Who 0wnz your government?

Danny reports “the always excellent c’t magazine analyses the hypotheticals of the Dutch IP-surveillance scandal:

According to anonymous sources within the Dutch intelligence community, all tapping equipment of the Dutch intelligence services and half the tapping equipment of the national police force, is insecure and is leaking information to Israel. …”

Yikes. You’d think they’d have learnt from Ireland’s mistakes…. this article (update: moved to here) reports that massive back-door use by a third-party government occurred before in similar circumstances, during the Anglo-Irish negotiations of 1985.

For those of you who don’t know, these discussions were between the Republic of Ireland and the UK, and took place in London.

In order to allow the negotiating team to contact their government and civil service securely, a million-pound cryptographic system had been bought in order to secure the link between the Irish Embassy in London and the government in Dublin.

Unfortunately, this equipment was thoroughly compromised.

It turns out that the Swiss company from which the equipment was bought, namely Crypto AG, had cooperated with the NSA and the BND (the NSA’s German equivalent), to allow them to decipher the traffic trivially. (Judging from the snippet from another article below, sounds like this was done using a known-plaintext attack).

The NSA routinely monitored and deciphered the Irish diplomatic messages. All it took then was for the UK’s NSA equivalent, GCHQ, to pull some strings, and the UK government had a distinct advantage in the negotiations from then on.

Another source for details on Crypto AG’s breakage is Der Spiegel, issue 36/96, pages 206-207. Here’s some snippets:

The secret man (sic) have obviously a great interest to direct the trading of encryption devices into ordered tracks. … A former employee of Crypto AG reported that he had to coordinate his developments with “people from Bad Godesberg”. This was the residence of the “central office for encryption affairs” of the BND, and the service instructed Crypto AG what algorithms to use to create the codes.

Members of the American secret service National Security Agency (NSA) also visited the Crypto AG often. The memorandum of the secret workshop of the Crypto AG in August 1975 on the occasion of the demonstration of a new prototype of an encryption device mentions as a participant the cryptographer of the NSA, Nora Mackebee. …

Depending on the projected usage area the manipulation on the cryptographic devices were more or less subtle, said Polzer. Some buyers only got simplified code technology according to the motto “for these customers that is sufficient, they don’t not need such a good stuff.”

In more delicate cases the specialists reached deeper into the cryptographic trick box: The machines prepared in this way enriched the encrypted text with “auxiliary informations” that allowed all who knew this addition to reconstruct the original key. The result was the same: What looked like inpenetrateable secret code to the users of the Crypto-machines, who acted in good faith, was readable with not more than a finger exercise for the informed listener.

Full text here.

So what’s the bottom line? Use GPG! ;)

From: Julian Assange (spam-protected)

To: (spam-protected) (spam-protected)
Date: Mon, 14 Oct 1996 13:24:31 +1000 (EST)

Approved: (spam-protected)

Subject: BoS: Crypto AG = Crypto NSA/BNG ?

Thanks to Anonymous for this English translation of the German original.


secret services undermine cryptographic devices


Archive of “DER SPIEGEL” issue 36/96 pages 206-207


“Who is the authorized fourth”

Secret services undermine the protection of cryptographic devices.

Switzerland is a discreet place. Uncounted millions of illegal money find an asylum in the discreet banks of the republic. Here another business can prosper, which does not need any publicity: the production of cryptographic devices.

A top address for tools of secrecy was for several decades the company Crypto AG in Zug. It was founded in 1952 by the legendary Swedish cryptographer Boris Hagelin. Hundreds of thousands of his “Hagelin-machines”, pendants of the German “Enigma” devices, were used in World War II on the side of the Allies.

A prospectus of the company states: “In the meantime, the Crypto AG has built up long standing cooperative relations with customers in 130 countries.” Crypto AG delivers enciphering devices applicable to voice as well as data networks.

But behind this solid facade the most impudent secret service feint of the century has been staged: German and American services are under suspicion of manipulation of the cryptographic devices of Crypto AG in a way that makes the codes crackable within a very short time, and this allegedly happened until the end of the eighties.

Customers of Crypto AG are many honorable institutions, like the Vatican, as well as countries like Iraq, Iran, Libya, that are at the top of the priority list of U.S. services. At the beginning of the nineties the discreet company was suspected to play an unfair game. What was the source of the “direct precise and undeniable proofs” U.S. president Reagan referred to when he ordered the bombardment of Libya, the country he called the wire puller of the attack against the disco La Belle? Obviously the U.S services were able to read encrypted radio transmissions between Tripoli and its embassy in East Berlin.

Hans Buehler, a sales engineer of Crypto AG, got between the fronts of the secret service war. On March 18, 1992, the unsuspecting tradesman was arrested in Teheran. During the nine and a half months of solitary confinement in a military prison he had to answer over and over again, to whom he leaked the codes of Teheran and the keys of Libya.

In the end Crypto AG paid generously the requested bail of about one million German marks (DM), but dismissed the released Buehler a few weeks later. The reason: Buehlers publicity, “especially during and after his return” was harmful for the company. But Buehler started to ask inconvenient questions and got surprising answers.

Already the ownership of the Crypto AG was diffuse. A “foundation”, established by Hagelin, provides according to the company “the best preconditions for the independence of the company”.

But a big part of the shares are owned by German owners in changing constellations. Eugen Freiberger, who is the head of the managing board in 1982 and resides in Munich, owns all but 6 of the 6,000 shares of Crypto AG. Josef Bauer, who was elected into managing board in 1970, now states that he, as an authorized tax agent of the Muenchner Treuhandgesellschaft KPMG [Munich trust company], worked due to a “mandate of the Siemens AG”. When the Crypto AG could no longer escape the news headlines, an insider said, the German shareholders parted with the high-explosive share.

Some of the changing managers of Crypto AG did work for Siemens before. Rumors, saying that the German secret service BND was hiding behind this engagement, were strongly denied by Crypto AG.

But on the other hand it appeared like the German service had an suspiciously great interest in the prosperity of the Swiss company. In October 1970 a secret meeting of the BND discussed, “how the Swiss company Graettner could be guided nearer to the Crypto AG or could even be incorporated with the Crypto AG.” Additionally the service considered, how “the Swedish company Ericsson could be influenced through Siemens to terminate its own cryptographic business.”

The secret man have obviously a great interest to direct the trading of encryption devices into ordered tracks. Ernst Polzer*, a former employee of Crypto AG, reported that he had to coordinate his developments with “people from Bad Godesberg”. This was the residence of the “central office for encryption affairs” of the BND, and the service instructed Crypto AG what algorithms to use to create the codes. (* name changed by the editor)

Members of the American secret service National Security Agency (NSA) also visited the Crypto AG often. The memorandum of the secret workshop of the Crypto AG in August 1975 on the occasion of the demonstration of a new prototype of an encryption device mentions as a participant the cryptographer of the NSA, Nora Mackebee.

Bob Newman, an engineer of the chip producer Motorola, which cooperated with Crypto AG in the seventies to develop a new generation of electronic encryption machines, knows Mackebee. She was introduced to him as a “counselor”.

“The people knew Zug very good and gave travel tips to the Motorola people for the visit at Crypto AG”, Newman reported. Polzer also remembers the American “watcher”, who strongly demanded the use of certain encryption methods.

Depending on the projected usage area the manipulation on the cryptographic devices were more or less subtle, said Polzer. Some buyers only got simplified code technology according to the motto “for these customers that is sufficient, they don’t not need such a good stuff.”

In more delicate cases the specialists reached deeper into the cryptographic trick box: The machines prepared in this way enriched the encrypted text with “auxiliary informations” that allowed all who knew this addition to reconstruct the original key. The result was the same: What looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more than a finger exercise for the informed listener.

The Crypto AG called such reports “old hearsay” and “pure invention”. But the process, that was started by the company against the former employee Buehler, on the grounds that he had said that there might be some truth in the suspicions of the Iranian investigators, surprisingly ended in November of last year.

After the trial, that could have brought embarrassing details to the light, the company agreed to an settlement outside the court. Since that time Buehler is very silent with regard to this case. “He made his fortune financially,” presumed an insider of the scene.

“In the industry everybody knows how such affairs will be dealed with,” said Polzer, a former colleague of Buehler. “Of course such devices protect against interception by unauthorized third parties, as stated in the prospectus. But the interesting question is: Who is the authorized fourth?”

— “Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience.” – C.S. Lewis, _God in the Dock_ +———————+——————–+———————————-+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | (spam-protected) | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | (spam-protected) | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +———————+——————–+———————————-+

This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.