CIA secretly owned world's top encryption supplier, read enemy and ally messages for decades

Originally published at:


My dad worked for a CIA cutout in his youth, one that doesn’t seem to show up on lists of known fronts. They installed large CCTV systems, among other things.


Good for us!

Really the only surprise is that it was the CIA and not the NSA.
Edited to add: Apparantly, it was the NSA that designed the actual crypto systems…So cooperation works, I guess.


usa USA U. S. A.!


If politics makes strange bedfellows, turf wars make strange rivals.

1 Like

wait is there just like, a wikipedia list of cia cut outs?


The only news might be that the CIA partially owned it, not just worked with them.


No wonder they think that they can just order companies to “nerd harder” to make broken crypto. (And never mind the little problem that what they did “back in the day” doesn’t scale to the modern world.)


So that’s how they knew I should drink my ovaltine!


I remember seeing a very long list here in the BBS comments a few years ago. If anyone has a link, please post it.


The company has about 230 employees, has offices in Abidjan, Abu Dhabi, Buenos Aires, Kuala Lumpur, Muscat, Selsdon and Steinhausen, and does business throughout the world.[1] The owner(s) of Crypto AG are unknown, supposedly even to the managers of firm, and they hold their ownership through bearer shares.[2]

Sounds like if you were hunting such firms looking for companies also held by bearer shares would be a good heuristic


Really nice people running that company. First you sell rigged crypto machines to Iran, then when they find out:
" The Iranian government then arrested Crypto AG’s top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran. Soon after Buehler’s release Crypto AG dismissed him and charged him the $1m."


I faintly remember such a thing, and I’d swear I’d seen the company name somewhere that confirmed what I’d long been told. It was Log Etronics of Falls Church, VA, though some extremely superficial research suggests they are no longer in operation.

1 Like
  • Soon after Buehler’s release Crypto AG dismissed him and charged him the $1m ."*

Clearly the CIA exercising stewardship ovel taxpayers, money.

1 Like

And the exact same strategy of “secret money” and “nerding harder” almost worked just a few years ago.

The full story of the Dual_EC_DRBG reveals an attempt to repeat this success. By injecting an unseen back door in the math used to generate random numbers, the NSA would have had a huge advantage in decrypting the SSL/TLS traffic that secures the web.

Several things happed that averted this catastrophe.

  1. Cryptographers Young and Yung wrote a paper over 20 years ago describing a backdoor algorithm for generating weak pseudorandom numbers.

  2. NIST approved a new algorithm for generating random numbers that was not very good nor efficient. The ANSI commission recognized that certain values could compromise it, then noticed the standard specified two magic numbers that couldn’t be changed. But they approved it anyway.

  3. RSA incorporates Dual_EC as the default random number generator in their popular BSAFE library.

  4. People questioned why a new RNG was needed at all, and became suspicious. (Turns out it was Young and Yung’s algorithm, with a touch of lipstick. )

  5. Cryptographers Gjøsteen, Brown, Vanstone, Schoenmakers, Sidorenko, Shumow, and Ferguson each recognize potential weaknesses in it, and discover that it’s also biased, which is a bad attribute for an RNG. But without the knowledge of the exact secret key, no one could definitively prove it had been compromised.

  6. NIST incorporated it into the standard as-is, without fixing or addressing any of the many open questions about it.

  7. As suspicions mount, Bruce Schneier publicized the news of the potential vulnerabilities far and wide in an effort to get people to avoid the tainted algorithm.

  8. Snowden’s trove revealed the existence of the BULLRUN program, and Reuter’s discovers a payment of $10 million from the NSA to RSA. RSA denies all allegations of wrongdoing, but removes Dual_EC as their default RNG.

By 2014 every pretense of secrecy was dead, and NIST withdrew the specification. RSA suddenly end-of-lifed their flagship Data Protection Manager product shortly after.


My understanding is that the US has about an 80 - 100 billion dollar secret budget for intelligence between all the agencies.

That much annual money allows you to manufacture a lot of reality.

1 Like

And what would happen when their backdoor was leaked or reverse engineered, and then spread from there to other state actors on down to private criminals?

Even if it required large computing resources, just re-purpose some bitcoin miners.

Yeah, let’s make all Internet commerce insecure, with a massive job to quickly fix it. sigh. Hey spookers, that trick doesn’t scale.


I’m not sure ‘us’ means what you think it means.


I read about a US plan to compromise the international banking system SWIFT as well, which is even scarier. They were caught spying on money transfers, but one plan was to go further and hack the system so they could go in and reroute transfers the government considered suspicious. What could possibly go wrong with that kind of backdoor…