Aha, Aha, Ahhahahahahahahahaha

The Swiss government has ordered an inquiry into a global encryption company based in Zug following revelations it was owned and controlled for decades by US and German intelligence.

Encryption weaknesses added to products sold by Crypto AG allowed the CIA and its German counterpart, the BND, to eavesdrop on adversaries and allies alike while earning million of dollars from the sales, according the Washington Post and the German public broadcaster ZDF, based on the agencies’ internal histories of the intelligence operation.

“It was the intelligence coup of the century,” the CIA report concluded. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”

Gurgle, snort…….

31 comments on “Aha, Aha, Ahhahahahahahahahaha

  1. What a turn around. Henry Stimson said “Gentlemen don’t read other people’s mail”, and then we get them reading everyone’s, except the Russians & Chinese directly. I heard a tale some years ago about the NSA input to Swiss crypto kit. Probably the same story, though why it should have now become a thing is puzzling.

  2. It’s worth remembering that one of the reasons that Bletchley Park’s work was kept secret until the 70/80s was that as the Empire devolved into the Commonwealth we sold the newly independent nations Enigma machines so they could have completely secret diplomatic communications.

  3. About time we got some return for our tax dollars.

    GCHQ should set up its own cyber security firm offering commercial products riddled with back doors etc, base the firm in Newcastle and call it

    WayAyeWay

  4. A gentleman knows all ladies are 21, until they admit otherwise.

    A gentleman never tells, and a lady never asks.

  5. BiG – The trick is whenever a woman lets slip something age-related (“I’ve worked here for 20 years” or “I remember such-and-such”), express incredulity and let her know she doesn’t look like that could possibly be the case.

    She’ll know you’re lying, but they love it anyway.

  6. “the CIA report concluded”

    Wut? Why is the CIA reporting publicly on one of their key sources?

  7. As I thought I remembered, this same story was a BBC News item dated 28/7/2015 by Gordon Corera, based on documents declassified by the NSA in April 2015 and a bit of detective work. Since it was known then, why is it such a big story now? All I can think of is that WaPo have got hold of another 3-letter Agency document that definitively describes the project.

    As for Gentlemen, they have all been exterminated by Wokeness.

  8. I’ve always thought that if the government wanted to track people they should just release a fitness app or similar and skim off the information they need.

    They could afford to make it top tier and run it at a loss.

    Even make it an app to track the police, or something that criminals would be interested in.

  9. If you definitely don’t want someone else to read something, don’t put it online.
    Simple solutions are the best.

  10. Ian B–Computer Active has a piece this month about dodgy VPN providers–tho’ not with an Intelligence agency slant.

    In general I can’t see –given Killery’s bathroom server capers–what the Yanks or their allies have to laugh about.

  11. Steve – apparently that only works on people who have worked somewhere for 20 years. I’m informed that some of the younger generation regard it as sexual harrassment, rather than a compliment.

  12. I remember back in the early ’90s when everyone was convinced that the CIA and/or other 3 letter American agencies were intercepting e-mails. At that time I believe the routing was such that they could easily have been intercepted. There were a group of people who used to put what they assumed were keywords in their signatures, in the hope the spooks would be thwarted by sheer number of false positives.

    And, yes I do look too young to have been around then.

    But coming up to date knowing how much encryption relies on random number generation I wonder if anyone was able to knobble the random number generator in PCs or other hardware, could they make messages easier to crack.

  13. Ian, read the reports on the entropy generation flaws in the early versions of PGP. Piss poor programming, rather than govt interference. In fact, the NSA let Phil Z know why they weren’t worried about his product …

  14. Surprising USA allowed Germany to be a partner. However, from material I’ve read in the past about this, USA were selective in what BND received and had also hacked BND.

    Didn’t Merkel have a hissy-fit when she learned BND was hacked and all her emails being read?

    @Arthur the Cat

    Yep. All information about the wartime operations was classified until the mid 1970s and some is still secret

    @BF

    Very good. or Amgine

    @The Pedant-General

    Need you ask? Dems & MSM will blame Trump, same as Obama’s child cages and Cuba, WWII…

    @Ian Reid

    Echelon

    RND – in most computers, calcs etc they’re not. Making ERNIE truly random was analogue tech

  15. Yeah, there’s something deeply worrying about secure random number generation inside a modern CPU.

    A purported random number stream could exfiltrate all sorts of interesting data and you’d never know. Not just keys to the random number generation process itself — a CPU gets to see all your stuff going by, and it’s got powerful pattern matching facilities to support branch prediction that could be looking for who knows what, and it can do any amount of apparently useless work and call it speculative execution that happened not to work out. Plus nowadays your CPU’s got a management CPU to control it. And it’s all modifiable.

    It could already be looking for the trigger data going by that’ll convert it to a full-on spying machine.

  16. I was rather pleased with myself 40 years ago when I needed a random number generator, so I created one for myself.

    I got the system clock time in floating point. Moved it into an integer, and subtracted the integer value from the floating point. Then multiplied the fractional remainder times the integer value into floating point variable. Worked great for me!

  17. To be a gentleman, you have to be able to afford to be a gentlemen.

    Cold War to present, I don’t think the U.S. could afford to be gentlemanly.

  18. @Arthur Teacake

    “CPU’s got a management CPU to control it. And it’s all modifiable”

    +1 I was (and still am) shocked when the nested secret CPUs inside Intel CPUs were revealed, more so when it was revealed these “secret control CPUs” are hackable

    The whole concept seems misguided and dangerous

    @Gamecock

    Random real world vs Science & equations

    https://youtu.be/yIosd5Xk21Q?t=129

    If Science can’t accurately say where a ball will land 10m/30ft away, why should anyone believe their “facts” on how world climate changes?

  19. Everyone even peripherally involved in the encryption game (like me, for example) has known for years that Crypto AG was bent.

  20. Oh, and Gamecock, your floating point technique is going to yield very poor entropy. You need to go to hardware. A well-known technique is back-biasing a small-signal bipolar transistor (like a 2N3904 or BC109) and using avalanche noise across the collector-.emitter junction. Avalanche noise is a quantum mechanical phenomenon and as far as we know that’s truly random in the strong sense. The /dev/random device in a Unix-like OS uses a mixture of hardware and software entropy sources which contribute to an entropy pool (which is whitened through various techniques). Modern Linux distros do not eschew the CPU’s internal RNG; neither do they rely on it entirely.

  21. BiCR: Isn’t that the base-emitter junction?

    You have to be careful running transistor junctions in avalanche. They degrade. I seem to remember dopant migrates, and real noise sources use lots and lots of dopant. The noise output from a transistor in avalanche will probably go down over time, and its high-frequency behaviour certainly changes — I’ve seen this. Gain might change too but I never checked that.

    If you ever experiment with this, destroy the transistors you used, or at least mark them to make sure they don’t later get used for anything else.

    I agree about the floating point hack. Those bits ain’t random. You don’t know exactly how they’re not random, but your adversary might.

Leave a Reply

Name and email are required. Your email address will not be published.