Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I
‎02-13-2020 07:58 AM
‎02-13-2020 07:58 AM

The Secret (Real?) History of Crypto AG

It seems the Washington Post and ZDF partnered to produce a reporting coup, The Intelligence Coup of the Century, tracing the hidden involvement of the CIA, NSA, and BND in the funding and operations of one of the largest commercial encryption device companies in the world, Crypto AG in Germany. This is a long, deep article, well worth the read. The history goes back to the 1940s and the origins of the company, up into recent years. The information in the article is amazing, along with the combination of off-the record and quoted sources used, such as Bobby Ray Inman. 

 

This post is in Tech Talk instead of Industry News because of one fascinating tidbits deep in the article: Crypto AG sold machines that had no actual backdoor in the device. Instead, the devices simply generated pseudo-random numbers not quite as random as they could have been. This reduced level of randomness was enough for the NSA computers to decrypt the text. Selected customers (ones approved by the intelligence agencies) received the same machine with more robust level of randomness.

 

I am amazed at the fact that newspapers got to read the classified histories and get cleared sources to talk about the details in the article. Highly recommended reading.

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos
4 Replies
rslade
Influencer II
‎02-13-2020 12:15 PM
‎02-13-2020 12:15 PM

> CraginS (Community Champion) posted a new topic in Tech Talk on 02-13-2020 07:58

> Crypto AG sold machines
> that had no actual backdoor in the device. Instead, the devices simply generated
> pseudo-random numbers not quite as random as they could have been. This reduced
> level of randomness was enough for the NSA computers to decrypt the text.

Read carefully, the article also points out another lesson: how difficult it is to hide
vulnerabilities and backdoors from those who actually understand the technology.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The whole is more than the sum of its parts.
- Aristotle (384-322 B.C.), Metaphysics
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
Flyslinger2
Community Champion
‎02-13-2020 12:43 PM
‎02-13-2020 12:43 PM

Thanks for sharing.  I never read a WaPO article unless I'm redirected to it through another source so I would have missed this entirely.

 

"Even so, the Crypto operation is relevant to modern espionage. Its reach and duration help to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei." 

Could this be the same Huawei that I've been bubbling here on the forum? 

Reply
0 Kudos
rslade
Influencer II
‎02-13-2020 02:42 PM
‎02-13-2020 02:42 PM

Another lesson: it is yet another illustration of the fact that it is much, much more important to have a good sales team (and possibly bribes) than it is to have an actually functioning technical product.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
rslade
Influencer II
‎02-13-2020 02:43 PM
‎02-13-2020 02:43 PM

Another random oddity from the story: how many astronomers find their way into security. Is this simply a measure of the fact that many, many more people study astronomy than can actually get jobs in the field? It’s sort of like the fact that all tech writers are history majors: if you can write a piece in such a way that a totally random event is invested with significance, then you are qualified to point out what is important in operating a system. Or the fact that all HR people have English degrees: if you know so little about the job market that you go out and get a completely useless degree, then you are qualified to tell people how to plan their careers. But I digress.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos