It seems the Washington Post and ZDF partnered to produce a reporting coup, The Intelligence Coup of the Century, tracing the hidden involvement of the CIA, NSA, and BND in the funding and operations of one of the largest commercial encryption device companies in the world, Crypto AG in Germany. This is a long, deep article, well worth the read. The history goes back to the 1940s and the origins of the company, up into recent years. The information in the article is amazing, along with the combination of off-the record and quoted sources used, such as Bobby Ray Inman.
This post is in Tech Talk instead of Industry News because of one fascinating tidbits deep in the article: Crypto AG sold machines that had no actual backdoor in the device. Instead, the devices simply generated pseudo-random numbers not quite as random as they could have been. This reduced level of randomness was enough for the NSA computers to decrypt the text. Selected customers (ones approved by the intelligence agencies) received the same machine with more robust level of randomness.
I am amazed at the fact that newspapers got to read the classified histories and get cleared sources to talk about the details in the article. Highly recommended reading.
Craig
Thanks for sharing. I never read a WaPO article unless I'm redirected to it through another source so I would have missed this entirely.
"Even so, the Crypto operation is relevant to modern espionage. Its reach and duration help to explain how the United States developed an insatiable appetite for global surveillance that was exposed in 2013 by Edward Snowden. There are also echoes of Crypto in the suspicions swirling around modern companies with alleged links to foreign governments, including the Russian anti-virus firm Kaspersky, a texting app tied to the United Arab Emirates and the Chinese telecommunications giant Huawei."
Could this be the same Huawei that I've been bubbling here on the forum?
Another lesson: it is yet another illustration of the fact that it is much, much more important to have a good sales team (and possibly bribes) than it is to have an actually functioning technical product.
Another random oddity from the story: how many astronomers find their way into security. Is this simply a measure of the fact that many, many more people study astronomy than can actually get jobs in the field? It’s sort of like the fact that all tech writers are history majors: if you can write a piece in such a way that a totally random event is invested with significance, then you are qualified to point out what is important in operating a system. Or the fact that all HR people have English degrees: if you know so little about the job market that you go out and get a completely useless degree, then you are qualified to tell people how to plan their careers. But I digress.