For decades, the CIA spied on governments across the globe by using a Swiss company to sell hacked encryption equipment to unsuspecting clients, including both allies and foes, according to The Washington Post and German broadcaster ZDF.

The report, which cites classified CIA documents, focuses on the company Crypto AG, which was a major producer of old-school mechanical encryption machines for the US government during World War II. By the early 1950s, American spies began to worry Crypto AG might sell the same technology to the US’s enemies during the Cold War, including Russia and China.

So in response, the CIA struck a partnership with Crypto AG to sell only the best encryption tech to countries approved by the US. However, CIA spies eventually saw an even bigger opportunity; with the aid of the NSA, the agency decided to tamper with the products themselves. In 1970, the CIA set in motion a plan to secretly buy Crypto AG with West Germany’s spy agency, the BND.

In the two decades since, Crypto AG’s sales flourished as the company sold new electronic-based encryption machines to government customers, including Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, and South Korea. Little did they know the products were actually rigged to send encrypted messages that could be easily decoded. This allowed American and German spies to pull in valuable intelligence concerning the 1979 Iran hostage crisis, the Falklands War, and track assassination campaigns in South America. (China and Russia, however, were never customers.)

The ruse managed to go largely undetected until 1992, when Iran detained a Crypto AG salesman, who was later released and began voicing his suspicions to Swiss news organizations about the true nature of his company’s business. In 1995, The Baltimore Sun also ran a story on how the NSA had secretly rigged Crypto AG encryption machines.

Around the same time, Germany’s BND exited the Crypto AG business. However, the CIA maintained control of the company while buying up at least two other firms, presumably to circulate more rigged encryption technology. It was only in 2018 when the CIA sold off Crypto AG’s assets due to the company’s products falling out of favor as online encryption became the norm.

The reporting from the Post and ZDF provides a fuller account of a CIA-led effort to rig a top encryption provider at a time when the US government has been demanding Apple and Facebook backdoor their own encryption technologies for law enforcement purposes. 

The reporting also helps explains why the US has been trying to stop Chinese vendor Huawei from selling its telecommunications technology to mobile carriers across the globe. Ironically, US officials fear the Chinese government will do the same and use Huawei as springboard to spy on customers. To counter Huawei, US Attorney General William Barr last week advocated for the federal government to consider buying a majority stake in European networking vendors Nokia or Ericsson. 

The CIA told PCMag: “We are aware of press reporting about an alleged U.S. government program and do not have any guidance.” 

Editor's Note: This story has been updated with comment from the CIA. 

Further Reading

• Will the Coronavirus Disrupt the RSA Show? IBM Decides to Skip
• Database With Sensitive Plastic Surgery Photos Exposed Online
• The Quantified Employee: How Companies Use Tech to Track Workers
• Huawei Accused of Offering Bonuses In Exchange for US Trade Secrets
• More in Security

More Security Reviews

• Private Internet Access VPN (for macOS)
• NordPass Premium
• Qustodio
• Virtru Email Protection for Gmail
• ShieldApps Cyber Privacy Suite

More Security Best Picks

• The Best VPNs for Gaming
• The Best VPNs for BitTorrent for 2020
• The Best VPNs for Netflix
• The Best Mac VPNs for 2020
• The Best Business VPN Clients for 2019