Danny reports “the
always excellent c’t magazine analyses the hypotheticals of the Dutch
IP-surveillance scandal:
According to anonymous sources within the Dutch intelligence
community, all tapping equipment of the Dutch intelligence services
and half the tapping equipment of the national police force, is
insecure and is leaking information to Israel. …”
Yikes. You’d think they’d have learnt from Ireland’s mistakes…. this article
(update: moved to here) reports that massive back-door use by a
third-party government occurred before in similar circumstances, during
the Anglo-Irish negotiations of 1985.
For those of you who don’t know, these discussions were between the
Republic of Ireland and the UK, and took place in London.
In order to allow the negotiating team to contact their government and
civil service securely, a million-pound cryptographic system had been
bought in order to secure the link between the Irish Embassy in London and
the government in Dublin.
Unfortunately, this equipment was thoroughly compromised.
It turns out that the Swiss company from which the equipment was bought,
namely Crypto AG, had cooperated with the NSA and the BND (the NSA’s
German equivalent), to allow them to decipher the traffic trivially.
(Judging from the snippet from another article below, sounds like this was
done using a known-plaintext attack).
The NSA routinely monitored and deciphered the Irish diplomatic messages.
All it took then was for the UK’s NSA equivalent, GCHQ, to pull some
strings, and the UK government had a distinct advantage in the
negotiations from then on.
Another source for details on Crypto AG’s breakage is Der Spiegel,
issue 36/96, pages 206-207. Here’s some snippets:
The secret man (sic) have obviously a great interest to direct the
trading of encryption devices into ordered tracks. … A former
employee of Crypto AG reported that he had to coordinate his
developments with “people from Bad Godesberg”. This was the
residence of the “central office for encryption affairs” of the BND,
and the service instructed Crypto AG what algorithms to use to create
the codes.
Members of the American secret service National Security Agency (NSA)
also visited the Crypto AG often. The memorandum of the secret workshop
of the Crypto AG in August 1975 on the occasion of the demonstration of
a new prototype of an encryption device mentions as a participant the
cryptographer of the NSA, Nora Mackebee. …
Depending on the projected usage area the manipulation on the
cryptographic devices were more or less subtle, said Polzer. Some
buyers only got simplified code technology according to the motto “for
these customers that is sufficient, they don’t not need such a good
stuff.”
In more delicate cases the specialists reached deeper into the
cryptographic trick box: The machines prepared in this way enriched
the encrypted text with “auxiliary informations” that allowed all who
knew this addition to reconstruct the original key. The result was the
same: What looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more
than a finger exercise for the informed listener.
Full text here.
So what’s the bottom line? Use GPG! ;)
From: Julian Assange (spam-protected)
To: (spam-protected) (spam-protected)
Date: Mon, 14 Oct 1996 13:24:31 +1000 (EST)
Approved: (spam-protected)
Subject: BoS: Crypto AG = Crypto NSA/BNG ?
Thanks to Anonymous for this English translation of the German
original.
secret services undermine cryptographic devices
Archive of “DER SPIEGEL” issue 36/96 pages 206-207
“Who is the authorized fourth”
Secret services undermine the protection of cryptographic devices.
Switzerland is a discreet place. Uncounted millions of illegal money
find an asylum in the discreet banks of the republic. Here another
business can prosper, which does not need any publicity: the
production of cryptographic devices.
A top address for tools of secrecy was for several decades the company
Crypto AG in Zug. It was founded in 1952 by the legendary Swedish
cryptographer Boris Hagelin. Hundreds of thousands of his
“Hagelin-machines”, pendants of the German “Enigma” devices, were used
in World War II on the side of the Allies.
A prospectus of the company states: “In the meantime, the Crypto AG
has built up long standing cooperative relations with customers in 130
countries.” Crypto AG delivers enciphering devices applicable to voice
as well as data networks.
But behind this solid facade the most impudent secret service feint of
the century has been staged: German and American services are under
suspicion of manipulation of the cryptographic devices of Crypto AG in
a way that makes the codes crackable within a very short time, and
this allegedly happened until the end of the eighties.
Customers of Crypto AG are many honorable institutions, like the
Vatican, as well as countries like Iraq, Iran, Libya, that are at the
top of the priority list of U.S. services. At the beginning of the
nineties the discreet company was suspected to play an unfair game.
What was the source of the “direct precise and undeniable proofs” U.S.
president Reagan referred to when he ordered the bombardment of Libya,
the country he called the wire puller of the attack against the disco
La Belle? Obviously the U.S services were able to read encrypted radio
transmissions between Tripoli and its embassy in East Berlin.
Hans Buehler, a sales engineer of Crypto AG, got between the fronts of
the secret service war. On March 18, 1992, the unsuspecting tradesman
was arrested in Teheran. During the nine and a half months of solitary
confinement in a military prison he had to answer over and over again,
to whom he leaked the codes of Teheran and the keys of Libya.
In the end Crypto AG paid generously the requested bail of about one
million German marks (DM), but dismissed the released Buehler a few
weeks later. The reason: Buehlers publicity, “especially during and
after his return” was harmful for the company. But Buehler started to
ask inconvenient questions and got surprising answers.
Already the ownership of the Crypto AG was diffuse. A “foundation”,
established by Hagelin, provides according to the company “the best
preconditions for the independence of the company”.
But a big part of the shares are owned by German owners in changing
constellations. Eugen Freiberger, who is the head of the managing
board in 1982 and resides in Munich, owns all but 6 of the 6,000
shares of Crypto AG. Josef Bauer, who was elected into managing board
in 1970, now states that he, as an authorized tax agent of the
Muenchner Treuhandgesellschaft KPMG [Munich trust company], worked due
to a “mandate of the Siemens AG”. When the Crypto AG could no longer
escape the news headlines, an insider said, the German shareholders
parted with the high-explosive share.
Some of the changing managers of Crypto AG did work for Siemens
before. Rumors, saying that the German secret service BND was hiding
behind this engagement, were strongly denied by Crypto AG.
But on the other hand it appeared like the German service had an
suspiciously great interest in the prosperity of the Swiss company. In
October 1970 a secret meeting of the BND discussed, “how the Swiss
company Graettner could be guided nearer to the Crypto AG or could
even be incorporated with the Crypto AG.” Additionally the service
considered, how “the Swedish company Ericsson could be influenced
through Siemens to terminate its own cryptographic business.”
The secret man have obviously a great interest to direct the trading
of encryption devices into ordered tracks. Ernst Polzer*, a former
employee of Crypto AG, reported that he had to coordinate his
developments with “people from Bad Godesberg”. This was the residence
of the “central office for encryption affairs” of the BND, and the
service instructed Crypto AG what algorithms to use to create the
codes. (* name changed by the editor)
Members of the American secret service National Security Agency (NSA)
also visited the Crypto AG often. The memorandum of the secret
workshop of the Crypto AG in August 1975 on the occasion of the
demonstration of a new prototype of an encryption device mentions as a
participant the cryptographer of the NSA, Nora Mackebee.
Bob Newman, an engineer of the chip producer Motorola, which
cooperated with Crypto AG in the seventies to develop a new generation
of electronic encryption machines, knows Mackebee. She was introduced
to him as a “counselor”.
“The people knew Zug very good and gave travel tips to the Motorola
people for the visit at Crypto AG”, Newman reported. Polzer also
remembers the American “watcher”, who strongly demanded the use of
certain encryption methods.
Depending on the projected usage area the manipulation on the
cryptographic devices were more or less subtle, said Polzer. Some
buyers only got simplified code technology according to the motto “for
these customers that is sufficient, they don’t not need such a good
stuff.”
In more delicate cases the specialists reached deeper into the
cryptographic trick box: The machines prepared in this way enriched
the encrypted text with “auxiliary informations” that allowed all who
knew this addition to reconstruct the original key. The result was the
same: What looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more
than a finger exercise for the informed listener.
The Crypto AG called such reports “old hearsay” and “pure invention”.
But the process, that was started by the company against the
former employee Buehler, on the grounds that he had said that there
might be some truth in the suspicions of the Iranian investigators,
surprisingly ended in November of last year.
After the trial, that could have brought embarrassing details to the
light, the company agreed to an settlement outside the court. Since
that time Buehler is very silent with regard to this case. “He made
his fortune financially,” presumed an insider of the scene.
“In the industry everybody knows how such affairs will be dealed
with,” said Polzer, a former colleague of Buehler. “Of course such
devices protect against interception by unauthorized third parties, as
stated in the prospectus. But the interesting question is: Who is the
authorized fourth?”
—
“Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron’s cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience.” – C.S. Lewis, _God in the Dock_
+———————+——————–+———————————-+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
(spam-protected) | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
(spam-protected) | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+———————+——————–+———————————-+