‘The intelligence coup of the century.’ Greg Miller. The Washington Post, Feb. 11, 2020. https://www.washingtonpost.com
For decades, the CIA read the encrypted communications of allies and adversaries.
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.
The account identifies the CIA officers who ran the program and the company executives entrusted to execute it. It traces the origin of the venture as well as the internal conflicts that nearly derailed it. It describes how the United States and its allies exploited other nations’ gullibility for years, taking their money and stealing their secrets.
The operation, known first by the code name “Thesaurus” and later “Rubicon,” ranks among the most audacious in CIA history.
“It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
From 1970 on, the CIA and its code-breaking sibling, the National Security Agency, controlled nearly every aspect of Crypto’s operations — presiding with their German partners over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets.
Then, the U.S. and West German spies sat back and listened.
They monitored Iran’s mullahs during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.
The program had limits. America’s main adversaries, including the Soviet Union and China, were never Crypto customers. Their well-founded suspicions of the company’s ties to the West shielded them from exposure, although the CIA history suggests that U.S. spies learned a great deal by monitoring other countries’ interactions with Moscow and Beijing.
There were also security breaches that put Crypto under clouds of suspicion. Documents released in the 1970s showed extensive — and incriminating — correspondence between an NSA pioneer and Crypto’s founder. Foreign targets were tipped off by the careless statements of public officials including President Ronald Reagan. And the 1992 arrest of a Crypto salesman in Iran, who did not realize he was selling rigged equipment, triggered a devastating “storm of publicity,” according to the CIA history.
But the true extent of the company’s relationship with the CIA and its German counterpart was until now never revealed.
The German spy agency, the BND, came to believe the risk of exposure was too great and left the operation in the early 1990s. But the CIA bought the Germans’ stake and simply kept going, wringing Crypto for all its espionage worth until 2018, when the agency sold off the company’s assets, according to current and former officials.
The company’s importance to the global security market had fallen by then, squeezed by the spread of online encryption technology. Once the province of governments and major corporations, strong encryption is now as ubiquitous as apps on cellphones.
Even so, the Crypto operation is relevant to modern espionage. Its reach and duration help to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei.
This story is based on the CIA history and a parallel BND account, also obtained by The Post and ZDF, and interviews with current and former Western intelligence officials as well as Crypto employees. Many spoke on the condition of anonymity, citing the sensitivity of the subject.
It is hard to overstate how extraordinary the CIA and BND histories are. Sensitive intelligence files are periodically declassified and released to the public. But it is exceedingly rare, if not unprecedented, to glimpse authoritative internal histories of an entire covert operation. The Post was able to read all of the documents, but the source of the material insisted that only excerpts be published.
Click any underlined text in the story to see an excerpt from the CIA history.
The CIA and the BND declined to comment, though U.S. and German officials did not dispute the authenticity of the documents. The first is a 96-page account of the operation completed in 2004 by the CIA’s Center for the Study of Intelligence, an internal historical branch. The second is an oral history compiled by German intelligence officials in 2008.
The overlapping accounts expose frictions between the two partners over money, control and ethical limits, with the West Germans frequently aghast at the enthusiasm with which U.S. spies often targeted allies.
But both sides describe the operation as successful beyond their wildest projections. At times, including in the 1980s, Crypto accounted for roughly 40 percent of the diplomatic cables and other transmissions by foreign governments that cryptanalysts at the NSA decoded and mined for intelligence, according to the documents.
All the while, Crypto generated millions of dollars in profits that the CIA and BND split and plowed into other operations.
Crypto’s sign is still visible atop its longtime headquarters near Zug, Switzerland, though the company was liquidated in 2018. (Jahi Chikwendiu/The Washington Post)
Crypto’s products are still in use in more than a dozen countries around the world, and its orange-and-white sign still looms atop the company’s longtime headquarters building near Zug, Switzerland. But the company was dismembered in 2018, liquidated by shareholders whose identities have been permanently shielded by the byzantine laws of Liechtenstein, a tiny European nation with a Cayman Islands-like reputation for financial secrecy.
Two companies purchased most of Crypto’s assets. The first, CyOne Security, was created as part of a management buyout and now sells security systems exclusively to the Swiss government. The other, Crypto International, took over the former company’s brand and international business.
Each insisted that it has no ongoing connection to any intelligence service, but only one claimed to be unaware of CIA ownership. Their statements were in response to questions from The Post, ZDF and Swiss broadcaster SRF, which also had access to the documents.
CyOne has more substantial links to the now-dissolved Crypto, including that the new company’s chief executive held the same position at Crypto for nearly two decades of CIA ownership.
A CyOne spokesman declined to address any aspect of Crypto AG’s history but said the new firm has “no ties to any foreign intelligence services.”
Andreas Linde, the chairman of the company that now holds the rights to Crypto’s international products and business, said he had no knowledge of the company’s relationship to the CIA and BND before being confronted with the facts in this article.
“We at Crypto International have never had any relationship with the CIA or BND — and please quote me,” he said in an interview. “If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers.”
The Swiss government announced on Tuesday that it was launching an investigation of Crypto AG’s ties to the CIA and BND. Earlier this month, Swiss officials revoked Crypto International’s export license.
Subscribe on:Alexa Apple PodcastsGoogle Podcasts Spotify Stitcher TuneIn RadioPublic iHeartRadio RSSPost Reports | Podcast
The CIA’s ‘coup of the century’Subscribe0:00151532:01
The timing of the Swiss moves was curious. The CIA and BND documents indicate that Swiss officials must have known for decades about Crypto’s ties to the U.S. and German spy services, but intervened only after learning that news organizations were about to expose the arrangement.
The histories, which do not address when or whether the CIA ended its involvement, carry the inevitable biases of documents written from the perspectives of the operation’s architects. They depict Rubicon as a triumph of espionage, one that helped the United States prevail in the Cold War, keep tabs on dozens of authoritarian regimes and protect the interests of the United States and its allies.
The papers largely avoid more unsettling questions, including what the United States knew — and what it did or didn’t do — about countries that used Crypto machines while engaged in assassination plots, ethnic cleansing campaigns and human rights abuses.
The revelations in the documents may provide reason to revisit whether the United States was in position to intervene in, or at least expose, international atrocities, and whether it opted against doing so at times to preserve its access to valuable streams of intelligence.
Nor do the files deal with obvious ethical issues at the core of the operation: the deception and exploitation of adversaries, allies and hundreds of unwitting Crypto employees. Many traveled the world selling or servicing rigged systems with no clue that they were doing so at risk to their own safety.
Juerg Spoerndli is an electrical engineer who spent 16 years working at Crypto. Deceived employees said the revelations about the company have deepened a sense of betrayal, of themselves and customers. (Jahi Chikwendiu/The Washington Post)
In recent interviews, deceived employees — even ones who came to suspect during their time at Crypto that the company was cooperating with Western intelligence — said the revelations in the documents have deepened a sense of betrayal, of themselves and customers.
“You think you do good work and you make something secure,” said Juerg Spoerndli, an electrical engineer who spent 16 years at Crypto. “And then you realize that you cheated these clients.”
Those who ran the clandestine program remain unapologetic.
“Do I have any qualms? Zero,” said Bobby Ray Inman, who served as director of the NSA and deputy director of the CIA in the late 1970s and early 1980s. “It was a very valuable source of communications on significantly large parts of the world important to U.S. policymakers.”
Boris Hagelin, the founder of Crypto, and his wife arrive in New York in 1949. Hagelin fled to the United States when the Nazis occupied Norway in 1940. (Bettmann Archive)
A denial operation
This sprawling, sophisticated operation grew out of the U.S. military’s need for a crude but compact encryption device.
Boris Hagelin, Crypto’s founder, was an entrepreneur and inventor who was born in Russia but fled to Sweden as the Bolsheviks took power. He fled again to the United States when the Nazis occupied Norway in 1940.
He brought with him an encryption machine that looked like a fortified music box, with a sturdy crank on the side and an assembly of metal gears and pinwheels under a hard metal case.
It wasn’t nearly as elaborate, or secure, as the Enigma machines being used by the Nazis. But Hagelin’s M-209, as it became known, was portable, hand-powered and perfect for troops on the move. Photos show soldiers with the eight-pound boxes — about the size of a thick book — strapped to their knees. Many of Hagelin’s devices have been preserved at a private museum in Eindhoven, the Netherlands.
Marc Simons and Paul Reuvers founded the Crypto Museum in Eindhoven, Netherlands. The virtual museum has preserved many of Hagelin’s devices. (Jahi Chikwendiu/The Washington Post) Hagelin’s M-209 encryption machine had a crank on the side and an assembly of metal gears and pinwheels under a hard metal case. Portable and hand-powered, it was used mainly for tactical messages about troop movements. (Jahi Chikwendiu/The Washington Post)
Sending a secure message with the device was tedious. The user would rotate a dial, letter by letter, and thrust down the crank. The hidden gears would turn and spit out an enciphered message on a strip of paper. A signals officer then had to transmit that scrambled message by Morse code to a recipient who would reverse the sequence.
Security was so weak that it was assumed that nearly any adversary could break the code with enough time. But doing so took hours. And since these were used mainly for tactical messages about troop movements, by the time the Nazis decoded a signal its value had probably perished.
Over the course of the war, about 140,000 M-209s were built at the Smith Corona typewriter factory in Syracuse, N.Y., under a U.S. Army contract worth $8.6 million to Crypto. After the war, Hagelin returned to Sweden to reopen his factory, bringing with him a personal fortune and a lifelong sense of loyalty to the United States.
Even so, American spies kept a wary eye on his postwar operations. In the early 1950s, he developed a more advanced version of his war-era machine with a new, “irregular” mechanical sequence that briefly stumped American code-breakers.
Learn how secret messages are created using an early encryption machine 2:11
Marc Simons, co-founder of Crypto Museum, a virtual museum of cipher machines, explains how secret messages were created using the Hagelin CX-52. (Stanislav Dobak/The Washington Post)
Alarmed by the capabilities of the new CX-52 and other devices Crypto envisioned, U.S. officials began to discuss what they called the “Hagelin problem.”
These were “the Dark Ages of American cryptology,” according to the CIA history. The Soviets, Chinese and North Koreans were using code-making systems that were all but impenetrable. U.S. spy agencies worried that the rest of the world would also go dark if countries could buy secure machines from Hagelin.
The Americans had several points of leverage with Hagelin: his ideological affinity for the country, his hope that the United States would remain a major customer and the veiled threat that they could damage his prospects by flooding the market with surplus M-209s from the war.
The U.S. Army’s Signals Intelligence Service was headed by William Friedman, center, in the mid-1930s. Other members, from left: Herrick F. Bearce, Solomon Kullback, U.S. Army Capt. Harold G. Miller, Louise Newkirk Nelson, seated, Abraham Sinkov, U.S. Coast Guard Lt. L.T. Jones and Frank B. Rowlett. (Fotosearch/Getty Images)
The United States also had a more crucial asset: William Friedman. Widely regarded as the father of American cryptology, Friedman had known Hagelin since the 1930s. They had forged a lifelong friendship over their shared backgrounds and interests, including their Russian heritage and fascination with the complexities of encryption.
There might never have been an Operation Rubicon if the two men had not shaken hands on the very first secret agreement between Hagelin and U.S. intelligence over dinner at the Cosmos Club in Washington in 1951.
The deal called for Hagelin, who had moved his company to Switzerland, to restrict sales of his most sophisticated models to countries approved by the United States. Nations not on that list would get older, weaker systems. Hagelin would be compensated for his lost sales, as much as $700,000 up front.
It took years for the United States to live up to its end of the deal, as top officials at the CIA and the predecessor to the NSA bickered over the terms and wisdom of the scheme. But Hagelin abided by the agreement from the outset, and over the next two decades, his secret relationship with U.S. intelligence agencies deepened.
In 1960, the CIA and Hagelin entered into a “licensing agreement” that paid him $855,000 to renew his commitment to the handshake deal. The agency paid him $70,000 a year in retainer and started giving his company cash infusions of $10,000 for “marketing” expenses to ensure that Crypto — and not other upstarts in the encryption business — locked down contracts with most of the world’s governments.
It was a classic “denial operation” in the parlance of intelligence, a scheme designed to prevent adversaries from acquiring weapons or technology that would give them an advantage. But it was only the beginning of Crypto’s collaboration with U.S. intelligence. Within a decade, the whole operation belonged to the CIA and BND.
U.S. officials had toyed since the outset with the idea of asking Hagelin whether he would be willing to let U.S. cryptologists doctor his machines. But Friedman overruled them, convinced that Hagelin would see that as a step too far.
The CIA and NSA saw a new opening in the mid-1960s, as the spread of electronic circuits forced Hagelin to accept outside help adapting to the new technology, or face extinction clinging to the manufacturing of mechanical machines.
NSA cryptologists were equally concerned about the potential impact of integrated circuits, which seemed poised to enable a new era of unbreakable encryption. But one of the agency’s senior analysts, Peter Jenks, identified a potential vulnerability.
If “carefully designed by a clever crypto-mathematician,” he said, a circuit-based system could be made to appear that it was producing endless streams of randomly generated characters, while in reality it would repeat itself at short enough intervals for NSA experts — and their powerful computers — to crack the pattern.
Two years later, in 1967, Crypto rolled out a new, all-electronic model, the H-460, whose inner workings were completely designed by the NSA.
The CIA history all but gloats about crossing this threshold. “Imagine the idea of the American government convincing a foreign manufacturer to jimmy equipment in its favor,” the history says. “Talk about a brave new world.”
The NSA didn’t install crude “back doors” or secretly program the devices to cough up their encryption keys. And the agency still faced the difficult task of intercepting other governments’ communications, whether plucking signals out of the air or, in later years, tapping into fiber optic cables.
But the manipulation of Crypto’s algorithms streamlined the code-breaking process, at times reducing to seconds a task that might otherwise have taken months. The company always made at least two versions of its products — secure models that would be sold to friendly governments, and rigged systems for the rest of the world.
In so doing, the U.S.-Hagelin partnership had evolved from denial to “active measures.” No longer was Crypto merely restricting sales of its best equipment but actively selling devices that were engineered to betray their buyers.
The payoff went beyond the penetration of the devices. Crypto’s shift to electronic products buoyed business so much that it became addicted to its dependence on the NSA. Foreign governments clamored for systems that seemed clearly superior to the old clunky mechanical devices but in fact were easier for U.S. spies to read.
ra n mrcGera n mrcnpGerman and American partners
By the end of the 1960s, Hagelin was nearing 80 and anxious to secure the future for his company, which had grown to more than 180 employees. CIA officials were similarly anxious about what would happen to the operation if Hagelin were to suddenly sell or die.
Hagelin had once hoped to turn control over to his son, Bo. But U.S. intelligence officials regarded him as a “wild card” and worked to conceal the partnership from him. Bo Hagelin was killed in a car crash on Washington’s Beltway in 1970. There were no indications of foul play.
U.S. intelligence officials discussed the idea of buying Crypto for years, but squabbling between the CIA and NSA prevented them from acting until two other spy agencies entered the fray.
The French, West German and other European intelligence services had either been told about the United States’ arrangement with Crypto or figured it out on their own. Some were understandably jealous and probed for ways to secure a similar deal for themselves.
In 1967, Hagelin was approached by the French intelligence service with an offer to buy the company in partnership with German intelligence. Hagelin rebuffed the offer and reported it to his CIA handlers. But two years later, the Germans came back seeking to make a follow-up bid with the blessing of the United States.
In a meeting in early 1969 at the West German Embassy in Washington, the head of that country’s cipher service, Wilhelm Goeing, outlined the proposal and asked whether the Americans “were interested in becoming partners too.”
Months later, CIA Director Richard Helms approved the idea of buying Crypto and dispatched a subordinate to Bonn, the West German capital, to negotiate terms with one major caveat: the French, CIA officials told Goeing, would have to be “shut out.”
West Germany acquiesced to this American power play, and a deal between the two spy agencies was recorded in a June 1970 memo carrying the shaky signature of a CIA case officer in Munich who was in the early stages of Parkinson’s disease and the illegible scrawl of his BND counterpart.
The two agencies agreed to chip in equally to buy out Hagelin for approximately $5.75 million, but the CIA left it largely to the Germans to figure out how to prevent any trace of the transaction from ever becoming public.
A Liechtenstein law firm, Marxer and Goop, helped hide the identities of the new owners of Crypto through a series of shells and “bearer” shares that required no names in registration documents. The firm was paid an annual salary “less for the extensive work but more for their silence and acceptance,” the BND history says. The firm, now named Marxer and Partner, did not respond to a request for comment.
A new board of directors was set up to oversee the company. Only one member of the board, Sture Nyberg, to whom Hagelin had turned over day-to-day management, knew of CIA involvement. “It was through this mechanism,” the CIA history notes, “that BND and CIA controlled the activities” of Crypto. Nyberg left the company in 1976. The Post and ZDF could not locate him or determine whether he is still alive.
The two spy agencies held their own regular meetings to discuss what to do with their acquisition. The CIA used a secret base in Munich, initially on a military installation used by American troops and later in the attic of a building adjacent to the U.S. Consulate, as the headquarters for its involvement in the operation.
The CIA and BND agreed on a series of code names for the program and its various components. Crypto was called “Minerva,” which is also the title of the CIA history. The operation was at first code-named “Thesaurus,” though in the 1980s it was changed to “Rubicon.”
Each year, the CIA and BND split any profits Crypto had made, according to the German history, which says the BND handled the accounting and delivered the cash owed to the CIA in an underground parking garage.
From the outset, the partnership was beset by petty disagreements and tensions. To CIA operatives, the BND often seemed preoccupied with turning a profit, and the Americans “constantly reminded the Germans that this was an intelligence operation, not a money-making enterprise.” The Germans were taken aback by the Americans’ willingness to spy on all but their closest allies, with targets including NATO members Spain, Greece, Turkey and Italy.
Mindful of the limitations to their abilities to run a high-tech company, the two agencies brought in corporate outsiders. The Germans enlisted Siemens, a Munich-based conglomerate, to advise Crypto on business and technical issues in exchange for 5 percent of the company’s sales. The United States later brought in Motorola to fix balky products, making it clear to the company’s CEO this was being done for U.S. intelligence. Siemens declined to comment. Motorola officials did not respond to a request for comment.
To its frustration, Germany was never admitted to the vaunted “Five Eyes,” a long-standing intelligence pact involving the United States, Britain, Australia, New Zealand and Canada. But with the Crypto partnership, Germany moved closer into the American espionage fold than might have seemed possible in World War II’s aftermath. With the secret backing of two of the world’s premier intelligence agencies and the support of two of the world’s largest corporations, Crypto’s business flourished.
A table in the CIA history shows that sales surged from 15 million Swiss francs in 1970 to more than 51 million in 1975, or $19 million. The company’s payroll expanded to more than 250 employees.
“The Minerva purchase had yielded a bonanza,” the CIA history says of this period. The operation entered a two-decade stretch of unprecedented access to foreign governments’ communications.
Iranian suspicions
The NSA’s eavesdropping empire was for many years organized around three main geographic targets, each with its own alphabetic code: A for the Soviets, B for Asia and G for virtually everywhere else.
By the early 1980s, more than half of the intelligence gathered by G group was flowing through Crypto machines, a capability that U.S. officials relied on in crisis after crisis.
In 1978, as the leaders of Egypt, Israel and the United States gathered at Camp David for negotiations on a peace accord, the NSA was secretly monitoring the communications of Egyptian President Anwar Sadat with Cairo.
A year later, after Iranian militants stormed the U.S. Embassy and took 52 American hostages, the Carter administration sought their release in back-channel communications through Algeria. Inman, who served as NSA director at the time, said he routinely got calls from President Jimmy Carter asking how the Ayatollah Khomeini regime was reacting to the latest messages.
“We were able to respond to his questions about 85 percent of the time,” Inman said. That was because the Iranians and Algerians were using Crypto devices.
Inman said the operation also put him in one of the trickiest binds he’d encountered in government service. At one point, the NSA intercepted Libyan communications indicating that the president’s brother, Billy Carter, was advancing Libya’s interests in Washington and was on leader Moammar Gaddafi’s payroll.
Inman referred the matter to the Justice Department. The FBI launched an investigation of Carter, who falsely denied taking payments. In the end, he was not prosecuted but agreed to register as a foreign agent.
Throughout the 1980s, the list of Crypto’s leading clients read like a catalogue of global trouble spots. In 1981, Saudi Arabia was Crypto’s biggest customer, followed by Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.
To protect its market position, Crypto and its secret owners engaged in subtle smear campaigns against rival companies, according to the documents, and plied government officials with bribes. Crypto sent an executive to Riyadh, Saudi Arabia, with 10 Rolex watches in his luggage, the BND history says, and later arranged a training program for the Saudis in Switzerland where the participants’ “favorite pastime was to visit the brothels, which the company also financed.”
At times, the incentives led to sales to countries ill-equipped to use the complicated systems. Nigeria bought a large shipment of Crypto machines, but two years later, when there was still no corresponding payoff in intelligence, a company representative was sent to investigate. “He found the equipment in a warehouse still in its original packaging,” according to the German document.
In 1982, the Reagan administration took advantage of Argentina’s reliance on Crypto equipment, funneling intelligence to Britain during the two countries’ brief war over the Falkland Islands, according to the CIA history, which doesn’t provide any detail on what kind of information was passed to London. The documents generally discuss intelligence gleaned from the operation in broad terms and provide few insights into how it was used.
Reagan appears to have jeopardized the Crypto operation after Libya was implicated in the 1986 bombing of a West Berlin disco popular with American troops stationed in West Germany. Two U.S. soldiers and a Turkish woman were killed as a result of the attack.
Reagan ordered retaliatory strikes against Libya 10 days later. Among the reported victims was one of Gaddafi’s daughters. In an address to the country announcing the strikes, Reagan said the United States had evidence of Libya’s complicity that “is direct, it is precise, it is irrefutable.”
The evidence, Reagan said, showed that Libya’s embassy in East Berlin received orders to carry out the attack a week before it happened. Then, the day after the bombing, “they reported back to Tripoli on the great success of their mission.”
Reagan’s words made clear that Tripoli’s communications with its station in East Berlin had been intercepted and decrypted. But Libya wasn’t the only government that took note of the clues Reagan had provided.
Iran, which knew that Libya also used Crypto machines, became increasingly concerned about the security of its equipment. Tehran didn’t act on those suspicions until six years later.
No comments:
Post a Comment