Are CIA employees federal employees

A huge espionage operation by the CIA took place in Switzerland

A company in Zug sold encryption devices to half the world - with a back door for the US secret service. The Federal Council opens an investigation.

Kurt Pelda, Res Strehle, Markus Häfliger, Christoph Lenz, Thomas Knellwolf, Oliver Zihlmann

One of the most far-reaching and successful secret service operations since the Second World War is now exposed - with Switzerland at the center. Half a century ago, the USA began to sell manipulated encryption devices via Crypto AG, which is based in the canton of Zug, so that the US could read communications from foreign governments, the military and diplomats. Business with a total of 130 countries flourished for decades and continued until recently. Crypto AG was dissolved in 2018.

The US secret service CIA had controlled the Zug company from the 1970s via a Liechtenstein mailbox company. Until 1993, the partner was the German Federal Intelligence Service (BND). This was the result of research by ZDF and the “Rundschau” of Swiss television, which will broadcast a special on Wednesday from May 20th. Bernd Schmidbauer, secret service coordinator under Chancellor Helmut Kohl, confirmed the American-German approach to the journalists for the first time. The operation “certainly contributed to the fact that the world remained a little safer,” says Schmidbauer.

Governments and armies use encryption devices from Steinhausen in the canton of Zug to encrypt their most secret messages. The devices from Crypto AG were used in wars or for dispatches between embassies and governments.

Why are the revelations now coming? According to his own statements, the freelance journalist Peter F. Müller from Cologne, who works for ZDF, was leaked around 280 pages of files on the Crypto case last year - the so-called Cryptoleaks. He shared the documents with the Rundschau and the Washington Post. After months of checking, the editors involved are convinced that the documents are genuine and come from the CIA and the BND.

According to the journalists, the files describe in great detail and precisely how the Swiss company sold two types of encryption equipment: secure and insecure. The American and German secret services were able to spy on the buyers of the manipulated devices through a built-in back door. Unsuspecting buyers, including countries like Egypt, Iran, Libya or Argentina, did not know how easily their encrypted communication could be decrypted.

First suspicion in the 1990s

The Crypto AG customers trusted in the Swiss cutting edge technology and the neutrality of the country. The CIA and BND took advantage of this, for example in negotiations to free US hostages with Iran, in the Middle East conflict or in investigating terrorist attacks by Libyans against the USA. In the Falklands War, the Americans were able to decipher messages from the Argentines and forward them to the British. Findings from manipulated crypto devices also played a role in the US invasion of Panama in 1989.

The suspicion that Crypto AG had been infiltrated by the American and German secret services first arose publicly in the early 1990s. At that time, the Swiss crypto representative Hans Bühler was arrested in Iran. The company has always vehemently denied the manipulation allegations. There was never any evidence of infiltration.

During the Bühler affair, in 1993, the BND got out of Crypto. The Americans continued, according to journalist Müller's documents. A filing suggests that the CIA single-handedly continued the Zug company and the operation until at least 2012.

Neither the CIA nor the BND have so far responded to short-term inquiries from the Tamedia editorial team.

Former Crypto employees and former exponents of the Swiss intelligence service confirm to the Tamedia editorial team that the Crypto AG devices were manipulated and that American and German secret services were behind it.

Who knew?

Now the central question is when the government agencies were aware of the operation. In the CIA documents, which refer to the early 1990s, according to “Rundschau”, “senior officials” of the Swiss military intelligence service “were generally aware of the role of Germany and the USA in connection with Crypto AG”. According to the documents, you should have protected the operation. “Key people in the government” also knew about the events.

The Federal Intelligence Service (NDB) emphasizes that it has only existed since 2010 and that it does not comment on “decisions or the activities of its predecessor organizations”. He acts “strictly according to the legal requirements” and his activities are controlled by several political and independent authorities. The FIS only commented on its operational activities to the head of the VBS and its supervisory bodies.

The Defense Department (VBS) writes that the events surrounding Crypto AG are “difficult to reconstruct and interpret today”. On January 15, the Federal Council appointed former federal judge Niklaus Oberholzer to “examine the issue and clarify the facts”. Oberholzer should report to the DDPS by the end of June. He is supported by the law firm Kellerhals-Carrard.

According to her department, VBS boss Viola Amherd was informed by the NDB on August 19, 2019 for the first time about “rumors” “about the company Crypto AG”. More detailed information was given on October 31, after which Amherd reported to the Federal Council on November 6. The parliamentary business audit delegation (GPDel) and the independent supervisory authority were then informed about the intelligence activities (AB-ND). The parliamentary group leader of the Green Party, Balthasar Glättli, is now calling on SRF to set up a parliamentary commission of inquiry (PUK).

The federal government itself has obtained encryption systems from Crypto AG for decades, some of which are still in use. In the past few weeks, these systems have been checked for security gaps.

The specialist office for cryptology within the command support base (FUB) of the armed forces is responsible for such controls. According to the DDPS, the all-clear was given: "Based on current knowledge, weaknesses in the encryption systems supplied to Swiss authorities can be ruled out."

Economy Minister Guy Parmelin has also become active. Startled by the research, the SVP Federal Council suspended the general export license for internationally active successor companies of Crypto AG in mid-December - "until the situation and the open questions have been clarified," as the Department of Economic Affairs explains on request. The handling of individual export applications is still possible - at least in theory. In fact, individual applications are pending, but they have not yet been approved, the department reports.

The withdrawal of the export license affects Crypto International, as confirmed by its CEO and sole owner Andreas Linde. According to its own statements, Linde has "still not received a clear statement" from the State Secretariat for Economic Affairs (Seco) for the withdrawal: "We have tried on numerous occasions to get an appointment with the Seco, but without success." This situation is "extremely challenging" for the company, since all products are exported from Switzerland.

Crypto International - Linde continues - is completely separate and independent of the dissolved Crypto AG: "We have a different owner, a different management and a different strategy, also with regard to the development of our security technology." In 2018 he bought the brand name, the sales network and other things from Crypto AG, but he emphasized: "We have nothing to do with Crypto AG and we certainly have no relationship with American or German secret services." He trusts all of his employees and the solutions they sell are safe and trustworthy.

A second successor company to Crypto AG based in the canton of Zug focuses on the Swiss market: CyOne Security AG, founded in January 2018. The company emphasizes that it has been 100 percent owned by four Swiss private individuals since it started operating and that it is completely independent of the former Crypto AG and that it has “no connections to foreign secret services”. There are "no related dependencies".

Found a bug? Report it now.

This article was automatically imported from our old editorial system to our new website. If you come across display errors, we ask for your understanding and a hint: [email protected]