
Swiss government files criminal complaint over Crypto AG scandal involving CIA - DyslexicAtheist
https://intelnews.org/2020/03/03/01-2730/
======
LatteLazy
After WW2 we (brits) sold enigma machines to the countries gaining
independence from the empire and never mentioned we could read everything they
were used to communicate. This is why no one should outsource vital functions
to competitors...

This should be embarrassing for the Swiss intelligence services whose job it
was to detect and prevent these sorts of shenanigans...

Also, have I misunderstood? The criminal case should be against the company
executives surely, not "persons unknown". Or is that just to include whoever
bribed them?

~~~
markus_zhang
tracking the history of CIA black operations e.g. Operation Gladio in Europe
in the cold war, I'm almost sure that someone from the Swiss side knew this
from the beginning.

~~~
cognaitiv
Operation Gladio is the codename for clandestine "stay-behind" operations of
armed resistance that was planned by the Western Union (WU), and subsequently
by NATO, for a potential Warsaw Pact invasion and conquest in Europe. Although
Gladio specifically refers to the Italian branch of the NATO stay-behind
organizations, "Operation Gladio" is used as an informal name for all of them.
Stay-behind operations were prepared in many NATO member countries, and some
neutral countries.

[https://en.wikipedia.org/wiki/Operation_Gladio](https://en.wikipedia.org/wiki/Operation_Gladio)

------
stiray
Just a simple thought experiment... In light of those events, would you as,
for instance, CIA, create your Certificate Authority and offer free
certificates for servers, simplifying deployment to be as simple to use as
possible? ;)

(I am just looking into certificate pinning, but CA can generate another
certificate or wildcarded certificate that client trusts, which enables mitm,
I am doing it all the time on https proxy ([http://www.squid-
cache.org/Doc/config/ssl_bump/](http://www.squid-
cache.org/Doc/config/ssl_bump/)). This way you can decrypt traffic - redirect
traffic to your server and impersonate the right one while proxying data from
original server)

~~~
natpalmer1776
To expand on this, and illustrate the dangers of speculation, would you not
also establish a legitimate Certificate Authority when your lab geeks realized
how critical they would or could someday be, then use your industry reputation
to sell certificates like any other company in the industry?

~~~
stiray
Sure I could. Then I just need to convince ISPs (or Cisco :D) to channel
traffic trough my equipment. On the other side, as a government agency with
ties all over the world, decades of practice in eschelon, cryto ag, on-the-fly
replacing chips on cisco equipment, unlimited founding,..

~~~
mox1
Perhaps you don't even need to convince Cisco. Just find some vulnerabilities
in their OS, sit on them and pull them out when you need.

I wonder what percentage of internet connections hops through a cisco device
at some point...?

------
101404
This case should be quoted in every discussion about 5G mobile equipment here
in Europe.

~~~
fh973
Towards which conclusion? Backdoors are common practice and so we have to
assume their existance in foreign equipment? Or we did it first, so let's give
the others a chance to deliver backdoors to us?

~~~
101404
To maintain control over critical communication technology.

~~~
SAI_Peregrinus
The problem is that 5g wasn't designed to be secure against malicious carriers
& governments. It could have been, and modern cryptographic protocols used
over it can be.

The assumption that you can trust communications infrastructure is outdated.
It _must_ not matter if an adversary has back doored a router or cell tower or
similar to send copies of all traffic to them, since the data should be
entirely encrypted (except for some minimal routing information). The 3GPP
designed the 5G standards to allow back doors, so we get back doors.

~~~
101404
What if the same company also provides the cellphones and computers used to do
the encryption of the data being sent?

~~~
SAI_Peregrinus
Then you're programming Satan's computer[1] and need to start doing things
like using a better trusted OS & compiler. Or go to a different vendor. Since
end-user devices need to swap around a lot this tends to be a lot easier than
replacing the underlying infrastructure devices.

[1]
[https://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf](https://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf)

------
alltakendamned
I wonder what the outcome can be of filing a criminal complaint like this?
What do they hope to achieve? I can't imagine anyone or any nation will ever
be brought to justice over this ?

~~~
markus_zhang
I think it's more of a gesture. There was also a similar action by the
European Parliament against Operation Gladio back in 1990, which was also a
gesture.

~~~
archi42
Exactly. If this wasn't persecuted the message would be "yeah, screw people
over and ruin the swiss reputation, we don't really care". Now even if the
evidence isn't court-proof, or it's not possible to attach it to specific
people, it still shows that things like this won't be ignored.

If I was responsible for selling rigged encryption equipment, I'd be wary that
this might backfire on me - even in a decade or two.

------
farseer
Why now, just to save face? Its not like people still buy cryptography
equipment from the Swiss. They compromised various clients, including Iraq
during the first gulf war.

~~~
Shivetya
I expect it is to imply they had no cooperation with the CIA as far as they
know with their own Intelligence agency.

there is a good chance the Swiss intelligent apparatus knew what was going on
so if this complaint vanishes or settles quietly we will know what is up

------
madengr
This was publicly known over 25 years ago. There was a 60 Minutes piece in it
in the early 90’s. Why are they up in arms about it now?

~~~
andreasley
That's a great question.

When swiss newspapers reported on it in 1994, the cold war was still present
in the minds of my fellow citizens and the US was seen as an ally and friend,
so the general public probably just didn't consider it to be that important if
the CIA maybe bugged some conversations. Also, the swiss government "preferred
not to know anything" and obstructed investigations, despite some employees of
Crypto AG coming forward with information to the federal police.

The world (or rather our view of it) is quite different today. Hidden data
collection is a popular topic and it's harder to pretend that there are only
friends in the west and only enemies in the east. It's also easier to share
information worldwide and media coverage was much larger this time.

------
rolltiide
Protip: Nobody knows who owns any business entity, if they dont want you to
know.

Here German intelligence and US intelligence owned a Swedish entity. Thats how
free trade works.

~~~
chinathrow
That has nothing to do with free trade - it's about privately held stocks.
Which is a worldwide thing.

~~~
rolltiide
Yes but no capital controls on who can own what and where

------
cryptonector
This has been public knowledge for decades.

~~~
ta999999171
"Public"?

It was trending on Instagram and MTV/TLC?

------
yawniek
i'm not really sure how much of a "conspiracy" is left here if even the former
head of the BND admitted it...

------
ur-whale
Files criminal complaints in which jurisdiction?

Switzerland?

If so, what do they hope to gain from it?

------
infinity0
In the grand scheme of things it doesn't matter that you can read everyone's
messages when your economy is growing at 1%, the economy of your supposed
"friend" that you're selling the messages to is growing at 2%, and the economy
of the people whose messages you're reading is growing at 6-7%.

Maybe they should have used the money to develop 5G instead, lol.

> Switzerland’s Prime Minister, Simonetta Sommaruga

For a supposed website about intelligence, strange of them to use the phrase
"Prime Minister" to describe the President of Switzerland (who actually is
just a figurehead with the same power as the other members of the 7-member
Federal Council).

~~~
Mvandenbergh
I'm not sure how GDP growth is relevant here, especially when those higher
growth rates are in countries with much lower base GDPs. GDP growth is not an
eternal structural characteristic of an economy and there is no reason to
believe that it will not slow down as GDP/capita converges.

~~~
infinity0
"We're already ahead, we don't need to run any faster, we'll use our energy to
do pointless things like spy on everyone instead".

Don't let me stop you thinking that but I'll keep running faster, thanks.

~~~
2Crisp
The idea that less developed economies have much faster potential growth is
well studied in economics:
[https://en.m.wikipedia.org/wiki/Convergence_(economics)](https://en.m.wikipedia.org/wiki/Convergence_\(economics\))

I'm not sure what point you're trying to make here.

