Stories
Slash Boxes
Comments

SoylentNews is people

CIA Owned CryptoAG, Provider of 'Secure' Crypto Products

posted by Fnord666 on Wednesday February 12 2020, @11:03AM   Printer-friendly
from the put-all-your-secrets-in-one-basket dept.

DannyB writes:

'The intelligence coup of the century'

In case of paywall...
CIA Secretly Owned Crypto, the Swiss Company That Ruled Global Spy Comms for Decades, Says Report

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.

The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.

The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.

For the most goodest security, use only one commercial crypto system. Trust it with all your secrets.

Original Submission

 
This discussion has been archived. No new comments can be posted.
CIA Owned CryptoAG, Provider of 'Secure' Crypto Products | Log In/Create an Account | Top | 64 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by JoeMerchant on Wednesday February 12 2020, @02:27PM (2 children)

    by JoeMerchant (3937) on Wednesday February 12 2020, @02:27PM (#957188)

    pretty well trusted and have had their code independently audited

    And, as long as these can be assured to not exfil data, they make a good layer. They're still well known and therefore will be subject to more heavily resourced attack than a DIY layer that only protects a limited subset of data...

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by zocalo on Wednesday February 12 2020, @02:56PM (1 child)

    by zocalo (302) on Wednesday February 12 2020, @02:56PM (#957196)
    Absolutely; it's always going to be down to the usage case. If it's just to prevent casual snooping then even a flawed/badly implemented algorithm is going to be more than sufficient in practice, even so there will almost certainly be some blowback if someone breaks it and you had pitched it as being secure and the sensitivity of the actual data exposed probably won't matter one whit in that instance either. Stepping up to a level where it genuinely can matter if data is secure (PII, for instance), or even more sensitive stuff like access to financial/medical accounts, then you've got potential legal blowback from things like GDPR/HIPAA to deal with and rolling your own starts to look a LOT more risky. On the plus side, we have plenty of options for all scenarios, and I'm pretty sure that at least *some* of them are not backdoored or flawed - the question is "which ones?" Choose wisely...
    --
    UNIX? They're not even circumcised! Savages!

    • (Score: 2) by JoeMerchant on Wednesday February 12 2020, @04:34PM

      by JoeMerchant (3937) on Wednesday February 12 2020, @04:34PM (#957227)

      I fall back on the old proverb: the tallest tree is the first cut down.

      Luckily, crypto stacks, so you can use a very tall tree, plus a bush of your own devising, and when the big tree falls (and don't kid yourself, academics aren't the only ones - or the best resourced ones - chopping away...) that home grown fig leaf will actually provide more security than DES / TwoFish / whatever well trusted standards you have hung your hat on.

      The problem in the article is that people just bought a solution off the shelf and trusted the buzzwords - and be sure the CIA knows all the right buzzwords to put on the shrink-wrap to appeal to their target population of paranoids.

      --
      🌻🌻 [google.com]