Cybereason was recognized for high employee satisfaction, good company culture, high ratings of senior leadership, exceptional company performance and the ability to attract and retain talent...
Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:All Posts by Malicious Life Podcast
The problem with conspiracy theories is that they’re illogical…except, once in a while, they turn out to be true. Like, for example, how the CIA was spying on civil rights leaders in the ‘60s. Or how the CIA supplied arms to terrorists in South America. Or how the CIA trafficked drugs, or how the CIA-…
Well, you get the idea. Sometimes conspiracies are real but, because they still sound so outlandish, most of us justifiably don’t believe them. In fact, why would we want to? To be privy to something the rest of the world is completely unaware is happening? How awful must that be?
You could ask Sigmar Horst-Joachim Grützmann, known to friends and colleagues as “Mickie.”
Mickie was working for the German manufacturing company Siemens when, in 1979, the CIA and BND recruited him to run research and development for Crypto AG. His predecessor, Peter Frutiger, had just been fired for having helped the Syrian military fix their voice encryption equipment. By piecing together — on his own — what his company was really up to, Frutiger had become incredibly dangerous to the CIA. And so Grutzmann was treated much differently.
His wife recalled a trip to the States where, quote, “my husband was away all the time. All he said was he had business meetings.” Speaking to a Swiss documentary crew, she talked about how he couldn’t ever tell her where he was going during all these secret meetings. When they drove together, she’d drop him off blocks away from where he was actually supposed to be. Like, one day, quote:
“It was a road in a forest or a park, and there was a gate no less than 20 or 30 meters wide. I dropped him off and he went away. Based on what I know today, I guess the CIA was preparing him for what he was meant to do in the firm.”
Grutzmann was made aware of the true purpose of the company, which made him one of only a select few. But as Grutzmann went country to country, peddling security products he knew were rigged, he started to feel a pressure build. “I would regularly pick him up in Zurich,” his wife told reporters, “and notice a smell of alcohol on his breath. I guess there was something he wanted to numb.” A CIA document noted how, quote, “He seemed always nervous, a frightened man who shared a secret that he couldn’t quite shoulder.” Before long, Grutzmann was fired.
But the pressure never left and, after some time, he cracked. He couldn’t hide it any longer. He told his family everything: Crypto AG is being controlled by the CIA! In doing that, arguably, Mickie was putting his own life in danger, and his family’s lives as well. But his wife didn’t quite see it that way. Years later, she recalled what it was like to know firsthand about the world’s greatest spying operation. Quote:
“He said, “Stop talking about Crypto. We’re being watched.’ We were not to mention it at all. Nor did he want us to mention the CIA. That’s what he actually said. And we thought he was a boozer thinking up some silly stories. We thought he’d gone mad. We didn’t take him seriously.”
Mickie Grutzmann’s family could possibly have been the first outside civilians with knowledge of the world’s greatest spying operation. They knew all the details, firsthand, from one of the few people on Earth who could’ve told them. Yet they didn’t believe him. They thought he was losing his mind.
To say that Mickie Grutzmann was one of only a few people at Crypto AG who knew the purpose of the company may even be an understatement. It’s likely that he was, actually, one of only two: that the only other person who knew was the CEO. Which raises the question: How?
That’s what our final episode in this series is going to explore: how a spying operation affecting over 100 countries, for 70 years, was kept secret the whole time — from governments, from militaries and intelligence services, and even the company’s own personnel.
Because Crypto AG, by this point in the story, was large and thriving. At its peak, it employed over 400 people. It’s not that hard to keep a secret from some employees — the middle-managers, the interns, you know — but we’re talking about the people who organize the supply chain for parts, the salesmen peddling these machines, the engineers actually building them, all of them unaware that they were pawns in a grand, international espionage plot.
…Most of them.
In our last episode you met Heinz Wagner — the charismatic, good-looking CEO of Crypto AG in the 1970s. Wagner was an effective businessman, but made some crucial mistakes. One such mistake was hiring a woman named Mengia Caflisch.
Dr. Caflisch was an extremely gifted electrical engineer. Young and good-looking, with large, brown eyes and tan skin, she spent her early career as a radio-astronomy researcher at the University of Maryland, then decided to return home to Switzerland. So she applied to work for Crypto AG. Wagner recognized her obvious talent. As the Washington Post writes, he, quote, “jumped at the chance to hire her.” NSA officials also recognized her unique skill, but they reacted differently. To them she was, quote, “too bright to remain unwitting.”
Soon after joining, Caflisch began to probe Crypto AG’s cipher machines, looking for any weaknesses. She probably just wanted to help. She probably thought it was her job.
She started working with a colleague from her department named Jorg Spoerndli. Spoerndli was another engineer too talented for his own good. Like Caflisch, he thought, quote, “The algorithms always looked fishy.” So just a few months prior, on his own, he optimized the cryptologic for Crypto AG’s T-450: an encryption device designed for teleprinter communication. With Spoerndli’s changes, the T-450 algorithm became completely impenetrable. According to the Crypto Museum, quote: “The event led to an internal crisis at Crypto AG, but in the end, the NSA won the argument.” They re-weakened the algorithm.
With her talent and his knowledge he had of the teleprinter vulnerabilities, Caflisch and Spoerndli ran a series of plaintext attacks against some other models. As he recalled, quote, “We looked at the internal operations, and the dependencies with each step.” Using an HC-570 — a desktop encryptor that looks like an Apple II computer — they discovered that they could crack messages by comparing just 100 enciphered characters with the original, unencrypted text.
Imagine you’re sending a message — a long one, maybe a top-secret intelligence report. So long as an adversary has — or can guess — around 100 characters of that message, using this plaintext attack method, they can decode the rest. 100 characters, for reference, is only about as long as the sentence I’m currently narrating to you now.
Caflisch continued to probe other models for security holes. At one point, she created a cryptologic algorithm so secure that the NSA couldn’t crack it. Somehow, it slipped past censorship and onto the factory floor. Crypto AG manufactured 50 uncrackable HC-740s before the NSA discovered what was going on. At that point, they restored the vulnerable algorithm, and sold the 50 unbreakable 740s to banks in order to keep them away from foreign government targets.
The more Caflisch looked into it, the more confusing it became. “I just had an idea that something might be strange,” she told reporters, but when she asked what was going on, quote, “not all questions appeared to be welcome.” More of her colleagues began to develop their own suspicions. Another engineer spoke anonymously with The Baltimore Sun, quote:
“On numerous occasions, this engineer says, he was given schematic diagrams for the algorithms, the crucial mathematical formulas that control the encryption. Though the designs were handed over to him by superiors at Crypto, it became clear to him that they were developed outside the company – by the mysterious U.S. and German visitors who occasionally came to the plant.”
The word was that these visitors were “consultants” from a firm called “Intercomm Associates.”
As more questions arose, Heinz Wagner couldn’t preserve the mystery any longer. He convened a meeting of select members of Crypto AG’s R&D department and admitted, finally, that the company, quote: “was not entirely free to do what it wanted.”
Some assumed that that meant government regulators were involved. Because what else could it mean? That their company was being puppeted by shady secret agents from foreign governments? As Caflisch told the Post, quote, “either you had to leave or you had to accept it in a certain way.”
And that’s how you keep a secret from 400 employees. Were there signs? Of course. But the truth behind Crypto AG was just so outlandish that, even when they saw the big, red flags, employees were willing to accept the explanations they were given. It was just… easier that way.
So that’s how employees were kept in the dark. But what about countries? It’s almost unbelievable, when you think about it: at least 60, if not over 100 nations were impacted in the seven decades of Crypto AG’s operation. Their governments and militaries had their own, top-level engineers vetting the equipment severely, as it would be used directly in their most sensitive communications imaginable. How didn’t they find out what was going on?
In fact, some of them did. What’s interesting is that, even after they discovered something was wrong, they continued to buy Hagelin machines.
Consider Argentina. In 1977, the new military junta governing Argentina purchased Hagelin H-4605 machines, and arranged for the same machines to be sold to other South American dictatorships in the Operation Condor network. Shortly thereafter, however, officers began to suspect something wrong. They summoned a group of officials from the company, including the charismatic CEO Heinz Wagner, to come visit them and talk. From The Washington Post, quote:
“The Argentines demonstrated their attack” showing weaknesses in the Crypto equipment and “demanded an explanation,” [a CIA document] says. “Wagner was frightened almost out of his wits. This was a regime that reputedly threw dissenters out of airplanes unequipped with parachutes. Who would miss an obscure Swiss CEO who failed to return from a business trip?”
Crypto’s executives — to avoid, you know, being thrown out of a plane — offered a fix. It was a fake fix, of course, that made the machines superficially more secure but, in fact, still readable.
You might ask: why did the Argentines agree to keep buying with Crypto AG, if they figured out the company was trying to dupe them the first time? Well, quote:
“They “accepted” [. . .] “on the promise” that Crypto officials “not tip off” other Latin American countries that also were Crypto customers. Buenos Aires wanted its neighbors to remain ignorant of the vulnerability, so that Argentina could spy on them.”
The Argentine military junta remained a customer until, five years later…
In 1982, Argentina attacked British territories in the South Atlantic Ocean. The Falklands War was a surprise, catching Britain completely off-guard. This, in spite of the fact that Argentina was a customer of Crypto AG, and so Britain, through America, had visibility into their internal communications. Distraught and angry, Ted Rowlands — Minister of State for the U.K. Foreign Office — got on the floor of Parliament and declared his dismay. Quote:
“I have great difficulty in understanding how the intelligence failed. Our intelligence in Argentina was extremely good. That is why we took action in 1977. We found out that certain attitudes and approaches were being formed. I cannot believe that the quality of our intelligence has changed. Last night the Secretary of State for Defense asked “How can we read the mind of the enemy?” I shall make a disclosure. As well as trying to read the mind of the enemy, we have been reading its telegrams for many years. I am sure that many sources are available to the Government, and I do not understand how they failed to anticipate some of the dangers that suddenly loomed on the horizon.”
The Argentines now knew that they were being spied on, yet they remained customers of Crypto AG for another dozen years. In that they were just like so many other countries which, even after discovering their machines were vulnerable, ultimately continued to buy them.
The reason why is, ultimately, the reason why so many other customers that might have otherwise picked up on the ruse, in fact, did not. Because Crypto AG had a few very special people, like Kjell-Ove Widman.
In the late ‘70s, as engineers like Caflisch, Spoerndli and others, and as countries like Argentina were slowly catching onto the scam, the CIA and BND went out to recruit someone who could improve their algorithms. Someone who could make them appear stronger, without making them actually any stronger. That’s how they found Widman.
Widman was a celebrated mathematician and cryptologist, and a close partner of Swedish intelligence. It was relevant, too, that as a student he’d spent a year in Washington state, where he developed an affinity for America. So, in all, he was a prime candidate for Crypto AG. From The Washington Post, quote:
“Officials involved in Widman’s recruitment described it as almost effortless.
After being groomed by Swedish intelligence officials, he was brought to Munich in 1979 for what purported to be a round of interviews with executives from Crypto and Siemens. The fiction was maintained as Widman faced questions from a half-dozen men seated around a table in a hotel conference room. As the group broke for lunch, two men asked Widman to stay behind for a private conversation.
“Do you know what ZfCh is?” asked Jelto Burmeister, a BND case officer, using the acronym for the German cipher service.
When Widman replied that he did, Burmeister said, “Now, do you understand who really owns Crypto AG?”
At that point, Widman was introduced to Richard Schroeder, a CIA officer stationed in Munich to manage the agency’s involvement in Crypto. Widman would later claim to agency historians that his “world fell apart completely” in that moment.
If so, he did not hesitate to enlist in the operation. Without even leaving the room, Widman sealed his recruitment with a handshake. As the three men joined the rest of the group at lunch, a “thumbs up” signal transformed the gathering into a celebration.”
Widman was made a “scientific advisor” but, according to the CIA, he was much more. “Irreplaceable,” they called him — the, quote, “most important recruitment in the history of the Minerva program.” He bought into the plot 100%, and was so intimidatingly intelligent that nobody wished to question his work. Quote: “His stature cowed subordinates, investing him ‘with a technical prominence that no one in CAG could challenge.’ It also helped deflect the inquiries of foreign governments.” Widman helped create a new set of algorithms which were, quote, “‘undetectable by usual statistical tests’ and, if discovered, be ‘easily masked as implementation or human errors.’”
So, in 1982, when a British MP let slip that GCHQ was reading Argentine military-government communications for years, it was Widman who was sent to quell the situation. Widman explained to the junta: it was probably that the NSA had cracked their outdated speech scramblers. Their Crypto machines? He could demonstrate for them just how “unbreakable” they were. As the CIA recalled, quote, ““The bluff worked. The Argentines swallowed hard, but kept buying CAG equipment.”
By giving employees the impression that they were government-regulated, and convincing countries that they were not, in fact, the source of their communications hacks, Crypto AG maintained its legitimacy for decades. Even still, it’s remarkable that they survived the mid-1990s.
In 1994, Peter Frutiger appeared on Swiss television, and explained the whole plot. It didn’t work. Crypto’s new CEO, Michael Grupe, appeared in a T.V. interview shortly thereafter. According to the internal CIA history, quote, “Grupe’s performance was credible, and may have saved the program.”
One year later, The Baltimore Sun newspaper ran a series of articles exposing Crypto AG as an NSA operation. If you go back and read it, it becomes very obvious that they were not only 100% correct, but got almost all the details too, a whole quarter century before anybody really cared to listen. Around half a dozen countries paused or ended their Crypto AG contracts as a result of the increased scrutiny during this period, but remember: Crypto AG had around 60 countries on its books. 90% of them, apparently, didn’t watch Swiss T.V. or read newspapers from Baltimore.
The company continued on until, in the mid-2010s, the mysterious, undisclosed investors behind Crypto AG began to break it up. According to The Post, quote, “The transactions seemed designed to provide cover for a CIA exit.” The Swiss part of the business was transferred to a firm called “CyOne,” and much of the rest of the business was sold to a man named Andreas Linde.
Linde is a Swedish entrepreneur — like his antecedent Hagelin — but with a friendlier face: combed blonde hair, light blue eyes, and big, round cheeks. Linde had previously founded a risk management company, a cyber security company, and was CEO of Advenica, a 500 million dollar company based in his home country. He was then drawn to Crypto AG for its Swedish heritage, and because of the legendary Boris Hagelin. Following his acquisition in 2018, in fact, he put some of Hagelin’s historic machines on display at the entrance of their machine factory.
To be clear, though, Linde hadn’t bought the Crypto AG company, just most of its assets — the international accounts and products and so on. The headquarters itself was sold to a separate real estate company, and Linde’s company operated as an entirely different entity from that which operated Crypto AG prior.
This is an important distinction because of what happened in January, 2020. Two years after his acquisition — seven whole decades after William Friedman and Boris Hagelin shook hands on their “gentleman’s agreement” — Linde sat down with a reporter from The Washington Post. Quote, “when confronted with evidence that Crypto had been owned by the CIA and BND, Linde looked visibly shaken.” Linde told the reporter: through the entire acquisition process, he’d never learned the identities of Crypto’s beneficiaries.
It may sound surprising, but remember: in the very early days, Hagelin himself had arranged a series of shell companies in Lichtenstein, through which he could avoid the high taxation in Switzerland. Later, the CIA and BND leveraged the same network to hide their ownership even from their own governments. Quote: “When asked why he failed to confront [those who were] involved in the transaction about whether there was any truth to the long-standing Crypto allegations, Linde said he had regarded these as ‘just rumors.’”
One month later, the world learned the truth about Crypto AG. The Swiss government suspended Linde’s export licenses, and the company laid off its entire workforce as they headed for bankruptcy. It’s somewhat ironic, how it happened that way. The Crypto Museum explained how, quote:
“Although it was initially thought that all evidence had been destroyed, [a Swiss parliamentary] commission later found a trove of documents in a so-called K-Anlage, a Cold War atomic bunker in which state secret documents are kept. The documents confirmed that the Swiss [government] had been aware of the operation from at least 1993 onwards [. . .] and that they had used the intelligence derived from the operation.”
Maybe it’s because Covid-19 was breaking out at the very moment Crypto AG was revealed, maybe it’s because other countries were embarrassed to admit their failures, but the fact remains: even after seven decades of spying, the governments of the United States, Germany, Switzerland, and the other countries that benefited from the Crypto AG operation never really experienced any consequences for it.
Instead, all the consequences fell to the individuals who didn’t know better. Andreas Linde, who must have lost a fortune. Employees of Crypto AG, who never had any clue that the work they dedicated their lives to was, in fact, on behalf of foreign governments. “I feel betrayed,” one technician told the Sun. “They always told us, ‘We are the best. Our equipment is not breakable, blah, blah, blah. … Switzerland is a neutral country.’”
Mengia Caflisch continued to work for Crypto AG for over a decade and a half, until the age of 50. During all that time, she never learned the full truth. “There were reasons I left,” she told reporters, recalling the suspicions she’d had and the pushback she faced for it. When the full story was revealed to her, as a 75 year old woman, she lamented. Quote: “It makes me wonder whether I should have left earlier.”
Eventually, Jorg Spoerndli had pieced together why Crypto AG kept rejecting his improved algorithms. He told reporters why, even though he knew, he never revealed the truth. Quote: “I told myself sometimes it may be better if the good guys in the United States know what is going on between these Third World dictators. But it’s a cheap self-excuse. In the end, this is not the way.”
Four decades after the fact, Mickie Grutzmann’s family received the news along with the rest of us. He wasn’t crazy, after all. His rantings and ravings about CIA spying: he was telling them the truth the whole time.
Think about all those years of suffering — of living with the secret, of shouting it out to the world and not being believed. The story of Crypto AG was revealed to the world in February of 2020, but Grutzmann had passed away in 2016. Just four years before he would have received his long overdue validation.
Speaking to a documentary film crew, there’s a point at which Grutzmann’s wife puts her head down, thinking, too sad to talk about it. Her daughter, sitting beside her, speaks for her. Quote:
“It really hurts when you think of it.”