The United States intelligence agencies secretly owned a company that made encryption devices used by government spy agencies around the world, and then covertly listened to all the communications.
Being hailed as “the intelligence coup of the century,” the revelations have been reported in a joint investigation by the Washington Post and ZDF, a German broadcaster. The report, which would probably soon be turned into a Hollywood thriller, reveals how the CIA, NSA, and later on, the West German intelligence agencies secretly ran one of the world’s biggest encrypted communications supplier, Crypto AG, to covertly listen to both the enemies and the allies.
Ran under the code names of “Thesaurus” and “Rubicon,” the project enabled the agencies to get paid “good money” by other countries to have their own secrets told. At one time, “Crypto accounted for roughly 40 percent of the diplomatic cables and other transmissions by foreign governments that cryptanalysts at the NSA decoded and mined for intelligence,” the WaPo reports.
“It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
While the full story deserves to be read (with some popcorn for good measure), here are some excerpts (emphasis is ours) from this detailed investigation that once again shows the “insatiable appetite for global surveillance” that the United States seems to have, as revealed by the Snowden leaks in 2013, as well.
It all started with Boris Hagelin, the founder of Crypto
The deal called for Hagelin, who had moved his company to Switzerland, to restrict sales of his most sophisticated models to countries approved by the United States. Nations not on that list would get older, weaker systems. Hagelin would be compensated for his lost sales, as much as $700,000 up front.
The CIA history all but gloats about crossing this threshold. “Imagine the idea of the American government convincing a foreign manufacturer to jimmy equipment in its favor,” the history says. “Talk about a brave new world.”
The NSA didn’t install crude “back doors” or secretly program the devices to cough up their encryption keys. And the agency still faced the difficult task of intercepting other governments’ communications, whether plucking signals out of the air or, in later years, tapping into fiber optic cables.
But the manipulation of Crypto’s algorithms streamlined the code-breaking process, at times reducing to seconds a task that might otherwise have taken months. The company always made at least two versions of its products — secure models that would be sold to friendly governments, and rigged systems for the rest of the world.
France and Germany try to get involved
The French, West German and other European intelligence services had either been told about the United States’ arrangement with Crypto or figured it out on their own. Some were understandably jealous and probed for ways to secure a similar deal for themselves.
In a meeting in early 1969 at the West German Embassy in Washington, the head of that country’s cipher service, Wilhelm Goeing, outlined the proposal and asked whether the Americans “were interested in becoming partners too.”
Months later, CIA Director Richard Helms approved the idea of buying Crypto and dispatched a subordinate to Bonn, the West German capital, to negotiate terms with one major caveat: the French, CIA officials told Goeing, would have to be “shut out.”
How CIA and the German spy agency BND worked together
Each year, the CIA and BND split any profits Crypto had made, according to the German history, which says the BND handled the accounting and delivered the cash owed to the CIA in an underground parking garage.
From the outset, the partnership was beset by petty disagreements and tensions. To CIA operatives, the BND often seemed preoccupied with turning a profit, and the Americans “constantly reminded the Germans that this was an intelligence operation, not a money-making enterprise.” The Germans were taken aback by the Americans’ willingness to spy on all but its closest allies, with targets including NATO members Spain, Greece, Turkey and Italy.
To its frustration, Germany was never admitted to the vaunted “Five Eyes,” a long-standing intelligence pact involving the United States, Britain, Australia, New Zealand and Canada. But with the Crypto partnership, Germany moved closer into the American espionage fold than might have seemed possible in World War II’s aftermath. With the secret backing of two of the world’s premiere intelligence agencies and the support of two of the world’s largest corporations, Crypto’s business flourished.
Russia and China managed to avoid this US-built trap
The program had limits. America’s main adversaries, including the Soviet Union and China, were never Crypto customers. Their well-founded suspicions of the company’s ties to the West shielded them from exposure, although the CIA history suggests that U.S. spies learned a great deal by monitoring other countries’ interactions with Moscow and Beijing.
President’s brother got caught… or not
[Director of the NSA, Bobby Ray] Inman said the operation also put him in one of the trickiest binds he’d encountered in government service. At one point, the NSA intercepted Libyan communications indicating that the president’s brother, Billy Carter, was advancing Libya’s interests in Washington and was on leader Moammar Gaddafi’s payroll.
Inman referred the matter to the Justice Department. The FBI launched an investigation of Carter, who falsely denied taking payments. In the end, he was not prosecuted but agreed to register as a foreign agent.
Even the allies weren’t safe from the United States’ unending need for surveillance
The overlapping accounts expose frictions between the two partners [CIA and German BND] over money, control and ethical limits, with the West Germans frequently aghast at the enthusiasm with which U.S. spies often targeted allies.
For years, BND officials had recoiled at their American counterpart’s refusal to distinguish adversaries from allies. The two partners often fought over which countries deserved to receive the secure versions of Crypto’s products, with U.S. officials frequently insisting that the rigged equipment be sent to almost anyone – ally or not – who could be deceived into buying it.
Siemens and Motorola are also part of this spy thriller
Mindful of the limitations to their abilities to run a high-tech company, the two agencies brought in corporate outsiders. The Germans enlisted Siemens, a Munich-based conglomerate, to advise Crypto on business and technical issues in exchange for five percent of the company’s sales. The United States later brought in Motorola to fix balky products, making it clear to the company’s CEO this was being done for U.S. intelligence. Siemens declined to comment. Motorola officials did not respond to a request for comment.
US kept Crypto running even though it couldn’t keep up with the software revolution
U.S. intelligence agencies appear to have been content to let the Crypto operation play out, even as the NSA’s attention shifted to finding ways to exploit the global reach of Google, Microsoft, Verizon and other U.S. tech powers.
In 2017, Crypto’s longtime headquarters building near Zug was sold to a commercial real estate company. In 2018, the company’s remaining assets — the core pieces of the encryption business started nearly a century earlier – were split and sold.
“I told myself sometimes it may be better if the good guys in the United States know what is going on between these Third World dictators,” an ex-employee of the firm said. “But it’s a cheap self-excuse. In the end, this is not the way.”
– Complete report over at the WaPo