18

Backstory

Crypto AG was a company located in Switzerland that specialized in communication security. They produced a number of encryption machines (some similar to the infamous Enigma) used for secure communication.

The company was secretly bought in 1970 by the CIA and the German intelligence agency BND. It has recently been revealed (11. February 2020) that the CIA & BND were responsible for installing backdoors in Crypto AG's machines (with knowledge of some high level Swiss state officials). The operation was first known by the code name "Thesaurus" and later "Rubicon".

Crypto AG was apparently a desirable target for it's neutrality as it is a Swiss company and because they sold products to over 120 governments (Iran, Argentinia, Italy, Vatican City, UNO, etc.), indifferent of political orientation.

Edit: Further information

Machines / designs that were definitely and intentionally compromised:

  • C52 / CX52, first manufactured in 1951

    Many of the C-52 and CX-52 machines sold by Crypto AG were compromised to benefit the US and British national signals intelligence agencies, National Security Agency (NSA) and Government Communications Headquarters (GCHQ), respectively. (Wikipedia)

  • H460, first manufactured in 1967

    In 1967, Crypto released the H-460, an all-electronic machine whose inner workings were designed by the NSA.

    The warning proved prescient as Caflisch (American electrical engineer who applied and subsequently was hired by Crypto AG without knowledge of the American intelligence services) soon began probing the vulnerabilities of the company’s products. She and Spoerndli, a colleague in the research department, ran various tests and “plaintext attacks” on devices including a teletype model, the HC-570, that was built using Motorola technology, Spoerndli said in an interview.

    […]

    “The algorithms,” he said, “always looked fishy.”

    In the ensuing years, Caflisch continued to pose problems. At one point, she designed an algorithm so strong that NSA officials worried it would be unreadable. The design made its way into 50 HC-740 machines rolling off the factory floor before company executives discovered the development and stopped it. (Washington Post)

Machines / designs that were compromised with (so far) uncertain involvement of intelligence agencies (I have not yet found any reference other than Wikipedia mentioning these machines):

  • CD57, first manufactured in 1957

    Sullivan shows how the CD57 can be attacked using a hill climbing search technique. (Wikipedia)

Questions

These backdoors (as others) could apparently be achieved on the basis of mathematical principles.

My questions are:

  • How did the machines work?
  • How exactly did the backdoors work?
Patriot
  • 3,162
  • 3
  • 20
  • 66
AleksanderCH
  • 6,511
  • 10
  • 31
  • 64

1 Answers1

2

TL;DR

Some machines contained manipulated key generators. Other algorithms of key generators could have been reverse-engineered by the German and US intelligence services.

The following machines were deliberately manipulated:

  • C52 / CX52 (1951)
  • H460 (1967)
  • MCC-314 (1972)
  • CD57 (1957)

Details about some machines are now public.

The following information was taken from the Rundschau (Swiss political show) report.

MCC-314

Employees of the Bundesnachrichtendienst (BND, German Federal Intelligence Service) disguised as Siemens employees increasingly requested that changes had to be made to the development of the MCC-314 machines.

The chief designer (Crypto AG internal employee) of the MCC-314 observed that the requested changes would ultimately lead to a weakness of the security in the machines. After finding this weakness (he used the wording "backdoor") he informed an employee, Bruno von Ah (Crypto AG engineer), about this weakness. He also voiced concerns internally at the Crypto AG about the machines. Shorty after he was fired without notice.

After being fired he then informed the Swiss Ministry of Justice that the Crypto AG is selling deliberately manipulated machines.

The "Minerva" report, documenting the Crypto AG Operation, noted:

When X (redacted name of the chief designer) was fired in 1978, he had, unknown to either of the Partners, raised charges of manipulation of CAG gear to the Swiss Ministry of Justice.

The Swiss Federal Archives noted:

Cipher devices [...] had been provided with manipulated key generators, which gave the intelligence services of the BRD (West Germany) and the USA the possibility to decode the message.

Regarding these reports we can strongly assume that the "backdoors" for the MCC-314 machines were made possible due to the manipulated key generators.

The brochure of the MCC-314 details the inner workings of the machine as follows:

The clear digital information fed from the transmission channel is processed in a key-computer. The process is carried out on the basis of a key chain that is continuously generated from the basic key stored in the magnetic core memory.

CX52

CX52 with a random tape

The CX52 can make use of a random tape, which is used as a one-time pad (OTP) - this version is called "CX52/RT".

The random tapes for these machines were generated by a "cipher generator" (in this context comparable to a random number generator).

Bruno von Ah notes:

"I received a design to develop a cipher generator. When the cipher generator was finally working and the random tape was punched, the CEO came and took the random tape into his office. I then thought to myself 'what is our CEO doing with that random tape?' Later I assumed that different actors / parties wanted to know how this cipher generator worked in detail."

From these comments we can assume that the random tape was analyzed to infer (reverse engineer) how the cipher generator worked (and subsequently rebuild the random tape to decypher encypted messages).

AleksanderCH
  • 6,511
  • 10
  • 31
  • 64