Secret documents reveal CIA and former-West German spy agency BND used Crypto AG encryption machines to spy on friends and foes for over forty years.
Internationally renowned Swiss company Crypto AG was a market leader in encryption technology and services. Made famous by their “unbreakable” CX52 encryption machine, countries around the world trusted their technology to keep state secrets safe.
However, the secret papers German public broadcaster ZDF, the US’s Washington Post newspaper, and Swiss broadcaster SFR recently gained access to, reveal everything changed when Crypto AG founder Boris Hagelin, agreed to sell his company to the CIA and BND for $8.5 billion.
Hagelin had a close relationship with US intelligence, including with the particularly feted codebreaker William Friedman. In 1995, the Baltimore Sun broke a story on the US’s sophisticated spying empire. Headlined “Rigging the Game” and based on company documents and employee testimony, the story unveiled what it referred to as the “intelligence sting of the century,” unearthing links between Crypto AG and the CIA.
Crypto AG strongly rejected the allegations, however. The company firmly assured customers “manipulation of Crypto AG equipment is absolutely excluded.” But as later revelations would show, the Baltimore Sun had just scratched the surface of a much bigger story.
A 2015 BBC report uncovered more details about Crypto AG, or the “Boris Project,” in declassified NSA documents. “The relationship, initially referred to as a “gentleman’s agreement,” included Hagelin keeping the NSA and GCHQ informed about the technical specifications of different machines and which countries were buying which ones,” they reported.
Now rumors that have swirled for years are confirmed. #Cryptoleaks tells the full Crypto AG story, revealing that under CIA/BND ownership, the US and Germany “rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages,” according to the Washington Post.
Who’s implicated?
Thanks to Crypto AG, the US, and West Germany were able to monitor a plethora of sensitive messages between governments, embassies and the military of over 100 countries including Iran, Argentina, Morocco, Saudi Arabia, Italy, and Turkey. A wealth of intelligence intercepts were generated from late 1971 until either 1993 when Germany reunified; or 2018, when Crypto AG was sold-off and remaining assets liquidated.
Middle Eastern buyers included Saudi Arabia, Iran, Iraq, Syria, Jordan, Kuwait, Lebanon, Oman, Qatar, and the United Arab Emirates. In North Africa, Egypt, Algeria, Libya, Morocco, and Tunisia were customers of Crypto AG.
Operation “Rubicon,” as the CIA codenamed its ownership and control of Crypto AG, was not solely limited to spying on third-world foes. According to the documents, the CIA was perfectly comfortable eavesdropping on European nations, including US allies like Ireland, Spain, and Portugal.
The BND, however, expressed reservations about spying on close allies, but the CIA shrugged off the complaints and argued there were “no true friends” when it comes to collecting sensitive and extremely useful intelligence. The Washington Post reports that “the Germans were taken aback by the Americans’ willingness to spy on all but its closest allies, with targets including NATO members Spain, Greece, Turkey, and Italy.
China and the Soviet Union never trusted Crypto AG and steered clear, placing themselves in the “small circle” of countries whose encrypted secrets could not be read by Washington and Bonn.
Crypto AG, codenamed “Minerva” in CIA documents, reportedly had two machines. One was fully secured and “unreadable,” while the other was encrypted in such a way that the CIA and BND could easily break its codes and read the secret communications of governments who used it. Meanwhile, the spying operation it allowed was far safer than any network of human espions, assuring a steady flow of information with almost no risk of detection.
According to the uncovered secret information, Switzerland received a secure machine and was along with Israel, Sweden and Britain, one of four countries that knew about the program.
The CIA boasted in a lengthy internal resume on the operation, “it was the intelligence coup of the century.” It went on to say, “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
Fellow Five Eyes signals intelligence-sharing alliance members the UK, Canada, Australia, and New Zealand are likely the other countries referred to. The Five Eyes agreement states “each party will continue to make available to the other, continuously, currently, and without request, all raw traffic, COMINT end-product, and technical material acquired or produced…” This means that Canada, Australia, and New Zealand were most probably aware of Operation Rubicon, and benefiting from intelligence it gathered, too.
Repercussions and Legacy
Switzerland’s global reputation for engineering expertise, discretion and neutrality made Crypto AG a perfect target. That the Swiss intelligence was aware of and complicit in Operation Rubicon has thrown the European country’s press and politicians into a spin. The Swiss government launched an investigation on Tuesday into how the Zug-based company became the centerpiece of the US and West Germany’s “eavesdropping empire.”
“So the rumors at the beginning of the 1990s were true. Good Switzerland – neutral and non-aligned – was home to a quasi-agency of allied intelligence services,” said Pierre Veya in a Tribune de Geneve editorial on Wednesday.
It is believed most of Crypto AG’s employees did not know about the CIA-BND plot and now have mixed feelings about their unwitting involvement. Crypto International formed part of the original company until it was bought by Swedish entrepreneur Andreas Linde. In a statement to the Washington Post, Linde denied any knowledge of the operation and said he feels “betrayed” by the allegations.
During the Cold War, the operation gave the US, West Germany, and their allies a crucial intelligence edge on opponents. Amongst their achievements, the CIA and BND report state they “monitored Iran’s mullahs during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.”
Germany’s ex-secret service coordinator Bernd Schmidbauer told ZDF that Rubicon “has certainly contributed to making the world a bit safer.” Former CIA Director and NSA Deputy Director Bobby Ray Inman, who led the CIA in the late 1970s and early 1980s, agrees that the operation was a great success and a much-needed asset in the world of intelligence gathering.
Despite the outrage and mistrust that the recent revelations are sure to fuel, Inman insisted he has no qualms about the program. “Do I have any qualms? Zero,” he said. “It was a very valuable source of communications on significantly large parts of the world important to U.S. policymakers.”
The new revelations also raise questions about the US and West Germany’s knowledge, and lack of action, on atrocities committed around the world over the past fifty years. It appears the US and Germany preferred to sit back and watch instead of intervening, to safeguard Crypto AG and “access to streams of intelligence.”
Meanwhile, while it could be argued that the US or West Germany’s right to legally intervene in other states affairs would have been restricted by international law and the norms of state sovereignty. The scale of Operation Rubicon, and the CIA’s documented involvement in regime changes around the world, shows how the US only respects other’s sovereignty when it’s in its national interest.
With the revelations of CIA-BND-Crypto collusion coming against the background of a US-China feud over 5G technology, it is not surprising that the US, UK, and allies are wary of Chinese state technology company Huawei.