Memos confirm secret NSA deal with leading cryptography vendor

William FriedmanIn 2007 I wrote in my “National Security Agency: The Historiography of Concealment” that America’s leading signals intelligence agency had made a secret deal with Crypto AG, a Swiss-based manufacturer of cryptographical equipment. The agreement, which lasted for much of the Cold War, allowed the NSA to read the classified messages of dozens of nations that purchased encoding equipment from Crypto AG. As I expected, the claim drew criticism from individuals connected with Crypto AG, including company scientists, who argued that the Swiss manufacturer would never have agreed to a deal that undermined its professional reputation as a trusted and neutral vendor of cryptological devices. Now, however, the BBC has revealed two recently declassified NSA memos that provide concrete proof of the deal.

My 2007 claim was based on a string of well documented allegations that surfaced in the early 1980s. While conducting research for his seminal book The Puzzle Palace, historian James Bamford came across references to Project BORIS, which involved a pact between the NSA and the Swiss company. To be precise, the deal appeared to have been struck between the Swiss inventor and Crypto AG founder Boris Hagelin and William F. Friedman, an American cryptologist who led the Armed Forces Security Agency, a forerunner of the NSA. The two men were united by a deep personal friendship, which was forged during World War II by their mutual hatred of Nazism.

Bamford’s claim was echoed in 1996 by Scott Shane and Tom Bowman, reporters for The Baltimore Sun. In a six-part investigative series about the NSA, the two journalists wrote that Friedman visited Hagelin during a trip to Switzerland in 1955 and asked for his help so that American could dominate its Cold War rivals. According to Shane and Bowman, Hagelin agreed and built a type of cryptological backdoor in Crypto AG’s devices, which allowed the NSA to read millions of messages for many decades. The company, of course, reacted furiously, saying that claims of a secret deal were “pure invention”.

On Thursday, however, BBC security correspondent Gordon Corera confirmed that a BBC investigation of 55,000 pages of documents, which were declassified by the NSA in April, found proof of the secret agreement. The declassified material, said Corera, contains two versions of the same NSA memorandum, as well as an earlier draft, which refer to a “gentleman’s agreement” between Friedman and Hagelin. Under the agreement, Crypto AG would inform the NSA about periodical changes to the technical specifications of its encoding machines. The company would also provide the American spy agency with detailed lists showing the precise models purchased by various national governments around the world. Furthermore, Crypto AG agreed not to sell the more advanced, customizable models of its equipment to countries viewed by Washington as directly adversarial. This, says the BBC, amounted to Crypto AG deceiving some of its customers, by offering them “watered-down versions” of its encoding devices.

Corera notes that there is no evidence in the memos that Crypto AG built any kind of back door in its devices for use by the NSA. Instead, by providing the American agency with detailed operational knowledge of the devices, it enabled American codebreakers to reduce the time and effort needed to break encoded messages intercepted by the NSA.

There are a couple of minor errors in Corera’s article. For instance, the “father of American code-breaking” is not Friedman, as he claims, but Herbert Yardley, who led the so-called Black Chamber (also known as the Cipher Bureau) in 1919, long before Friedman was in the picture. Additionally, he fails to mention Bowman’s contribution to Shane’s Baltimore Sun article, which was published in 1996, not 1995, as he writes. These minor errors aside, however, the BBC discovery is absolutely crucial for our understanding of cryptological history in the Cold War.

Author: Joseph Fitsanakis | Date: 31 July 2015 | Permalink

News you may have missed #858

Recep Tayyip ErdoğanBy IAN ALLEN | intelNews.org
►►The FBI facilitates NSA’s domestic surveillance. Shane Harris writes in Foreign Policy: “When the media and members of Congress say the NSA spies on Americans, what they really mean is that the FBI helps the NSA do it, providing a technical and legal infrastructure that permits the NSA, which by law collects foreign intelligence, to operate on US soil. It’s the FBI, a domestic US law enforcement agency, that collects digital information from at least nine American technology companies as part of the NSA’s PRISM system. It was the FBI that petitioned the Foreign Intelligence Surveillance Court to order Verizon Business Network Services, one of the United States’ biggest telecom carriers for corporations, to hand over the call records of millions of its customers to the NSA”.
►►Egypt expels Turkish ambassador. Egypt says it has ordered the Turkish ambassador to be expelled, following comments by Turkey’s prime minister. Saturday’s decision comes after Turkish Prime Minister Recep Tayyip Erdoğan renewed his criticism of Egypt’s new leaders earlier in the week. Turkey and Egypt recalled their ambassadors in August following Turkey’s sharp criticism of Egypt’s leaders and Mohamed Morsi’s ouster. Turkey’s ambassador returned to Egypt a few weeks later, but Egypt has declined to return its ambassador to Turkey. Turkey’s government had forged a close alliance with Morsi since he won Egypt’s first free presidential election in June of 2012.
►►The internet mystery that has the world baffled. For the past two years, a mysterious online organization has been setting the world’s finest code-breakers a series of seemingly unsolvable problems. It is a scavenger hunt that has led thousands of competitors across the web, down telephone lines, out to several physical locations around the globe, and into unchartered areas of the “darknet”. Only one thing is certain: as it stands, no one is entirely sure what the challenge —known as Cicada 3301— is all about or who is behind it. Depending on who you listen to, it’s either a mysterious secret society, a statement by a new political think tank, or an arcane recruitment drive by some quasi-military body. Which means, of course, everyone thinks it’s the CIA.

News you may have missed #814

Ilir KumbaroBy IAN ALLEN | intelNews.org |
►►Israel accuses Palestinian of spying for Hezbollah. Israel’s Shin Bet internal security agency says a Palestinian man has been charged with relaying information to Hezbollah in Lebanon about sensitive government sites, including parliament. It identified the suspect as Azzam Mashahara, a resident of east Jerusalem, which Israel captured in 1967. Palestinian residents of east Jerusalem, unlike Palestinians from the West Bank or the Gaza Strip, have Israeli identity cards that allow them to travel freely within Israel. Mashahara was charged with maintaining contacts with a foreign agent and relaying information to the enemy.
►►UK agency tries to crack coded message from WWII-era carrier pigeon. The note, written on official stationary with the heading “Pigeon Service,” was discovered in a red canister attached to the skeletal leg of a pigeon in a chimney in Surrey, England. The message is made up of 27 seemingly random five-letter blocks and though it’s undated, government analysts believe the pigeon met his end while on a secret mission during the Second World War. The note is signed “Sjt W Stot” and was intended for the destination “XO2”. In a statement, Britain’s Government Communications Headquarters (GCHQ), said that during the war secret communications would often utilize specialized codebooks “in which each code group of four or five letters had a meaning relevant to a specific operation, allowing much information to be sent in a short message”. The GCHQ said that those messages may have been put through an additional layer of security by being re-coded with what’s known as a one-time pad.
►►Albania court convicts fugitive ex-spy chief. An Albanian court has convicted Ilir Kumbaro, the country’s fugitive former intelligence chief, of murder for the 1995 death of a suspect who was illegally detained for an alleged plot to murder the President of the Republic of Macedonia. The victim, businessman Remzi Hoxha, an ethnic Albanian from Macedonia, was abducted by the secret police 17 years ago along with two other suspects for allegedly planning to kill then-Macedonian President Kiro Gligorov during a visit to Albania. The court said the three suspects were held illegally and tortured during questioning. Kumbaro traveled to Britain in 1996 under a false identity, claiming to be a refugee from Kosovo. He has been missing for a year, after skipping an extradition hearing in London. Hoxha was never found and is presumed to have died in custody.

News you may have missed #801

Alan TuringBy IAN ALLEN | intelNews.org |
►►Israel charges Arab man with spying for Hezbollah. Israel has charged Milad Khatib, a 26-year-old Arab Israeli truck driver, who was arrested a month ago, with spying for Hezbollah, making contact with a foreign agent, conspiring to aid the enemy and belonging to an illegal group. According to the indictment, Khatib was in contact with a man named Barhan, a Hezbollah agent who operated in various European locations. The two allegedly met several times between 2007-2009 in Barhan’s home in Denmark, with all of Khatib’s expenses, including food, hospitality and entertainment, covered by Barhan.
►►Britains’ GCHQ praises Alan Turing legacy. In a rare public speech, Iain Lobban, the Director of GCHQ, Britain’s signals intelligence agency, has praised the legacy of British mathematician and codebreaker Alan Turing. Widely considered the father of computer science and artificial intelligence, Turing committed suicide in 1954, after the British government prosecuted him for being a homosexual. In 2009, British Prime Minister Gordon Brown offered a public apology for Turing, who is also credited with cracking the Nazi Enigma code —a vital part of the Allied effort in World War II.
►►Canada’s SIGINT agency to get new headquarters. Canada’s electronic spy organization believes that the state-of-the-art headquarters now being built in an Ottawa suburb will make it a leader among its allies and attract the best and brightest of spies, according to newly released Canadian government documents obtained by The Ottawa Citizen. When finished in 2015-16, the Canadian Communications Security Establishment’s new $880-million spy campus in Gloucester is expected to be home to more than 1,800 employees.

News you may have missed #0111

  • Obama supports extending USA PATRIOT Act domestic spy provisions. The move confirms the US President’s support for the Act, whose warrantless communications monitoring provisions he approved with his Senate vote in 2008.
  • Poland jails alleged Belarusian spy. The man, known only as “Sergei M.” was sentenced Wednesday to five-and-a-half years in prison by a Warsaw district court for spying against Poland between 2005 and 2006. Meanwhile in Belarus four local army officers are still on trial, accused of spying for Poland.
  • Tolkien was trained as a British spy. Novelist JRR Tolkien, whose day occupation was in linguistics research, secretly trained as a British government spy in the run up to World War II, new documents have disclosed.

Bookmark and Share

News you may have missed #0106

  • North Korean succession rumor mill now silent. Rumors circulated last summer by South Korean intelligence sources, that Kim Jong Il was on his deathbed and was about to be replaced with his son, Kim Jong Un, have gone quiet, after the health of the “Great Leader” appears to have miraculously improved. Some now believe Pyongyang may have deliberately fed those rumors to discern reactions among senior North Korean officials in Kim John Il’s circle.
  • UK government issues apology for treatment of gay cryptanalyst after 57 years. British Prime Minister Gordon Brown has said he is sorry for the “appalling” way World War II code-breaker Alan Turing was treated by British authorities for being gay. In 1952, Turing was prosecuted for gross indecency after admitting a sexual relationship with a man. Two years later, he killed himself. He is most famous for his code-breaking work at Bletchley Park, also known as Station X, during WWII, where he helped create the Bombe that cracked messages enciphered with the German Enigma machines.
  • Ex-chief of Greek secret services to stand for far-right party. Yannis Korantis, who was axed two months ago from his post as chief of Greece’s State Intelligence Service (EYP), said he will stand for extreme-right party LAOS in next month’s parliamentary elections. Notorious neo-Nazi Dimitris Zafeiropoulos, who recently joined LAOS, said he would also stand for the party in Patras, in the northern Peloponnese. LAOS entered parliament for the first time in 2007, with 3.8 percent of votes and 10 parliamentarians.

Bookmark and Share

Has Skype’s VOIP encryption been broken?

NSA HQ

NSA HQ

By IAN ALLEN | intelNews.org |
I have explained before that the US National Security Agency (NSA) and other intelligence agencies have found it impossible to intercept Skype’s instant messaging and voice traffic. Like other voice-over-Internet protocol (VOIP) communications providers, Skype uses technology that converts audio signals to data, and transports them through most of the Internet infrastructure in binary, rather than audio, format. Furthermore, Skype uses very complex algorithms to encrypt its customers’ communications. Skype has repeatedly pointed to the technical complexities of VOIP communications, arguing that it is often technically impossible to facilitate communications interception requests by government authorities. There are rumors among communications interception specialists that the NSA is offering billions to anyone who can come up with a reliable eavesdropping model for Skype. Remarkably, on August 25, a Swiss software developer released what he claims is the source code of a program for tapping into encrypted Skype communications. I don’t know whether the source code (essentially a trojan) is effective. He claims it is. If this is confirmed, then several people in Fort George F. Meade, Maryland, will be really close paying attention.

Bookmark and Share

Follow

Get every new post delivered to your Inbox.

Join 977 other followers