Here's another spy story for you. Not as thrilling as Winter's excellent ongoing tale but interesting and informative, I hope. I stumbled upon this story while doing some late night googling on the Stuxnet worm. As you know this worm works "by exploiting previously unknown security holes in Microsoft’s Windows operating system. It then seeks out a component called Simatic WinCC, manufactured by Siemens, which controls critical factory operations. The malware even uses a stolen cryptographic key belonging to the Taiwanese semiconductor manufacturer RealTek to validate itself in high-security factory systems."
It seemed unbelievable to me that the German electronic giant Siemens could have released such critical software containing a well known security risk and even more unbelievable that they could have known the code had been leaked for two years and done nothing about it. See my previous comment on this here. Surprisingly (or maybe not), this is not the first time Siemens and Iran have been linked in a far reaching story of espionage, foul play and stolen cryptographic keys. You can judge for yourself if you think Siemens was simply incompetent, or unethical, in selling their easily hackable software to critical industries worldwide or whether their history suggests this may have been the plan.
Note to James: I am leaning towards MIHOP here. So's Eileen!
|On March 18, 1992 Hans Buehler, a top salesman for the Swiss company Crypto AG, was arrested in Tehran, Iran and accused of spying for the US and Germany. For the next nine months, he was held in solitary confinement and questioned repeatedly as to whether he had leaked the codes to Iranian and Libyan encrypted communications to western powers.
A Swedish cryptographer, Boris Hagelin founded Crypto AG in 1952 in Zug, Switzerland. Boris was the renowned inventor of the "Hagelin-machine". Hundreds of thousands of his "Hagelin-machines" were used in World War II on the side of the Allies to decrypt enemy communications. As Switzerland was perceived as a discreet place, a neutral nation that could be trusted, their enciphering devices for voice communication and digital data networks were popular. In the ensuing years, Crypto AG built up long standing relationships with over 130 countries.
"The purchasing nations, confident that their communications were protected, sent messages from their capitals to embassies, military missions, trade offices, and espionage dens around the world, via telex, radio, teletype, and facsimile. They not only conducted sensitive albeit legal business and diplomacy, but sometimes strayed into criminal matters, issuing orders to assassinate political leaders, bomb commercial buildings, and engage in drug and arms smuggling.
Both Iran and Libya had purchased their cryptographic communication equipment from the Swiss company. The Iranians had become suspicious that their codes had been leaked after Ronald Regan had announced to the world that the US had been reading secret Libyan communications in "a speech justifying the retaliatory bombing of Libya for its alleged involvement in the La Belle discotheque bombing in Berlin's Schoeneberg district." This suspicion was further solidified when "the U.S. provided the contents of encrypted Iranian messages to France to assist in the conviction of Ali Vakili Rad and Massoud Hendi for the stabbing death in the Paris suburb of Suresnes of the former Iranian prime minister Shahpour Bakhtiar and his personal secretary Katibeh Fallouch".
Apparently however, the Iranians eventually believed Buehler's story that he did not know anything. In 1993, Crypto AG paid Iran one million German Marks for his return, then promptly fired him a few weeks later ordering him to repay the bond. The reason given was that "Buehler's publicity, especially during and after his return, was harmful for the company". What is more likely is that they had satisfied themselves that Buehler had not given away any of their secrets and because Buehler had been asking some embarrassing questions.
Buehler's story prompted the Swiss and German news media to investigate the company. (Perhaps the Iranians were hoping his release would generate interest in the story.) It turns out, Buehler's belief that Crypto AG was a discreet, neutral company, simply providing the best equipment, was grossly naive. Crypto AG was anything but discreet. In fact, the company had become quite diffuse.
"Swiss television traced the ownership of Crypto AG to a company in Liechtenstein, and from there back to a trust company in Munich. A witness appearing on Swiss television explained the real owner was the German government--the Federal Estates Administration.
According to [the German Newspaper] Der Spiegel, all but 6 of the 6000 shares of Crypto AG were at one time owned by Eugen Freiberger, who resided in Munich and was head of the Crypto AG managing board in 1982. Another German, Josef Bauer, an authorized tax agent of the Muenchner Treuhandgesellschaft KPMG, and who was elected to the managing board in 1970, stated that his mandate had come from the German company Siemens. Other members of Crypto AG's management had also worked at Siemens."
Furthermore, some Crypto engineers came forward to tell of secret dealings and cooperation with the NSA and it's cryptographers, the German BND, American "watchers"and Motorola engineers. The story eventually unraveled and it was learned that for decades, the US had routinely intercepted and deciphered the top secret encrypted messages of 120 countries.
"Crypto AG's enciphering process had been developed in cooperation with the NSA and the German company Siemans [and] involved secretly embedding the decryption key in the cipher text. Those who knew where to look could monitor the encrypted communication, then extract the decryption key that was also part of the transmission, and recover the plain text message. Decryption of a message by a knowledgeable third party was not any more difficult than it was for the intended receiver".
It seems that all the favorite suspects were in on the code cracking scheme. From Wayne Madsen we learn about the involvement of Israel and England.
The role of Israel may be explained by a little-reported intelligence alliance. NSA maintains a link with the Israeli sigint entity, "Department 8200," located in northern Tel Aviv at Herzliya. The sigint link is said to involve the British Government Communications Headquarters (gchq) base on Cyprus. Israel's ability to crack the Iranian Crypto AG codes indicates that Israel had access to the key decoding programs.
Madsen also elaborates on the Siemens connection. Just one big incestuous family.
"A Presidential directive on national security prepared for President Truman states that "Switzerland ... delivers precision instruments and other materials necessary for the armament of the USA and NATO countries [emphasis added]." Germany's BND, too, has apparently cooperated with the US encryption rigging scheme through Siemens Defense Electronics Group of Munich.
This all makes me very suspicious that Siemens and friends in the US and Israel are up to their old tricks. As my husband always says, "Same old shit, just a new pile".
For some further reading:
The Baltimore Sun, About December 4, 1995, pp. 9-11.
No Such Agency Part Four
Rigging the Game
And just to muddy the waters for you a bit, here is yet another case of the involvement of Siemens in Iran's business. In March 2010, Siemens and the Finnish telecoms firm Nokia have yet again been accused of helping the Iranian government monitor calls and texts. (Obviously they have been accused of this before but I don't have a link to that story.)
"German engineering giant Siemens and Finnish telecoms firm Nokia have once again been accused of helping the Iranian government monitor calls and texts.
Nobel prizewinner Shirin Ebadi, speaking on France Culture radio said that some western technology companies are helping the government and called for international economic sanctions.
"Unfortunately, a certain number of firms support the Iranian regime in its repression and censorship," she said.
"It's clearly the case with Siemens and Nokia when they send the Iranian state software and technology that it can use to monitor mobile telephone calls and text messages," she continued."