‘Intel coup of the century’: CIA used Swiss encryption firm to spy on dozens of nations for decades – reports
12 Feb, 2020 03:32 / Updated 1 hour ago
© AFP / Saul Loeb; AFP / John MacDougall
The CIA and German intelligence spied on the secret communications of governments around the world for decades in a covert partnership, controlling a top encryption company and installing backdoor vulnerabilities in its products.
Founded during the Second World War, the Swiss cryptography firm, Crypto AG, has provided top-of-the-line devices for encoding communications to some 120 countries. Starting in 1970, however, the CIA and then-West Germany’s foreign intelligence service, the BND, secretly bought and controlled the company, using its devices to eavesdrop on enemies and allies alike, according to a joint investigation by the Washington Post and German public broadcaster ZDF, based on a classified internal CIA history.
First dubbed “Thesaurus” and later renamed to “Rubicon,” the CIA hailed the decades-long operation as the “intelligence coup of the century” in its classified history.
Though the intelligence agencies formed a relationship with the firm soon after World War II, they would step up their role in 1970 following a $5 million deal to take over the company. From there, the agencies controlled virtually every part of Crypto AG’s operations, ranging from hiring decisions, directing sales targets, and designing its high-tech encryption devices – with secret backdoors accessible only to them, of course.
The company’s clients, none of whom were ever made aware of the intelligence agency involvement, included Iran, various Latin American governments, India, Pakistan and even the Vatican. Throughout the 1980s, some 40 percent of all diplomatic cables and other government transmissions analyzed by the US National Security Agency (NSA) ran through Crypto AG’s devices, suggesting the agencies drew a vast amount of material from the eavesdropping operation.
The CIA ran a victory lap over the apparent success of Rubicon in its 96-page history, gloating:
While both China and the former Soviet Union were distrustful of Crypto AG and never made use of its products during Rubicon’s Cold War heyday, the compromised devices were used to gather intelligence during a number of high-profile geopolitical events – including spying on Iranian leaders throughout the 1979 hostage crisis, and to feed the UK information on Argentina’s military during the Falklands War.
Crypto AG made millions of dollars throughout the nearly 50-year operation, with the profits split between the two agencies. While the BND reportedly used some of the funds to finance its own field operations, the CIA leveraged its proceeds to buy up competing cryptography firms, apparently hoping to corner the market and funnel sales into Crypto.
The BND bowed out of the arrangement in 1993 over what the CIA termed a “storm of publicity,” after a Crypto employee was imprisoned in Iran and the German agency was forced to pay a hefty ransom to secure his release. The CIA, however, simply bought up the BND’s share afterward and kept the operation running until 2018, when it is thought to have sold off the company’s assets. By then, the firm’s prominence had waned with the rise of cheaper internet encryption technology, although it remains unclear whether the CIA ever entirely cut ties with the company.
The company’s current owners – who since rebranded the firm as Crypto International – have denied any knowledge of involvement with intelligence agencies, however.
“We at Crypto International have never had any relationship with the CIA or BND – and please quote me,” company chairman Andreas Linde told the Post.
“If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers.”
The Swiss government, meanwhile, ordered an investigation into the alleged decades-long intelligence-gathering operation on Tuesday.