> The Iranian government then arrested Crypto AG's top salesman, Hans Buehler, in March 1992 in Tehran. It accused Buehler of leaking their encryption codes to Western intelligence. Buehler was interrogated for nine months but, being completely unaware of any flaw in the machines, was released in January 1993 after Crypto AG posted bail of $1m to Iran. Soon after Buehler's release Crypto AG dismissed him and sought to recover the $1m bail money from him personally.
Sounds like a great employer. Knowingly sells backdoored equipment to foreign governments, allows their employees to be arrested and held for nine months even though they know nothing about it, pays the bail, then immediately fires them and tries to recoup the bail.
The employer was US Intelligence anencies. That is how they operate. The ends justifies the means. Collateral damage, be it physical, emotional, personal or professional is seen as part of the role.
I'm not saying I agree. But it's important to point out how skewed (usually mistakenly) most ppl's perception is of those three-letter outfits.
Shows how much you can rely on spies to value their relationships. Just fraudsters. All talk, but unreliable. No wonder the profession attracts so many deceptive sociopaths. Optimizing for people who won't have your back is a "virtue" apparently...Can't even take care of their own. Pathetic.
I thought so too, at first, but the new information is not just that some Crypto AG products were somehow compromised for some customers (widely reported since the 1990s), but that the company was literally owned by the BND and CIA. Not in a metaphorical sense of owned.
One answer is that you don't need to manufacture custom equipment with escrowed keys to infiltrate communication systems any longer. The Israeli's were using stingrays in Washington, DC just last year to spy on officials. You could probably build a stingray using open source software and a software-defined radio USB stick.
You can't trust the network. Rather than trying to avoid Huawei, energy should be spent engineering things so Huawei equipment doesn't need to be trusted. Until then, China and everybody will continue to be able to snoop, regardless of who built the network components.
In case of Huawei is not about spying - its about money. Building 5G networks will require installing lots of equipment on every building in every country. This will allow to make astronomical amount of money. US doesn't want all those money to go to Huawei - hence the witch hunt.
Pretty much all of them, I'd assume. Basically there is no secret that a major state player cannot crack open unless 1) it doesn't care 2) it's protected by another equally strong state player.
Nice to finally have some exploration of how this tied into geopolitics.
What I'd still like to see is... how did this influence domestic crypto policy and export controls? It seems entirely too coincidental that right after the cat is fully out of the bag with the Iran thing, the US is suddenly easing export restrictions on crypto, trying to shove Clipper / Key Escrow down our throats, coming for Zimmerman, etc.
The Swiss government (specifically the State Secretariat for Economic Affairs) has filed a criminal complaint "against unknown persons" to shine some light on this case:
This is not the only encryption/communications technology company that has been compromised by national intelligence services.
I’m aware of another(potentially) where an employee credibly alleged it.
From the perspective of a national intelligence service, it is likely a far better return on investment to proactively catalogue compromised communications at root, rather than intercept and brute force it later.
As a Swiss I would say that you can put Swiss cryptography into the garbage bin, together with US-American cryptography, unless there is quality control. My country needs a food inspector for cryptography. The inspector should talk to employees, check source codes, look at who owns a company etc.
We need open source. Threema is one of those that concerns me. Used by the government but source is closed and distributed via Google Play and Apple App Store.
On my way home I tuned in on this interview, caught the end of it. Had my dinner and decided to google the story, but before checked Hacker News. And here it is on the from page.
Tor places limits on how much of the network must be owned by an adversary in order for them to extract useful information from it. They are quite transparent about it.
Who said we do? That's up to each person to (consder to) construct a threat analysis.
Protonmail uses JavaScript, which can theoretically be serving nonsense to a specific client. There's no way you will audit the source every time you use it. I use it, for larping, and because I like the though that there is still some competition in the e-mail landscape.
Tor is a completely different league... but I don't consider the actions I (might) perform there to be confidential for the rest of my life, so I act accordingly. YMMV.
Within the context, this is about the spying and signals intelligence. We don't usually talk about an foreign agency being pure evil when they tap fiber lines, we do when they murder or massacre.
It depends on what the information is used for. If it's to stop nuclear proliferation, it's audacious. If it's to monitor and then disappear political dissidents, it's pure evil.
[+] [-] saagarjha|6 years ago|reply
Sounds like a great employer. Knowingly sells backdoored equipment to foreign governments, allows their employees to be arrested and held for nine months even though they know nothing about it, pays the bail, then immediately fires them and tries to recoup the bail.
[+] [-] pjc50|6 years ago|reply
- UK government secretly changes its own rules on arms to Iraq
- encourages a company to ship such weapons to Iraq
- they get caught by UK Customs
- this gets all the way to the trial and potential jailing of the directors
- UK government (in particular, Kenneth Clarke) directs suppression of vital evidence through "Public Interest Immunity Certificates"
- Judge refuses to go along with the coverup and jail innocent people, and the whole thing blows up in the newspapers.
https://www.independent.co.uk/news/uk/scott-report-the-essen...
[+] [-] gregoryl|6 years ago|reply
[+] [-] classified|6 years ago|reply
[+] [-] chiefalchemist|6 years ago|reply
The employer was US Intelligence anencies. That is how they operate. The ends justifies the means. Collateral damage, be it physical, emotional, personal or professional is seen as part of the role.
I'm not saying I agree. But it's important to point out how skewed (usually mistakenly) most ppl's perception is of those three-letter outfits.
[+] [-] Wistar|6 years ago|reply
[+] [-] strangerw|6 years ago|reply
[+] [-] notlukesky|6 years ago|reply
https://en.m.wikipedia.org/wiki/Crypto_AG
And there were many suspicions going even back to a “tell all” by Ronald Reagan
[+] [-] schoen|6 years ago|reply
[+] [-] refurb|6 years ago|reply
It also makes sense why the US is banning Huawei equipment. If the US can do it, why can't the Chinese?
[+] [-] wahern|6 years ago|reply
You can't trust the network. Rather than trying to avoid Huawei, energy should be spent engineering things so Huawei equipment doesn't need to be trusted. Until then, China and everybody will continue to be able to snoop, regardless of who built the network components.
[+] [-] anticodon|6 years ago|reply
[+] [-] xorcist|6 years ago|reply
This might well be a plausible reason why this old story resurfaced recently.
[+] [-] dade_|6 years ago|reply
[+] [-] kissickas|6 years ago|reply
https://news.ycombinator.com/item?id=22297963
[+] [-] ColanR|6 years ago|reply
[+] [-] augstein|6 years ago|reply
[+] [-] markus_zhang|6 years ago|reply
[+] [-] tbyehl|6 years ago|reply
What I'd still like to see is... how did this influence domestic crypto policy and export controls? It seems entirely too coincidental that right after the cat is fully out of the bag with the Iran thing, the US is suddenly easing export restrictions on crypto, trying to shove Clipper / Key Escrow down our throats, coming for Zimmerman, etc.
[+] [-] jamisteven|6 years ago|reply
[+] [-] thatiscool|6 years ago|reply
https://arstechnica.com/information-technology/2020/03/5-yea...
[+] [-] random_savv|6 years ago|reply
https://www.swissinfo.ch/eng/crypto-leaks_swiss-authorities-...
[+] [-] chriselles|6 years ago|reply
I’m aware of another(potentially) where an employee credibly alleged it.
From the perspective of a national intelligence service, it is likely a far better return on investment to proactively catalogue compromised communications at root, rather than intercept and brute force it later.
[+] [-] KCUOJJQJ|6 years ago|reply
[+] [-] sschueller|6 years ago|reply
[+] [-] itsreal|6 years ago|reply
[+] [-] dang|6 years ago|reply
https://news.ycombinator.com/item?id=22297963
https://news.ycombinator.com/item?id=22307500
https://news.ycombinator.com/item?id=22309478
https://news.ycombinator.com/item?id=22473148
Others?
[+] [-] stebann|6 years ago|reply
[+] [-] Wistar|6 years ago|reply
https://www.npr.org/transcripts/812499752
[+] [-] aschatten|6 years ago|reply
[+] [-] JabavuAdams|6 years ago|reply
[+] [-] xorcist|6 years ago|reply
[+] [-] Fnoord|6 years ago|reply
Protonmail uses JavaScript, which can theoretically be serving nonsense to a specific client. There's no way you will audit the source every time you use it. I use it, for larping, and because I like the though that there is still some competition in the e-mail landscape.
Tor is a completely different league... but I don't consider the actions I (might) perform there to be confidential for the rest of my life, so I act accordingly. YMMV.
[+] [-] upofadown|6 years ago|reply
[+] [-] saagarjha|6 years ago|reply
[+] [-] ta999999171|6 years ago|reply
But a good point, for Tor hosts.
[+] [-] BurningFrog|6 years ago|reply
[+] [-] steve19|6 years ago|reply
[+] [-] lern_too_spel|6 years ago|reply