The Cold War collaboration between the CIA, the spies at Germany’s Bundesnachrichtendienst (BND), and Swiss encryption company Crypto AG was an intricate dance of power and manipulation - a stark reminder of the morally ambiguous nature of intelligence operations between allies as well as foes.
Russian-born Swedish businessman Boris Hagelin invented and sold cipher machines in the 1920s and ‘30s, eventually founding one of the largest and most successful manufacturers of its kind: Crypto AG.
Hegelin’s inventions included the popular M-209, a portable mechanical cipher machine patented in 1940 and widely used to transmit coded information during WWII and beyond. Crypto AG counted more than 100 of the world’s leading governments and militaries as customers.
The genesis for Operation Rubicon purportedly began in the 1950s as an unofficial arrangement between Hagelin and NSA cryptologist William Friedman and soon became a formal arrangement.
The Crypto AG spy operation
Crypto AG’s reputation was rooted in providing impenetrable encryption solutions to safeguard sensitive information and, as a neutral Swiss entity, Crypto became the epitome of confidentiality, solidifying its role as a guardian of secrets. But beneath its facade of security lay a covert operation that would reshape the world of international diplomacy and intelligence-gathering.
By the late 1950s, the NSA withdrew from its relationship with Hagelin and the ‘gentleman’s agreement’ was replaced with a five-year licensing deal between the CIA and Crypto AG. By 1970, the CIA and BND had agreed to buy the Swiss manufacturer in a 50-50 arrangement that enabled them to jointly control Crypto AG, its algorithms, and its customers.
Amid the backdrop of escalating Cold War tensions between the US and Russia, the intelligence agencies recognized the potential of covertly influencing encryption technology at the expense of foes and allies including Algeria, Argentina, Belgium Brazil, Chile, Egypt, Greece, Indonesia, Iran, Iraq, Italy, Jordan, Kuwait, Lebanon, Libya, Malaysia, Mexico, Morocco, Pakistan, the Philippines, Portugal, Saudi Arabia, South Korea, Spain, Syria, Tunisia, Turkey, the Vatican, and Yugoslavia.
Iran purportedly produced some of the “best” intelligence stolen by the CIA and BND. “In 1988, 19,000 Iranian messages were decrypted, which was 80-90% of their total traffic,” according to the Crypto Museum.
Crypto AG: guardian of secrets?
Operation Rubicon exposed untold Cold War operations including the the Suez Canal Crisis (1956); the 1973 coup in Chile and overthrow of Salvador Allende’s government; negotiations on the Middle East conflict in the course of the 1978 Camp David Accords negotiations; the 1982 Falklands War between Argentina and UK; the US invasion of Panama; the Iranian Hostage Crisis (1979); and the Berlin Discotheque bombing (1986).
The CIA eventually took over running Crypto AG but all good things must come to an end.
By the late ‘80s, foreign countries were becoming more sophisticated in analyzing cryptographic algorithms and there was an international debate around Public Key Cryptography. Countries began developing their own crypto solutions including Iraq under Sadam Hussein who insisted on domestic production to tighten security.