
Crypto AG - andrewnc
https://en.wikipedia.org/wiki/Crypto_AG
======
et2o
Related discussion here in WaPo article that broke some of this story:
[https://news.ycombinator.com/item?id=22297963](https://news.ycombinator.com/item?id=22297963)

~~~
netsharc
This is the 2nd day that an HN post is just a link to a Wikipedia page
(yesterday it was the page about the COVID-19 whistle-blower doctor).

It feels obnoxious, expecting the reader to know the context behind the title.

~~~
etblg
Especially since this was just posted because of a news story that was
released yesterday about the exact same thing. The other thread (with an
actual current news story) already has 300 comments.

------
pzumk
You’re probably wondering why this is relevant right now.

> In 2020, an investigation carried out by the Washington Post, Zweites
> Deutsches Fernsehen (ZDF), and Schweizer Radio und Fernsehen (SRF) revealed
> that Crypto AG was, in fact, entirely controlled by the CIA and the BND. The
> project, initially known by codename "Thesaurus" and later as "Rubicon"
> operated from the end of the Second World War until 2018.

~~~
rapsey
And the reason this article came out now is CIA and BND sold their stakes in
the company so they are no longer relevant

~~~
ce4
And crypto.com who bought parts of it now gets the bad press.

~~~
rapsey
I guess they refused to play ball.

------
Ansil849
The fact that Crypto AG was an intelligence front has been publicly known
since at least the 1990s [1]. Why did the Washington Post rehash this story
recently and pass it off as news? I'm glad that they did, because it spreads
awareness - I'm just confused as to why.

[1] [https://www.baltimoresun.com/news/bs-
xpm-1995-12-10-19953440...](https://www.baltimoresun.com/news/bs-
xpm-1995-12-10-1995344001-story.html)

~~~
mxcrossb
Because of the new released documents. It says exactly this in their story.
And why is it every time some article comes out about US spying, there is
always someone complaining that they knew this all along? Good for you?

~~~
Ansil849
It's not that "I knew it all along", it's that this was a well-covered story
that was already news in the '90s, based on documents as well, e.g. from the
Baltimore Sun:

> For years, NSA secretly rigged Crypto AG machines so that U.S. eavesdroppers
> could easily break their codes, according to former company employees whose
> story is supported by company documents.

See also the 1992 news stories about the arrest of Hans Buehler [1], further
elaborated in a 1998 article in Covert Action Quarterly [2]:

> The cover shielding the NSA-Crypto AG relationship was torn in March 1992,
> when the Iranian military counterintelligence service arrested Hans Buehler,
> Crypto AG's marketing representative in Teheran.

[1] [https://www.upi.com/Archives/1992/03/30/Iran-arrests-
Swiss-m...](https://www.upi.com/Archives/1992/03/30/Iran-arrests-Swiss-man-
for-espionage/7727701931600/)

[2]
[http://mediafilter.org/caq/cryptogate/](http://mediafilter.org/caq/cryptogate/)

~~~
Tenoke
Yet some nations, companies and the later owner weren't convinced that's the
case until much later. As the Post's story mentions.

------
pluc
What's scary is if they willingly admitted to this, they've secured other
means of decryption. American-owned technology can't be trusted any more than
Chinese-owned technology.

~~~
hn3333
Personally, I do however have more faith in the secret agencies of western
democracies than China. So all things being equal, right now I'd prefer
Americans and Germans spied on me.

~~~
DennisP
I'd rather be an American spied on by American secret agencies, than a citizen
of China spied on by China.

However, as a citizen and resident of America I'd rather be spied on by China,
because it's a lot easier for my own government to make trouble for me.

~~~
eska
The American government is not going to steal your company's secrets and give
them to other companies, the Chinese government in fact does.

~~~
siv-
The US has also engages in economic espionage.

------
bobowzki
> Buehler was interrogated for nine months but, being completely unaware of
> any flaw in the machines, was released in January 1993 after Crypto AG
> posted bail of $1m to Iran.[10] Soon after Buehler's release Crypto AG
> dismissed him and charged him the $1m.

Well that was an asshole move.

------
marsRoverDev
So can we assume that companies touched by In-Q-Tel are compromised to the
same level as Crypto AG was? I'd like to collate a list.

~~~
acklenx
Well that's easy, they've done it for you:
[https://www.iqt.org/portfolio/](https://www.iqt.org/portfolio/)

~~~
archi42
Interesting list. Besides Palantir, I know these: GitLab, Databricks, MemSQL
and mongoDB. I don't think "they" are using these to exfiltrate data "Crypto
AG" style - I'd be surprised if "big data"/data science wasn't part of their
operations, hence it makes sense to invest into some of their core tools. This
ensures sustained development and maybe catering to CIA-specific edge cases.

Judging by the company names: Investments into RF companies also are more
likely on the "tools we use" instead of the "rigged" side of things. The
amount of Biotech makes me assume the decision-makers think this is an
emerging market which will make a good investment.

So answering to GP: No, not compromised. I wouldn't be surprised if there were
one or maybe even two hiding in plain sight, but I think for each individual
company on that list, it is very, very, very unlikely that this specific
company is compromised. If you don't trust them, make your sensitive GitLab
and MongoDB instances accessible via Intranet/VPN only - but I suppose that's
good practice anyway?

------
kzrdude
It says Crypto AG relocated to Switzerland to escape being nationalised by the
Swedish government. How fun then, that it ended up being wholly state owned
anyway.

------
NohatCoder
The really good question is: What are they compromising now?

We can't know for sure, but I'd wager that most quantum cryptography companies
have been well greased by spy agencies who expect to be paid back in
backdoors.

------
vearwhershuh
No worries, though, I'm sure intelligence agencies weren't smart enough to get
out ahead of things like search, social networks, password storage services
and VPNs.

~~~
inscionent
Like Facebook taking money from CIA In-Q-Tel?

------
kbenson
_The company’s importance to the global security market had fallen by then,
squeezed by the spread of online encryption technology. Once the province of
governments and major corporations, strong encryption is now as ubiquitous as
apps on cellphones._

Ah. That puts the export on cryptography limitations in perspective. Don't
allow new tech to compete with the source of a lot of valuable intel.

------
DrScientist
A timely reminder that democracies should avoid using voting machines....

