Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Government Privacy United States

Swiss Report Reveals New Details On CIA Spying Operation (washingtonpost.com) 36

Posted by BeauHD from the 20th-century-espionage dept.
An anonymous reader quotes a report from The Washington Post: The CIA and German intelligence jeopardized Switzerland's historic reputation for neutrality by using a Swiss company as a platform for a global espionage operation for decades, according to a report released Tuesday by members of the Swiss parliament. Investigators concluded that Swiss authorities were aware of, and at times complicit in, an elaborate espionage operation in which the CIA covertly owned and controlled a Swiss company, Crypto AG, that secretly sold rigged encryption systems to foreign governments.

The report marks the culmination of a Swiss investigation launched after the history of the Crypto operation was revealed earlier this year by The Washington Post in collaboration with ZDF, German public television, and Swiss broadcaster SRF. The Crypto operation exploited "Switzerland's image abroad as a neutral state," according to the report, which also said that Swiss authorities had effectively allowed the CIA and its German counterpart, the BND, to carry out "intelligence operations to the detriment of other states by hiding behind a Swiss company." The probe marks the first public accounting by a foreign government of an espionage operation so successful and extensive that a classified CIA history referred to it as "the intelligence coup of the century." The CIA did not respond to a request for comment, and the BND previously declined to comment.
This discussion has been archived. No new comments can be posted.

Swiss Report Reveals New Details On CIA Spying Operation More

Swiss Report Reveals New Details On CIA Spying Operation

Comments Filter:

  • This is why (Score:4, Insightful)

    by Arthur, KBE ( 6444066 ) on Wednesday November 11, 2020 @06:15PM (#60713256)
    anyone with a single iota of intelligence points doesn't use proprietary, corporate-controlled encryption systems.

    This is such a "duh", that it's difficult for me to find outrage in this case, as much as I'd like to.

    The encryption systems you should be using are the ones that the government dislikes.

    • ...Tell Pompeo that!

      He (Pompeo), would rather have you believe that China, Iran, Venezuela and Russia are the enemy.

      I can guarantee that if you asked him abiut this, he'll say something to the effect

      The United States is the beacon of true democracy...A country with institutions that actually work for the benefit of [all] humanity, unlike the Chinese Communist Party that uses companies like Huawei to spy around the world.

      • China, Iran, Venezuela, and Russia (and let's not forget DPRK and Turkey!) are the enemies of personal liberty and democracy. Don't be fooled into thinking they're not just because the US does some truly shady (/immoral/unethical/illegal) shit as well.

    • bad guys doing business in switzerland.
      this is my surprised face

    • so take note

      BOTH republican and democrat presidents endorsed this

      BOTH republican and democrat congresses endorsed this

      think of that the next time a news headline says on party is a fasscist ine

    • Re: (Score:2)

      by reanjr ( 588767 )

      True, but you're fighting against institutional momentum. Silicon Valley companies fawn over the products developed by other Silicon Valley companies, and reject products built elsewhere. Governments have similar biases and tend to trust other governments, but would never trust software built and used by commoners.

  • Old dupe (Score:3)

    by alexhs ( 877055 ) on Wednesday November 11, 2020 @06:35PM (#60713378) Homepage Journal

    Dupe! [slashdot.org]
    Well, apparently the news is that now the Swiss parliament has published a report on events that have been reported to the general public 9 months ago, and that the crypto community has known for decades.

  • So what? (Score:5, Insightful)

    by hackingbear ( 988354 ) on Wednesday November 11, 2020 @06:37PM (#60713380)

    The CIA, NSA, USA will just continue the same operations while perpetuating FUD over Huawei and ZTE. There's no punishment to the CIA, NSA, USA because the US has a near absolute monopoly over the military, finance, technologies, and international institutions.

    • It's not US organizations which are at issue here, it's a Swiss company. This tarnishes Switzerland's reputation as a neutral country. It's a Washington Post article, so I can't read it without agreeing to be spied on, but I'm curious whether Switzerland holds its private companies to the same standards of neutrality that the government maintains.

    • Re:So what? (Score:5, Informative)

      by MrScience ( 126570 ) on Thursday November 12, 2020 @03:30AM (#60714706) Homepage

      FUD over Huawei?! I thought it was politics, but I did some digging...

      After *five years*, Huawei still haven't been able to address severe security concerns the UK had (below is just a subset of problems from the report I link, any one of which would make infosec get up and leave the room). I would imagine *all* agencies have access to a Huawei device within seconds of access.

      And note: This is just looking at their cell-tower switch product, with their cooperation:

      The report analyzed the use of the commonly used and well maintained open source component OpenSSL. OpenSSL is often security critical and processes untrusted data from the network and so it is important that the component is kept up to date.

        In the first version of the software, there were 70 full copies of 4 different OpenSSL versions, ranging from 0.9.8 to 1.0.2k (including one from a vendor SDK) with partial copies of 14 versions, ranging from 0.9.7d to 1.0.2k, those partial copies numbering 304.
        Fragments of 10 versions, ranging from 0.9.6 to 1.0.2k, were also found across the codebase, with these normally being small sets of files that had been copied to import some particular functionality.
        There were also a large number of files, again spread across the codebase, that had started life in the OpenSSL library and had been modified by Huawei.

      And then the bit about memcopy... holy heck...
        There were over 5000 direct invocations of 17 different safe memcpy()-like functions and over 600 direct invocations of 12 different unsafe memcpy()-like functions. Approximately 11% of the direct invocations of memcpy()-like functions are to unsafe variants.
        There were over 1400 direct invocations of 22 different safe strcpy()-like functions and over 400 direct invocations of 9 different unsafe strcpy()-like functions. Approximately 22% of the direct invocations of strcpy()-like functions are to unsafe variants.
        There were over 2000 direct invocations of 17 different safe sprintf()-like functions and almost 200 direct invocations of 12 different unsafe sprintf()-like functions. Approximately 9% of the direct invocations of sprintf()-like functions are to unsafe variants.

      These numbers do not include any indirect invocation, such as through function pointers and the like. It is worth noting these unsafe functions are present in the binary and therefore pose real risk.

        Analysis of relevant source code worryingly identified a number pre-processor directives of the form “#define SAFE_LIBRARY_memcpy(dest, destMax, src, count) memcpy(dest, src, count)”, which redefine a safe function to an unsafe one, effectively removing any benefit of the work done to remove the unsafe functions in the source code. There are also directives which force unsafe use of potentially safe functions, for example of the form “#define ANOTHER_MEMCPY(dest,src,size) memcpy_s((dest),(size),(src),(size))”

      https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        The question is how does this compare to Cisco and other Western manufacturers? Is it better or worse or the same?

        Also some of it is misleading. 70 different copies could be a good thing, i.e. everything is highly containerised and tested with specific versions before release, meaning flaws are both contained and relatively easily patched. That's best practice.

      • All these "discoveries" simple mean that the UK/USA couldn't find any real malicious conducts like those implicating Crypto AG, and they had to resort to doing code reviews and churn out theoretical threats. Calling "unsafe memcpy" means nothing other than heavy optimization if the callers are already protected from malicious inputs. Have these western puppets found any actual threat vector path and went unanswered? Come on, all you show here are proofs of FUDs.

  • A neutral state??? (Score:4, Funny)

    by martinX ( 672498 ) on Wednesday November 11, 2020 @06:42PM (#60713402)

    Switzerland's historic reputation for neutrality?? The Crypto operation exploited "Switzerland's image abroad as a neutral state," ???

    Do these people not remember the Hundred Days War, also known as the War of the Seventh Coalition, which marked the period between Napoleon's return from exile on the island of Elba to Paris on 20 March 1815 and the second restoration of King Louis XVIII on 8 July 1815???

    • Re:A neutral state??? (Score:5, Informative)

      by Barnoid ( 263111 ) on Wednesday November 11, 2020 @07:10PM (#60713520)
      Switzerland has been neutral since 1815 [wikipedia.org], explicitly as a result of the conflicts you just mentioned.

      Switzerland has not participated in a war since then, even though remaining completely impartial turned out to be difficult during times. During World War II, when completely surrounded by Germany and Mussolini's Italy in the south, the Swiss allowed cargo trains through the Alps despite there were rumors that these trains actually transported Jewish people from Italy to Germany.

      Reminds me about an old joke about Allied Forces being allowed to overfly Swiss territory:

      Swiss air control to allied aircraft: You are approaching Swiss territory. Switzerland is neutral. Turn around.
      Allied aircraft: We know.
      Swiss air control: Turn around immediately, or we will shoot.
      Allied aircraft: We know.
      The Swiss shoot.
      Allied aircraft: You are shooting too low. We fly higher than that.
      Swiss air control: We know.

      • Funny, and probably with more than a grain of truth. Being neutral isn't easy, especially when one of the warring powers has your tiny country totally surrounded.

        Still, the neutrality was largely respected, and having a neutral party allowed the two warring sides to talk to each other. Also, reaching and enforcing agreements like the Geneva Conventions, and the access of the Red Cross to prisoners of war would have been much more difficult without the involvement of a neutral country.

        Of course, the Swiss to

    • "Do these people not remember the Hundred Days War, also known as the War of the Seventh Coalition, which marked the period between Napoleon's return from exile on the island of Elba to Paris on 20 March 1815 and the second restoration of King Louis XVIII on 8 July 1815???"

      *pulls out Willy Wonka meme* "No, please tell me more."

  • The world is a bad place and failure to spy is gross neglect of duty to protect the nation.

  • So sad (Score:2)

    by pele ( 151312 )

    But switzerlands reputation as a neutral country is long lost what with all the american and canadian surnames dotted all around and the banking systems long lost reputation for secrecy by being strongarmed into coplying with fatca. Still the best place to live.

  • That's the question that comes to mind: can the government use revealed facts like these as precedent for requiring all legal encryption algorithms to have a 'backdoor' of one sort or another? If so: guess I'm going to be a criminal sometime in the future.
  • This seems like old news. . . maybe 10 years old. It may have been a different Swiss security corporation that incorporated a back door by request of the U.S., but I read it here.

  • The Actual Report (Score:4, Informative)

    by chill ( 34294 ) on Wednesday November 11, 2020 @07:42PM (#60713658) Journal

    Here are links directly to the report.

    German: https://www.parlament.ch/centers/documents/de/bericht-gpdel-2020-11-10-d.pdf [parlament.ch]

    French: https://www.parlament.ch/centers/documents/fr/bericht-gpdel-2020-11-10-f.pdf [parlament.ch]

  • The Swiss have never been truly "neutral" historically. They played both sides, and called that "neutrality." Even in World War 2, Switzerland was used extensively by both sides, for espionage, for banking, for raw materials, for equipment, everything. Plus, Switzerland today is in a much different position than it was in during World War 2. The world is a different place and the threats are different, so naturally Switzerland will act differently.

  • Black Box Crypto ... (Score:4, Insightful)

    by bill_mcgonigle ( 4333 ) * on Wednesday November 11, 2020 @10:20PM (#60714218) Homepage Journal

    ... not even once.

    If you don't have the source for your crypto you WILL get screwed at some point.

  • The present day Crypto AG is a different company altogether - they stupidly bought the old trademark and regretted it ever since.
  • ...why does international crime like money laundering and human trafficking still exist? What the hell did they use the intelligence for? Tearing down democracies and rigging bids and trade deals?

Slashdot Top Deals

Any program which runs right is obsolete.

Close