The story about Crypto AG

Abstract. Did NSA in 1957 really place a backdoor in high tech encryption equipment sold by Crypto AG? Amongst the customer's for the well repudiated Swiss company where 120 governments and organisations, which thus could have been subject to interception for the latest 50 years. These roomers that has been floating around for several years, are all collected in this web page together with a transcript and sound from a Swiss radio broadcast. One of the lesson we can learn is that cryptographic programs which has made its source code public, is immune to this kind of allegations.
The modern version of undetectable secret interception of encrypted communication is called Kleptography - an undetectable key recovery.

Introduction. The cryptographer Boris C. W. Hagelin (1892-1983) created in1952 the company Crypto AG, in Schweich. In 1995 the company sued Mr. Buehler, its fired salesman, who in a book claimed that Crypto AG had built in a backdoor to NSA in their encryption machines. Just a few days before engineers were to testify the suit was withdrawn and the parties agreed to not disclose the settlement. This backdoor should have been implemented since 1957. Hans Buehler lives to day in Switzerland.

Crypto AG is still active today. For example they have an advertise titled; Information Security from one source -Crypto AG in Defence & Security Review 1997. In a press release dated December 05, 1997 "Facts and Fiction about Crypto AG in the Internet" they write:
"Internet is open for all sorts of information - unfortunately also for disinformation. Some webmasters construct links to defamatory articles and rumours containing untrue statements about our company and try to give credence to them by means of links to the Crypto-Internet address."

• Crypto AG: The NSA's Trojan Whore? by Wayne Madsen, Covert Action Quarterly, Winter 1998, issue #63
  "For at least half a century, the US has been intercepting and decrypting the top secret documents of most of the world's governments. ... It may be the greatest intelligence scam of the century: For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries. These nations had bought the world's most sophisticated and supposedly secure commercial encryption technology from Crypto AG, a Swiss company that staked its reputation and the security concerns of its clients on its neutrality. The purchasing nations, confident that their communications were protected, sent messages from their capitals to embassies, military missions, trade offices, and espionage around the world, via telex, radio, teletype, and facsimile. "

The article do also mention the a Swede crypto company named Transvertex.
"The NSA allegedly received support from cryptographic companies Crypto AG and Gretag AG in Switzerland, Transvertex in Sweden, Nokia in Finland, and even newly-privatized firms in post-Communist Hungary.39 In 1970, according to a secret German BND intelligence paper, supplied to the author, the Germans planned to "fuse" the operations of three cryptographic firms-Crypto AG, Grattner AG (another Swiss cipher firm), and Ericsson of Sweden."

Some notes about Transvertex.
- Transvertex existed as a Swedish crypto company during World War 2.
Source: This is mentioned in a single meaning in the book; "Svenska Kryptobedrifter", page 108, ISBN 91-0-056229-7.

- Transvertex is also mentioned in an article titled;
"Swedish HC-9 Ciphering Machine" in Volume XIII Number 3 (July 1989) issue of the quarterly journal Cryptologia. The article on the crypto machine was introduced with the following words:
"The HC-9 is a post World War II mechanical ciphering machine manufactured by AB Transvertex in Sweden and probably used by the Swedish military forces up to the 1970's. The machine was designed for relatively low level use; platoon, company, up to battalion levels and in regimental and brigade staffs..."
Source: Toby's Cryptopage! (Torbjörn Andersson) and his description of the HC-9 Ciphering Machine

- Roomers say that Transvertex was incorporated into the Swedish company, SRA, Svenska Radio Aktie Bolaget, which in its turn was incorporated into Ericsson. If there is any cryptographic work still in progress within Ericsson, it is in Ericsson Radio Systems.

NSA, Crypto AG, and the Iraq-Iran Conflict, by J. Orlin Grabbe, November 2, 1997
"One of the dirty little secrets of the 1980s is that the U.S. regularly provided Iraq's Saddam Hussein with top-secret communication intercepts by the U.S. National Security Agency (NSA)."

"Who is the authorized fourth" - Secret services undermine the protection of cryptographic devices. 8 March 1997. A translation from "DER SPIEGEL" issue 36, 1996 pages 206-207 Title in German; "Wer ist der befugte Vierte?": Geheimdienste unterwandern den Schutz von Verschlusselungsgeraten"
"At the beginning of the nineties the discreet company was suspected to play an unfair game. What was the source of the "direct precise and undeniable proofs" U.S. president Reagan referred to when he ordered the bombardment of Libya, the country he called the wire puller of the attack against the disco La Belle? Obviously the U.S services were able to read encrypted radio transmissions between Tripoli and its embassy in East Berlin. "

• "The Seduction of Crypto AG: How the NSA held the keys to a top-selling encryption machine" 1997. GNN, Global Network Navigator, A series in five parts about NSA, where Crypto AG is mentioned in part 2. The other parts are 1 3 4 5
• The newspaper Baltimore Sun wrote a series of four articles in 1995 about the backdoor in Crypt AG:s products. One article; "No Such Agency" is below. The other three articles can be ordered on-line.

No Such Agency Part Four - Rigging the Game The Baltimore Sun, December 10, 1995, pp. 9-11.
"In answer to charges of machine-rigging, Crypto filed suit last year against Mr. Buehler, its fired salesman. The suit was settled last month, days before former Crypto engineers were to testify that they believed the machines were altered. The parties agreed not to disclose the settlement.... "Spy sting: Few at the Swiss factory knew the mysterious visitors were pulling off a stunning intelligence coup -- perhaps the most audacious in the National Security Agency's long war on foreign codes; NO SUCH AGENCY . Zug, Switzerland -- For four decades, the Swiss flag that flies in front of Crypto AG has lured customers from around the world to this company in the lake district south of Zurich."
This article can be ordered on-line  

"NSA's crypto sting " Baltimore Sun, December 10, 1995. This article can be ordered on-line
"Code breakers: Rigged encryption machines provided U.S. a global security edge. The remarkable series of articles that The Sun started publishing a week ago about the secretive National Security Agency is getting attention far beyond Maryland. Some readers -- particularly among employees of NSA and other intelligence groups -- complain the paper is revealing too much."

"Swiss firm disputes allegations of rigging" Baltimore Sun, December 15, 1995. This article can be ordered on-line
"Maker of code machines labels link with NSA 'hearsay' and 'invention'; NO SUCH AGENCY. A SWISS MAKER of coding equipment yesterday dismissed as ``old hearsay'' and ``pure invention'' a Sun article presenting evidence that the National Security Agency rigged its machines so U.S. spies could easily read foreign governments' secret messages."

"Busy signals at NSA" Baltimore Sun, December 24, 1995. This article can be ordered on-line
"Agency of spies keeps code of silence with few clear lines; 'Please be cautious about commenting on coverage' ``MEDIA ALERT -- Potential media coverage of NSA,'' said the heading on the memo, dated ``1 December'' in military fashion and labelled ``FOUO'' -- For Official Use Only -- the lowest security classification level."

The Swiss Radio International broadcasted two English programs/intervjuves with Hans Buehler and about Crypto AG. This is a transcript from the broadcasts in May 15, 1994 (25 minutes) and July 18, 1994 (12 minutes). The sound will also be uploaded to the web.

The book; Verschlüsselt - Der Fall Hans Bühler. Look at the books frontpage and a picture of the prison he was in
Title:  Verschlüsselt (This means encrypted in English)
Subtitle: Der Fall Hans Bühler
Author: Res Strehle (a freelance journalist in Zurich)
Publisher: Werd Verlag, [ http://www.werdverlag.ch ] Zurich
Published; 1994.
Price: 34 Swiss Franc + postage to Sweden 4 Swiss Franc. (SFR). In German mark, (DM) this equals to 40 DM for the book, and 5 DM for the postage. June -98.
U.S. Library of Congress #: DS318.84.B84S77 1994
Dewey Decimal #: 338.7/610058/092 20
ISBN #: 385932 141 2 (to Swed readers; Laszlo has a spare copy to sell for 250 SEK)

Perhaps the book was the reason for Crypto AG's law suit against Buehler. The 200 pages book is written in Germany. However, a quick glance at the content suggests that the content is concentrated on the time when Hans Bühler was prisoned as a spy in Iran and the events thereafter. It also includes other details that eventually made Bühler to draw his conclusion about the backdoor in equipment from Crypto AG. Start with the books last chapter if you are in a hurry.

• The first time a backdoor Crypto AG:s equipment is also mentioned, is in the book Puzzle Palace. Published in 1983,  in Chapter 8: Partners it says:
  "... concern [by NSA in 1957] was most likely expressed over the possible changes in the crypto systems of Britain and the other NATO countries because of the wide spread feeling that America has broken their codes. The situation was complicated by the fact that newer, more complex cryptographic devices were being produced in Europe, devices that could set NSA code breakers back many years.... [In august 1957, William F. Friedman was appointed to] "undertake a series of ultra sensitive missions .. These missions, the details of which are still considered top secret by the agency... [was to] establishing some sort of agreement with Europe's largest manufacture of cryptographic devices, Crypto AG. ... In 1957 Crypto AG was to cryptography what General Motors was to Automobiles. … the company was probably the world's largest supplier of crypto equipment to foreign governments. Third world nations began casting off the chains of colonialism, they turned to Crypto AG to protect their secret communications. Heading the company was sixty-five-year-old Boris Caesar Hagelin, a russian born Swede who since the 1920 had been manufacturing crypto equipment and selling to various governments.... [Friedman met Hagelin] Exactly what happened during their meetings may newer be known, but it seems likely that some sort of "deal" was offered to Hagelin by Friedman on behalf of NSA. What this deal may have involved can be only speculation, but it appears likely that Hagelin was asked to supply to the NSA details about various improvement and modifications made to the cipher machines his company supplied to other governments, including, especially, the members countries of NATO. This would have greatly shortened the time needed by the United States to break their code system. Evidence of this can be found in a worried request made by the NSA to the British author Ronald Clark who wrote a biography of Friedman in 1977. In his book
  [ The book mentioned here is according to the puzzle palace's reference list, reference 310: "Should you approve": Ronald Clark, "The man who broke purple" (Boston: Little. Brown, 1977) pp. 153-154]
  Clark made several references to Friedman's 1957 trip… On learning Clark's intention to mention these trips, officials of the NSA approached him and expressed their "serious concern" about what might be revealed. They made a several unsuccessful attempts to read the manuscript... [so] the officials reluctantly explained to him that their reason for worry was that "the book might discuss the supply of cipher machines to NATO; and that would deprive NSA of the daily information enabling the NSA to read the secret messages of other NATO countries"

Remain; Digitalize the sound from the intervju into MP3-format.

(When searching for details in databases, etc, note that in English, Buehler's name is spelled with 'ue', while German sources spells it 'ü'. This text contains mixed spelling so it can be found with both spelling methods)

Latest change 11Nov -98, Laszlo Baranyi, lb@qainfo.se PGP5 Key ID: 3CEAEF2C