CIA has been secretly selling encryption equipment in 120 countries through Crypto AG for decades

A hot potato: Encryption is supposed to be one of the most effective ways to secure data and communications. Sometimes, that fails spectacularly in the face of clever tactics such as those employed by the CIA for decades. It turns out US intelligence and German intelligence secretly owned the leading global supplier of encryption equipment used by 120 countries, which allowed them unfettered access to pretty much any communication from both allies and adversaries.
The Trump administration may be quick to show their mistrust of Huawei and Chinese tech companies in general, but it turns out it might actually be afraid the Chinese government could have been setting up the most powerful spying tools through mobile devices and telecom infrastructure.

According to a report from the Washington Post and German broadcaster ZDF, no less than 120 governments around the world have been buying encryption equipment and software from the same company called Crypto AG.

What they didn’t know is that it’s jointly owned by the US and German intelligence agencies, who signed a highly classified partnership to use it as a platform to sell products designed to be easy to crack and thus perform surveillance whenever they needed.

This has been supposedly going on for over half a century, and is described as “one of the most closely guarded secrets of the Cold War.” The goal of the project — dubbed “Thesaurus” and later “Rubicon” — was to give the US and Germany access to sensitive communications from all allies and adversaries except China and the Soviets, taking their money and exploiting their gullibility to hoard their secrets.

Interestingly, there are some that speculate it was actually the NSA that rigged the Crypto AG equipment for the greatest sting operation in modern history, and documents cited by the Washington Post seem to confirm that it was indeed involved in weakening the encryption in devices sold by the company. But more importantly, among the clients of the Swiss company were Iran, India, Iraq, Syria, Saudi Arabia, Pakistan, Nigeria, and even the Vatican.

The US and West German spies were able to monitor Iranian mullahs during the 1979 hostage crisis and see how Libyan officials were celebrating a bombing in a Berlin disco seven years later. However, the documents obtained by the Washington Post raise a lot of new questions, including whether the US had chosen to simply watch some of the world’s biggest atrocities unfold without intervening as a way to preserve its intelligence advantage.

German BND withdrew its ownership of Crypto AG — referred to as Minerva in documents — in the 1990s, while the CIA hung to it until 2016. Today, only a small number of countries still use the company’s encryption systems, but that could come to an abrupt end as the Swiss government revoked Crypto AG’s export license soon after the report from Washington Post was published, pending an investigation.