Crypto AG

BFounding and Early Operations== (1920s–1950s) - Crypto AG was established in 1920 in Stockholm, Sweden, as Aktiebolaget (AB) Cryptograph by Arvid Gerhard Damm, a Swedish inventor of cipher machines. After Damm’s death in 1927, the company was restructured by Boris Hagelin, a Swedish businessman who joined in 1922 and became a key figure in its growth. Hagelin’s innovations, particularly the C-36 cipher machine, gained traction during World War II. In 1940, facing Germany’s invasion of Norway, Hagelin relocated to the United States, where he secured a contract to produce 140,000 M-209 machines (an improved C-36) for U.S. troops, earning a licensing agreement with the Signal Intelligence Service at Arlington Hall.

In 1948, Hagelin moved the company to Steinhausen, Switzerland, to leverage Swiss neutrality and avoid taxes, reincorporating it as Crypto AG in 1952. The firm became a leading manufacturer of encryption devices, serving governments and militaries worldwide. By the 1950s, it employed about 230 people and maintained offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon, and Steinhausen, with sales in over 120 countries.

Early Ties to U.S. Intelligence[edit]

(1951–1960s) - Crypto AG’s relationship with U.S. intelligence began in the early 1950s, driven by Hagelin’s friendship with William F. Friedman, a pioneer cryptologist who became the National Security Agency’s (NSA) chief cryptologist in 1952. In 1951, at the Cosmos Club in Washington, D.C., Hagelin and Friedman reached a “gentleman’s agreement” to restrict sales of Crypto’s most advanced encryption machines to U.S.-approved countries, while selling older, less secure models to others. This deal ensured the NSA could decrypt communications from non-allied nations. Correspondence between Hagelin and Friedman, later Friedman’s successors Howard C. Barlow and Lawrence E. Shinn, detailed which countries received weaker systems.

In 1952, Hagelin’s lawyer, Stuart Hedden, became a CIA deputy inspector general, facilitating coordination. By the 1960s, as encryption shifted from mechanical to electronic systems, the NSA began manipulating Crypto’s algorithms to create exploitable vulnerabilities. Crypto produced two versions of its machines: secure models for “friendly” governments (e.g., NATO allies) and rigged systems with backdoors for others, allowing the NSA to decode messages easily.

Operation Rubicon[edit]

CIA and BND Ownership (1970–2018) In 1967, Hagelin, nearing retirement, was approached by French and West German intelligence to sell Crypto AG, but he informed the CIA, which opposed French involvement. After negotiations involving the NSA and German intelligence figure Wilhelm Göing, the CIA and West Germany’s Bundesnachrichtendienst (BND) secretly purchased Crypto AG in June 1970 for $5.75 million (equivalent to $47 million in 2024). This marked the start of Operation Rubicon (initially codenamed Thesaurus), described by a leaked CIA history as the “intelligence coup of the century.” The operation was concealed through Liechtenstein front companies and bearer shares, with even most Crypto employees unaware of the true owners.

Ownership Structure: The CIA and BND each held 50% ownership until 1993, when the BND, fearing exposure, sold its share to the CIA for $17 million. The CIA remained the sole owner until 2018, when Crypto’s assets were sold. The operation was managed by a select few, including Crypto’s CEO and one or two board members, who executed CIA and BND directives while maintaining the appearance of a private Swiss firm.

Technical Manipulation: The NSA designed key Crypto devices, such as the H-460 (1967, fully electronic) and H-4605, embedding backdoors to weaken encryption. The CIA and BND collaborated with corporate partners like Siemens (Germany, 5% ownership) and Motorola (U.S.), which advised on technical and business matters while aware of the operation’s purpose. The BND history notes that a rival, Gretag AG, was later acquired by an “American” William Recker and eventually liquidated in 2004, to protect Crypto’s market dominance.

Financial Gains: Crypto AG generated significant profits, with sales rising from 15 million Swiss francs in 1970 to 51 million in 1975 (about $48.6 million in 1975, or $42.6 million in 2018 adjusted for inflation). These funds, often transferred in cash during secret meetings (e.g., in Munich parking garages), supported CIA and BND covert operations namely Operation Gladio, including the acquisition of other encryption firms. By the 1980s, 40% of NSA’s machine-decrypted communications and 90% of BND’s diplomatic reports came from Crypto devices, making Rubicon an “irreplaceable resource.”

Use in Countries That Bought Crypto AG Devices[edit]

Crypto AG sold encryption equipment to over 120 countries, including military juntas in Latin America, nuclear powers like India and Pakistan, Iran, Egypt, Libya, and the Vatican, primarily from the Global South. Major Western adversaries, Russia and China, never trusted Crypto and avoided its products, limiting exposure but allowing the U.S. to monitor their interactions with client states.

Latin America (Operation Condor): Condor nations (Argentina, Brazil, Chile, Uruguay, Paraguay, Bolivia) used Crypto devices like the CX-52 (Brazil) and H-4605 (Argentina, NSA-designed) for secure communications. The CIA and NSA decrypted these, monitoring military regimes’ repression and terrorism, including Argentina’s plans during the 1982 Falklands War, which were shared with the UK. A 1977 CIA cable details Condortel’s use of Crypto equipment, enabling surveillance of dissident abductions (e.g., Norberto Habegger, 1978).

Middle East: Iran’s use of Crypto devices during the 1979 hostage crisis allowed the NSA to monitor Tehran’s reactions, informing the Carter administration 85% of the time, per NSA Director Bobby Ray Inman. Libya’s communications post-1986 La Belle discotheque bombing were intercepted, justifying U.S. retaliation (Operation El Dorado Canyon). Egypt’s negotiations during the 1978 Camp David Accords were monitored, with NSA feeding intelligence to Israel.

Other Regions: The 1991 assassination of Iran’s former Prime Minister Shapour Bakhtiar was confirmed via a Crypto-transmitted message from Iranian intelligence. In 1989, U.S. knowledge of Panama’s Manuel Noriega hiding in the Vatican embassy during Operation Just Cause came from Crypto intercepts. Over 100 states, including EU/NATO allies like Ireland, Italy, Spain, Portugal, and Turkey, were spied on, causing BND-CIA tensions, as Germany opposed spying on allies.

Exposure and Security Breaches[edit]

(1970s–1990s). Suspicions about Crypto AG’s security emerged early, with several breaches threatening exposure:

1970s Leaks: In 1975, former CIA operative Philip Agee’s book Inside the Company hinted at NSA exploitation of Hagelin machines. In 1982, James Bamford’s The Puzzle Palace revealed Friedman’s correspondence with Hagelin, donated to the George Marshall Foundation in 1969. The NSA reclassified these in 1983, releasing censored versions in 2015.

1977 Frutiger Incident: Crypto engineer Peter Frutiger, suspecting BND ties, fixed vulnerabilities in Syria’s Crypto devices without authorization, making them unreadable to the NSA. CEO Heinz Wagner fired him, prompting NSA criticism for not silencing him discreetly. Frutiger later claimed in a 2020 NZZ am Sonntag interview that he cooperated with the CIA and NSA but left due to ethical concerns.

1986 La Belle Bombing: President Ronald Reagan’s public claim of intercepting Libyan communications post-1986 Berlin discotheque bombing raised suspicions. Argentina, suspecting NSA decryption, was reassured by a CIA bluff that only older CAG 500 machines were vulnerable, continuing purchases.

1992 Bühler Arrest: Iranian intelligence arrested Crypto salesman Hans Bühler in 1992, suspecting backdoors. Unaware of the CIA/BND ownership, Bühler was detained for nine months, released after a $1 million BND-paid ransom. His subsequent media statements, alongside another engineer’s suspicions, sparked a “storm of publicity,” per the CIA history. The CIA sued Bühler in 1995 for breaching a gag order, settling out of court to silence him.

1995 Baltimore Sun Report: Scott Shane and Tom Bowman’s Baltimore Sun articles detailed NSA-Crypto ties, citing Bühler and archival evidence, prompting several countries to halt purchases, though Iran continued buying which indicates they were under the control of the CIA at this point.

BND Exit and CIA Continuation[edit]

(1993–2018) - In 1993, fearing exposure post-Bühler and German reunification’s geopolitical shifts, the BND sold its Crypto share to the CIA for $17 million, citing risks to European relations. The CIA, undeterred, expanded its encryption sector influence, acquiring a second firm and propping up a third (its competitor, Gretag was acquired around this same time by AT&T). Crypto struggled as encryption shifted to software, but the CIA maintained operations until 2018, when it sold Crypto’s assets to two firms: CyOne Security (serving only Switzerland, run by ex-Crypto staff) and Crypto International AG (laid off 83 of 85 staff in 2020).

Major Exposure and Fallout[edit]

On February 11, 2020, a joint investigation by The Washington Post, Germany’s ZDF, and Switzerland’s SRF, based on a leaked 280-page CIA history and BND dossier, exposed Operation Rubicon as the “intelligence coup of the century.” The revelations detailed Crypto’s CIA-BND ownership, backdoor rigging, and global espionage, sparking significant fallout:

Swiss Government Response: In November 2019, Swiss authorities were informed of Crypto’s ties, suspending export licenses for CyOne and Crypto International AG. In January 2020, a retired federal judge was appointed to investigate, with a report released in November 2020 confirming Swiss government awareness since the 1990s, contradicting claims of neutrality. In 2021, Switzerland launched a parliamentary inquiry, only the fifth in its history, with Social Democrats, Greens, and Free Democrats supporting a Parliamentary Investigation Commission (PUK).

German Reaction: Bundestag member Konstantin von Notz (Greens) demanded government clarification in the Parliamentary Control Committee (PKGr), reflecting concerns about BND’s role and its impact on EU relations. The BND viewed Rubicon as a “brilliant operation,” regretting its 1993 exit, per NPR’s Greg Miller.

International Fallout: Countries like Iran, Libya, and Argentina, long-time Crypto clients, faced embarrassment for trusting rigged equipment. The revelations fueled distrust in Western technology, with China’s Foreign Minister Geng Shuang citing Crypto as evidence of U.S. hacking dominance, per Secureworld.io. Nigeria, a Crypto client, left machines unused due to operational failures, as noted on X (@LRNZH).

Corporate Impact: CyOne Security issued a statement in 2020, unable to comment on Crypto’s history, while Crypto International AG collapsed, laying off most staff. The operation’s profits had funded CIA acquisitions, but its exposure highlighted vulnerabilities in global encryption markets.

Public and Academic Discourse: The exposure, dubbed “Crypto Leaks,” prompted comparisons to modern surveillance scandals (e.g., Edward Snowden’s 2013 NSA leaks) and debates about tech sovereignty. World Socialist Web Site noted the operation’s role in Cold War coups (e.g., Chile’s 1973 Allende overthrow), while ObCrypto emphasized Brazil’s compromised communications.

Critical Perspective[edit]

Establishment Narrative: The Washington Post, The Guardian, and NPR emphasize Rubicon’s success, relying on CIA/BND histories that glorify the operation while downplaying ethical violations, such as spying on allies (e.g., Ireland, Spain). The 1979 Senate report’s claim of “nil” knowledge about DINA’s operations, including Colonia Dignidad, contrasts with CIA cables, suggesting selective disclosure.