Begin forwarded message:

From: Eugen Leitl <[EMAIL PROTECTED]>
Date: December 29, 2007 9:16:49 AM EST
Subject: [silk] For years US eavesdroppers could read encrypted messages without the least difficulty

From: Gautam John <[EMAIL PROTECTED]>
Subject: [silk] For years US eavesdroppers could read encrypted messages
        without the least difficulty
Date: Sat, 29 Dec 2007 19:38:28 +0530

Sat, 29 Dec 2007 04:02:00
By Ludwig De Braeckeleer

(OhMyNews) -- For decades, the US National Security Agency (NSA) has
been reading effortlessly ultra sensitive messages intercepted from
all parts of the world. This extraordinary feat was not the
consequence of the work of some genius cyber mathematician. Nor was it
the result of the agency dominance in the field of super computers,
which allegedly have outpaced their most direct rivals by orders of
magnitude. The truth is far simpler and quite troubling. The game was

For half a century, Crypto AG, a Swiss company located in Zug, has
sold to more than 100 countries the encryption machines their
officials rely upon to exchange their most sensitive economic,
diplomatic and military messages. Crypto AG was founded in 1952 by the
legendary (Russian born) Swedish cryptographer Boris Hagelin. During
World War II, Hagelin sold 140,000 of his machine to the US Army.

"In the meantime, the Crypto AG has built up long standing cooperative
relations with customers in 130 countries," states a prospectus of the
company. The home page of the company Web site says, "Crypto AG is the
preferred top-security partner for civilian and military authorities
worldwide. Security is our business and will always remain our

And for all those years, US eavesdroppers could read these messages
without the least difficulty. A decade after the end of WWII, the NSA,
also known as No Such Agency, had rigged the Crypto AG machines in
various ways according to the targeted countries. It is probably no
exaggeration to state that this 20th century version of the "Trojan
horse" is quite likely the greatest sting in modern history.

In effect, US intelligence had spies in the government and military
command of all these countries working around the clock without ever
risking the possibility of being unmasked.

An Old and Venerable Company

In the aftermath of the Islamic revolution, Iran, quite
understandably, would no longer trust encryption equipment provided by
companies of NATO countries.

The Swiss reputation for secrecy and neutrality lured Iranians to
Crypto AG, an old and venerable company. They never imagined for a
moment that, attached to the encrypted message, their Crypto machines
were transmitting the key allowing the de scri ption of messages they
were sending. The scheme was perfect, undetectable to all but those
who knew where to look.

Crypto AG, of course, denied the allegations as "pure invention." In
1994, the company issued a message in the Swiss press, stating that
"manipulation of Crypto AG equipment is absolutely excluded."

On the Wikipedia page of Crypto AG, one can read: "Crypto AG rejected
these accusations as pure invention, asserting in a press release that
in March 1994, the Swiss Federal Prosecutor's Office initiated a
wide-ranging preliminary investigation against Crypto AG, which was
completed in 1997. The accusations regarding influence by third
parties or manipulations, which had been repeatedly raised in the
media, proved to be without foundation."

However, meetings between a NSA cryptographer and Crypto AG personnel
to discuss the design of new machines have been factually established.
The story was also confirmed by former employees and is supported by
company documents. Boris Hagelin is said to have acted out of
idealism. What is certain is that the deal for Crypto AG was quite
juicy. In return for rigging their machines, Crypto AG is understood
to have been granted export licenses to all entities controlled by the

Early Hints

A book published in 1977 by Ronald Clark (The Man Who Broke Purple:
The Life of Colonel William F. Friedman) revealed that William F.
Friedman, another Russian-born genius in the field of cryptography (he
deciphered the Japanese code in World War II) and onetime special
assistant to the NSA director, had visited Boris Hagelin in 1957.
Friedman and Hagelin met at least on two other occasions. Clark was
urged by the NSA not to reveal the existence of these meetings for
national security reasons. In 1982, James Bamford confirmed the story
in his book on the NSA: The Puzzle Palace. The operation was codenamed
the "Boris project." In effect, Friedman and Hagelin had reached an
agreement that was going to pave the way to cooperation of Crypto AG
with the NSA.

Despite these very obvious hints, countries such as Iran, Iraq and
Libya continued using the Crypto AG machines for encrypting their
messages. And so did the Vatican, among many other entities.

Persian Suspicions

In 1987, ABC News Beirut correspondent Charles Glass was taken hostage
for 62 days in Lebanon by Hezbollah, the Shi'ite Muslim group widely
believed to have been founded by Ali Akbar Mohtashemi, when he was
Iranian ambassador to Syria in the early 1980s.

Washington claimed that NSA had intercepted coded Iranian diplomatic
cables between Iran's embassies in Beirut and the Hezbollah group.
Iranians began to wonder how the US intelligence could have broken
their code.

After the USS Vincennes shot down an Iranian Airbus over the Persian
Gulf on July 3, 1988, "Iran vowed that the skies would rain with
American blood." A few months later, on Dec. 21, a terrorist bomb
brought down Pan Am Flight 103 over Lockerbie, Scotland.

Once more, NSA intercepted and decoded a communication of Iranian
Interior Minister Ali Akbar Mohtashemi linking Iran to the bombing of
Pan Am 103.

One intelligence summary, prepared by the US Air Force Intelligence
Agency, was requested by lawyers for the bankrupt Pan American
Airlines through the Freedom of Information Act.

"Mohtashemi is closely connected with the Al Abas and Abu Nidal
terrorist groups. He is actually a long-time friend of Abu Nidal. He
has recently paid 10 million dollars in cash and gold to these two
organizations to carry out terrorist activities and was the one who
paid the same amount to bomb Pan Am Flight 103 in retaliation for the
US shoot-down of the Iranian Airbus."

Moreover, Israeli intelligence intercepted a coded transmission
between Mohtashemi in Teheran and the Iranian Embassy in Beirut
concerning the transfer of a large sum of money to the Popular Front
for the Liberation of Palestine-General Command, headed by Ahmed
Jibril, as payment for the downing of Pan Am 103.

The Iranians were now at a loss to explain how Western and Israeli
intelligence agencies could so easily defeat the security of their
diplomatic traffic. The ease with which the West was reading Iranian
coded transactions strongly suggested that some may have possessed the
decryption keys.

The Bakhtiar Murder

In April 1979, Shahpour Bakhtiar was forced to leave Iran as the last
prime minister of the Shah. He returned to France where he lived in
the west Paris suburb of Suresnes. In July 1980, he nearly escaped an
assassination attempt. On Aug. 6, 1991, Bakhtiar and his personal
secretary Katibeh Fallouch were murdered by three assassins.

Two of them fled to Iran, but the third, Ali Vakili Rad, was
apprehended in Switzerland. One of the six alleged accomplices, Zeyal
Sarhadi was an employee of the Iranian Embassy in Berne and a
great-nephew of former president of Iran Hasemi Rafsanjani. Both men
were extradited to France for trial.

On the day of his assassination and one day before his body was found
with his throat slit, the Teheran headquarters of the Iranian
Intelligence Service, the VEVAK, transmitted a coded message to
Iranian diplomatic missions in London, Paris, Bonn and Geneva. "Is
Bakhtiar dead?" the message asked.

Switzerland's Neue Zurcher Zeitung reported that the U.S. had provided
the contents of encrypted Iranian messages to France to assist
Investigating Magistrate Jean Louis Bruguiere in the conviction of Ali
Vakili Rad and one of his alleged accomplices Massoud Hendi. This
information was confirmed by L' Express.

The NSA interception and decoding of the message led to the
identification of the murderers before the murder was discovered. From
the Swiss and French press reports, Iranians now knew that British and
American SIGINT operators had intercepted and decoded the crucially
embarrassing message. Something was definitely wrong with their
encryption machines.

The Buehler Arrest

Hans Buehler was a top Crypto AG salesman who had worked at the Zug
company for 13 years. In March 1992, Buehler, a strongly built
cheerful man in his 50s, was on his 25th trip to Iran on behalf of
Crypto AG.

Then, on March 18, he was arrested. Iranian intelligence agents
accused him of spying for the United States as well as Germany.
Buehler was held in solitary confinement in the Evin prison located in
the north of Tehran. He was interrogated everyday for five hours for
more than nine months.

"I was never beaten, but I was strapped to wooden benches and told I
would be beaten. I was told Crypto was a spy center that worked with
foreign intelligence services."

Buehler never confessed any wrongdoing on his part or on the part of
Crypto AG. It appeared that he had acted in good faith and the
Iranians came to believe him. "I didn't know that the equipment was
bugged, otherwise the Iranians would have gotten it out of me by their
many methods."

Back to Switzerland

In January 1993, after nine months of detention, Crypto AG [or was it
Siemens?] paid US$1 million to secure Buehler's freedom. During the
first weeks after his return to Switzerland, Buehler's life was once
again beautiful. The euphoria did not last long. Once more, his life
came to an abrupt change. Crypto fired him and demanded repayment of
the $1 million provided to Tehran for his liberation.

Back to Zug, Buehler began to ask some embarrassing questions about
the Iranian allegations. And the answers tended to back up Iranian
suspicions. Soon, reports began to appear on Swiss television and
radio. Major Swiss newspapers and German magazines such as Der Spiegel
picked up the story. Most, if not all, came to the conclusion that
Crypto AG's equipment had been rigged by one or several Western
intelligence services.

Buehler was bitterly disappointed. He felt nothing short of having
been betrayed by his former employer. During all these years, Buehler
never thought for a second that he had been unknowingly working for
spies. Now, he was sure that he had done so.

Buehler contacted several former Crypto AG employees. All admitted to
him, and eventually to various media, that they believed that the
company had long cooperated with US and German intelligence agencies.

The Truth Emerges

One of these former engineers told Buehler that he had learned about
the cooperation from Boris Hagelin Jr., the son of the company's
founder and sales manager for North and South America. In the 1970s,
while stranded in Buenos Aires, Boris Hagelin Jr. confided that he
thought his father had been wrong to accept rigging the Crypto AG

Stunned by the revelation, the engineer decided to take this matter
directly to the head of Crypto AG. Boris Hagelin confirmed that the
encryption methods were unsafe.

"Different countries need different levels of security. The United
States and other leading Western countries required completely secure
communications. Such security would not be appropriate for the Third
World countries that were Crypto's customers," Boris Hagelin explained
to the baffled engineer. "We have to do it."

The NSA-Crypto AG Collaboration

A Crypto AG official document describes an August 1975 meeting set up
to demonstrate the capacity of a new prototype. The memorandum lists
among the participants Nora L. Mackebee, who, like her husband, was an
NSA employee. Asked about the meeting, she merely replied: "I cannot
say anything about it."

During the '70s, Motorola helped Crypto AG in making the transition
from mechanical to electronic machines. Bob Newman was among the
Motorola engineers working with Crypto AG. Newman remembers very well
Mackebee but says that he ignored that she was working for the NSA.

Juerg Spoerndli left Crypto AG in 1994. He helped design the machines
in the late '70s. "I was ordered to change algorithms under mysterious
circumstances" to weaker machines," says Spoerndli who concluded that
NSA was ordering the design change through German intermediaries.

"I was idealistic. But I adapted quickly b& the new aim was to help Big
Brother USA look over these countries' shoulders. We'd say 'It's
better to let the USA see what these dictators are doing,'" Spoerndli

"It's still an imperialistic approach to the world. I do not think
it's the way business should be done," Spoerndli adds.

Ruedi Hug, another former Crypto AG technician, also believes that the
machines were rigged.

"I feel betrayed. They always told me that we were the best. Our
equipment is not breakable, blah, blah, blah. Switzerland is a neutral

Crypto AG vs. Buehler

Crypto AG called these allegations "old hearsay and pure invention."
When Buehler began to suggest openly that there may be some truth to
them, Crypto AG not only dismissed him on the spot, but also filed a
legal case against him.

Yet Crypto AG settled the case out of court, in November 1996, before
other former Crypto AG employees could provide evidence in court that
was likely to have brought embarrassing details to light.

No one has heard from Buehler since the settlement. "He made his
fortune financially," whispers an insider.

A Fuzzy Ownership

The ownership of Crypto AG has been to a company in Liechtenstein, and
from there back to a trust company in Munich. Crypto AG has been
described as the secret daughter of Siemens but many believe that the
real owner is the German government.

Several members of Crypto AG's management had worked at Siemens. At
one point in time, 99.99 percent of the Crypto AG shares belonged to
Eugen Freiberger, the head of the Crypto AG managing board in 1982.
Josef Bauer was elected to the managing board in 1970. Bauer, as well
as other members of Crypto AG management, stated that his mandate had
come from the German company Siemens.

The German secret service, the Bundesnachrichtendienst (BND), is
believed to have established the Siemens' connection. In October 1970,
a secret meeting of the BND had discussed how the Swiss company
Graettner could merge with it. "The Swedish company Ericsson could be
influenced through Siemens to terminate its own cryptographic
business," reads the memo of the meeting.

A former employee of Crypto AG reported that he had to coordinate his
developments with the "central office for encryption affairs" of the
BND, also known as the "people from Bad Godesberg."

American "watchers" demanded the use of certain encryption codes and
the "central office for encryption affairs" instructed Crypto AG what
algorithms to use to create these codes.

Bakhtiar Murder Trial

"In the industry everybody knows how such affairs will be dealt with,"
says a former Crypto engineer. "Of course such devices protect against
interception by unauthorized third parties, as stated in the
prospectus. But the interesting question is: Who is the authorized

On Dec. 6, 1994, a special French terrorism court convicted two
Iranians of murdering Bakhtiar. Vakili Rad was sentenced to life in
prison. But, to the dismay of all observers, Sarhadi was acquitted.

"Justice has not been entirely served for reasons of state,"
complained Bakhtiar's widow.

It appears indeed that France, Switzerland, the German BND and the NSA
decided to let Sarhadi go free in order to preserve the "secrecy" of
the Crypto AG cooperation with the NSA.

In 1991, the US and the U.K. indicted two Libyans for the bombing of
Pan Am 103. To the surprise of many observers, the indictment did not
mention those believed to have contracted the act of terror in spite
of the fact that their guilt had been established by the interception
of official communications by several intelligence agencies.

To many observers, justice was not served at the Lockerbie trial.
Could it be that the US and U.K. governments decided to sacrifice the
truth in order to preserve the (in)efficiency of their intelligence

Ludwig De Braeckeleer has a Ph.D. in nuclear sciences. He teaches
physics and international humanitarian law. He blogs on "The


Eugen* Leitl <a href="";>leitl</a>
ICBM: 48.07100, 11.36820
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to