The Espionage Legacy of Crypto AG: Unveiling Secrets and Betrayals

Ryan Levy introduces the finale of the Cyberism's Malicious Life series, focusing on Crypto AG, the world's largest hacking operation. He encourages listeners to catch up on the previous two parts for context.

Levy discusses the nature of conspiracy theories, noting their illogical aspects but acknowledging that some, like the CIA's historical actions in the 1960s, have proven true. He reflects on the discomfort of being aware of hidden truths that others are oblivious to.

Mickey Gruzman, recruited by the CIA and BND in 1979 while working for Siemens, took over research and development at Crypto AG after his predecessor, Peter Fudenger, was fired for aiding the Syrian military. This recruitment marked Gruzman as a key player in a covert operation.

Gruzman's wife recounts the secrecy surrounding his work, including being dropped off at undisclosed locations for meetings. She describes his increasing nervousness and reliance on alcohol, indicating the immense pressure he faced as he became aware of the company's true purpose.

After being fired, Gruzman eventually confided in his family about Crypto AG's CIA control, putting their lives at risk. His wife reflects on their disbelief, thinking he was merely intoxicated and imagining conspiracies, unaware of the gravity of his revelations.

Levy emphasizes that Gruzman was likely one of only two individuals at Crypto AG who understood the company's true purpose, alongside the CEO. This raises questions about how such a significant espionage operation remained concealed from various entities, including governments and military organizations, for 70 years.

At its peak, Crypto AG was a large and thriving company employing over 400 people. Despite the scale of operations, many employees, including middle managers and interns, were unaware of the grand international espionage plot they were part of, as they were merely pawns in a larger scheme.

The current attack surface for cybersecurity has never been larger or more diverse. Defenders face the challenge of piecing together intelligence from numerous siloed solutions, which results in a flood of alerts. However, with the introduction of AI-driven Cyber Reason XDR powered by Google Chronicle, defenders can now predict, understand, and end sophisticated attacks, marking a significant advancement in operation-centric detection and response.

In the 1970s, Heinz Wagner, the charismatic CEO of Crypto AG, made crucial mistakes, including hiring Dr. Menjia Kaflesh, a talented electrical engineer. Kaflesh, who had previously worked as a radio astronomy researcher at the University of Maryland, returned to Switzerland to work for Crypto AG, where her exceptional skills were recognized by both Wagner and NSA officials, the latter of whom deemed her 'too bright to remain unwitting.'

Dr. Kaflesh, alongside her colleague Jorg Spundelli, began probing Crypto AG's cipher machines for weaknesses. Spundelli had previously optimized the cryptologic for the T450 encryption device, making it impenetrable. However, the NSA intervened and re-weakened the algorithm, leading to an internal crisis at Crypto AG. Together, Kaflesh and Spundelli conducted plain text attacks, discovering that they could crack messages by comparing just 100 ciphered characters with the original text.

Kaflesh's probing led to the creation of a cryptologic algorithm so secure that the NSA could not break it. This algorithm inadvertently made its way to the factory floor, resulting in the production of 50 uncrackable HC-740 devices before the NSA discovered the issue. To mitigate the risk, the NSA restored the vulnerable algorithm and sold the unbreakable devices to banks, ensuring they would not fall into the hands of foreign governments.

As Kaflesh delved deeper into the operations at Crypto AG, she sensed something was amiss. Despite her suspicions, when she sought clarification, she found that not all her questions were welcomed, leading to further confusion about the company's activities.

As suspicions grew among employees at Crypto AG, an anonymous engineer revealed to the Baltimore Sun that he received schematic diagrams for crucial algorithms controlling encryption. These designs, handed over by superiors, were developed outside the company by mysterious U.S. and German visitors, referred to as consultants from Intercom Associates.

Heinz Wagner, the CEO of Crypto AG, convened a meeting with selected members of the R&D department, admitting that the company was not entirely free to operate as it wished. This led to speculation among employees that government regulators were involved, as they grappled with the unsettling notion that their company was being manipulated by foreign agents.

The operations of Crypto AG affected at least 60 to over 100 nations over seven decades, with governments and militaries relying on their equipment for sensitive communications. Despite some nations suspecting issues, they continued to purchase equipment, illustrating a complex web of trust and deception.

In 1977, the military junta in Argentina purchased H-4605 machines from Crypto AG, later selling them to other South American dictatorships as part of Operation Condor. However, Argentine officials soon suspected vulnerabilities in the equipment, leading to a tense meeting with Wagner, who was terrified of the regime's reputation for ruthlessness.

Despite discovering the vulnerabilities in Crypto AG's machines, the Argentine military junta continued to buy from the company, motivated by the desire to maintain an advantage over neighboring countries. They insisted that Crypto AG not inform other Latin American nations of the weaknesses, allowing Argentina to spy on them.

In 1982, Argentina launched a surprise attack on British territories in the Falklands, catching the UK off guard despite their intelligence capabilities. Ted Rowlands, the UK Minister of State for the Foreign Office, expressed disbelief in Parliament over the intelligence failure, emphasizing that the quality of intelligence had not diminished since their actions in 1977.

The speaker reflects on the intelligence failures of the government, expressing confusion over how they could not anticipate emerging dangers despite having access to various sources, including intercepted communications from the enemy. This highlights a significant lapse in foresight and preparedness.

Despite being aware of being spied on, Argentina continued to purchase equipment from Crypto AG for over a decade. This behavior was not unique to Argentina, as many countries, even after realizing their vulnerabilities, chose to maintain their relationship with Crypto AG, illustrating a broader trend of reliance on compromised technology.

In the late 1970s, as countries like Argentina began to recognize the deception of Crypto AG, the CIA and BND sought to recruit Kyle Whitman, a celebrated mathematician and cryptologist. His background, including a year spent in Washington State, made him an ideal candidate for their operations, leading to his recruitment in Munich in 1979 under the guise of job interviews.

During a lunch break at a supposed interview, Whitman was approached by BND officer Geltor Brewmeister, who revealed the true ownership of Crypto AG. This moment marked a turning point for Whitman, who, after a brief conversation with CIA officer Richard Schudner, agreed to join the operation, sealing his recruitment with a handshake, which transformed the atmosphere into a celebratory one.

Whitman was designated as a scientific advisor, but his contributions were deemed irreplaceable by the CIA, who referred to him as the most significant recruitment in the history of the Minerva program. His intelligence and expertise allowed him to create new algorithms that were undetectable by standard statistical tests, thus enhancing the effectiveness of Crypto AG's products.

In 1982, following a British MP's revelation that GCHQ had been intercepting Argentine military communications, Whitman was tasked with managing the fallout. He reassured the Argentine junta that the NSA had likely cracked their outdated encryption, effectively deflecting blame and maintaining their confidence in Crypto AG's equipment, which they continued to purchase.

Crypto AG managed to sustain its legitimacy for decades by creating the illusion of being government-regulated while simultaneously being the source of communication hacks. This deception persisted even through the mid-1990s, despite public revelations about their operations, such as Peter Frudenger's 1994 disclosure on Swiss television.

In a TV interview, a group discussed the credibility of Crypto AG's performance, suggesting it may have saved the program. A year later, the Baltimore Sun published articles revealing Crypto AG as an NSA operation, accurately detailing its activities a quarter-century before it gained widespread attention. This led to several countries pausing or ending their contracts with Crypto AG, although 90% of its 60 clients remained unaware of the situation.

In the mid-2010s, undisclosed investors began dismantling Crypto AG, with the Swiss operations sold to a firm called SCI-1 and other assets acquired by Swedish entrepreneur Andreas Linde in 2018. Linde, previously CEO of a $500 million cybersecurity company, was drawn to Crypto AG due to its Swedish heritage and the legacy of Boris Hagelin. However, Linde only purchased most of Crypto AG's assets, not the company itself, which was sold to a separate real estate firm.

In January 2020, two years post-acquisition, Linde expressed visible shock when confronted by a Washington Post reporter with evidence of Crypto AG's CIA and BND ownership. He claimed he was unaware of the identities of Crypto AG's beneficiaries during the acquisition process, attributing this to a historical arrangement of shell companies by Hagelin to evade Swiss taxes, which the CIA later exploited to conceal ownership.

One month after Linde's interview, the truth about Crypto AG emerged, leading to the Swiss government suspending Linde's export licenses and the company laying off its entire workforce, heading towards bankruptcy. A Swiss parliamentary commission later discovered documents in a Cold War bunker confirming that the Swiss government had been aware of Crypto AG's operations since at least 1993 and had utilized intelligence from it.

Despite decades of espionage, the governments of the United States, Germany, Switzerland, and others faced no repercussions for their involvement in the Crypto AG operation. Instead, the fallout affected individuals like Andreas Linde, who lost a fortune, and employees of Crypto AG, who were oblivious to the fact that their work supported foreign governments. One technician expressed feelings of betrayal, highlighting the personal impact of the scandal.

The narrative begins with reflections on the misleading assurances given by Crypto AG, emphasizing their claim of being the best and having unbreakable equipment. The discussion highlights the neutrality of Switzerland, where Crypto AG operated, and introduces Mangia Catholic, who worked for the company for over 15 years without uncovering the full truth behind its operations. At 75, she expressed regret about not leaving sooner, indicating the internal conflicts and suspicions she faced during her tenure.

The story transitions to Mickey Grudeman, whose family learned posthumously that his claims about CIA spying were indeed true. Grudeman's experiences of suffering and being disbelieved for years are poignantly recounted, culminating in the revelation of Crypto AG's secrets in February 2020, four years after his death in 2016. His family's emotional response underscores the pain of living with such a secret and the validation that came too late.

The episode concludes with acknowledgments to the production team, particularly Nate Nelson, for their efforts in presenting the complex story of Crypto AG. The host expresses gratitude to listeners who supported the show on social media, mentioning specific individuals like Dave, a self-described crypto punk, and Rio Kimball. The production credits highlight the collaborative nature of the podcast, with a reminder of the show's online presence and sponsorship by Cybereason.