SUMMARY
The following 8 articles refer to "Crypto" encoding-decoding machines made by Swiss company Crypto AG and distributed to 120 customers/countries. All the machines were allegedly compromised for the benefit of some large Western signals intelligence agencies. In 2018, Crypto AG was liquidated but much of its equipment, business associations and corporate culture appear to have been carried over in its descendent companies.
The current descendents of Crypto AG appear to be based in Switzerland and Sweden. If you are a foreign customer for their very expensive encoding-decoding machines you would expect assurance that your private, sensitive messages are not being read by other entities, ie. compromised. For example not being read by those entities who appear to have read the messages of 120 country/customers of Crypto AG since 1970.
The descendent companies may have a credibilty problem owing to Crypto AG's 49-50 year tradition of compromised machines. To restore credibility simple consumer protection arrangements may be inadequate. Actual contracts between customers and the cybersecurity agencies of Switzerland and/or Sweden that are meant to protect the secure-ness of machines sold in Switzerland and Sweden might be more effective than shallow contracts that regular consumers accept when they are buying standard laptops.
The home/parent signals/cybersecurity agencies of Switzerland and Sweden should protect the machines from having easily penetrated "backdoors or keys" such as hardware or software that expedites breaches by large third party foreign international agencies. Actual contracts between customers and the cybersecurity agencies of Switzerland and/or Sweden should best carry more legal, political and sueable clout than vague "laptop" contracts.
Given the many US$Billions involved in selling machines and the cost of sensitive data/conversations compromised, breaches of contract should be regulated by senior court decisions, eg: international criminal courts. Or in the spirit that American exceptionalism has permitted the US to try foreign leaders and large non-US corporations perhaps China should establish an international criminal court for compromised communications? This is on the basis the ITU has been unwilling or unable to fine members for long-term breaches of customer-consumer rights. Perhaps 1. below could be called Next of kin of Argentine soldiers and sailors killed who relied on "secure" Crypto AG Machines vs Crypto AG.
MAIN TEXT
1. Latin America's El Snorkel submarine website reports March 27, 2021:
“The communications of the Argentine Navy were intercepted and decoded by the British during the [1982] Falklands/Malvinas War: The British managed to break Argentina's encryption keys with the help of the United States National Security Agency (NSA)”
During the 1982 Falklands/Malvinas War, Argentine Navy communications were regularly intercepted and decoded by British intelligence at the GCHQ - Government Communications Headquarters, as the Crypto AG [see details below] machines used by the Argentine army were not secure.
The GCHQ learned of the movement of Argentine submarines in the theater of operations, including the names of the areas in which the ARA San Luis submarine operated.
A [UK] nuclear submarine and frigates were sent to intercept the Argentine submarine based on this information obtained by intelligence.
The British managed to break Argentina's encryption keys with the help of the United States National Security Agency (NSA).
The communications may have been picked up by listening stations on Ascension Island, New Zealand, Chile and, according to rumours, by the US Embassy in Buenos Aires.
A communications interception satellite called the Vortex, launched in 1981 by the United States, was also used to support the British during the conflict.
In the image below, is a British report indicating the status of all Argentine submarines on
April 16, 1982, during the Falklands/Malvinas War.
------------------
Compromised Crypto AG Machines
2. Separately US website IntelNews March 3, 2020,reported :
Switzerland’s Federal Department of Finance has filed a criminal complaint “against persons unknown” over media reports that a leading Swiss-based cryptological equipment manufacturer was secretly owned by the United States Central Intelligence Agency (CIA).
The complaint relates to Crypto AG, the world’s leading manufacturer of cryptologic equipment during the Cold War, whose clients included over 120 governments around the world. Last month, the Washington Post and the German public broadcaster ZDF appeared to confirm reports that had been circulating since the early 1980s, that Crypto AG was a front for American intelligence. According to the revelations, the CIA and West Germany’s Federal Intelligence Service (BND) secretly purchased the Swiss company in the 1950s and paid off most of its senior executives in order to buy their silence.
The secret deal, dubbed Operation RUBICON, allegedly allowed the US and West Germany to spy on the classified government communications of several of their adversaries - and even allies, including Austria, Italy, Spain, Greece, Jordan, Saudi Arabia and the United Arab Emirates.
The revelation about the secret deal has shocked Swiss public opinion and embarrassed the government of a nation that bases its national identity and international reputation on the concept of neutrality. For this reason, the Swiss Federal Department of Finance has filed a criminal complaint about the case. The complaint was announced by the Office of the Swiss Attorney General on Monday, following reports in the Swiss media. It said that it received a criminal complaint by the State Secretariat for Economic Affairs (SECO), which is the part of the Finance Department that authorizes exports of sensitive software or hardware. SECO officials argue that they were deceived into authorizing the export of Crypto AG’s products without realizing they had been compromised by the company’s secret agreement with the CIA and the BND. Accordingly, the secret agreement violates Swiss federal law governing the regulation of exports, SECO officials claim.
The Office of the Attorney General said it would review the criminal complaint and decide whether it warrants criminal proceedings. Meanwhile, a probe into the alleged Crypto AG-CIA-BND conspiracy, which was launched by the Swiss government last month, is already underway, and is expected to conclude in June. The Swiss Federal Assembly (the country’s parliament) is also expected to launch its own investigation into the alleged affair.”
-------------------------------------------------------------------------------
EXAMPLE OF LATE MODEL CRYPTO AQ MACHINE – SECURITY NOW IN DOUBT?
3. A January 16, 2020 article reports :
“...Currently, Crypto AG offers the HC-9300 Crypto Desktop, which is a futuristic looking touchscreen device that performs the encryption of telephone, fax, VoIP and e-mail communications. This device is available at least since 2015 and is approved by the Technical Secretariat of the OPCW to be used for inspections for example.
Maybe the Swiss diplomatic network already uses the HC-9300 to secure its fax messages, but in general, government agencies tend to be rather conservative and stick to older versions, also because new crypto equipment has to undergo rigorous testing before it may be used to protect classified information.”
----------------------------------------------------------------------------
“The HC-9300 is based on a seamlessly integrated security architecture that has already proved its effectiveness in thousands of cases. Maximum security is therefore ensured for all its applications and security management procedures. The actual encryption is performed in a separate hardware module. The encryption process is based exclusively on symmetric and secret algorithms profiled by your security manager. Multiple keys can be defined in the system, allowing hierarchically arranged user groups to be set up. Access to the platform is protected with passwords and identity-based user accounts to deliver maximum security. All users are granted individual rights in keeping with their responsibilities and security clearance.”
----------------------------------------
5. Feeling of secure-ness may have been put into doubt by many February 2020 onwards media exposes including The Washington Post’s February 11, 2020’s article which, in part, states:
"Crypto’s products are still in use in more than a dozen countries around the world, and its orange-and-white sign still looms atop the company’s longtime headquarters building near Zug, Switzerland. But the company was dismembered in 2018, liquidated by shareholders whose identities have been permanently shielded by the byzantine laws of Liechtenstein, a tiny European nation with a Cayman Islands-like reputation for financial secrecy.
Two companies purchased most of Crypto’s assets. The first, CyOne Security, was created as part of a management buyout and now sells security systems exclusively to the Swiss government. The other, Crypto International, took over the former company’s brand and international business.
Each insisted that it has no ongoing connection to any intelligence service, but only one claimed to be unaware of CIA ownership. Their statements were in response to questions from The Post, ZDF and Swiss broadcaster SRF, which also had access to the documents.
"CyOne has more substantial links to the now-dissolved Crypto, including that the new company’s chief executive held the same position at Crypto for nearly two decades of CIA ownership.
A CyOne spokesman declined to address any aspect of Crypto AG’s history but said the new firm has “no ties to any foreign intelligence services.”
Andreas Linde, the chairman of the company that now holds the rights to Crypto’s international products and business, said he had no knowledge of the company’s relationship to the CIA and BND before being confronted with the facts in this article.
“We at Crypto International have never had any relationship with the CIA or BND — and please quote me,” he said in an interview."
[In a less than convincing tone of hurt honor, for a hard-nosed businessman, he continues.]
“If what you are saying is true, then absolutely I feel betrayed, and my family feels betrayed, and I feel there will be a lot of employees who will feel betrayed as well as customers.”"
6. Did a subsequent corporate rebirth, later in 2020, remove all personnel involved pre-2020 with intelligence agencies? That would be unreasonable in the security industry, no?!
Is there a continued relationship with Swiss or Swedish home/parent signals intelligence agencies or with pre-2020 identified foreign ones? Leopard changing more than spots?
------------------------------------------
ACCOUNTABILITY OF PAST & CURRENT CRYPTO AG PROVIDERS
The current descendents of Crypto AG appear to be based in Switzerland and Sweden. If you are a foreign customer for their very expensive encoding-decoding machines you would expect assurance that your private, sensitive messages are not being read by other entities, ie. compromised. For example not being read by those entities who appear to have read the messages of 120 country/customers of Crypto AG for decades (see 2.).
Consumer level equipment assurance, box-ticking, disclaimer, by Crypto AG descendents that the equipment they are selling you is not compromised has been demonstrable inadequate since 1970. A contract between customers and the cybersecurity agencies of Switzerland and/or Sweden might be more to the point.
The accountability of home/parent signals/cybersecurity agencies of Switzerland and Sweden is because equipment sold in or from their borders should not have easy "backdoors". That is such hardware, software (or wetware employees "in-the-pay-of") that can be breached by large third party foreign international agencies.
In contrast it is understandable that home/parent signals/cybersecurity agencies have rights to read messages from or to their borders on national security matters like counter-terrorism, counter-intelligence, money laundering (especially kept track of by Switzerland...)(for organised crime, etc) and many other law enforcement uses.
7. Contractural assurance from Switzerland's National Cyber Security Centre (NCSC) that encoder-decoder equipment sold by Swiss equipment makers is not compromised, may carry more legal, political and sueable clout. For example Switzerland could be sued by international criminal courts. Alternatively as US courts have a history of taking up international disputes could not China (a rapidly growing communications equipment provider) also build a legal structures to handle international equipment disputes? This is presuming the ITU is too toothless, slow and gentlemanly to sue members $USmillions to Billions for gross, long-term, breaches of customer-consumer rights.
8. Equally contractural assurance from Sweden's "NSA" the National Defence Radio Establishment (FRA) that encoder-decoder equipment sold by Swedish equipment makers is not compromised may carry more legal, political and sueable clout.