Crypto AG, the CIA - and the uncomfortable truth about Huawei

ROBIN PAGNAMENTA 12 FEBRUARY 2020 • 2:37PM

Crypto AG sold code-making equipment to Iran, India, Pakistan and dozens of other countries CREDIT: ARND WIEGMANN /REUTERS

Reports suggest the CIA and the German BND spy service used a Swiss firm’s encryption
technology to crack other nations’ top-secret messages

It’s a plot-line straight out of a John le Carré novel or a James Bond film.

A shadowy Swiss encryption company secretly controlled by the CIA was eavesdropping for decades on the
world’s secrets and leaking them to US and German intelligence officials. 

This isn’t fiction but a story straight out of real life.

Under a top secret scheme known as Operation Rubicon, which dates back to at least 1992 and probably much
longer, the Zug-based company, Crypto AG, sold code-making gear to Iran, India, Pakistan and dozens of
other nations across Latin America and beyond.

Diplomats thought they were paying Crypto AG good money for a valuable service: to communicate through a
secure channel using cutting edge Swiss technology. In fact, the machinery had allegedly been rigged for use as
a Trojan Horse. 

The CIA and Germany’s BND spy agency had access to the codes all along, allowing them to peer at highly
sensitive communications, according to reports in the Washington Post. 

Other countries including Britain, Israel, Sweden and Switzerland were reportedly in on the ruse. 

They were allowed to share in some of the secrets generated by Operation Rubicon, which has been described
as “the most profitable intelligence venture of the Cold War”.

It was profitable in two different ways – from the intelligence gleaned and because Crypto AG was earning
good money for shareholders from its hapless, paying customers. 
Fresh details about the operation, which had been rumoured about for decades, emerged this week from
reports which cited a classified CIA history of the spy project.

Crypto AG was only liquidated in 2018 in a deal which provided cover for the CIA to quietly extricate itself.

It’s an eye-opening story, of course – especially at a time when US criticism of China’s Huawei over similar
espionage allegations has reached fever pitch. 

But how surprising is it? Not terribly. After all, for intelligence agencies, the covert battle of wits between
codemakers and codebreakers is among the oldest tricks in the playbook.

What GCHQ now calls COMINT, or intelligence gathered from intercepted communications, has been a stock
in trade for centuries.

In Elizabethan England, the crown had its own cipher bureau, working to protect the Queen’s communications
from prying eyes while penetrating those of her top European and domestic enemies.

Later, Britain’s success in cracking the Enigma encryption codes used by Nazi Germany – with French and
Polish support – helped win World War II and was kept secret for 29 years.

Similar breakthroughs made after British codebreakers moved from Bletchley Park to a new headquarters in
Eastcote, Middlesex were subsequently used to break ciphers used by the Soviet Union during the Cold War.

Against this background, it’s hardly surprising that the encryption war for information dominance continues
to evolve. 

These days it is perhaps more alive than ever amid the extraordinary proliferation of electronic
communications and data fuelled by the rise of the Internet and the growing number of ways in which they
can be tapped and exploited.

In an era when Jeff Bezos’s phone can be hacked using the WhatsApp account of Saudi crown prince
Mohammed bin Salman, anything seems possible.

Jeff Bezos’s phone was hacked 

Huawei, which vigorously rejects any links to the Chinese state, is hardly alone in arousing suspicions about
possible links to foreign governments and fears of eavesdropping.

Similar rumours have swirled around Russia’s Kaspersky Lab – a maker of anti-virus software – for years.

Kaspersky has 400 million users worldwide including many via third-party licensing agreements who may not
even be aware they are using the company’s software. 

The company has consistently denied it has any links to the Russian military or intelligence agencies – but the
suspicions persist.

Last year former NSA systems engineer Ed Snowden told an interviewer that big US tech companies like
Facebook are just as untrustworthy as his former employer.

Even Vodafone and that stodgiest of British companies BT, a nationalised monopoly for most of its history, are
alleged to have held close ties to GCHQ, passing along data collected from their network of undersea cables.

Given all of this, the worries about Huawei using its dominance of the global telecom equipment market are
credible but also fit into a familiar pattern.

It would be naive not to presume that communications carried over Huawei-controlled networks are not
vulnerable to eavesdropping – but the same is true of many other organisations.

The bigger question is how much more we care about being spied on by the Chinese than the Americans or the
British?

Perhaps the best and safest position to take is a simple one: to presume that all communications are
potentially compromised at all times.