 |
|
| Donate for the Cryptome archive of files from June 1996 to the present |
8 March 1997
Source: Photocopy by Anonymous
The Baltimore Sun, About December 4, 1995, pp. 9-11.
No Such Agency Part Four
Rigging the Game
Spy Sting: Few at the Swiss factory knew the mysterious visitors were
pulling off a stunning intelligence coup -- perhaps the most audacious in
the National Security Agency's long war on foreign codes.
By Scott Shane and Tom Bowman, Sun Staff
Zug, Switzerland. For four decades, the Swiss flag that flies in front of Crypto AG has lured customers from around the world to this company in the lake dis- [words missing] most sensitive diplomatic and military communications value Switzerland's reputation for business secrecy and political neutrality. Some 120 nations have bought their encryption machines here.
But behind that flag, America's National Security Agency hid what may be the intelligence sting of the century. For years, NSA secretly rigged Crypto AG machines so that U.S. eavesdroppers could easily break their codes, according to former company employees whose story is supported by company documents.
The value to NSA of such an intelligence windfall is hard to exaggerate. For NSA effortlessly to read coded messages between top officials of many countries is the equivalent of recruiting reliable spies in key government posts around the world, receiving minute-by-minute reports from them and never risking that they will be unmasked.
NSA appears to have pulled off an international sleight of hand as brazen and brilliant as the original Trojan horse by winning the covert cooperation of the Swiss firm. Wary of encryption companies in NATO countries, the suspicious governments of such prime U.S. targets as Iran, Iraq, Libya and Yugoslavia bought equipment from Crypto AG (or Crypto Inc.). They never imagined that when they coded their messages with the Swiss machines, they may have been sending an easily unscrambled copy directly to NSA headquarters at Fort Meade.
Many details of the arrangements between Crypto and NSA are not known, including when the rigging began, whether it has ended and which machines were involved. The whole story will he told only when secret U.S. documents are declassified, probably well into the next century.
Crypto rejects the rigging allegations as an invention by disgruntled former employees and denies that its machines were ever designed or altered according to the suggestions of American spies. After reports of cooperation with Western intelligence surfaced in the Swiss press last year, the company wrote to its customers that "manipulation of Crypto AG equipment is absolutely excluded."
But a different tale is told by an accumulation of evidence, including a document obtained by The Sun showing that an NSA cryptographer attended a meeting with Crypto personnel to discuss the design of new machines.
The extraordinary story of Crypto AG is only one example of NSA's 40-year campaign to bypass, break or steal the foreign codes that are the main obstacle to the agency's eavesdropping.
The contest between code-makers and code-breakers dates back many centuries. But NSA has taken the game to unprecedented levels of effort, expenditure and deception.
The agency has amassed the world's largest concentration of supercomputers to produce the number-crunching power necessary to break foreign codes. It has dispatched FBI agents on break-in missions to snatch code books from foreign facilities in the United States, and CIA agents to recruit foreign communications clerks and buy their code secrets, according to veteran intelligence officials.
The agency has imposed secrecy orders on U.S. scientists to prevent them from publishing code-making breakthroughs that might be exploited abroad. It has designed the so-called Clipper chip, an encryption device that would scramble telephone calls to foil eavesdroppers -- except FBI and NSA agents with a warrant who could obtain the secret numeric "keys" to unlock the code.
And NSA has pressured American encryption companies to rig their own machines to permit U.S. eavesdropping, as Crypto is alleged to have done, in return for the export licenses the agency controls.
Today, NSA's need for rigged machines and pilfered code books is greater than ever. An era of inexpensive, virtually unbreakable encryption appears to be imminent. The ancient art of using codes to keep secrets is spreading beyond governments to banks, multinational corporations drug cartels and terrorist groups.
"The window that the U.S. has had to read the communications of other countries is closing," says Stephen T. Walker, a software engineer who began his career at NSA and whose company sells encryption programs.
"The advent of electronic communications opened that window. In World War II, it was incredibly valuable. But technology is closing that window," he says.
In an ironic turnabout, technologies NSA practically invented, in codes, computers and communications, now threaten its mission.
Fiber-optic cable is rapidly replacing microwave transmission as the favored route for telephone traffic.
While a microwave dish or satellite can easily pluck messages from the air, tapping fiber usually requires physical placement of a bug. That's impractical on the scale of NSA's global net.
"When you take something off microwave relay and put it on fiber-optic, basically it's lost [to NSA]," says intelligence expert Jeffrey T. Richelson.
And the communications boom itself threatens to overwhelm NSA's eavesdroppers, who face a problem comparable to performing a chemical analysis of certain interesting drops of water in the Niagara River as it roars over the falls.
Increasingly, the challenge for NSA is merely to isolate terrorists' telephonic plotting from Aunt Olga's birthday calls and faxed orders for olive oil.
"It's going to be a lot tougher for NSA in the future," says retired Adm. Tom Brooks, an NSA veteran, former director of naval intelligence and now an AT&T Corp. executive.
"They're going to have to work a lot harder to do what they've done in the past." he says.
Yet codes have always been the eavesdroppers' most daunting obstacle.
Despite its mathematical brain trust and formidable supercomputers, former intelligence officials say, NSA rarely managed to break the most secure codes of the Soviet Union -- a country, after all, known for its mathematicians and chess masters.
Against lesser opponents, the cryptanalysts at Fort Meade are like a baseball team with good years and bad, runs of incredible luck against particular opponents and endless strings of losses against others.
One NSA analyst recalls that in 1981 the number of translators working on Turkey suddenly shrank from about 25 people to 10.
"I said, 'What the hell's going on?' They said. 'We can't break the new Turkish code.' " he says.
NSA's spectacular success in breaking codes used by the Sandinista government in Nicaragua suddenly ended, a former diplomat recalls, when a shipment of first-class Soviet encryption equipment reached Managua, the capital, and was installed.
When the code-breakers are stumped, NSA draws on the entire arsenal of U.S. espionage.
Sometimes a bug planted in just the right place can help. In a celebrated NSA operation code-named Ivy Bells, divers placed a tap on a Soviet communications cable on the ocean floor north of Japan.
Believing the line secure, the Soviets used weak encryption or none at all. NSA gleaned invaluable weapons data until the operation was betrayed to the KGB by Ronald W. Pelton, an NSA analyst turned Soviet spy, in 1981.
American spies are always on the lookout to steal or purchase cipher manuals and machines.
When foreign code clerks can't be bribed, NSA hopes they become lazy, forgetting to switch a machine to encryption mode or weakening the code by failing to change the numeric "keys" for months on end.
Yet these piecemeal tactics cannot compare with the case involving Crypto.
The customers might see it as consumer fraud on a global scale. But from Washington, it must have seemed an ingenious spying scheme whose benefits could accrue to the United States for decades.
The 'Boris project'
The story begins with Boris C. W. Hagelin, a Russian-born Swede who devised a compact encryption device and sold 140,000 of them to the U.S. Army during World War II, becoming the first cryptography millionaire, accord- [missing words] with another Russian-born cryptographic genius, William F. Friedman, then the leading cryptographer for the U.S. military, later a special assistant to the director of NSA.
After the war. Mr. Hagelin's Swiss factory fed the growing global market created by Cold War mistrust and the parade of newly independent countries.
Crypto became one of the world's largest suppliers of encryption equipment to governments without the expertise to build their own machines.
In 1957, NSA called Mr Friedman out of retirement for a secret mission that involved visiting Mr Hagelin, author Ronald Clark wrote in his 1977 biography of Mr. Friedman.
NSA urged Mr. Clark not to write about Mr Friedman's 1957 trip and two others, suggesting that such revelations could hurt the agency's ability to read foreign secrets, the author wrote.
Writer James Bamford added more clues in his 1982 book on NSA, The Puzzle Palace. Discovering in Mr. Friedman's letters references to a mysterious "Boris project," Mr. Bamford concluded that Mr. Friedman had extracted from Boris Hagelin an agreement to cooperate with American eavesdroppers.
These hints lay unexamined and apparently had no effect on Crypto's business until 1992, when the arrest and imprisonment in Iran of a salesman for Crypto prompted further inquiries.
The salesman, Hans Buehler, was on his 25th trip to Iran on behalf of Crypto when Iranian intelligence agents grabbed him, accused him of spying for the United States and Germany, held him in solitary confinement and interrogated him.
"I was questioned for five hours a day for nine months," Mr. Buehler says. "I was never beaten, but I was strapped to wooden benches and told I would be beaten. I was told Crypto was a spy center."
After nine months,Crypto paid $1 million to win Mr. Buehler's freedom. But a few weeks after Mr. Buehler's triumphant return to Switzerland, Crypto abruptly dismissed him and demanded that he repay the $1 million.
Mr. Buehler was baffled and bitter, he says. In 13 years with the company, he had no inkling that it had cooperated with foreign spies and assumed the Iranians' charges were groundless. But what he learned after he was fired persuaded him otherwise.
He spoke with several former Crypto employees who recounted their belief that the company had long cooperated with U.S. and German intelligence. Some of those same employees spoke with several Swiss journalists and with The Sun.
One former engineer says he first heard that the machines were being "adjusted" from Boris Hagelin Jr., son of the company's founder and sales manager for North and South America. When they were stranded in Buenos Aires, Argentina, for a few days in 1970, the younger Mr. Hagelin complained to the engineer about being forced by his father to rig the machines, the engineer says.
Back in Switzerland, the engineer confronted the elder Mr. Hagelin. The old man, he says, confirmed the deception and justified it with a theory of political paternalism.
"He said different countries need different levels of security," recalls the engineer, who asked not to be identified. While the United States and other leading Western countries required completely secure communications, Mr. Hagelin explained, such security would not be appropriate for the Third World countries that were Crypto's customers.
Mr. Hagelin never explicitly named NSA, the engineer says: "He said we have to do it.... But who is the 'we'? He never exactly defined it."
According to this engineer and several others, the alterations in the designs of various machines were detectable, if at all, only to an expert in cryptologic mathematics.
Sometimes the mathematical formulas that determined the strength of the encryption contained certain flaws making the codes rapidly breakable by a cryptanalyst who knew the technical details.
In other cases, the designs included a "trapdoor" -- allowing an insider to derive the numerical "key" to the encrypted text from certain clues hidden in the text itself.
For a company such as Crypto to rig an encryrption machine so that it hides the key in the encrypted text is like the manufacturer of an armored truck hiding a key to the strongbox in an out-of-sight spot under the hood. The driver, the guards and bank officials don't know about the key, so they assume their cash is safe. But robbers in league with the manufacturer can at any time lift the hood, snatch the key and help themselves to the loot.
On numerous occasions, this engineer says, he was given schematic diagrams for the algorithms, the crucial mathematical formulas that control the encryption. Though the designs were handed over to him by superiors at Crypto, it became clear to him that they were developed outside the company -- by the mysterious U.S. and German visitors who occasionally came to the plant.
One of those visitors the engineer says, was an NSA cryptographer named Nora L. Mackebee. A confidential corporate memorandum of a 1975 meeting, obtained by The Sun, lists "Nora Mackabee" as a participant in the discussion of design details for a new Crypto machine.
Bob Newman, a Motorola engineer, says he attended a number of meetings with Ms. Mackebee and Crypto officials in the 1970s, when Motorola was helping the Swiss firm with the transition from mechanical to electronic machines.
He remembers Ms. Mackebee as one of several "consultants" helping Crypto with its designs and says he had no idea they might be U.S. intelligence agents.
"The consultants knew the senior people at Crypto AG," Mr. Newman recalls. They knew the Zug area and even advised Motorola employees on travel arrangements to Switzerland, he says.
'Imperialistic approach'
In the late 1970s, the mystery visits appear to have stopped. But some former employees allege that the machine-rigging continued, possibly with the cooperation of West German intelligence.
When the senior Mr. Hagelin retired in 1970, he arranged for the German electronics giant Siemens AG to take "managerial control" of Crypto, appointing its chief executives.
The company says the Siemens connection provided sophisticated management and technical expertise. But Siemens' defense electronics division has close ties to German intelligence, and an arrangement may have guaranteed that NSA's rigging would be ended by new management.
Juerg Spoerndli, 46, an engineer who left Crypto last year, says when he designed machines in the late 1970s, he was "ordered to change algorithms under mysterious circumstances" to weaker machines.
After hearing from older engineers about the visits in early years from mysterious Americans, Mr. Spoerndli concluded that NSA was ordering the design changed through German intermediaries. He had mixed feelings about the arrangement.
"I was idealistic," Mr. Spoer says. "But I adapted quickly ... the new aim was to help Big Brother U.S.A. look over these countries' shoulders. We'd say, 'It's better to let the U.S.A see what these dictators are doing."
Privately, he resented the arrangement. "It's still an imperialistic approach to the world. I do not think it's the way business should be done," Mr. Spoerndli says.
Ruedi Hug, a former Crypto technician who also gradually came to the conclusion that the machines were rigged, says he was offended as a Swiss patriot.
"I feel betrayed," says Mr. Hug, now an insurance agent and local politician. "They always told me, "We are the best. Our equipment is not breakable, blah, blah, blah, Switzerland is a neutral country."
After 1979, the cryptologic design of Crypto machines was taken over by a Swedish mathematician, Kjell Ove Widman, the company's "scientific adviser." By contrast with the looser collaborative arrangements of earlier years, Mr. Widman had total authority of Crypto algorithms.
A longtime colleague alleges that Dr. Widman often traveled to Germany, returning with instructions regarding the cryptologic elements of new machines.
"On some occasions, he said that only if he got the algorithms approved could we use it," the colleague recalls. The clear implication, the colleague says, was that outsiders were setting li,its on the strength of the encryption Crypto sold.
Dr. Widman, who left Crypto last year to become director of a mathematical research institute in Stockholm, Sweden, denies that he made any such comments.
His work was never subject to any outside control or pressure, he says.
Shadowy ownership
Precisely why Boris Hagelin might have risked his company's future to cooperate with NSA remains a mystery. His motive may have been Cold War loyalty to the United States, which had made him wealthy, or a secret financial deal.
Since its founding, Crypto's ownership has been hidden behind a shadowy foundation in Liechtenstein created by Mr. Hagelin. apparently as a tax-avoidance plan, says Josef Schnetzer, the company's senior vice president.
In the statement sent to customers last year, Crypto denied that intelligence agencies had ever rigged its machines.
"The belief commonly held by outsiders, that the customer buys a black box, the functioning of which he does not know, has no connection to reality," the company statement said. "No discerning customer would accept such a procedure and no manufacturer trying to cheat or manipulate the equipment would survive in this extremely demanding market."
A former Crypto engineer calls this assertion "ridiculous." Several cryptology experts interviewed by The Sun also say equipment can be rigged so that no customer could tell.
"It's certainly technologically feasible." says Alan T. Sherman, a professor of computer science at the University of Maryland Baltimore.
At the request of The Sun, Dr. Sherman reviewed technical details of the allegations made by the former Crypto engineers. He found them credible, he says.
In answer to charges of machine-rigging, Crypto filed suit last year against Mr. Buehler, its fired salesman. The suit was settled last month, days before former Crypto engineers were to testify that they believed the machines were altered. The parties agreed not to disclose the settlement.
Meanwhile, though, the company has hastened to reassure its customers, business has declined and employees have been laid off.
Ms. Mackebee, the NSA cryptographer who attended Crypto design meetings, retired from the agency a few years ago to the Howard County horse farm she owns with her husband, Lester, another NSA veteran. Asked about her work with Crypto, Ms. Mackebee, 55, was silent for a time and then said, "I can't say anything about that."
Engineers 'turning white'
If crypto AG was offered a deal by NSA in return for rigging its products, it would not be alone. The approach to American firms usually comes during discussions with NSA's export licensing office.
"It is not unheard of for NSA to offer preferential export treatment to a company if it builds a back door into its equipment," says one person with experience in the field. "I've seen it. I've been in the room."
NSA's pitch varies. "Generally with high-level executives it's an appeal to patriotism -- how important it is for us to listen to the world," this source says. "With the mid-level commercial types, it's, 'Do this and well give you preferential export treatment.' To the real technical people, it's, 'Why don't you do this?' And you don't realize what's being suggested until you see the engineers are turning white."
In addition to the carrot of export approvaL NSA also can brandish a stick, this source says. "There's the threat: You'll never get another export approval if you don't start to play ball."
While this source says he has never seen a company executive explicitly agree to such a deal, he and other industry insiders say they believe some U.S. machines approved for export do contain NSA trapdoors. What is certain is that NSA for decades has meticulously scrutinized developments in the U.S. encryption field.
In 1978, when George I. Davida, a University of Wisconsin computer scientist tried to patent an encryption device he invented, NSA slapped a secrecy order on the device. Under the Invention Secrecy Act of 1951, the government can clamp a lid on any invention deemed to be potentially damaging to national security.
Dr. Davida fought back and NSA backed down. But the resulting talks between NSA officials and academic experts led to an agreement under which most, though not all, encryption scientists agree to permit NSA to review their research before publication.
Meanwhile, export controls have discouraged software giant Microsoft Corp. from building strong encryption into its best-selling Windows programs, so that encrypting computer messages remains complicated and most U.S. businesses don't bother. As a result, says Stephen Walker, whose Maryland company writes encryption software, U.S. firms are preyed on by foreign spies. "I don't want [NSA] not to be able to listen to Iraqi terrorists," Mr. Walker says. "But you're hamstringing U.S. industry in the hope of hamstringing some Iraqi terrorist who, if he's smart, can get around it anyway."
Internet privacy
The smart terrorist can, for instance, download from the Internet a program with the folksy name Pretty Good Privacy, or PGP. The work of Phil Zimmermann, a computer consultant and peace activist who works from his home in Boulder, Colo., [missing words] the Internet.
Despite its humble origins, PGP may be too tough even for NSA to break. Its release on the Internet prompted a long-running Justice Department investigation of Mr. Zimmermann for "exporting" the encryption program without NSA's approval.
Mr. Zimmermann's many defenders in the computer world -- one of whom dubbed NSA "the occupation army of cyberspace" -- say trying to stop software such as PGP at the U.S. border is folly when a Baltimore teen-ager's electronic mail may circle the planet on its way to a friend across town. They say PGP is just the beginning of an era in which cheap, powerful encryption automatically protects all electronic communications -- not just government secrets but lovers' whispers, consumers' credit-card orders and corporations' marketing plans, too.
NSA and FBI officials warn that unbreakable encryption could be a terrifying tool for criminals and terrorists. They cite a California case in which police could not inspect a child molesters computer files because they were sealed with PGP.
Mr. Zimmermann says that's regrettable, but counters: "A pedophile can drive up the street and pull little girls into his car. Should we ban cars?" Chinese dissidents, Latvian nationalists and even the Dalai Lama use PGP," he added.
'Accident of technology'
The prospect that NSA might lose its ability to eavesdrop on the world does not appear to trouble Mr. Zimmermann. Until the invention of the telephone, he says, conversations could be protected merely by walking away from the ears of others.
"I think it's an accident of technology that we lost the ability to have private conversations," he says. Encryption such as PGP merely ends the historical fluke of electronic eavesdropping, he argues -- and tough luck for the spies.
Yet the obituary for NSA may be premature.
Once, says Louis W. Tordella, the gray eminence who was the agency's deputy director for 16 years, the Pentagon's research chief solemnly informed him that encryption was improving so fast that NSA "would be out of business in five years."
That was in l981.
"Could technology put NSA out of business?" he asks. "Absolutely. Will it put NSA out of business? That remains to be seen."
[Photos of Crypto AG building, an encryption device, Hans Buehler, Philip Zimmermann and memo listing Nora Mackebee's name. Diagrams showing how cryptography works.]
[End]
[Adjacent article]
NSA technology touches far more than spy world
When you snap a cassette into your tape recorder, boot up your personal computer or give a talking doll to your child, you are tapping into the technological legacy of the National Security Agency.
Your cassette is a miniature version of the first tape cassettes, monsters with 12-inch reels developed by NSA in the 1960s to provide faster access to eavesdropping tapes.
The microchip that permits your child's doll to "speak" probably contains a mathematical formula written by NSA engineers seeking the perfect electronic model for human speech.
And NSA's millions supported the first steps of the infant U.S. computer industry at a time when it had few commercial customers.
Without NSA, "it probably would have taken 10 or 15 years longer to get where we are now in computing technology, says Stephen T. Walker, a prominent software engineer who spent the first years of his career at the agency. "I think their influence was that profound."
The agency's contracts gave a crucial boost to the computer development at "10 or 12 companies -- Control Data, IBM, Cray, GE, RCA, DEC," Mr. Walker says. "They bought the first two or three of everything produced. NSA fostered them to the point that they had a finished product to take to the commercial market."
The story of NSA's influence on American technology has remained largely untold because of the agency's intense secrecy. But the impact has been profound.
The mathematicians, computer scientists and audio experts at Fort Meade have long been high tech consultants to the entire government [missing words] on NSA to try to restore the infamous 18-minute gap in the Nixon White House tapes. When Marine Lt. Col. Oliver L. North started his secret network to supply arms to the contras in Nicaragua, he first went to NSA for 15 encryption machines. When the FBI or CIA needs a piece of high-tech gadgetry, the agencies often turn to NSA's workshops for help.
But NSA's biggest contribution to American technology unquestionably was its early computer history. Back in the early 1950s, when useful "computing machines" seemed a distant prospect, the code-breakers recognized that even a primitive computer would outstrip humans in the search for subtle patterns in seemingly random numbers and letters of coded messages.
First there was Abner, a homely monster developed by the Army Security Agency and passed down to NSA upon the agency's creation in 1952.
"Abner looked like hell," recalled Samuel S. Snyder, 83, a long-retired code-breaker who has written several papers on NSA and the computer. "But it was the most sophisticated computer of its time." Named for the comics character Li'l Abner ("a big strong guy didn't know anything"), the codebreakers' first computer had brains built of vacuum tubes and a memory made from a vial of mercury. It was huge -- "the size of these two rooms," Mr. Snyder says, gesturing at the living room and dining room of his house in Silver Spring.
"This machine kept going, along with a copy built by engineers, for eight years," Mr. Snyder recalls. "Somehow, we never took a picture of the thing" By the late 1950s, NSA had installed Bogart and Solo -- the first "desk computers," Mr. Snyder says. Not desktop: "It was a desk machine because it could fit inside a desk."
Working with IBM, NSA financed Harvest, a transistorized computer delivered in 1962 that was 100 times faster than anything then on the market. Even as Harvest was under way, NSA created a project called Lightning that poured millions into Sperry Rand, RCA, IBM, Philco and GE, producing seminal research on semiconductors and high- [missing words]
"We were always ahead of the country in the number of computers and their power," Mr. Snyder says.
In the mid-1960s, NSA engineers seeking compact, secure communications for the nose cones of nuclear missiles did important, early research on microelectronics.
Later, NSA financed some of the first supercomputers, designed by Seymour Cray, who learned his trade building code-breaking computers in the 1950s. The first Cray supercomputer made its debut in an NSA basement in 1976.
In the last two years, NSA has begun to promote some 40 of its own inventions for commercial adaptation, including devices capable of recognizing faces and fingerprints, and multimedia language-teaching software based on a 30-minute situation comedy. Already, it has licensed a high-speed computing method known as Splash to 11 companies.
Today, an NSA codebreaker on loan to the Johns School of Medicine is exploring how the agency's techniques might help crack the ultimate code: DNA, the genetic blueprint of life itself.
The agency is discussing with University of California astronomers how its radio-spectrum analyzers might scan the universe for extraterrestrial life, according to Dennis J. Sysko, a veteran NSA engineer who heads the new technology transfer program.
While most of the agency's technology remains classified, NSA's willingness to share some inventions with the private sector represents a crack in its traditional armor of secrecy.
"The connections are much more obvious now, since everyone's in the information age," Mr. Sysko says.
"After all," he adds, "we've been in the information age for three decades."
-- Scott Shane
[End]
See the NSA series in The Baltimore Sun. [Online version removed]
See related article in Der Spiegel.