For decades, the Central Intelligence Agency was a secret owner of a Swiss encryption firm, giving U.S. officials the ability to read encoded documents from both allies and enemy nations, according to a CIA analysis obtained by the Washington Post and the German public broadcaster ZDF.
The two news outlets reported Tuesday that the Swiss firm Crypto AG made millions of dollars selling equipment to more than 120 countries on the premise that Switzerland’s political neutrality made its technology reliable. Clients included Iran, India, Pakistan, and countries throughout Latin America.
But the company’s real owner was the CIA in a secret partnership with West German intelligence, which rigged the company’s devices so that messages from foreign countries could easily be decrypted. The project — code-named “Thesaurus” and later “Rubicon” — had been rumored for decades, but the new report is believed to be the first to confirm its existence.
“It was the intelligence coup of the century,” the CIA’s analysis concluded, according to the report. “Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
On Wednesday, Swiss officials said that they are investigating the claims made in the report to determine if the company broke any local laws, according to a Reuters report.
The Post said that Operation Thesaurus / Rubicon began in 1970, when the company was secretly purchased by the CIA and West German intelligence. Together, they monitored communications from Iran’s mullahs, Argentina’s military during the Falkland Wars, and Libyan officials. The U.S. acquired West Germany’s part of the organization in the early 1990s.
The U.S. couldn’t use the program to spy on the Soviet Union or China, which were never Crypto clients. The CIA’s report suggests U.S. officials gleaned information on their Cold War foes by monitoring other countries’ communications with Moscow and Beijing.
CIA officials may have been able to exploit Crypto AG until as recently as 2018, when the company was sold to private buyers, according to the report.
The Post said that none of the companies that purchased Crypto AG assets in 2018 has any “ongoing connection to any intelligence service.” The newspaper said that the CIA and German intelligence declined to comment, though officials in both countries didn’t dispute the authenticity of the documents.
The CIA’s analysis consists of a 96-page account of the operation completed in 2004 by the agency’s Center of the Study of Intelligence. German intelligence also compiled an oral history of the project in 2008.
The documents showed that Crypto was an overwhelming success despite occasional friction between the CIA and West Germany. At times, Crypto accounted for 40 percent of the diplomatic cables and other transmissions that cryptanalysts at the National Security Agency decoded and mined for intelligence, according to the Post.
Crypto generated millions of dollars of profits, which the CIA and West Germany split and used to fund other operations.