Interesting People mailing list archives
IP: NSA rigs Crypto machines according to Balto Sun
From: Dave Farber <farber () central cis upenn edu>
Date: Sun, 10 Dec 1995 13:13:27 -0500
From: pcw () access digex net (Peter Wayner) Most of us might believe that the holes in Netscape's encryption software were simply the result of sloppy engineering. That was the public story. A story from today's Baltimore Sun (Sunday December 10, 1995) gives more reasons to be paranoid. The Baltimore Sun has been running a long series of articles on the National Security Agency. Some of the earlier ones have been largely positive and filled with stories of intelligence coups. Today's story, describes several reasons why one might believe that the NSA was party to a plan to rig the machines of the Swiss company, Crypto AG, so that the messages could be read by those who knew the game. Crypto AG sells its machines to other countries around the world who believe that the Swiss are neutral vendors of superior technology that wouldn't have such holes. The clearest link, in my mind, was the minutes from a design meeting at Crypto AG which was attended by an NSA cryptographer, Nora Mackebee. (She is now 55, retired and living at what the Sun calls a "Howard County horse farm.") But there are reasons to wonder about this link. Motorola was also part of the list. Also one employee got in a legal battle after being fired. The details were settled a few days before company engineers were scheduled to testify "that they believed the machines were altered." More anecdotal evidence was offered by someone who is listed as a "longtime colleague" of Dr. Kjell Ove Widman, the Swedish mathematician who "had total authority over Crypto algorithms." The colleague said that Widman would often travel to Germany and then return with design instructions. The impression was given that Crypto could only use an algorithm if it was approved. But approval is not, in my mind, proof of a secret attempt to read messages. I believe that the NSA probably did more to strengthen DES than weaken it during the classified design process at IBM. But I only have the work of Biham and Shamir to base these conclusions upon. Perhaps the machines were altered to make them stronger for western firms using them? The Mackabee meeting occured in 1975 during the height of the Cold War. The Soviets were grabbing Western technology left and right. Of course, the Sun also reports that Crypto AG "denied that intelligence agenies had ever rigged its machines." (The words in quote are the Sun's not Crypto AG's. ) So, is this what happened at Crypto AG? Is this what happened at Netscape? We may never no for certain, but there is a final warning for the folks at Netscape that is buried the Sun's article about Crypto AG: "Meanwhile, though the company has hastened to reassure its customers, business has declined and employees have been laid off." -=-=-=-=- There are two more articles in the series. Tuesday's will report that "Trolling for foreign secrets, NSA routinely picks up Americans' overseas calls. And it's legal." On Friday, the article reports, "The next war will be fought with computers. NSA is getting ready." You will be able to buy a reprint of the NSA stories from SunSource. $3.95. Call 410-332-6962.
Current thread:
- IP: NSA rigs Crypto machines according to Balto Sun Dave Farber (Dec 10)