CIA, BND, and Crypto AG - and no-one really picked it up

Re: https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

It’s fascinating that this story broke Monday and - at least from my limited perspective - no-one really picked it up. While its among the most read articles on and a co-scoop by WaPo, even their front-page could not care less. It’s pretty front and center on zdf.de (https://www.zdf.de/), their collaborators on the scoop. Wonder whether it’s simply as business-as-usual that it’s not really worth talking about or whether “we” (whoever “we” is) have simply grown numb to this sort of thing. You’d be even kind of surprised if this had not happened.

Beware of Huawei, though! :smiley: On the front-page of WSJ, the CIA story is nowhere to be found, but another Huawei FUD. At least NYT front is oblivious to both. :wink: :disappointed:

2 Likes

Yes, very interesting story. It seems a lot of outlets have not picked it up. Possibly because it was a German language exclusive yesterday?

Great. Spy on nations and get them to pay for it… No wonder the orange one is apoplectic about Huawei getting market share and them not being able to spy on their partners any more.

The CIA FUD story is hilarious. Huawei has built in the legal warrant tapping interface into their hardware, as required by US law, so they will be listening in as well… Erm, the provider should be setting the password, once they have the kit, so Huawei employees can’t do that. Oh, and every other piece of kit on the market has to legally have the same “back door”. :roll_eyes:

2 Likes

Wonder what this is going to lead to in terms of national IT protectionism and development programmes. Technically, about 100 countries may have just woken up to needing their own stuff. Wonder who is right now also waking up to supply them or build covert support behind local tech suppliers.

I am so much looking forward to hear Jeff Jarvis say “techno panic” and hear his perspective on this news later today. :smiley:

1 Like

The story doesn’t mention who actually fabbed the units, let alone the secure versus insecure ones. What else are they perhaps still fabbing? Whose products might be compromised by similar political ties lingering from the arrangement or morphed into other organizations?

Crypto AG was the manufacturer of the devices, according to the ZDF and SRF reports. The CEO passed on the information on how to break the encryption to the BND and CIA.

The Swiss government have revoked Crypto AGs export license, until the matter had been investigated.

What are the back doors in now? Has RSA received any large “donations” again recently! :thinking:

I guess what I mean more is the specifics of the fabbing: whose chips, how much did they know, were they custom items, where were the factories and under whose control, etc. :sweat_smile:

This was 1970 through to the 80s to 93, so their own hardware, I’d guess.

Motorola was mentioned, but in a consultative role. Was TSMC used, for example? Anyway, I just thought it odd that the article didn’t delve into the actual nuts and bolts of how these machines came about, physically, in more detail.

There was no backdoor. They used the equivalent of Bombe in the Second World War, they had the possible encryption choices and brute forced the messages.

1 Like

That comes within my definition of a back door. But I understand that technical my term is incorrect. I should use, where has the weakness been introduced or security bypassed now in the ecosystem.
:slight_smile:

Bruce Schneier had a good article on Crypto AG
https://www.schneier.com/blog/archives/2020/02/crypto_ag_was_o.html

Because the hardware is more or less irrelevant. The design and the way to break the codes was passed on, the hardware itself wasn’t manipulated, at least in the beginning, and there were no backdoors as such. At least for the early devices, which were hand driven paper tape readers.

No, that is wire tapping and then decrypting the messages going over the wire. The same as Bombe want a backdoor to the German Enigma machines.

What I’m saying though is that to me the story is as much the politics controlling fabrication as it was the algorithms. To the extent complicity had to stretch beyond the parties orchestrating the project in order for the hardware to be created, that seems to me to be every bit as important to cover.

It goes beyond politics, I’m guessing, based on past examples that this was done directly by the secret services outside of political oversight.

But, yes it is more about the relationship between the CIA and BND controllers and the directors of Crypto AG than the hardware.

Edit :have you looked to see what the CX-52 is?

We will have to disagree over this as for me the Crypto was backdoored and they just collected the backdoored data from the wire.

I saw them and their timeframe, but since the program extended into the digital age, I’m concerned at how far-reaching its compromise of manufacturers/fab facilities may prove, especially given it appears to have been instituted prior to the inception of the industry.

It isn’t really new news, more like new info about news that Snowden let us in on.
Since the sale of the company assets a couple of years ago people have had the time to sift through the details.

What I wonder is, did they fold the company due to the Snowden leaks or because they have something else in place now ?

One thing is for sure, it won’t stop the CIA from trying to paint Huawei as the giant threat to privacy and security.

The comments on that Bruce Schneier article get very interesting, even allowing an element of “tinfoil hat” in the viewpoints…

This is what I was talking about. There was no backdoor in the hardware, it sent fully encrypted messages, but, because they had the specs, they could use similar techniques to the Bombe to brute force the encrypted messages that were intercepted.

If you can brute force these messages, you don’t need a back door.

2 Likes