Second Swiss Firm Said to Be CIA Encryption Puppet - Security Boulevard

Second Swiss Firm Said to Be CIA Encryption Puppet

First Crypto AG, and now Omnisec AG: Sources say this second Swiss company was also in the pocket of the CIA. Like Crypto AG, it sold backdoored encryption devices to companies and governments, gifting the CIA access to their secrets.

But unlike Crypto AG, Omnisec also sold the weakened kit to its own government. These allegations come via Swiss public broadcaster Schweizer Radio und Fernsehen (SRF).

Oh, what a tangled web we weave. In today’s SB Blogwatch, we tug on the story’s threads.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Tantric practice.


At Least the Flag Is a Big Plus

What’s the craic? SWI reports—“Second company … manufacturing manipulated devices allegedly used for spying by foreign intelligence”:

 According to SRF sources, the Swiss company Omnisec AG had ties to US intelligence services. This follows revelations in February by SRF, German television ZDF and The Washington Post that … Crypto AG was at the heart of a huge international spying operation led by the CIA, and to a lesser extent by the German BND spy agency.

Of concern are the OC-500 series devices. Devices were sold to several Swiss federal agencies. However, Swiss authorities only noticed the devices weren’t secure in the mid-2000s. Several Swiss companies also received manipulated devices from Omnisec, including Switzerland’s largest bank, UBS.

Omnisec, founded in 1987, manufactured voice, fax and data encryption equipment. It was dissolved a few years ago. … Earlier this month, a nine-month investigation by the Swiss parliamentary audit committee (GPDel), found that the Swiss intelligence service knew that the US Central Intelligence Agency was behind the Swiss-based Crypto AG as far back as 1993.

Und? SRF’s Fiona Endres is lost in translation—“Geheimdienstaffäre”:

 Not only Crypto AG, but also Omnisec AG manufactured … crackable encryption devices. … Omnisec AG was the biggest competitor of Crypto AG, which hit the headlines in February as a “spy factory.”

There had also been rumors for years about Omnisec AG and the presumed influence of foreign secret services. [But] now several sources confirm … Omnisec AG was also under the influence of foreign secret services. … The company Omnisec AG was dissolved at the same time as Crypto AG.

Oh come on, where are all the “Swiss cheese” puns? Nick Farrell can count—“CIA controlled two Swiss encryption firms”:

 Swiss politicians rather cheesed off at security holes … after it was revealed that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide. [Omnisec] which was split off from … Gretag in 1987, sold voice, fax and data encryption equipment to governments around the world.

And where are the comparisons to China? Bert64:

 [It] brings new light on the Huawei situation too. You can’t trust a black box commercial system for anything important. The US suspects China of using Huawei for spying because it’s exactly the thing they have done themselves.

Either you develop a system in house from scratch using appropriately vetted and qualified personnel, or you take an open source system and ensure it gets thoroughly reviewed in house by appropriately vetted and qualified personnel. The open source approach is a lot less work, especially if several rival countries are doing the same thing.

A lot of “interesting” stuff must have happened in the immediate post-war period. Dmitry sounds stoic:

 I would think that all of the companies directly or indirectly involved in WW2 and post-WW2 crypto activities are infiltrated by US or USSR. … But none will be banned even with all the evidence, and we will have only a war on Huawei without a single piece of evidence.

Having said that, gurps_npc focuses back on Switzerland:

 How many Swiss companies are not owned by the CIA? I mean really, after WWII, we must have gone over there and said, “Look, we know you guys got all that stolen Jewish gold. You can keep it, just do a little bit of work for us on the side.”

What’s the bottom line? Here’s daanish’s suggestion:

 The bottom line is that no country should trust USA.

Nor Switzerland, apparently. ejohnnys suggests why it happened:

 Money. That is why it happened.

Neutrality is not necessarily noble or virtuous: It may just mean that the neutral party wants to avoid the conflict. Does anyone believe that Sweden and Switzerland would have remained “neutral” if Hitler had won the war? They were very lucky to sit back and sell weapons and financial services to the warring countries in WWII and come out of the war rich and free. Any claim of “virtue” for being “neutral” hypocritically ignores the sacrifice of thousands of lives of the Allied forces and mountains of treasure that was expended defeating the fascists.

But really, l0n3s0m3phr34k’s view is really a bit more nuanced:

 Well, good for [the CIA]. Really, foreign intelligence gathering is their mandate.

It really is a necessary evil. … What is more important is what is done with that information.

Meanwhile, Zeeshan Orakzai doffs her headgear:

 Hats off to the long term planners.

And Finally:

Tantra: The first feminists?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Eberhard Grossgasteiger (via Unsplash)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 281 posts and counting.See all posts by richi