation on the planet what would YOU do?

      • by DarkOx ( 621550 )

        People like you post this sentiment and I have to wonder do you hate America or are you just thick?

        Obviously we spy. Obviously we should want to avoid being spied on. An information advantage is a significant advantage in terms of national security. Texas Instruments and Cisco Systems might very well be backdoor stuff to help the CIA; that is China's (or others) problem. Huawei spying for the Chinese is OUR problem.

        Maybe we could avoid the arms race and all agree to stop doing this shit; but because its al

      • Every Chinese company is required by Chinese law to do anything the government tells them to do. Failure to comply can merit execution or long prison terms.

        Huawei can never be trusted as long as such laws and policies are in place because there is nothing stopping the Chinese government from forcing Huawei to install backdoors.

      • by shanen ( 462549 )

        Glad to see you got the Insightful mod you deserve, though I think you are probably mistaken in implying that Huawei is another "devil you know". Or maybe your comment is too brief to make clear your rejection of that implication?

        I would go farther and argue that Huawei is one of the most unlikely companies to embed ANY spyware in their products, precisely because they are such an obvious target of suspicion. No, Huawei cannot refuse Xi's demands, but they can honestly tell him "If we do that, then sooner o

    • by Freischutz ( 4776131 ) on Tuesday February 11, 2020 @10:02AM (#59715402)

      why the US doesn't want Chinese equipment as part of our infrastructure backbone, now you know.

      And some people wonder why the rest of the world doesn't want US made equipment and software as part of their infrastructure backbone, now you know why. The interesting thing here is that the odds are good you’ll be modded up for taking a shot at China in the absence of any evidence that they have pulled a stunt like this. I will likely be modded down for taking the same shot at the US despite an abundance of rock solid evidence of US malfeasance. In summary, come back when you have some dirt on China, until then please shut up.

      • by Cryacin ( 657549 )
        Modded up! Ah nuts...
      • evidence of US malfeasance

        *what* malfeasance?!

        Are you one of those who believe we shouldn't spy on everyone, *especially* our adversaries and *double-especially* our "friends?"

        We woudn't have won the Revolutionary War without a healthy dose of espionage.

        We wouldn't have won WWII without cracking the Japanese cipher, and without the Poles' cracking of Enigma.

        So why are we the bad guy? Did some college professor tell you that we were bad for having a strong intel dept?

        • by ceoyoyo ( 59147 )

          I don't think he's American. For a non-American, US spying is undesirable, just like Chinese spying is. US insistence on not using Chinese telecom equipment is just another espionage op, although a remarkably silly one.

          As far as US domestic operations, that's straight up malfeasance. Your constitution and several other laws make it illegal.

      • by Sique ( 173459 )
        It's not necessary that the Chinese pulled a stunt. Even if your chain of side channel devices is broken because traffic is routed through a box not accessible by you gets you some channels going dark.

        If all the equipment in use is manufactured by Five Eyes influenced companies, you have a full stack in place to go monitoring. If one device does not adhere to your spying standards, you might not get anything.

    • by stooo ( 2202012 )

      Sure.
      We'll take swiss hardware infested by US backdoors........

  • by v1 ( 525388 ) on Tuesday February 11, 2020 @10:01AM (#59715396) Homepage Journal

    then someone else is reading your traffic.

    it's just that simple.

    Unfortunately, if you want an encryption appliance, you're going to have a very hard time finding one that's open source. Choose open source encryption and security apps for use on your desktop computer. (although your desktop probably isn't open source either unless you're compiling your own kernel...)

    • by ghoul ( 157158 ) on Tuesday February 11, 2020 @10:04AM (#59715410)

      Oh these encryption devices were open source. Anyone could read anything encrypted by these devices

    • your desktop probably isn't open source either unless you're compiling your own kernel...

      And building your own processor without Intel ME, I presume?

      • by OzPeter ( 195038 )

        your desktop probably isn't open source either unless you're compiling your own kernel...

        And building your own processor without Intel ME, I presume?

        Don't forget to write your compiler and the rest of your tool chain from scratch.

    • Making the devices open source would not solve anything in this case. They could publish the source without a backdoor, and still add the backdoor in the appliance. The only thing that could work is that you compile the open source, and then be able to check the digital outcome with the code in the device. This will give you so much access however, that the very purpose of the device is probably lost. Security is not something you can add later. Unfortunately, a backdoor is.
  • by sheph ( 955019 ) on Tuesday February 11, 2020 @10:04AM (#59715412)
    Just wait until they figure out who's really behind Alphabet (aka Google).
    • by ceoyoyo ( 59147 )

      It's a Russian, isn't it? Dude even has a classic Russian spy name.

    • by cowdung ( 702933 )

      In other news, WaPo discovers that the CIA has secretly owned key Sillicon Valley companies. One of these companies became famous because of its NSA supplied search engine. It later implemented a plan to take over the world's email, browser market, and later online storage.

      The company hid its government funding by pretending to sell a fortune's worth of ads. But eventually the government was able to make it self-supporting because of its high valuation in the stock market.

      This company is Google of course. A

    • by gweihir ( 88907 )

      Indeed.

  • by bickerdyke ( 670000 ) on Tuesday February 11, 2020 @10:09AM (#59715436)

    Isn't that exactly what they did with the Enigma after WWII?

    Keeping it as a secret that it can be decrypted and keep on selling it to "friendly" nations?

    • Isn't that exactly what they did with the Enigma after WWII?

      Keeping it as a secret that it can be decrypted and keep on selling it to "friendly" nations?

      I swap Enigma messages with friends. There are arduino enigma machines of 4 rotor and 3 rotor varieties. There are Engima phone apps, and websites. https://www.tindie.com/product... [tindie.com]

      There are PC programs to make proper Engima codebooks. I make them and send them to friends. We all have to use the same book.

      I wonder how fast the TLAs can crack a fresh Enigma message if they don't have the starting settings, rotor settings and plugboard config.

  • the CIA is... (Score:4, Interesting)

    by FudRucker ( 866063 ) on Tuesday February 11, 2020 @10:11AM (#59715442)
    the Orwellian Big Brother, watching everybody,
    • No. The CIA is ONE of many big brothers. You seem to ignore the fact that this was done WITH YOUR nation's BND, which is YOUR equivalent of CIA/NSA/DIA/ etc all rolled up in one.
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Tuesday February 11, 2020 @10:23AM (#59715488)

    Good black ops is always very neat and very inconspicuous. Like it. Well done.

  • I am unaware of anything in their mission statement or charter that says they can only gather intel from enemies.

    Good job. Keep it up.

  • The idea "gentlemen do not read each other's mail" is insane, not merely idealistic. It's the duty of intel agencies to pursue total information awareness as best they can.

    It's the duty of defenders (all sides) to protect their information as best they can. There is no contradiction in this.

    • It's the duty of defenders (all sides) to protect their information as best they can. There is no contradiction in this.

      This. A million times this.

      I assume everyone's out to read my mail, so I take steps to protect it.

      I assume everyone wants into my bank account, so I take steps to protect it.

      To expect no espionage, and worse -- to expect your own country to NOT spy -- is the worst sort of childish Utopian thinking. My god, some people would have us lay down all our arms and become a welcome mat?!

      In this game, do unto others *before* they do unto you -- and that extends to infosec, not just "spy vs. spy"

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Tuesday February 11, 2020 @10:52AM (#59715586)
    Comment removed based on user account deletion
  • by BAReFO0t ( 6240524 ) on Tuesday February 11, 2020 @11:20AM (#59715728)

    And TLS with browser/OS-predefined root certificates is a joke.

    If you want to be safe, you need to exchange keys in person. Or at least verify that your key is the same.

  • I think perhaps we know now why so many politicians and high level cops want wrecked encryption: if you were 'read in' on this years ago then you'd think having 'backdoored' encryption is easy and possible and you'd want it, if you're the anal-retentive power-grubbing nosy type anyway.
  • for stealing our secrets. Turns out we are the master thieves of the secrets of others.

  • by kbahey ( 102895 ) on Tuesday February 11, 2020 @03:13PM (#59716780) Homepage

    Finally an interesting topic and article worthy of the Slashdot of old. A change from the trivial or superficial pop culture stuff we are seeing more of lately ...

    Back in 1995, there were suspicions in US media about the NSA infiltrating Crypto AG [baltimoresun.com]. These were based on a Crypto AG detained in Iran doing a TV interview on the ordeal and suspecting foul play.

    Then, in 2015, newly unclassified documents were studied by the BBC: How NSA and GCHQ spied on the Cold War world. [bbc.com]

    The documents on how the USA's NSA and Britain's GCHQ agreed with Boris Hagelin, the founder/owner of Crypto AG to weaken the cryptography just enough to allow the USA and Britain to spy on many rivals. These include Egypt's Nasser, and possibly others in the area, and elsewhere.

    The agreement also made the more advanced model of the machine unavailable for certain countries.

    The Washington Post takes this a step further with new material (two histories by the CIA and German BND). Target countries include NATO members Spain, Italy, Greece, and Turkey!

    What started as a partnership, ended with Crypto AG was directly owned by the CIA. When the electronic age came, the NSA made sure the random number generating integrated circuits are not truly random, allowing the CIA to decrypt messages in seconds.

    The NSA even designed the entire innards of the new electronic Crypto AG machine!

    Jimmy Carter's brother Billy was on Libya's Ghaddafi's payroll!

    Ronald Reagan implicated Crypto AG in 1986 when he bombed Libya based on intercepting messages about a Berlin night club bombing.

    Bright engineers were blocked (sometimes unsuccessfully) from joining Crypto AG, or fired if they fix intentional cryptography weaknesses!

    This is a fascinating read for anyone on Slashdot ... go read it ...

  • by rsilvergun ( 571051 ) on Tuesday February 11, 2020 @03:59PM (#59716996)
    are really starting to hurt my otherwise positive image of the American CIA.

To thine own self be true. (If not that, at least make some money.)

Working...