Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government EU Encryption United States

Report Claims America's CIA Also Controlled a Second Swiss Encryption Firm (courthousenews.com) 100

Long-time Slashdot reader SonicSpike brings this report from AFP: Swiss politicians have voiced outrage and demanded an investigation after revelations that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide. "How can such a thing happen in a country that claims to be neutral like Switzerland?" co-head of Switzerland's Socialist Party, Cedric Wermuth, asked in an interview with Swiss public broadcaster SRF late Thursday. He called for a parliamentary inquiry after an SRF investigation broadcast on Wednesday found that a second Swiss encryption firm had been part of a spectacular espionage scheme orchestrated by U.S. and German intelligence services.

A first investigation had revealed back in February an elaborate, decades-long set-up, in which the CIA and its German counterpart creamed off the top-secret communications of governments through their hidden control of a Swiss encryption company called Crypto.

SRF's report this week found that a second but smaller Swiss encryption firm, Omnisec, had been used in the same way.

That company, which was split off from Swiss cryptographic equipment maker Gretag in 1987, sold voice, fax and data encryption equipment to governments around the world until it halted operations two years ago. SRF's investigative program Rundschau concluded that, like Crypto, Omnisec had sold manipulated equipment to foreign governments and armies. Omnisec meanwhile also sold its faulty OC-500 series devices to several federal agencies in Switzerland, including its own intelligence agencies, as well as to Switzerland's largest bank, UBS, and other private companies in the country, the SRF investigation showed.

The findings unleashed fresh outrage in Switzerland, which is still reeling from the Crypto revelations.

The first compromised cryptography company "served for decades as a Trojan horse to spy on governments worldwide," according to the article, citing news reports from SRF, the Washington Post and German broadcaster ZDF. "The company supplied devices for encoded communications to some 120 countries from after World War II to the beginning of this century, including to Iran, South American governments, India and Pakistan.

"Unknown to those governments, Crypto was secretly acquired in 1970 by the U.S. Central Intelligence Agency together with the then West Germanyâ(TM)s BND Federal Intelligence Service."
This discussion has been archived. No new comments can be posted.

Report Claims America's CIA Also Controlled a Second Swiss Encryption Firm

Comments Filter:
  • by iggymanz ( 596061 ) on Sunday November 29, 2020 @09:16PM (#60777074)

    imagine not using an open source cryptography system

    • by Bert64 ( 520050 ) <bert@@@slashdot...firenzee...com> on Sunday November 29, 2020 @10:55PM (#60777216) Homepage

      Brings new light on the huawei situation too... You can't trust a black box commercial system for anything important. The US suspects china of using huawei for spying because it's exactly the thing they have done themselves. Only the CIA were smart enough to infiltrate supposedly neutral third parties.

      Either you develop a system in house from scratch using appropriately vetted and qualified personnel, or you take an open source system and ensure it gets thoroughly reviewed in house by appropriately vetted and qualified personnel.

      The open source approach is a lot less work, especially if several rival countries are doing the same thing. A system approved for use by one country could well have backdoors implanted by that country, but a system approved for use by usa/russia/china/iran is far less likely to have any backdoors.

      • by phantomfive ( 622387 ) on Monday November 30, 2020 @12:01AM (#60777286) Journal

        You can't trust a black box commercial system for anything important

        Note that this is something we've known for a long time, at least as long as I've known about cryptography, and yet somehow people keep making the same mistake.

      • by Cyberax ( 705495 ) on Monday November 30, 2020 @12:10AM (#60777300)

        You can't trust a black box commercial system

        Huawei provided source code to at least several governments.

        • but its doubtful the source they are giving for inspection is the source they are running....

          • by Cyberax ( 705495 ) on Monday November 30, 2020 @12:47AM (#60777350)
            It's not. They actually use reproducible builds so that they can certify correspondence between source and binary. Huawei engineers did a nice presentation about that back when China was still a friend and people could move between countries.
            • by IdanceNmyCar ( 7335658 ) on Monday November 30, 2020 @01:13AM (#60777386)

              Which is the whole point of China. I think people don't get this. When it comes to international markets, capitalists values trump all for China. This is because China realizes economic dependency by a foreign nation means security from that nation being too absurd which includes any type of physical conflict, political pressure, etc. This is generally referred to as Chinese "soft power". Once China controls a large portion of your supply chain, they can use economic pressure against you to obtain it's objectives. By providing source code and insight into the ease of building the software, they want everyone to consume their hardware and in turn that dependency which is the real power. There is no need to listen in on the line when they can cripple your ability to maintain your infrastructure... this kind of "small fry" mentality is exactly why America is falling behind and China maintains a steadfast path towards achieving it's objectives.

              Likewise there is a very big difference between the internal objectives of the Chinese states and the outward objectives. The nature of these objectives seems to at least go back to Mao's awareness that true communism cannot exist instantaneously within global capitalism. China thus uses this rather sound strategy to build it's economic dominance while raising the quality of life for the Chinese people. Likewise the degree China would uses it's "soft power" to for "nation building" outside China is an open question. It's clear this can be used to pressure against support for certain things (e.g. three Ts) and that it considers all Chinese dissidents effectively still Chinese citizens but it still seems unclear how much it would affect the average American's lifestyle. The assumption here is the power that Chinese gaining will corrupt, as the idiom goes.

              Either way, westerners seem to often fail to understand the real nature of Chinese global economics and in an attempt to undermine their growth often seek what is little more than baseless slander to turn markets away from their goods...

              • Re: (Score:3, Insightful)

                by Bert64 ( 520050 )

                Avoiding becoming dependent on foreign goods is a perfectly sensible strategy precisely because of the reasons you've highlighted. Even in the absence of backdoors (and indeed there is no evidence of backdoors in huawei equipment), you don't want to become dependent on a single supplier as that might allow that supplier and/or the country they are based in to have unwanted leverage over you.

                • Except the numerous occasions then Huawei stole Cisco source code? It's difficult to have confidence in the safety or reliability or source code you didn't write and dare not expose publicly. Examples include:

                  > https://www.wsj.com/articles/S... [wsj.com]

                  • by Anonymous Coward

                    You surely mean "example". There aren't multiple examples of Huawei stealing Cisco's source code. All reports are from an incident close to 2 decades ago.

                  • by Bert64 ( 520050 )

                    How is this an exception to what i said?

              • by AmiMoJo ( 196126 ) on Monday November 30, 2020 @09:48AM (#60778214) Homepage Journal

                The Chinese literally can't do anything right in your eyes, can they? No matter what it is you will find some way to twist it into an evil conspiracy to dominate the world.

                This is just normal capitalism. Apple isn't run by Pinky & The Brain, they are not trying to take over the world by making everyone dependent on an iPhone. They are trying to make as much money as possible. Occasionally that even results in good behaviour, like their focus on privacy.

                As for interdependence, it's worked out great in Europe. What finally stopped centuries of wars was the EU, economic union that make armed conflict impossible. It goes both ways too, China's economy is dependent on us.

                • I didn't say China was doing anything wrong or that it was an evil conspiracy. In fact I agree with you, this is just normal capitalism.

                  Likewise I agree about the interdependency between China and the US economy and in general it can improve value in supply chains. Tesla is clearly looking to utilize it. Apply utilizes it. Many think China will be replaced by other markets like Vietnam in a race to the bottom but I think this underplays again the first point, China shows wisdom at the long term aspects of g

                • by jay age ( 757446 )

                  As long as it's a dictatorship controlled by the CCP, I tend to agree with him.
                  In democracies you don't have ruling party, which can order any corporation to do its bidding.

                  What I wonder about is why people choose to forget, that it's a communist country? That's kinda important.

              • Comment removed based on user account deletion
              • When it comes to international markets, capitalists values trump all for China.

                When it comes to China, authoritarianism trumps all. Their economic policies are predictable; everyone makes deals they think will benefit them the most. As long as the world fails to hold them to account, they will continue to get away with whatever they can, just like everyone else. The fundamental problem is that human greed leads others to enable them so that they can get a piece of that sweet slave labor profit.

              • Sorry, typical american idiot.
                "China" simply wants to be left alone, that is all.

                But you push them into a corner they don't want be in and don't belong into. Obviously they push back.

                No idea where this China hatred is coming from, recent 10 years. Why can you not let them find their own way?

                During the end of cold war, west Germany approached east Germany via negotiants, whole Germany approached Russia via negotiants.

                It worked. Why the funk you want to make a country, you can not compete with anyway, your en

                • I don't hate China. I actually love and hope to spend the rest of my life in China.

                  I don't really have a response to the rest of your comment.

        • My understanding is that whereas Huawei have indeed shared source code with various governments and customers, they've been having trouble with the reproduceability of their builds, such that it was difficult for the reviewers of the provided source code to determine whether the binaries had indeed been built from that source code (and from nothing else besides).

      • Re: (Score:1, Flamebait)

        Comment removed based on user account deletion
        • by Bert64 ( 520050 ) <bert@@@slashdot...firenzee...com> on Monday November 30, 2020 @04:17AM (#60777582) Homepage

          Hence the qualifying statement "appropriately vetted and qualified personnel".
          Governments most definitely are able to hire such coding teams, and the cost isn't going to be prohibitive for critical systems, especially if you're sensible and keep the systems as small as possible.

          The only alternative to auditing existing code yourself, is writing new code from scratch which is likely to be even more time consuming.

          Your examples show malware that was detected, the mere fact that these things were detected quickly shows that processes are working. I'm far more concerned about compromises or malware that hasn't been detected.

          Also while source being available doesn't mean that someone has looked at it, it only means that someone could have. The alternative with closed source is worse, you know that no independent security researchers have looked at it. Any researchers who have looked at it (if any) are likely under NDA, and the source could have been acquired via nefarious means and distributed to blackhat groups.
          So it's in a better position, not perfect but still better. Unless you can find a better alternative, we have to take what's available.

          • Re: (Score:1, Flamebait)

            Comment removed based on user account deletion
            • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday November 30, 2020 @09:13AM (#60778082) Homepage Journal

              So in other words "Unless you are the head of a country which has the unlimited resources to vet these millions of lines of code the FOSS hypothesis is based on bullshit" because again you show NO EVIDENCE to back up your assumption that every bit of code in the ecosystem you are looking at has been properly vetted.

              Oh shit, shut the fuck up immediately. The value proposition of FOSS has never been "that every bit of code in the ecosystem you are looking at has been properly vetted" and by moving the goalposts there you are being a disingenuous douchebag.

              The idea is that many eyes have more chances to catch bugs than proprietary software, where the code is often looked at by only a couple people, and more importantly can only be looked at by a couple people. The proposition of FOSS is that if you want and/or can afford to, you can fix the problems with it yourself. If it is critical to your business then you can hire some talent to do the work, even if you don't have the skills yourself.

              We know there are long-lasting holes in FOSS because we find them. But closed-source software is a black box. We can poke at it with tools designed to analyze binaries, but we can't do the same kind of analysis which would be possible with the sources. It's safest to assume that it has the same kinds of holes in it, but nobody finds and fixes them because it is not of commercial relevance. They're on to the new thing. But the people who do know how to analyze binaries for security faults are still doing their thing, and still finding security holes in that software through all the usual means like fuzzing, injection, etc.

              In short, we know that the FOSS model pays dividends specifically because we see its failures, and see them corrected. And we have reason to believe that it produces better results because of what we know of the closed source development process, which is not fundamentally different except that less people have eyes on the code. And also in short, you are grossly mischaracterizing the argument to make yourself sound more intelligent than you really are.

            • by Bert64 ( 520050 )

              Where did i claim that "every bit of code in the ecosystem you are looking at has been properly vetted" ?
              I claimed that source code being available gives you the opportunity to audit the code if you have the motivation and resources to do so. This is an undeniable fact, and relevant to this article. Did the crypto companies provide customers with the source code to their backdoored products?

              I even advocated that governments should perform their own reviews of the code irrespective of what existing checks ha

          • by guruevi ( 827432 )

            I don't think you ever worked for government funded projects. They are ALWAYS under-budgeted, over-budget and cut costs everywhere possible. I'm involved with dozens of government projects today, Windows XP, Windows 7, is the order of the day. A few weeks ago I had to rescue a floppy drive that still gets used daily (so it wore out). Today, I had a heated argument with one pointy haired team lead who blamed me for Adobe Creative Suite no longer activating, they literally did not budget in the last 10 years

  • Shit. Now what? Nothing? Cool. Bye.
  • I mean really, after WW II, we must gone over there and said "Look, we know you guys got all that stolen jewish gold. You can keep it, just do a little bit of work for us on the side...

    • Re: (Score:2, Interesting)

      Please don't make baseless accusations against Swatch [swatch.com].

  • and it's not with the We the People. They've done this election meddling in many other countries and our own now. You only have to understand the plan of the World Economic Forum & how it will shoe-horn the pathway for Agenda 21, 30 & 50. Lockstep is what they've chosen for us. Just read the Rockefeller plans https://principia-scientific.c... [principia-scientific.com]

    Big tech, Big Pharma, Big Retail have been chosen to crush citizens and turn them into peasants who own nothing, rent everything and wil be 'happy'. Same thing

  • by flyingfsck ( 986395 ) on Sunday November 29, 2020 @11:43PM (#60777274)
    This was widely known and published in 1995. I guess the editors were not born yet, so it is new to them. https://cryptome.org/jya/nsa-s... [cryptome.org] Sloshdat, very old news for nerds.
  • by johnnys ( 592333 ) on Monday November 30, 2020 @12:42AM (#60777340)

    "How can such a thing happen in a country that claims to be neutral like Switzerland?"

    Money. That is why it happened. There was money in it, and they happily took the money and looked the other way.

    Neutrality is not necessarily noble or virtuous: It may just mean that the neutral party wants to avoid the conflict. Does anyone believe that Sweden and Switzerland would have remained "neutral" if Hitler had won the war? They were very lucky to sit back and sell weapons and financial services to the warring countries in WWII and come out of the war rich and free. Any claim of "virtue" for being "neutral" hypocritically ignores the sacrifice of thousands of lives of the Allied forces and mountains of treasure that was expended defeating the fascists.

    • by Tailhook ( 98486 )

      Money.

      Doubtless the trade in these companies funded the families of some of Switzerland's leading lights today. No curiosity for this will emerge however. That part isn't interesting. Only howling about the CIA and the US is interesting, and perhaps getting a series of recurring apologies out of Biden et al.

      Give the money back if it's all so hideously wrong. Put your money where you claim your virtue is.

      One guess whether that's going to happen.

    • Comment removed based on user account deletion
    • by ghoul ( 157158 )
      Given the police state the CIA has turned the world into, would it really have been that bad if the Axis had won? And if not being neutral was the right decision?
      • Given the police state the CIA has turned the world into, would it really have been that bad if the Axis had won?

        It would have been bad immediately for Jews. Worse than it was already, I mean. And then over time it would have been bad for everyone who wasn't white, and then anyone who wasn't German, and then eventually anyone who wasn't a blond German with blue eyes who could prove their descendance from someone with two umlauts in their name.

        • The Jews got hunted because:
          a) they were an easy pray
          b) many of them had valuables to confiscate

          There never was a "only blue eyed and blond" idea.

          90% of the Germans, or nordic, are neither blue eyed or blond and certainly not both.

          • There never was a "only blue eyed and blond" idea.

            No, but that's where "let's blame all of our problems on some external group and hunt them to the ends of the earth" leads. They didn't get that far, because their leaders were a bunch of wackos.

            • They didn't get that far, because their leaders were a bunch of wackos.
              True, unfortunately many "leaders" are like that.

  • ... they're also running Threema, my favorite independent crypto messenger. LOL!

  • So this is basically espionage for foreign countries. Shouldn't the employees of the Crypto company and members of the Swiss intelligence service be trialed for espionage?

  • Well, good for them. Really, foreign intelligence gathering is their mandate. We may not like the fact that they are doing it, but it really is a necessary evil of the world. The world isn't an open, transparent window for all to see. What is more important is what is DONE with that information.
  • Comment removed based on user account deletion
  • If you just write "Crypto", nobody will understand you. Also, this has been pretty much known back when I studied cryptography about 30 years ago, although nobody had hard proof back then.

It is not best to swap horses while crossing the river. -- Abraham Lincoln

Working...