1995-12-10 - NSA rigs Crypto machines according to Balto Sun

Header Data

From: pcw@access.digex.net (Peter Wayner)
To: cypherpunks@toad.com
Message Hash: 29a4b1dc95eeed26cd363936975d507066b965784ff4fcc648f35634b6ea6e30
Message ID: <v02130504acf0c75190a9@[199.125.128.5]>
Reply To: N/A
UTC Datetime: 1995-12-10 17:44:15 UTC
Raw Date: Sun, 10 Dec 95 09:44:15 PST

Raw message

From: pcw@access.digex.net (Peter Wayner)
Date: Sun, 10 Dec 95 09:44:15 PST
To: cypherpunks@toad.com
Subject: NSA rigs Crypto machines according to Balto Sun
Message-ID: <v02130504acf0c75190a9@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



Most of us might believe that the holes in Netscape's encryption
software were simply the result of sloppy engineering. That was
the public story. A story from today's Baltimore Sun  (Sunday
December 10, 1995) gives more reasons to be paranoid.

The Baltimore Sun has been running a long series of articles on
the National Security Agency. Some of the earlier ones have been
largely positive and filled with stories of intelligence coups.
Today's story, describes several reasons why one might believe
that the NSA was party to a plan to rig the machines of the
Swiss company, Crypto AG, so that the messages could be read by
those who knew the game. Crypto AG sells its machines to other
countries around the world who believe that the Swiss are
neutral vendors of superior technology that wouldn't have such
holes.

The clearest link, in my mind, was the minutes from a design
meeting at Crypto AG which was attended by an NSA cryptographer,
Nora Mackebee. (She is now 55, retired and living at what the
Sun calls a "Howard County horse farm.") But there are reasons
to wonder about this link. Motorola was also part of the list.

Also one employee got in a legal battle after being fired. The
details were settled a few days before company engineers were
scheduled to testify "that they believed the machines were
altered."

More anecdotal evidence was offered by someone who is listed as
a "longtime colleague" of Dr. Kjell Ove Widman, the Swedish
mathematician who "had total authority over Crypto algorithms."
The colleague said that Widman would often travel to Germany and
then return with design instructions. The impression was given
that Crypto could only use an algorithm if it was approved.

But approval is not, in my mind, proof of a secret attempt to
read messages. I believe that the NSA probably did more to
strengthen DES than weaken it during the classified design
process at IBM. But I only have the work of Biham and Shamir to
base these conclusions upon. Perhaps the machines were altered
to make them stronger for western firms using them? The Mackabee
meeting occured in 1975 during the height of the Cold War. The
Soviets were grabbing Western technology left and right.

Of course, the Sun also reports that Crypto AG "denied that
intelligence agenies had ever rigged its machines." (The words
in quote are the Sun's not Crypto AG's. )

So, is this what happened at Crypto AG? Is this what happened at
Netscape? We may never no for certain, but there is a final
warning for the folks at Netscape that is buried the Sun's
article about Crypto AG:

   "Meanwhile, though the company has hastened to reassure its
customers,  business has declined
    and employees have been laid off."



-=-=-=-=-

There are two more articles in the series. Tuesday's will report
that "Trolling for foreign secrets, NSA routinely picks up
Americans' overseas calls. And it's legal." On Friday, the
article reports, "The next war will be fought with computers.
NSA is getting ready." You will be able to buy a reprint of the
NSA stories from SunSource. $3.95. Call 410-332-6962.









Thread