Second Swiss Firm Said to Be CIA Encryption Puppet

First Crypto AG, and now Omnisec AG: Sources say this second Swiss company was also in the pocket of the CIA. Like Crypto AG, it sold backdoored encryption devices to companies and governments, gifting the CIA access to their secrets.

But unlike Crypto AG, Omnisec also sold the weakened kit to its own government. These allegations come via Swiss public broadcaster Schweizer Radio und Fernsehen (SRF).

Oh, what a tangled web we weave. In today’s SB Blogwatch, we tug on the story’s threads.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Tantric practice.


At Least the Flag Is a Big Plus

What’s the craic? SWI reports—“Second company … manufacturing manipulated devices allegedly used for spying by foreign intelligence”:

 According to SRF sources, the Swiss company Omnisec AG had ties to US intelligence services. This follows revelations in February by SRF, German television ZDF and The Washington Post that … Crypto AG was at the heart of a huge international spying operation led by the CIA, and to a lesser extent by the German BND spy agency.

Of concern are the OC-500 series devices. Devices were sold to several Swiss federal agencies. However, Swiss authorities only noticed the devices weren’t secure in the mid-2000s. Several Swiss companies also received manipulated devices from Omnisec, including Switzerland’s largest bank, UBS.

Omnisec, founded in 1987, manufactured voice, fax and data encryption equipment. It was dissolved a few years ago. … Earlier this month, a nine-month investigation by the Swiss parliamentary audit committee (GPDel), found that the Swiss intelligence service knew that the US Central Intelligence Agency was behind the Swiss-based Crypto AG as far back as 1993.

Und? SRF’s Fiona Endres is lost in translation—“Geheimdienstaffäre”:

 Not only Crypto AG, but also Omnisec AG manufactured … crackable encryption devices. … Omnisec AG was the biggest competitor of Crypto AG, which hit the headlines in February as a “spy factory.”

There had also been rumors for years about Omnisec AG and the presumed influence of foreign secret services. [But] now several sources confirm … Omnisec AG was also under the influence of foreign secret services. … The company Omnisec AG was dissolved at the same time as Crypto AG.

Oh come on, where are all the “Swiss cheese” puns? Nick Farrell can count—“CIA controlled two Swiss encryption firms”:

 Swiss politicians rather cheesed off at security holes … after it was revealed that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide. [Omnisec] which was split off from … Gretag in 1987, sold voice, fax and data encryption equipment to governments around the world.

And where are the comparisons to China? Bert64:

 [It] brings new light on the Huawei situation too. You can’t trust a black box commercial system for anything important. The US suspects China of using Huawei for spying because it’s exactly the thing they have done themselves.

Either you develop a system in house from scratch using appropriately vetted and qualified personnel, or you take an open source system and ensure it gets thoroughly reviewed in house by appropriately vetted and qualified personnel. The open source approach is a lot less work, especially if several rival countries are doing the same thing.

A lot of “interesting” stuff must have happened in the immediate post-war period. Dmitry sounds stoic:

 I would think that all of the companies directly or indirectly involved in WW2 and post-WW2 crypto activities are infiltrated by US or USSR. … But none will be banned even with all the evidence, and we will have only a war on Huawei without a single piece of evidence.

Having said that, gurps_npc focuses back on Switzerland:

 How many Swiss companies are not owned by the CIA? I mean really, after WWII, we must have gone over there and said, “Look, we know you guys got all that stolen Jewish gold. You can keep it, just do a little bit of work for us on the side.”

What’s the bottom line? Here’s daanish’s suggestion:

 The bottom line is that no country should trust USA.

Nor Switzerland, apparently. ejohnnys suggests why it happened:

 Money. That is why it happened.

Neutrality is not necessarily noble or virtuous: It may just mean that the neutral party wants to avoid the conflict. Does anyone believe that Sweden and Switzerland would have remained “neutral” if Hitler had won the war? They were very lucky to sit back and sell weapons and financial services to the warring countries in WWII and come out of the war rich and free. Any claim of “virtue” for being “neutral” hypocritically ignores the sacrifice of thousands of lives of the Allied forces and mountains of treasure that was expended defeating the fascists.

But really, l0n3s0m3phr34k’s view is really a bit more nuanced:

 Well, good for [the CIA]. Really, foreign intelligence gathering is their mandate.

It really is a necessary evil. … What is more important is what is done with that information.

Meanwhile, Zeeshan Orakzai doffs her headgear:

 Hats off to the long term planners.

And Finally:

Tantra: The first feminists?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Eberhard Grossgasteiger (via Unsplash)

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 202 posts and counting.See all posts by richi