IP: Crypto AG - Der Spiegel (English)

[Dave Farber <farber () central cis upenn edu>]

As found in Cyberpunk list:


http://jya.com/cryptoa2.htm
      Crypto AG - Der Spiegel (English) 


Thanks to Anonymous for this English translation of the <crytoag.htm>German
original. 


  
----------------


  secret services undermine cryptographic devices 


  
----------------


Archive of "DER SPIEGEL" issue 36/96 pages 206-207 


  
----------------


  "Who is the authorized fourth"  


  Secret services undermine the protection of cryptographic devices. 




Switzerland is a discreet place. Uncounted millions of illegal money find
an asylum in the discreet banks of the republic. Here another business can
prosper, which does not need any publicity: the production of cryptographic
devices. 


A top address for tools of secrecy was for several decades the company
Crypto AG in Zug. It was founded in 1952 by the legendary Swedish
cryptographer Boris Hagelin. Hundreds of thousands of his
"Hagelin-machines", pendants of the German "Enigma" devices, were used in
World War II on the side of the Allies. 


A prospectus of the company states: "In the meantime, the Crypto AG has
built up long standing cooperative relations with customers in 130
countries." Crypto AG delivers enciphering devices applicable to voice as
well as data networks. 


But behind this solid facade the most impudent secret service feint of the
century has been staged: German and American services are under suspicion
of manipulation of the cryptographic devices of Crypto AG in a way that
makes the codes crackable within a very short time, and this allegedly
happened until the end of the eighties. 


Customers of Crypto AG are many honorable institutions, like the Vatican,
as well as countries like Iraq, Iran, Libya, that are at the top of the
priority list of U.S. services. At the beginning of the nineties the
discreet company was suspected to play an unfair game. What was the source
of the "direct precise and undeniable proofs" U.S. president Reagan
referred to when he ordered the bombardment of Libya, the country he called
the wire puller of the attack against the disco La Belle? Obviously the U.S
services were able to read encrypted radio transmissions between Tripoli
and its embassy in East Berlin. 


Hans Buehler, a sales engineer of Crypto AG, got between the fronts of the
secret service war. On March 18, 1992, the unsuspecting tradesman was
arrested in Teheran. During the nine and a half months of solitary
confinement in a military prison he had to answer over and over again, to
whom he leaked the codes of Teheran and the keys of Libya. 


In the end Crypto AG paid generously the requested bail of about one
million German marks (DM), but dismissed the released Buehler a few weeks
later. The reason: Buehlers publicity, "especially during and after his
return" was harmful for the company. But Buehler started to ask
inconvenient questions and got surprising answers. 


Already the ownership of the Crypto AG was diffuse. A "foundation",
established by Hagelin, provides according to the company "the best
preconditions for the independence of the company". 


But a big part of the shares are owned by German owners in changing
constellations. Eugen Freiberger, who is the head of the managing board in
1982 and resides in Munich, owns all but 6 of the 6,000 shares of Crypto
AG. Josef Bauer, who was elected into managing board in 1970, now states
that he, as an authorized tax agent of the Muenchner Treuhandgesellschaft
KPMG [Munich trust company], worked due to a "mandate of the Siemens AG".
When the Crypto AG could no longer escape the news headlines, an insider
said, the German shareholders parted with the high-explosive share. 


Some of the changing managers of Crypto AG did work for Siemens before.
Rumors, saying that the German secret service BND was hiding behind this
engagement, were strongly denied by Crypto AG. 


But on the other hand it appeared like the German service had an
suspiciously great interest in the prosperity of the Swiss company. In
October 1970 a secret meeting of the BND discussed, "how the Swiss company
Graettner could be guided nearer to the Crypto AG or could even be
incorporated with the Crypto AG." Additionally the service considered, how
"the Swedish company Ericsson could be influenced through Siemens to
terminate its own cryptographic business." 


The secret man have obviously a great interest to direct the trading of
encryption devices into ordered tracks. Ernst Polzer*, a former employee of
Crypto AG, reported that he had to coordinate his developments with "people
from Bad Godesberg". This was the residence of the "central office for
encryption affairs" of the BND, and the service instructed Crypto AG what
algorithms to use to create the codes. (* name changed by the editor) 


Members of the American secret service National Security Agency (NSA) also
visited the Crypto AG often. The memorandum of the secret workshop of the
Crypto AG in August 1975 on the occasion of the demonstration of a new
prototype of an encryption device mentions as a participant the
cryptographer of the NSA, Nora Mackebee. 


Bob Newman, an engineer of the chip producer Motorola, which cooperated
with Crypto AG in the seventies to develop a new generation of electronic
encryption machines, knows Mackebee. She was introduced to him as a
"counselor". 


"The people knew Zug very good and gave travel tips to the Motorola people
for the visit at Crypto AG", Newman reported. Polzer also remembers the
American "watcher", who strongly demanded the use of certain encryption
methods. 


Depending on the projected usage area the manipulation on the cryptographic
devices were more or less subtle, said Polzer. Some buyers only got
simplified code technology according to the motto "for these customers that
is sufficient, they don't not need such a good stuff." 


In more delicate cases the specialists reached deeper into the
cryptographic trick box: The machines prepared in this way enriched the
encrypted text with "auxiliary informations" that allowed all who knew this
addition to reconstruct the original key. The result was the same: What
looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more than a
finger exercise for the informed listener. 


The Crypto AG called such reports "old hearsay" and "pure invention". But
the [legal] process, that was started by the company against the former
employee Buehler, on the grounds that he had said that there might be some
truth in the suspicions of the Iranian investigators, surprisingly ended in
November of last year. 


After the trial, that could have brought embarrassing details to the light,
the company agreed to an settlement outside the court. Since that time
Buehler is very silent with regard to this case. "He made his fortune
financially," presumed an insider of the scene. 


"In the industry everybody knows how such affairs will be dealed with,"
said Polzer, a former colleague of Buehler. "Of course such devices protect
against interception by unauthorized third parties, as stated in the
prospectus. But the interesting question is: Who is the authorized fourth?" 


  
----------------