Washington: For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for US troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.
The account identifies the CIA officers who ran the programme and the company executives entrusted to execute it. It traces the origin of the venture as well as the internal conflicts that nearly derailed it. It describes how the United States and its allies exploited other nations’ gullibility for years, taking their money and stealing their secrets.
The operation, known first by the code name “Thesaurus” and later “Rubicon,” ranks among the most audacious in CIA history.
“It was the intelligence coup of the century,” the CIA report concludes. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
From 1970 on, the CIA and its code-breaking sibling, the National Security Agency, controlled nearly every aspect of Crypto’s operations — presiding with their German partners over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets.
Then, the US and West German spies sat back and listened.
They monitored Iran’s clerics during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.
The programme had limits. America’s main adversaries, including the Soviet Union and China, were never Crypto customers. Their well-founded suspicions of the company’s ties to the West shielded them from exposure, although the CIA history suggests that US spies learnt a great deal by monitoring other countries’ interactions with Moscow and Beijing.
There were also security breaches that put Crypto under clouds of suspicion. Documents released in the 1970s showed extensive — and incriminating — correspondence between an NSA pioneer and Crypto’s founder. Foreign targets were tipped off by the careless statements of public officials including President Ronald Reagan. And the 1992 arrest of a Crypto salesman in Iran, who did not realise he was selling rigged equipment, triggered a devastating “storm of publicity,” according to the CIA history.
But the true extent of the company’s relationship with the CIA and its German counterpart was until now never revealed.
The German spy agency, the BND, came to believe the risk of exposure was too great and left the operation in the early 1990s. But the CIA bought the Germans’ stake and simply kept going, wringing Crypto for all its espionage worth until 2018, when the agency sold off the company’s assets, according to current and former officials.
The company’s importance to the global security market had fallen by then, squeezed by the spread of online encryption technology. Once the province of governments and major corporations, strong encryption is now as ubiquitous as apps on cell phones.
Even so, the Crypto operation is relevant to modern espionage. Its reach and duration helps to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden.
All the while, Crypto generated millions of dollars in profits that the CIA and BND split and ploughed into other operations.
Crypto’s products are still in use in more than a dozen countries around the world, and its orange-and-white sign still looms atop the company’s longtime headquarters building near Zug, Switzerland. But the company was dismembered in 2018, liquidated by shareholders whose identities have been permanently shielded by the Byzantine laws of Liechtenstein, a tiny European nation with a Cayman Islands-like reputation for financial secrecy.
Need for encryption device
The sprawling, sophisticated operation grew out of the US military’s need for a crude but compact encryption device.
Boris Hagelin, Crypto’s founder, was an entrepreneur and inventor who was born in Russia but fled to Sweden as the Bolsheviks took power. He fled again to the United States when the Nazis occupied Norway in 1940.
He brought with him an encryption machine that looked like a fortified music box, with a sturdy crank on the side and an assembly of metal gears and pinwheels under a hard metal case.
It wasn’t nearly as elaborate, or secure, as the Enigma machines being used by the Nazis. But Hagelin’s M-209, as it became known, was portable, hand-powered and perfect for troops on the move. Photos show soldiers with the eight-pound boxes — about the size of a thick book — strapped to their knees. Many of Hagelin’s devices have been preserved at a private museum in Eindhoven, the Netherlands.
Sending a secure message with the device was tedious. The user would rotate a dial, letter by letter, and thrust down the crank. The hidden gears would turn and spit out an enciphered message on a strip of paper. A signals officer then had to transmit that scrambled message by Morse code to a recipient who would reverse the sequence.
Security was so weak that it was assumed that nearly any adversary could break the code with enough time. But doing so took hours. And since these were used mainly for tactical messages about troop movements, by the time the Nazis decoded a signal its value had likely perished.
Over the course of the war, about 140,000 M-209s were built at the Smith Corona typewriter factory in Syracuse, New York under a US Army contract worth $8.6 million to Crypto. After the war, Hagelin returned to Sweden to reopen his factory, bringing with him a personal fortune and a lifelong sense of loyalty to the United States.
Even so, American spies kept a wary eye on his postwar operations. In the early 1950s, he developed a more advanced version of his war-era machine with a new, “irregular” mechanical sequence that briefly stumped American codebreakers.
Alarmed by the capabilities of the new CX-52 and other devices Crypto envisioned, US officials began to discuss what they called the “Hagelin problem.”
These were “the Dark Ages of American cryptology,” according to the CIA history. The Soviets, Chinese and North Koreans were using code-making systems that were all but impenetrable. US spy agencies worried that the rest of the world would also go dark if countries could buy secure machines from Hagelin.
The Americans had several points of leverage with Hagelin: his ideological affinity for the country, his hope that the United States would remain a major customer and the veiled threat that they could damage his prospects by flooding the market with surplus M-209s from the war.
The United States also had a more crucial asset: William Friedman. Widely regarded as the father of American cryptology, Friedman had known Hagelin since the 1930s. They had forged a lifelong friendship over their shared backgrounds and interests, including their Russian heritage and fascination with the complexities of encryption.
There might never have been an Operation Rubicon if the two men had not shaken hands on the very first secret agreement between Hagelin and US intelligence over dinner at the Cosmos Club in Washington in 1951.
The deal called for Hagelin, who had moved his company to Switzerland, to restrict sales of his most sophisticated models to countries approved by the United States. Nations not on that list would get older, weaker systems. Hagelin would be compensated for his lost sales, as much as $700,000 up front.
It took years for the United States to live up to its end of the deal, as top officials at the CIA and the predecessor to the NSA bickered over the terms and wisdom of the scheme. But Hagelin abided by the agreement from the outset, and over the next two decades, his secret relationship with US intelligence agencies deepened.
In 1960, the CIA and Hagelin entered into a “licensing agreement” that paid him $855,000 to renew his commitment to the handshake deal. The agency paid him $70,000 (Dh256,900) a year in retainer and started giving his company cash infusions of $10,000 for “marketing” expenses to ensure that Crypto — and not other upstarts in the encryption business — locked down contracts with most of the world’s governments.
It was a classic “denial operation” in the parlance of intelligence, a scheme designed to prevent adversaries from acquiring weapons or technology that would give them an advantage. But it was only the beginning of Crypto’s collaboration with US intelligence. Within a decade, the whole operation belonged to the CIA and BND.
The NSA’s eavesdropping empire was for many years organised around three main geographic targets, each with its own alphabetic code: A for the Soviets, B for Asia and G for virtually everywhere else.
By the early 1980s, more than half of the intelligence gathered by G group was flowing through Crypto machines, a capability that US officials relied on in crisis after crisis.
In 1978, as the leaders of Egypt, Israel and the United States gathered at Camp David for negotiations on a peace accord, the NSA was secretly monitoring the communications of Egyptian President Anwar Sadat back to Cairo.
A year later, after Iranian militants stormed the US Embassy and took 52 American hostages, the Carter administration sought their release in back channel communications through Algeria. Inman, who served as NSA director at the time, said he routinely got calls from President Carter asking how the Ayatollah Khomeini regime was reacting to the latest messages.
“We were able to respond to his questions about 85 per cent of the time,” Inman said. That was because the Iranians and Algerians were using Crypto devices.
Inman said the operation also put him in one of the trickiest binds he’d encountered in government service. At one point, the NSA intercepted Libyan communications indicating that the president’s brother, Billy Carter, was advancing Libya’s interests in Washington and was on leader Muammar Gaddafi’s payroll.
Inman referred the matter to the Justice Department. The FBI launched an investigation of Carter, who falsely denied taking payments. In the end, he was not prosecuted but agreed to register as a foreign agent.
In 1982, the Reagan administration took advantage of Argentina’s reliance on Crypto equipment, funnelling intelligence to Britain during the two countries brief war over the Falkland Islands, according to the CIA history, which doesn’t provide any detail on what kind of information was passed to London. The documents generally discuss intelligence gleaned from the operation in broad terms and provide few insights into how it was used.
Reagan appears to have jeopardised the Crypto operation after Libya was implicated in the 1986 bombing of a West Berlin disco popular with American troops stationed in West Germany. Two US soldiers and a Turkish woman were killed as a result of the attack.
Reagan ordered retaliatory strikes against Libya 10 days later. Among the reported victims was one of Gaddafi’s daughters. In an address to the country announcing the strikes, Reagan said the United States had evidence of Libya’s complicity that “is direct, it is precise, it is irrefutable.”
The evidence, Reagan said, showed that Libya’s embassy in East Berlin received orders to carry out the attack a week before it happened. Then, the day after the bombing, “they reported back to Tripoli on the great success of their mission.”
Reagan’s words made clear that Tripoli’s communications with its station in East Berlin had been intercepted and decrypted. But Libya wasn’t the only government that took note of the clues Reagan had provided.
Iran, which knew that Libya also used Crypto machines, became increasingly concerned about the security of its equipment. Tehran didn’t act on those suspicions until six years later.