[0:06]Hi, and welcome to Cybereason's Malicious Life. I'm Ran Levy. Two weeks ago, in a previous episode of our podcast, we told you about the Yom Kippur War of 1973. A dangerous and traumatic war that left a deep scar in the collective memories of the Israelis who lived through it. The southern front of that war, in the Sinai Peninsula, was where some of the fiercest and bloodiest battles took place between the Israeli forces and the powerful Egyptian second and third armies. The echoes of these bloody battles were still fresh in the minds of many Israelis when on September 17th, 1978, the presidents of Israel, Egypt, and the United States stood together on the same stage. On one side, Menachem Begin, a far-right ideologue who throughout his entire political career led a harsh and uncompromising line against Israel's enemies. On the other side, Anwar Sadat, the actual mastermind behind the Yom Kippur War. Now, in a moment you couldn't have imagined, these mortal enemies were shaking hands. Then they gave each other a bear hug. Few peace talks have ever gone so well. It was a crowning achievement for everyone involved. But it was a lie.
[1:44]During that three-way handshake in 1978, there was something that Carter and likely Begin knew, but Sadat and all the rest of us did not. The two sides were spying on the third. Every time Sadat cabled Cairo using his own secret state-of-the-art equipment, the Americans were listening in using a priceless communications hack. Each time Sadat entered into negotiations, his adversaries were one step ahead. The Camp David Accords were so incredibly successful, not necessarily because ideologues became magnanimous or world peace was on the horizon. It's because Egypt was fooled, and they had no clue.
[2:42]America had used the same trick years earlier to prevent a nuclear World War III. It began with Douglas MacArthur, one of the few most vaunted generals in US history. Only five generals have ever been awarded a five-star rank, and he's one of them. When Japan signed over their surrender to conclude World War II, it was MacArthur who signed for the winning side. But in April 1951, at the peak of his popularity, he was fired. President Truman claimed to have fired MacArthur for the sake of, quote unquote, peace, but nobody knew what that really meant at the time. Turns out, he was spying on MacArthur, and for good reason. In private communications, the General was secretly plotting to take his army from Korea into China, and possibly the USSR from there. Using nukes if they needed to. It's ironic that the president who nuked Japan, saved China and Russia from meeting the same fate. Truman spied on his general the same way Carter did Sadat. But these are just two cases among many. Today's episode will be the first part in a series where we explore arguably the biggest, most ambitious hacking operation ever. A secret mission that lasted nearly a century and influenced the course of so many of the most important events of history. The history you thought you knew. Turns out, you know nothing. Welcome to Crypto AG.
[4:36]What is the most famous cybersecurity tool ever created? The answer, of course, is the Enigma. Nazi Germany's signature cryptography machine provided seemingly unbreakable communications for their war effort, until Alan Turing and his colleagues at Bletchley Park found the slightest hint of an Achilles heel. Some have said that these cryptographers were responsible for winning the war for the Allies, or at least shortening it by years. We all know the story by now. But did you know the Enigma had a competitor? A series of machines comparable, almost identical, but sold to the other countries fighting the war. To both sides, actually. And they were all designed by one man. Boris Hagelin wasn't a super genius, and he wasn't destined for greatness in the way that say Alan Turing was. And yet, he is one of the very few people in history whom you can put in the same sentence as someone like Turing. Lean and clean cut, always in a suit and glasses and a fine combed haircut, Hagelin got his first job in the field the old-fashioned way. His daddy gave it to him. His father, Carl, and their family friend, Emanuel Nobel, nephew to that Nobel, were invested in AB Cryptograph, probably the first company ever solely dedicated to cryptography. Emanuel and Carl were convinced of the business application of cryptography, but the owner of the company was obstinate, so they brought in Boris to, quote unquote, oversee things. In an autobiography titled The Story of Hagelin Cryptos, Boris recalled the state of the company. The founder had, quote, succeeded in winning the big four to his project, Marconi, Telefunken, TSF, and Western Union. They financed the construction of four prototypes, but these did not appear to be reliable enough and were too slow, so the project failed, unquote. Their finances weren't good, and soon Boris was made to run the whole company. But he wasn't your typical spoiled rich kid. In 1925, he made the most important move in the company's history, a move that changed his life and then the course of history. In his own words, quote, I happened to hear that the Swedish General staff had received an Enigma machine for study, and I rushed to visit the officer concerned with this matter. I explained to him that AB Cryptograph already had 10 years of experience in the field of cipher machines, and that I would be able to offer something possibly superior to the Enigma, and quote. The General staff wanted a machine similar in size and function to the Enigma. They gave Hagelin six months to design something better. Worst of all, Hagelin was bluffing. His company had nothing that could compete with the Enigma, and he himself was totally unqualified to change that. Quote, Nevertheless, I promised to deliver. In those days, I had no experience whatsoever with cryptography, but I had a certain talent for tinkering. I believed I would be able to build a comparatively compact machine. To build the first model of the machine, Emmanuel Nobel allowed me the sum of 500 kronor, about 134 dollars. I succeeded in producing a prototype within the size limitations and the time authorized, a somewhat primitive model, but still adequate for the evaluation. End quote. The machine, model B21, was black and thick, with two rotors controlled by two pairs of pinwheels and two keyboards, one for typing and the other underwritten by electric lamps, which indicated output letters when you were enciphering or deciphering. Mathematicians for the General staff examined the machine thoroughly, and they approved it instead of the Enigma. This wasn't just an important business deal, it was a fundamental shift in thinking. Nobel and the Hagelins always conceived of cryptography as a business tool. AB Cryptograph was B2B. Now, they were military contractors. During the interwar period, Hagelin designed and pitched his machines to armies outside of Sweden. In 1934, he designed a lunchbox-sized model, the C36, for the French military. He sold its successor, the C38/M209, for use across the entire US military plus the US Navy and Italy. By the 40s, Hagelin machines were outselling the Enigma and encrypting communications across both allied and Axis powers. Hagelin happened to be in Italy at the outbreak of the war. Quote, I was able to leave on the last ship from Europe at Genoa on May 10th, 1940, with two machines in my luggage, before the Italians entered World War II. This trip was to lead to the largest sale of C machines ever made, and quote. Hagelin shipped 50 cryptograph machines from Sweden to Washington, and, quote, after extensive testing, the machine was accepted. The Americans selected it for tactical use, as they did not have any comparable machine at that time, and quote. Cryptograph established a manufacturing line at the LC Smith Typewriter Factory in New York, and they'd go on to produce 140,000 encryption machines for the Americans. A deal worth $8 million total, 2.5 million of which went to Hagelin personally. America and France were far from the only countries interested in Hagelin's cryptography, however. On top of the Enigma, Alan Turing's team at Bletchley Park successfully decrypted Italian communications by decoding the Hagelin equipment Italy had left over from before the war. In another case, Hagelin wrote about his surprise when, quote, one delivery went by an extraordinary way to Japan. The machines were smuggled out by the Japanese military attaché in a night boat passage and picked up by a U-Boat off the coast of Sweden. But very few machines reached their intended destination in Japan, and quote. Hagelin was even more flattered by another more successful enemy operation. Quote, It seems worth mentioning that the German authorities, who years before the war showed no interest in the demonstrated C machines, began, toward the end of the war, manufacturing a copy of the C machine for their own use, because the Enigma machine had been broken by the British. When the Third Reich collapsed, they had only been able to manufacture about 700 machines, and quote. The M209 and its counterparts were instrumental for the Allies during World War II, particularly America. But five years later, the very same machine threatened to undermine America's own national security. The attack surface has never been larger or more diverse, yet defenders are still forced to piece together intelligence from numerous siloed solutions that produce a flood of alerts in order to detect and end complex malicious operations. No more. Defenders can now leverage AI-driven Cybereason XDR, powered by Google Chronicle, to predict, understand, and end sophisticated attacks with the only solution on the market that delivers planetary-scale protection that allows them to predict attacker behavior through a revolutionary operation-centric detection and response approach. Cybereason and Google Cloud are dedicated to teaming with defenders to end cyberattacks from endpoints to the enterprise, to everywhere. Learn more about Cybereason XDR powered by Google Chronicle at cybereason.com/platform/xdr.
[13:41]In 1950, Hagelin was tinkering with his M209. He added a new feature where the key wheels, the rotating gears that produced corresponding letters, would make deterministic but irregular steps, making each new configuration of the machine extra unreadable for any outside party. Additionally, he added a one-time tape, basically a key containing rows and rows of fully random numbers, which add to the characters in an encoded message. Unless you have a copy of the same one-time tape as the sender, you won't know how the letters in each word of their message are modified into new letters. It is theoretically impossible to crack such a system. Hagelin filed for patents on his new design in 10 different countries, indicating an intention to sell it in the global market. On May 22nd, 1951, representatives from multiple US intelligence bodies gathered to discuss the matter. The head of the Armed Forces Security Agency, William Friedman, outlined the implications for the country. Quote, It would be to the advantage of the US government if the proposed new or improved Hagelin crypto equipments were prevented from being developed, manufactured, and sold commercially on the open market, and quote. If an adversary got their hands on the new M209, they would be entirely invulnerable from US signals intelligence.
[15:52]In 1941, Friedman was admitted to the hospital following a nervous breakdown. It's generally thought that he collapsed as a result of the mental strain of cracking purple. Imagine how he must have felt then, discovering that Boris Hagelin created a machine that made purple look like child's play.
[17:14]Quote, The effects of an expanding market for Hagelin machines should not be overlooked, particularly if the proposed new types of Hagelin machines were adopted and used by USSR satellites. Traffic in the new rotor machine, for example, would probably be entirely unreadable, and quote. To solve the Hagelin problem, he proposed a set of terms. The CIA would control which countries he could sell his new unreadable machines to. Hagelin would provide US intelligence with records regarding all of his sales, and the government would reimburse him handsomely in exchange for his troubles and any lost sales as a result of the deal. And there was one further stipulation, motivated by a clever realization. As Friedman noted in his memorandum, quote, representatives of the USSR have visited the Hagelin Cryptography company since 1946, desiring information as to new developments and products, and quote. That was the worst-case scenario. America's newest most dangerous ally, getting hold of Hagelin equipment, unless in collaboration with the CIA, Hagelin sold them the right kind of equipment. In that case, quote, it may be possible to gain technical intelligence applicable to the cryptologic agencies of the USSR satellite countries. End quote.
[18:52]On the 14th of July, 1958, a Pan-Arab insurgent group calling themselves the Free Officers assassinated the king and prince of Iraq, overthrowing their UK-backed monarchy. Almost immediately, faster than could be reasonably be expected, soldiers for the British Army were deployed across the neighboring nation of Jordan, another one of their monarchies. That deployment prevented one uprising from turning into two. How did they act so fast? Well, the Free Officers took inspiration from and were aligned with the Egyptian Free Officers, who three years prior had overthrown their country's monarchy. Gamal Nasser, Egypt's new president, was pulling the strings, but Britain's GCHQ, in partnership with the NSA, were watching his moves. Because when Nasser's government sent encrypted cables to its Iraqi allies, they did so using hacked Hagelin machines. So no, the CIA didn't actually prevent Hagelin from selling to non-allied countries. In fact, they encouraged him to do it. Hagelin would sell his machines to any other government, even adversaries. However, those countries would receive machines pre-arranged to be readable by US and allied intelligence agencies. This one decision, to not prevent, but rather manipulate the sale of a presumably private company's encryption equipment, enabled a half-century's worth of intelligence. Intelligence that impacted many of the most significant events to occur in the following decades, the coup in Iraq, General MacArthur in Korea. Camp David. Or consider for instance, Operation Condor, a brutal campaign of political repression, torture and mass murder across military dictatorships in South America in the 1970s. Some have speculated if the US had any hand in it. In fact, three US presidents were fully aware of the atrocities in real time, thanks to hacked Hagelin machines. A few years after that, one of the worst diplomatic events in US history, a mob of militarized college students breached the US Embassy in Tehran and took 52 hostages. They were held for 444 days, during which time the NSA was reading about 85% of the Ayatollah Khomeini's communications. These are just some of the dozens, likely hundreds of major world events that were monitored, influenced, or otherwise subverted by the agreement known as Operation Rubicon, between US and allied intelligence agencies and the Swedish inventor, Boris Hagelin. It was the single largest spying operation in known history.
[22:06]1952 was an important year for both Hagelin and Friedman. Following the outbreak of the Korean War, President Truman's government decided to collect US communications intelligence under the umbrella of a new organization they called the National Security Agency. Friedman was named its first ever chief cryptologist. Following his agreement with and new funding from the CIA and NSA, Hagelin founded a new company, called Crypto AG. AG being the Swiss equivalent of LTD. And while not everybody in US intelligence came to love Hagelin, Friedman certainly did. Now in their 60s, the two developed a close relationship. They bounced ideas off of one another regarding Hagelin's new models. Whenever Hagelin found issue with the government's side of the deal, he went to Friedman first, and when he visited Washington DC, he stayed at Friedman's home. Their wives became friends, and when they were away, they exchanged letters frequently. From Christmas 1953, quote, Dear Bill, first of all, I want to thank you and Elizabeth for all your hospitality during my stay in Washington. I certainly enjoyed it very much and my talks with you were most valuable to me, as they enabled me to find the foundation for my future work. We are all well here, and hope that you and Elizabeth will also pass the holidays in the best of health and in fine spirits. We send our best wishes for a Happy New Year and hope to meet you soon again. Affectionately, Boris, and quote. Everything seemed to be going quite well, at least for a short while. But in 1955, following a trip to Crypto AG's manufacturing plant in Switzerland, Friedman suffered a heart attack. He retired shortly thereafter, leaving Hagelin and US intelligence, already on uneasy terms, to continue on their own. To make matters worse, Hagelin himself began planning to retire. After fully establishing Crypto AG, he'd hand over the new company to his son, Bo. But not everybody liked Bo. He was quite different from his father and had some different ideas for the future of the company. Friedman always kept an eye on the young man, who was intentionally non-informed of the full scope of what his father had agreed to. With Friedman out of the picture and Hagelin planning retirement, the future of Crypto AG was in sight for Bo. And so the most promising spying operation in America's modern history laid with a young man, a wild card, as he was called, who never actually agreed to anything.
[25:40]That's it for this episode. Thank you for listening. Not a lot of updates this week, except maybe for one. Jack Rhysider from Darknet Diaries tweeted a few days ago that he underwent surgery in one of his ears to regain his hearing in that ear. So, firstly, Jack, we're sending you our best wishes, hoping for speedy recovery from all the Malicious Life team. And secondly, all that time and all these great episodes, and you were only using one ear? Really? Wow, I'm truly impressed. And I'd like to welcome Hadass Drucker, our newest team member, who replaces Sarah as our social media manager. Can we make #WelcomeHadass viral on Twitter? Let's try. Tweet something nice to Hadass at @MaliciousLife and make sure to include #WelcomeHadass. A great way to start a new job, I think. Malicious Life is produced by PIME Media. This episode and the entire Crypto AG series was produced by Nate Nelson, with sound design by Yotam Halahmi. Our website is Malicious.Life, where you'll find all of our past episodes with full transcripts. Thanks to Cybereason for underwriting the podcast. Learn more at Cybereason.com. Bye-bye.
