It’s story time! Sit back and relax, I have a good one for you today. It’s not my story – all the credit belongs to Greg Miller and the Washington Post, who wrote a bombshell article about it a year ago. I’m going to boil it down to a thousand words because I know you and I love you and you have the attention span of a squirrel, just saying, so I want to make sure you don’t miss it. It has an unexpected twist about halfway through that will make you, I don’t know, gasp? Laugh? Look shocked? Pump your arm and say “’MURICA!”? One of those.
Our story takes us back a few decades but I want you to be thinking about the recent hacks in the news, the Russian hack into Solarwinds and the Chinese hack into Microsoft mail servers. Those hacks have an element in common with most government hacking so far: the goal is usually only to read someone else’s secret messages. The superpowers are constantly hacking each other’s networks and stealing information but not blowing things up. There are exceptions, like when we literally destroyed Iran’s uranium centrifuges with a virus, but mostly we’re just trying to find out what the other side is up to.
Today’s story is about the most effective operation in history to find out what everyone else was up to.
Crypto AG: How to keep messages secret
Governments like to keep their conversations private. They chat amongst themselves about things like, oh, the details of whatever war they’re engaged in, and how they’re ganging up against countries they don’t like, and what they’re doing to keep their countries running, and what their hidden secret vulnerabilities are. You know, things you’d rather not share with everyone.
How do you keep spies from reading your messages? Use secret codes, of course.
Messages have been encrypted for a long time but the art of encryption stepped up dramatically during World War II. Machines were introduced that used deep math to create secret codes that nobody could decode except the intended recipient, even if spies got them. Nazi Germany famously used Enigma machines during WWII to protect all its top-secret messages about war plans – the location of its troops, where its ships and subs were in the ocean, what they planned to blow up next, that sort of thing. The Germans didn’t find out until long after the war ended that the Allies had used even deeper math, along with effective spying and a bit of luck, to decrypt all the German messages, giving them an advantage that may have actually changed the outcome of the war.
US military troops in WWII used a portable encryption machine made by a company named Crypto AG, at that time based in the US. Soldiers would strap it to their knees and move dials and cranks to produce one encrypted letter at a time, laboriously producing coded messages about troop movements. It was brilliant for its time; 140,000 of them were produced during the war.
The owner of Crypto AG, Boris Hagelin, moved the company to Switzerland after the war but continued to have close ties to US intelligence as well as a close personal friendship with William Friedman, one of the leaders of US government intelligence. Friedman eventually became the NSA’s chief cryptologist.
Crypto AG’s encryption machines grew more powerful after the war as they introduced integrated circuits and better encryption routines, allowing messages to be encrypted in seconds instead of one letter at a time. Foreign governments clamored for the Crypto AG devices. During the 1950s Friedman convinced Hagelin to favor the US by not selling Crypto AG devices to unfriendly governments, but by the 1960s everyone was buying Crypto AG equipment.
For the rest of the 20th century, the world’s messages passed through Crypto AG machines. Big exceptions: Russia and China never trusted Western devices, so they were never Crypto AG customers. But from the 1950s into the 2000s, more than 120 countries relied on Crypto AG to keep their messages safe. Create a catalog of the world’s trouble spots during those decades and Crypto AG served them all, frequently on both sides of conflicts – Egypt, Iran, Libya, Saudi Arabia, Italy, Indonesia, Iraq, Jordan, South Korea, Nigeria, Argentina.
Crypto AG grew to be quite large and successful, generating millions of dollars in profits every year.
The surprise twist
The CIA owned Crypto AG. That’s not a figure of speech. They literally owned the company – secretly bought the whole thing in 1970.
Crypto AG machines were rigged. The NSA could decrypt Crypto AG messages with ease.
The US has been reading the secret messages of nearly every country on earth for decades.
A few years ago the CIA wrote a classified history of the Crypto AG operation. “It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
Friedman convinced his friend Hagelin to begin cooperating with the US back in the 1950s. Eventually Hagelin agreed to let the NSA use clever math and design Crypto AG devices that were rigged in an undetectable way.
In 1967 Crypto AG introduced a new model whose inner workings were completely designed by the NSA. Messages appeared to be completely secure, even when analyzed closely, but they were easily decoded by the NSA. Every Crypto AG device sold since then was designed to allow the NSA to read every message sent through them.
And in 1970 the CIA bought the entire company in partnership with German intelligence. Everyone went to elaborate lengths to keep the intelligence agency ownership secret, of course. The CIA continued to be either the part-owner or sole owner of Crypto AG until its dissolution in 2018.
Only a few US allies knew about the access that America had gained into other countries’ communications. In the next few decades there were occasional flare-ups when one country or another suspected that America had been spying on Crypto AG communications. But no one knew that every Crypto AG machine was compromised by design from the beginning. And the revelation that the CIA actually owned the company – that was a bombshell last year.
By the early 1980s, more than half the intelligence flowing through the NSA from anywhere in the world other than the Soviets and Asia came through Crypto AG machines. The NSA read it all.
A few specifics from the Washington Post article:
In 1978, as the leaders of Egypt, Israel and the United States gathered at Camp David for negotiations on a peace accord, the NSA was secretly monitoring the communications of Egyptian President Anwar Sadat with Cairo.
A year later, after Iranian militants stormed the U.S. Embassy and took 52 American hostages, the Carter administration sought their release in back-channel communications through Algeria. Inman, who served as NSA director at the time, said he routinely got calls from President Jimmy Carter asking how the Ayatollah Khomeini regime was reacting to the latest messages.
“We were able to respond to his questions about 85 percent of the time,” Inman said. That was because the Iranians and Algerians were using Crypto devices.
In 1982, the Reagan administration took advantage of Argentina’s reliance on Crypto equipment, funneling intelligence to Britain during the two countries’ brief war over the Falkland Islands.
U.S. spy agencies intercepted more than 19,000 Iranian communications sent via Crypto machines during that nation’s decade-long war with Iraq, mining them for reports on subjects such as Tehran’s terrorist links and attempts to target dissidents.
Not only did we reap the rewards of being able to listen in on virtually every secret conversation in the world, the CIA also made millions of dollars in profits in most years from the successful company.
Things began to fall apart in the 1990s as more countries became suspicious and partners began to get restless. Germany sold its share in the company to the Americans in 1993, profits began to fall, the Crypto AG product line dwindled, and new encryption devices came on the market from other companies. Crypto AG hobbled along until 2018, when its assets were liquidated.
Not a soul knew about the CIA ownership until the Washington Post article in February 2020.
Although the importance of intelligence from Crypto AG devices waned, they never stopped giving up their secrets. To this day, even with these revelations, there are still Crypto AG devices in use by governments plagued by inertia who have never unplugged them.
The Washington Post story caused an uproar in the intelligence world, as you can imagine. The Swiss government filed a criminal complaint shortly after the news broke, and released a report late in 2020 concluding that Swiss authorities were aware of, and at times complicit in, the Crypto AG operation, which will cause the Swiss reputation for neutrality to take a beating. The details of the Crypto AG operation provide a window on decades of squabbling between the CIA and the NSA. It’s possible that a second Swiss company was also in the pocket of the CIA, selling compromised encryption devices to companies and governments. China said the news proves we are an “empire of hackers.” Russia jumped in to crow about our lack of credibility when we claim moral high ground in complaints about Huawei and Kaspersky.
There are two things to learn that relate to the modern world.
(1) It really is difficult to claim to be outraged about government hacking when we do it ourselves on such a grand scale. Our methods are infinitely more sophisticated today and we deploy them all over the world, probably far more aggressively than the Russians or Chinese. Keep that in mind if you are puzzled by the apparent low-key reaction to the Russian Solarwinds hack and the Chinese Exchange Server hack.
(2) Do not underestimate the NSA’s and CIA’s desire to spy on communications. They want to hear every conversation and read every message. They are willing to go to extreme lengths to do it. Sure, they want to preserve our freedom and protect our values, but with one important exception: they have zero regard for privacy. Last week politicians were lamenting that American intelligence agencies are prohibited from conducting mass surveillance inside the United States, because maybe we could have stopped the Russia and China hacks if they didn’t have to deal with that pesky domestic hole in their voracious data-gathering. Our intelligence agencies are relentless about trying to strike a deal: they will try to protect us and keep us safe and stop hackers and terrorists if we will just let them monitor every single thing we say and do. You don’t have to make a leap of faith to believe that. They’ve been doing it all over the world in secret since the 1950s.
There, now, wasn’t that a good story? Go outside and play now, secure in the knowledge that someone, somewhere, is probably listening.