The story aboutCrypto AG
Abstract. Did NSA in 1957 really place a backdoor in high tech encryption equipment sold by Crypto AG? Amongst the customer's for the well repudiated Swiss company where 120 governments and organisations, which thus could have been subject to interception for the latest 50 years. These roomers that has been floating around for several years, are all collected in this web page together with a transcript and sound from a Swiss radio broadcast. One of the lesson we can learn is that cryptographic programs which has made its source code public, is immune to this kind of allegations.
The modern version of undetectable secret interception of encrypted communication is called Kleptography - an undetectable key recovery.
Introduction. The cryptographer Boris C. W. Hagelin (1892-1983) created in1952 the company Crypto AG, in Schweich. In 1995 the company sued Mr. Buehler, its fired salesman, who in a book claimed that Crypto AG had built in a backdoor to NSA in their encryption machines. Just a few days before engineers were to testify the suit was withdrawn and the parties agreed to not disclose the settlement. This backdoor should have been implemented since 1957. Hans Buehler lives to day in Switzerland.
Crypto AG is still active today. For example they have an advertise titled; Information Security from one source -Crypto AG in Defence & Security Review 1997. In a press release dated December 05, 1997 "Facts and Fiction about Crypto AG in the Internet" they write:
"Internet is open for all sorts of information - unfortunately also for disinformation. Some webmasters construct links to defamatory articles and rumours containing untrue statements about our company and try to give credence to them by means of links to the Crypto-Internet address."
The article do also mention the a Swede crypto company named Transvertex.
"The NSA allegedly received support from cryptographic companies Crypto AG and Gretag AG in Switzerland, Transvertex in Sweden, Nokia in Finland, and even newly-privatized firms in post-Communist Hungary.39 In 1970, according to a secret German BND intelligence paper, supplied to the author, the Germans planned to "fuse" the operations of three cryptographic firms-Crypto AG, Grattner AG (another Swiss cipher firm), and Ericsson of Sweden."
Some notes about Transvertex.
- Transvertex existed as a Swedish crypto company during World War 2.
Source: This is mentioned in a single meaning in the book; "Svenska Kryptobedrifter", page 108, ISBN 91-0-056229-7.
- Transvertex is also mentioned in an article titled;
"Swedish HC-9 Ciphering Machine" in Volume XIII Number 3 (July 1989) issue of the quarterly journal Cryptologia. The article on the crypto machine was introduced with the following words:
"The HC-9 is a post World War II mechanical ciphering machine manufactured by AB Transvertex in Sweden and probably used by the Swedish military forces up to the 1970's. The machine was designed for relatively low level use; platoon, company, up to battalion levels and in regimental and brigade staffs..."
Source: Toby's Cryptopage! (Torbjörn Andersson) and his description of the HC-9 Ciphering Machine
- Roomers say that Transvertex was incorporated into the Swedish company, SRA, Svenska Radio Aktie Bolaget, which in its turn was incorporated into Ericsson. If there is any cryptographic work still in progress within Ericsson, it is in Ericsson Radio Systems.
- NSA, Crypto AG, and the Iraq-Iran Conflict, by J. Orlin Grabbe, November 2, 1997
"One of the dirty little secrets of the 1980s is that the U.S. regularly provided Iraq's Saddam Hussein with top-secret communication intercepts by the U.S. National Security Agency (NSA)."
- "Who is the authorized fourth" - Secret services undermine the protection of cryptographic devices. 8 March 1997. A translation from "DER SPIEGEL" issue 36, 1996 pages 206-207 Title in German; "Wer ist der befugte Vierte?": Geheimdienste unterwandern den Schutz von Verschlusselungsgeraten"
"At the beginning of the nineties the discreet company was suspected to play an unfair game. What was the source of the "direct precise and undeniable proofs" U.S. president Reagan referred to when he ordered the bombardment of Libya, the country he called the wire puller of the attack against the disco La Belle? Obviously the U.S services were able to read encrypted radio transmissions between Tripoli and its embassy in East Berlin. "
No Such Agency Part Four - Rigging the Game The Baltimore Sun, December 10, 1995, pp. 9-11.
"In answer to charges of machine-rigging, Crypto filed suit last year against Mr. Buehler, its fired salesman. The suit was settled last month, days before former Crypto engineers were to testify that they believed the machines were altered. The parties agreed not to disclose the settlement.... "Spy sting: Few at the Swiss factory knew the mysterious visitors were pulling off a stunning intelligence coup -- perhaps the most audacious in the National Security Agency's long war on foreign codes; NO SUCH AGENCY . Zug, Switzerland -- For four decades, the Swiss flag that flies in front of Crypto AG has lured customers from around the world to this company in the lake district south of Zurich."
This article can be ordered on-line
"NSA's crypto sting" Baltimore Sun, December 10, 1995. This article can be ordered on-line
"Swiss firm disputes allegations of rigging"Baltimore Sun, December 15, 1995. This article can be ordered on-line
"Busy signals at NSA" Baltimore Sun, December 24, 1995. This article can be ordered on-line
"Agency of spies keeps code of silence with few clear lines; 'Please be cautious about commenting on coverage' ``MEDIA ALERT -- Potential media coverage of NSA,'' said the heading on the memo, dated ``1 December'' in military fashion and labelled ``FOUO'' -- For Official Use Only -- the lowest security classification level."
- The Swiss Radio International broadcasted two English programs/intervjuves with Hans Buehler and about Crypto AG. This is a transcript from the broadcasts in May 15, 1994 (25 minutes) and July 18, 1994 (12 minutes). The sound will also be uploaded to the web.
- The book; Verschlüsselt - Der Fall Hans Bühler. Look at the books frontpage and a picture of the prison he was in
Title: Verschlüsselt (This means encrypted in English)
Subtitle: Der Fall Hans Bühler
Author: Res Strehle (a freelance journalist in Zurich)
Publisher: Werd Verlag, [ http://www.werdverlag.ch ] Zurich
Price: 34 Swiss Franc + postage to Sweden 4 Swiss Franc. (SFR). In German mark, (DM) this equals to 40 DM for the book, and 5 DM for the postage. June -98.
U.S. Library of Congress #: DS318.84.B84S77 1994
Dewey Decimal #: 338.7/610058/092 20
ISBN #: 385932 141 2 (to Swed readers; Laszlo has a spare copy to sell for 250 SEK)
Perhaps the book was the reason for Crypto AG's law suit against Buehler. The 200 pages book is written in Germany. However, a quick glance at the content suggests that the content is concentrated on the time when Hans Bühler was prisoned as a spy in Iran and the events thereafter. It also includes other details that eventually made Bühler to draw his conclusion about the backdoor in equipment from Crypto AG. Start with the books last chapter if you are in a hurry.
To order the book directly from the publisher [http://www.werdverlag.ch ]
Select; 'Bestellung' (=ordering)
Select; 'Ihre Buchwahl' (=select a book) and select Verschlüsselt in the alphabethic list of titles.
There is no way to pay on-line, yuo will received an invoice. The book will be sent from BD Bücherdienst AG.
[ http://www.buecherdienst.ch ]
Remain; Digitalize the sound from the intervju into MP3-format.
(When searching for details in databases, etc, note that in English, Buehler's name is spelled with 'ue', while German sources spells it 'ü'. This text contains mixed spelling so it can be found with both spelling methods)
Latest change 11Nov -98, Laszlo Baranyi, email@example.com PGP5 Key ID: 3CEAEF2C