How the West spied on the world...and still does
by Alex Davidson
The American Central Intelligence Agency (CIA) and the West German Federal Intelligence Agency (BND) secretly owned the Swiss company Crypto AG it was revealed on 11 February 2020 by the Washington Post and the German public broadcaster, ZDF. (1) The intelligence agencies used Crypto AG’s encryption communications equipment to spy on some 120 countries for over fifty years until the company was sold in 2018. Similar accusations had been made before but with fuller access to the CIA and BND’s histories this is now the most definitive account to date of the operation. (2)
The spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages. The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a comprehensive CIA history of the operation. The account identifies the CIA officers who ran the programme and the company executives entrusted to execute it. It traces the origin of the venture as well as the internal conflicts that nearly derailed it. It describes how the United States and its allies exploited other nations, took their money and stole their secrets. The operation was first known by the code name “Thesaurus” and later “Rubicon.” The CIA report concludes, in a self-congratulatory fashion, that, “It was the intelligence coup of the century.”
HOW THE SPYING WORKED
Crypto AG, based in Switzerland, made millions of dollars and its clients included Iran and other countries in the Middle East; many European, Asian and African countries; military juntas in Latin America; nuclear rivals India and Pakistan; as well as the United Nations and the Vatican. The Soviet Union and China never purchased Crypto’s equipment and so were not directly subject to its surveillance. However, a number of countries which had close relations with the Soviet Union did use Crypto’s equipment thus giving the CIA access to messages from them to the Soviet Union. These countries included Czechoslovakia, Hungary, Romania and Yugoslavia.
The founder of Crypto AG, Boris Hagelin, had a close relationship with William Friedman from their first meeting in 1937. Friedman was also a cryptographer and he ran the research division of the US Army’s Signals Intelligence Service from the 1930’s. Friedman became Chief Cryptologist for the American National Security Agency (NSA) when it was formed in 1952, the same year as Crypto AG was founded. Hagelin developed encryption machines, which he sold to the US during World War II for use by soldiers in the field, making him a millionaire. After the war Friedman came to a gentleman’s agreement with Hagelin in which Crypto AG would not sell secure machines to certain countries. As a consequence some 120 ‘targeted’ countries were sold machines whose messages could be decrypted by NSA.
Hagelin moved Crypto AG from its original headquarters in Sweden to Zug in Switzerland. As Switzerland was a neutral country the company could do business throughout the world with virtually no restrictions. In 1960 the CIA and Hagelin entered into a licensing agreement that paid Hagelin $855,000 and renewed his commitment to the earlier gentleman’s agreement. In 1967, Hagelin was approached by the French intelligence service with an offer to buy the company in partnership with German intelligence. Hagelin rebuffed the offer and reported it to his CIA handlers.
THE GEHLEN ORGANISATION
At this point in the story it is pertinent to look at the predecessor to the German Federal Intelligence Service, the Gehlen Organisation, which was set up by the Americans immediately following the end of the Second World War. General Reinhard Gehlen had been chief of the anti-Soviet espionage department in Hitler’s Military Intelligence Headquarters. Chief of the Department of Foreign Armies East was his official title. Gehlen’s final meeting with Hitler was in late February 1945. When Hitler’s armies collapsed later in 1945 General Gehlen escaped with the most important files of his department, which he had secreted in the Bavarian mountains, and delivered himself and his service as a going concern to the Americans. The files were a treasure trove possessing “the most comprehensive documentation on the USSR” and revealing that Gehlen “had built up in the occupied areas of the Soviet Union powerful networks of informers”. (3)
In August 1945, General Gehlen was flown with his principal colleagues to the United States in the private plane of General Bedell Smith, Eisenhower’s Chief of Staff. He described it in his Memoirs as “flying to Washington at a time when the Russians were still dealing with the other three powers in London over plans to prosecute war criminals”. (4) General Gehlen was formally discharged from prisoner-of-war status by the US and returned to Germany in July 1946, where he and his fellow Nazis formed the Gehlen Organisation, financed by the Americans, with their headquarters in the former SS officers estate at Pullach near Munich.
In 1956 the Gehlen Organisation was transferred to the German Federal Government becoming the West German Intelligence Service (BND). Until his retirement at the end of 1968 General Gehlen was in supreme command of the West German secret service. One of the many colleagues of Gehlen, who returned to post-war Germany was Erich Huttenheim, who had been head of the cryptanalytic unit of the cipher department of the High Command of the Wehrmacht. (5) He used the name Erich Hammerschmidt and worked for the Gehlen Organisation and its successor the BND. He was one of the architects of Operation Rubicon.
CIA AND BND BUY CRYPTO
After the 1967 rebuff from Hagelin the Germans did not give up on the idea of buying Crypto. In a meeting in early 1969 at the West German Embassy in Washington, the head of that country’s cipher service, Wilhelm Goeing, outlined the proposal to buy Crypto AG and asked whether the Americans were interested in becoming partners. CIA director Richard Helms approved the idea and dispatched a subordinate to Bonn, the West German capital, to negotiate terms. In the discussions the Americans got German agreement to exclude the French from the deal. Hagelin was bought out in the joint CIA/BND deal for £5.75million. Liechtenstein based law firm, Marxer and Goop, helped hide the identities of the new owners of Crypto through a series of shell companies that required no shareholder names in registered documents.
From 1970 on, the CIA and its code-breaking sibling, the National Security Agency (NSA), controlled nearly every aspect of Crypto’s operations — presiding with their German partners (BND) over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets. Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by them, Britain, the other Five Eyes countries and Israel. (6)
To protect its market position Crypto and its secret owners engaged in smear campaigns against rival companies and plied government officials with bribes funded by the CIA. There are many examples of the use made of Crypto by the West.
- In 1978, during the Egyptian–Israel peace negotiations at the US President’s retreat at Camp David, the NSA secretly monitored Egyptian President Sadat’s communications back to Cairo and fed the information to Israel.
- In the 1981 Falklands War the Americans provided Britain with military intelligence via their monitoring of the Argentinians’ messages.
- In 1989 the Vatican’s use of Crypto devices proved crucial in the US hunt for the Panamanian leader, Manuel Antonio Noriega. When Noriega sought refuge in the Apostolic Nunciature - the equivalent of a papal embassy – his whereabouts were exposed by the mission’s messages back to the Vatican City.
- The Washington Post also reported that the US was well aware of the planned assassinations of many opposition leaders in South America.
JAMES BAMFORD'S INVESTIGATIONS
In the 1980s James Bamford was researching for his book The Puzzle Palace about the US National Security Agency (NSA) and came across references to the “Boris project” in William Friedman’s papers. Bamford also discovered that a former NSA director, Lt. General Marshall Carter, had bequeathed his papers to the research library at the Virginia Military Institute. These papers included personal handwritten correspondence from Carter’s counterpart in Britain at Government Communications Headquarters (GCHQ) about “listening posts, cooperative agreements and other sensitive topics”. (7) Following the US Senate’s Church Committee hearings Bamford also got most of the US Department of Justice’s report on its criminal investigation of the NSA. (8) This contained a good deal of information about the NSA-GCHQ close relationship. Bamford wrote to George Gapp, the GCHQ senior liaison officer with the NSA, indicating that the papers implicated GCHQ in Operation Minaret, the illegal NSA programme directed against American citizens. The NSA history dryly noted that “GCHQ was not amused about the disclosure”.
That close relationship with the US led GCHQ to become a place to store the huge amounts of telephone call data that American intelligence agencies were scooping up. This helped to cement the close relationship between GCHQ and the Post Office. For instance, the two collaborated extensively on ways to automatically recognise who is talking during a phone call.
Following the publication of Bamford’s Puzzle Palace President Reagan issued an Executive Order in 1982 which eliminated the prohibition on re-classifying documents. The NSA raided the Virginia Military Library, stamped many of the Friedman documents secret and ordered them to be put back into the vault.
CIA BUYS OUT BND
Hans Bűhler, one of the top sales representatives of Crypto, frequently travelled to Arab countries selling cypher machines. Iran had always been one of Crypto’s most loyal customers despite the fact that in 1979 when the Shah was overthrown a new regime took over. In March 1992 Bűhler was arrested in Iran and after nine months of interrogation he was released after bail of US $1million had been paid. BND raised the money and it was transferred to Crypto through their covert mechanism. Bűhler had been unaware of the secret ownership of Crypto, but following his imprisonment and interrogation in Iran, he became suspicious and with the assistance of other distrustful Crypto employees he delved into its murky world. In 1994 the CIA learned that Bűhler was about to disclose the secret relationship between Crypto and Western Intelligence. The CIA wanted him bought off rather than taking legal action to keep him quiet. However, Bűhler refused and it was decided to take out a lawsuit which restrained him from talking to the press. The CIA’s strategy was to draw out the process for years. However, this was in the early years of German re-unification and the issue shook the German government so BND was pulled out of Crypto in 1994. Secretly the CIA bought out BND for $17million and so was now the sole owner of Crypto.
In 1995 Scott Shane of the Baltimore Sun interviewed Bűhler, and as this was in breach of Bűhler’s restraining order, the CIA saw their chance and went for an out-of-court settlement. Bűhler was forced to declare there were no grounds for his accusation against Crypto and Crypto agreed to pay his legal bills. With the settlement Bűhler had been silenced.
The CIA/NSA continued to use Crypto to spy on the world’s spies, military, diplomats and governments long after the end of the Cold War until it was sold in 2018.
SPYING MOVES FROM HARDWARE TO SOFTWARE
With technological developments and the move, in terms of importance, from hardware to software, Crypto had become less relevant and, squeezed by encryption technology, it was overtaken by companies and platforms such as Google, Microsoft, Yahoo, Facebook, YouTube and Apple.
According to James Bamford, and confirmed by the whistleblower Edward Snowden, NSA’s metadata collection programme now “targets everyone in the country old enough to hold a phone”. Bamford wrote, “The gargantuan data storage facility NSA has built at Utah will eventually hold zettabytes (1,000,000,000,000,000,000,000) of information. The massive super computer that the NSA has built in Oak Ridge, Tennessee, can search through it all at exaflop (1,000,000,000,000,000,000 operations per second) speeds.” (9) (10)
Crypto had served its purpose of spying on the world for decades and was sold in 2018. It was broken into two parts: Cy One Security in a management buy-out and Crypto International AG. Cy One’s only customer is the Swiss government. Following the revelation of the secret ownership of Crypto in February 2020 by the Washington Post, the Swiss government withdrew the export licence of Crypto International AG. In July 2020 Crypto International AG laid off 83 of its 85 staff. The CIA and BND documents indicate that the Swiss government was aware for decades of Crypto’s long denied secret owners. Not for the first time this brings into question Switzerland’s cherished claims of neutrality.
Crypto AG’s spying on the world may have ended but surveillance and spying by the CIA, NSA and its allies including GCHQ continues with new, even more sophisticated methods and it is done on an industrial scale as revealed by Edward Snowden.
(1) Miller, Greg, “The Intelligence Coup of the Century”, Washington Post, 11 February 2020.
(2) Ward, Mark, Technology Correspondent, “How GCHQ Built on a Colossal Secret” BBC News, 5 May 2014. Carrera, Gordon, Security Correspondent, “How NSA and GCHQ spied on the Cold War World”, BBC News, 28 July 2015.
(3) Dobson, C., and Payne, R., p.104, “The Dictionary of Espionage”, pub. Grafton, 1984.
(4) Gehlen, Reinhard, p.26, “The Gehlen Memoirs”, pub. Collins, 1972.
(5) Wehrmacht: German armed forces of all three services from 1933 to 1945.
(6) The Five Eyes are the intelligence agencies of the USA, Britain, Australia, New Zealand and Canada.
(7) Bamford, James, “The NSA and Me”, The Intercept, 2 October 2014.
(8) The US Senate Committee to “study Governmental Operations with respect to Intelligence Activities” was chaired by Senator Frank Church and became known as the Church Committee. It was set up in 1975 to investigate abuses by the CIA, NSA, FBI and the Internal Revenue Service. This led to the Department of Justice’s criminal investigation which was never concluded.
(9) A zettabyte is a measure of storage capacity and is sextillion bytes (1021). An exaflop is one quintillion (1018) floating point operations per second. To match what a one exaflop computer system can do in just one second, you would have to perform one calculation every second for 31,688,765,000 years.
(10) Bamford, James, “The NSA and Me”, The Intercept, 2 October 2014.