As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm's software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill -- and concern in the Pentagon about the potential exposure of its contractors to the hack -- there has been no public U.S. government assessment of who carried out the hack, and what data was accessed.

Lawmakers are now hoping that, by cracking open the Juniper cold case, the government can learn from that incident before another big breach of a government vendor provides attackers with a foothold into U.S. networks. Members of Congress also are examining any role that the NSA may have unwittingly played in the Juniper incident by allegedly advocating for a weak encryption algorithm that Juniper and other firms used in its software. Lawmakers want to know if, more than a decade ago, the NSA pushed for a data protection scheme it could crack, only for another state-sponsored group to exploit that security weakness to gather data about the U.S. "Congress has a responsibility to determine the root cause of this supply chain compromise and the NSA's role in the design and promotion of the flawed encryption algorithm that played such a central role," Wyden and other lawmakers wrote to Gen. Paul Nakasone, head of the NSA and U.S. Cyber Command, in a letter made public Friday.

Four European apps which secure user data via end-to-end encryption, ProtonMail, Threema, Tresorit and Tutanota, have issued a joint-statement warning over recent moves by EU institutions that they say are setting lawmakers on a dangerous path to backdooring encryption. From a report: Last month the EU Council passed a resolution on encryption that's riven with contradiction -- calling for "security through encryption and security despite encryption" -- which the four e2e app makers believe is a thinly veiled call to backdoor encryption. The European Commission has also talked about seeking "improved access" to encrypted information, writing in a wide-ranging counter-terrorism agenda also published in December that it will "work with Member States to identify possible legal, operational, and technical solutions for lawful access." Simultaneously, the Commission has said it will "promote an approach which both maintains the effectiveness of encryption in protecting privacy and security of communications, while providing an effective response to crime and terrorism." And it has made it clear there will be no 'one silver bullet' as regards the e2e encryption security 'challenge.' But such caveats are doing nothing to alleviate the concerns of e2e encrypted app makers -- who are convinced proposals from the Council of the EU, which is involved in adopting the bloc's laws (though the Commission usually drafts legislation), sums to an push toward backdoors.

"While it's not explicitly stated in the resolution, it's widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors," the four app makers write, going on to warn that such a move would fatally underline the security EU institutions also claim to want to maintain. "The resolution makes a fundamental misunderstanding: Encryption is an absolute, data is either encrypted or it isn't, users have privacy or they don't," they go on. "The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizen's home and might begin a slippery slope towards greater violations of personal privacy."

Long-time Slashdot reader SonicSpike shares a recent Wired.com article that purports to reveal "how law enforcement gets around your smartphone's encryption." Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools...

once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone. Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It's true that you need a specific type of operating system vulnerability to grab the keys — and both Apple and Google patch as many of those flaws as possible — but if you can find it, the keys are available, too...

Forensic tools exploiting the right vulnerability can grab even more decryption keys, and ultimately access even more data, on an Android phone.
The article notes the researchers shared their findings with the Android and iOS teams — who both pointed out the attacks require physical access to the target device (and that they're always patching vulnerabilities).

The US National Security Agency has issued a security advisory this month urging system administrators in federal agencies and beyond to stop using old and obsolete TLS protocols. From a report: "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used," the agency said. "Using obsolete encryption provides a false sense of security because it seems as though sensitive data is protected, even though it really is not," the agency added. Even if TLS 1.2 and TLS 1.3 are deployed, the NSA warns against configuring these two protocols with weak cryptographic parameters and cipher suites.

The Intercept's Nikita Mazurov warns that Zoom has digital watermarks that could expose sources working with journalists or government officials. An anonymous reader shares an excerpt from the report: Many users may not realize it, but Zoom has the capability to insert both video and audio watermarks into a meeting. The video watermarks are readily perceptible to meeting participants. When enabled, the video watermarking feature superimposes the username portion of each participant's email address over the content they are viewing when another participant shares their screen and places the same watermark over the current active speaker. Because the video watermark appears across the entirety of the video frame, blurring may adversely impact the visibility of the underlying material. In contrast, the audio watermarks are not readily perceptible to casual listeners, though they are what in watermarking parlance is known as "overt." That means the fact that they are embedded is easily discerned by meeting participants: When a Zoom meeting has the audio watermark, or what Zoom also calls the "audio signature," feature enabled, the meeting will have a green circular icon with a sound wave and a padlock at the top left of the frame next to the encryption icon.

It is not immediately apparent at what point Zoom injects its "ultrasonic" audio watermark into the audio stream -- whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom's built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark. Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.

Aside from Zoom's own watermarks, a number of elements appearing on an individual's own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for...

Brian Acton is crossing paths again with Facebook. From a report: Over more than a decade of building and operating WhatsApp, the company's co-founder first competed against and then sold his instant messaging app to the social juggernaut. Only a few years ago he parted ways with the company that made him a billionaire in a bitter split over messaging and privacy. Now Acton says the ongoing outrage over what Facebook has done to the messaging service he helped build is driving people to his latest project -- Signal. Acton, who serves as the executive chairman of the privacy-conscious messaging app's holding company, told TechCrunch in an interview that the user base of Signal has "exploded" in recent weeks. "The smallest of events helped trigger the largest of outcomes," said Acton on a video call. "We're also excited that we are having conversations about online privacy and digital safety and people are turning to Signal as the answer to those questions." "It's a great opportunity for Signal to shine and to give people a choice and alternative. It was a slow burn for three years and then a huge explosion. Now the rocket is going," he said. The event Acton is referring to is the recent change in data-sharing policy disclosed by WhatsApp, an app that serves more than 2 billion users worldwide. Poll: Which Messaging App Do You Prefer To Use?

An anonymous reader quotes a report from The Verge: WhatsApp has published a new FAQ page to its website outlining its stances on user privacy in response to widespread backlash over an upcoming privacy policy update. The core issue relates to WhatsApp's data-sharing procedures with Facebook, with many users concerned an updated privacy policy going into effect on February 8th will mandate sharing of sensitive profile information with WhatsApp's parent company. That isn't true -- the update has nothing to do with consumer chats or profile data, and instead the change is designed to outline how businesses who use WhatsApp for customer service may store logs of its chats on Facebook servers. That's something the company feels it is required to disclose in its privacy policy, which it's now doing after previewing the upcoming changes to business chats back in October.

But a wave of misinformation on social media, not helped by Facebook's abysmal track record on privacy and its reputation for obfuscating changes to its various terms of service agreements, has resulted in a full-blown WhatsApp backlash that has users fleeing to competitors like Signal and Telegram. [...] WhatsApp executives, as well as Instagram chief Adam Mosseri and Facebook AR / VR head Andrew "Boz" Bosworth, are now trying to set the record straight, perhaps to little avail at this point.

"We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way. Instead, this update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data," the company writes on the new FAQ page. It also stresses in the FAQ that neither Facebook nor WhatsApp read users' message logs or listen to their calls, and that WhatsApp doesn't store user location data or share contact information with Facebook. (It's also worth noting that data sharing with Facebook is extremely limited for European users due to stronger user privacy protections in the EU.) WhatsApp chief Will Cathcart also took to Twitter a few days ago to post a thread (later shared by Bosworth in the tweet above) trying to cut through the confusion and explain what's actually going on. "With end-to-end encryption, we cannot see your private chats or calls and neither can Facebook. We're committed to this technology and committed to defending it globally," Cathcart wrote. "It's important for us to be clear this update describes business communication and does not change WhatsApp's data sharing practices with Facebook. It does not impact how people communicate privately with friends or family wherever they are in the world."

According to founder and CEO Pavel Durov, Telegram gained 25 million new users in the last 72 hours as it smashed past the 500 million active monthly user mark. Android Police reports: For comparison, the app averaged around 1.5 million new users per day in 2020, which was impressive enough already. Durvov says that this is down to his company's simple privacy and security promise, above all else.

The bulk of the new users are coming from Asia (38%), Europe (27%), and Latin America (21%), with around 8% signing up from the MENA region (Middle East and North Africa). Although not explicitly noted in Durov's post, there is likely a good number of Parler orphans joining Telegram -- although there are differences between the functions of the two apps, there's talk that former Parler users are heading to encrypted messaging apps in search of a more private platform. Signal has seen a similar rise in popularity for the same reason.

"With the runaway success of the new ARM-based M1 Macs, non-x86 architectures are getting their closeup," explains a new article at ZDNet.

"RISC-V is getting the most attention from system designers looking to horn-in on Apple's recipe for high performance. Here's why..." RISC-V is, like x86 and ARM, an instruction set architecture (ISA). Unlike x86 and ARM, it is a free and open standard that anyone can use without getting locked into someone else's processor designs or paying costly license fees...

Reaching the end of Moore's Law, we can't just cram more transistors on a chip. Instead, as Apple's A and M series processors show, adding specialized co-processors — for codecs, encryption, AI — to fast general-purpose RISC CPUs can offer stunning application performance and power efficiency. But a proprietary ISA, like ARM, is expensive. Worse, they typically only allow you to use that ISA's hardware designs, unless, of course, you're one of the large companies — like Apple — that can afford a top-tier license and a design team to exploit it. A canned design means architects can't specify tweaks that cut costs and improve performance. An open and free ISA, like RISC-V, eliminates a lot of this cost, giving small companies the ability to optimize their hardware for their applications. As we move intelligence into ever more cost-sensitive applications, using processors that cost a dollar or less, the need for application and cost-optimized processors is greater than ever...

While open operating systems, like Linux, get a lot of attention, ISAs are an even longer-lived foundational technology. The x86 ISA dates back 50 years and today exists as a layer that gets translated to a simpler — and faster — underlying hardware architecture. (I suspect this fact is key to the success of the macOS Rosetta 2 translation from x86 code to Apple's M1 code.)

Of course, an open ISA is only part of the solution. Free standard hardware designs — with tools to design more — and smart compilers to generate optimized code are vital. That larger project is what Berkeley's Adept Lab is working on. As computing continues to permeate civilization, the cost of sub-optimal infrastructure will continue to rise.

Optimizing for efficiency, long-life, and broad application is vital for humanity's progress in a cyber-enabled world.
One RISC-V feature highlighted by the article: 128-bit addressing (in addition to 32 and 64 bit).

A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys. From a report: The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an ECDSA private key, would allow threat actors to clone Titan, YubiKey, and other keys to bypass 2FA procedures. However, while the attack sounds disastrous for Google and Yubico security key owners, its severity is not what it seems. In a 60-page PDF report, Victor Lomne and Thomas Roche, researchers with Montpellier-based NinjaLab, explain the intricacies of the attack, also tracked as CVE-2021-3011. For starters, the attack won't work remotely against a device, over the internet, or over a local network. To exploit any Google Titan or Yubico security key, an attacker would first need to get their hands on a security key in the first place.

Signal, an encrypted messaging app that competes with other services including Facebook's WhatsApp, said Thursday that verification codes used to create new accounts were delayed because of a flood of new users. From a report: "We are working with carriers to resolve this as quickly as possible," the non-profit foundation said in a tweet. "Hang in there." The surge came just hours after Elon Musk endorsed the service and amid reported changes to WhatsApp's terms of service.

References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services. From a report: Experts believe officials must have copied and pasted chunks of text from old legislation into the document. The references are on page 921 of the trade deal, in a section on encryption technology. It also recommends using systems that are now vulnerable to cyber-attacks. The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x." The latter two are now defunct - the last major release of Netscape Communicator was in 1997. The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.

On Tuesday, the American Civil Liberties Union filed a new lawsuit demanding information about the FBI's Electronic Device Analysis Unit (EDAU) -- a forensic unit that the ACLU believes has been quietly breaking the iPhone's local encryption systems. The Verge reports: "The FBI is secretly breaking the encryption that secures our cell phones and laptops from identity thieves, hackers, and abusive governments," the ACLU said in a statement announcing the lawsuit, "and it refuses to even acknowledge that it has information about these efforts." The FBI has made few public statements about the EDAU, but the lawsuit cites a handful of cases in which prosecutors have submitted a "Mobile Device Unlock Request" and received data from a previously locked phone. The EDAU also put in public requests for the GrayKey devices that found success unlocking a previous version of iOS.

In June 2018, the ACLU filed a FOIA request for records relating to the EDAU, but the FBI has refused to confirm any records even exist. After a string of appeals within the FOIA process, the group is taking the issue to federal court, calling on the attorney general and FBI inspector general to directly intervene and make the records available. "We're demanding the government release records concerning any policies applicable to the EDAU, its technological capabilities to unlock or access electronic devices, and its requests for, purchases of, or uses of software that could enable it to bypass encryption," the ACLU said in a statement.

Signal, in a blog post: Yesterday, the BBC ran a story with the factually untrue headline, "Cellebrite claimed to have cracked chat app's encryption." This is false. Not only can Cellebrite not break Signal encryption, but Cellebrite never even claimed to be able to. Since we weren't actually given the opportunity to comment in that story, we're posting this to help to clarify things for anyone who may have seen the headline. Last week, Cellebrite posted a pretty embarrassing (for them) technical article to their blog documenting the "advanced techniques" they use to parse Signal on an Android device they physically have with the screen unlocked. This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it. Their post was about doing the same thing programmatically (which is equally simple), but they wrote an entire article about the "challenges" they overcame, and concluded that "...it required extensive research on many different fronts to create new capabilities from scratch."

[...] What really happened: If you have your device, Cellebrite is not your concern. It is important to understand that any story about Cellebrite Physical Analyzer starts with someone other than you physically holding your device, with the screen unlocked, in their hands. Cellebrite does not even try to intercept messages, voice/video, or live communication, much less "break the encryption" of that communication. They don't do live surveillance of any kind.

Cellebrite is not magic. Imagine that someone is physically holding your device, with the screen unlocked, in their hands. If they wanted to create a record of what's on your device right then, they could simply open each app on your device and take screenshots of what's there. This is what Cellebrite Physical Analyser does. It automates the process of creating that record. However, because it's automated, it has to know how each app is structured, so it's actually less reliable than if someone were to simply open the apps and manually take the screenshots. It is not magic, it is mediocre enterprise software. Cellebrite did not "accidentally reveal" their secrets. This article, and others, were written based on a poor interpretation of a Cellebrite blog post about adding Signal support to Cellebrite Physical Analyzer. Cellebrite posted something with a lot of detail, then quickly took it down and replaced it with something that has no detail. This is not because they "revealed" anything about some super advanced technique they have developed (remember, this is a situation where someone could just open the app and look at the messages). They took it down for the exact opposite reason: it made them look bad.

Matthew Green, a cryptographer and professor at Johns Hopkins University, shares in a series of tweets: My students Max and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were "breaking phone encryption." This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. We wrote an enormous report -- a draft of which you can read here (PDF) about what we found, which we'll release after the holidays. The TL;DR is kind of depressing: Authorities don't need to break phone encryption in most cases, because modern phone encryption sort of sucks.

I'll focus on Apple here but Android is very similar. The top-level is that, to break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user's passcode, you either need to guess that -- or you need the user to have entered it. Guessing the password is hard on recent iPhones because there's (at most) a 10-guess limit enforced by the Secure Enclave Processor (SEP). There's good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X. See photo. There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it. So if they can't crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? The boring answer very likely is that police aren't guessing suspects' passcodes. They're relying on the fact that the owner probably typed it in. Not after the phone is seized, in most cases. Beforehand. The full thread on Twitter here.

Last Thursday, Israeli phone-hacking firm Cellebrite said in a blog post that it can now break into Signal, an encrypted app considered safe from external snooping. Haaretz reports: Cellebrite's flagship product is the UFED (Universal Forensic Extraction Device), a system that allows authorities to unlock and access the data of any phone in their possession. Another product it offers is the Physical Analyzer, which helps organize and process data lifted from the phone. Last Thursday, the company announced that the analyzer has now been updated with a new capability, developed by the firm, that allows clients to decode information and data from Signal. Signal, owned by the Signal Technology Foundation, uses a special open source encryption system called Signal Protocol, which was thought to make it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform. It does so by employing what's called "end-to-end encryption."

According to Cellebrite's announcement last week, "Law enforcement agencies are seeing a rapid rise in the adoption of highly encrypted apps like Signal, which incorporate capabilities like image blurring to stop police from reviewing data. "Criminals are using this application to communicate, send attachments, and making [sic] illegal deals that they want to keep discrete [sic] and out of sight from law enforcement," the blog post added. Despite support for the app's encryption capabilities, Cellebrite noted that "Signal is an encrypted communication application designed to keep sent messages and attachments as safe as possible from 3rd-party programs.

"Cellebrite Physical Analyzer now allows lawful access to Signal app data. At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives." In an earlier, now deleted, version of the blog post, the company went as far as to say: "Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch. At Cellebrite, however, finding new ways to help those who make our world a safer place is what we're dedicated to doing every day." The initial post, which was stored on the Internet Archive, also included a detailed explanation of how Cellebrite "cracked the code" by reviewing Signal's own open source protocol and using it against it. The company noted in the deleted blog post that "because [Signal] encrypts virtually all its metadata to protect its users, efforts have been put forward by legal authorities to require developers of encrypted software to enable a 'backdoor' that makes it possible for them to access people's data. Until such agreements are reached, Cellebrite continues to work diligently with law enforcement to enable agencies to decrypt and decode data from the Signal app."

"Cloudflare, Apple, and Fastly have co-designed and proposed a new DNS standard to tackle ongoing privacy issues associated with DNS," reports ZDNet.

Cloudflare calls it "a practical approach for improving privacy" that "aims to improve the overall adoption of encrypted DNS protocols without compromising performance and user experience..." Third-parties, such as ISPs, find it more difficult to trace website visits when DNS over HTTPS (DoH) is enabled. DoH deployment is on the cards for many major browser providers, although rollout plans are ongoing. Now, Oblivious DNS over HTTPS (ODoH) has been proposed by Cloudflare — together with partners PCCW Global, Surf, and Equinix — to improve on these models by adding an additional layer of public key encryption and a network proxy...

The overall aim of ODoH is to decouple client proxies from resolvers. A network proxy is inserted between clients and DoH servers — such as Cloudflare's 1.1.1.1's public DNS resolver — and the combination of both this and public key encryption "guarantees that only the user has access to both the DNS messages and their own IP address at the same time," according to Cloudflare... "The client behaves as it does in DNS and DoH, but differs by encrypting queries for the target, and decrypting the target's responses..."

Test clients for the code have been provided to the open source community to encourage experimentation with the proposed standard. It can take years before support is enabled by vendors for new DNS standards, but Eric Rescorla, Firefox's CTO, has already indicated that Firefox will "experiment" with ODoH.

Engineers at Cloudflare and Apple say they've developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don't know even exists. Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet providers to know which websites you visit. From a report: [...] Recent developments like DNS-over-HTTPS (or DoH) have added encryption to DNS queries, making it harder for attackers to hijack DNS queries and point victims to malicious websites instead of the real website you wanted to visit. But that still doesn't stop the DNS resolvers from seeing which website you're trying to visit. Enter ODoH, which decouples DNS queries from the internet user, preventing the DNS resolver from knowing which sites you visit. Here's how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can't see what's inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with. "What ODoH is meant to do is separate the information about who is making the query and what the query is," said Nick Sullivan, Cloudflare's head of research.

Google said it is launching Android Enterprise Essentials, a mobile device management service for small enterprises. From a report: Based on the Android Enterprise Recommended program, Google's Android Enterprise Essentials is a pared down version with default features and smaller budgets. Google is trying to address the reality that smaller organizations are often targeted by cybercriminals. Features include:

Requiring a lock screen and encryption on devices to prevent unauthorized access to company data.
Enforcing mandatory malware protection with an always-on Google Play Protect.
The ability to wipe all company data from a device.
The core security features are applied automatically without the need to configure devices.

Long-time Slashdot reader SonicSpike brings this report from AFP: Swiss politicians have voiced outrage and demanded an investigation after revelations that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide. "How can such a thing happen in a country that claims to be neutral like Switzerland?" co-head of Switzerland's Socialist Party, Cedric Wermuth, asked in an interview with Swiss public broadcaster SRF late Thursday. He called for a parliamentary inquiry after an SRF investigation broadcast on Wednesday found that a second Swiss encryption firm had been part of a spectacular espionage scheme orchestrated by U.S. and German intelligence services.

A first investigation had revealed back in February an elaborate, decades-long set-up, in which the CIA and its German counterpart creamed off the top-secret communications of governments through their hidden control of a Swiss encryption company called Crypto.

SRF's report this week found that a second but smaller Swiss encryption firm, Omnisec, had been used in the same way.

That company, which was split off from Swiss cryptographic equipment maker Gretag in 1987, sold voice, fax and data encryption equipment to governments around the world until it halted operations two years ago. SRF's investigative program Rundschau concluded that, like Crypto, Omnisec had sold manipulated equipment to foreign governments and armies. Omnisec meanwhile also sold its faulty OC-500 series devices to several federal agencies in Switzerland, including its own intelligence agencies, as well as to Switzerland's largest bank, UBS, and other private companies in the country, the SRF investigation showed.

The findings unleashed fresh outrage in Switzerland, which is still reeling from the Crypto revelations.
The first compromised cryptography company "served for decades as a Trojan horse to spy on governments worldwide," according to the article, citing news reports from SRF, the Washington Post and German broadcaster ZDF. "The company supplied devices for encoded communications to some 120 countries from after World War II to the beginning of this century, including to Iran, South American governments, India and Pakistan.

"Unknown to those governments, Crypto was secretly acquired in 1970 by the U.S. Central Intelligence Agency together with the then West Germanyâ(TM)s BND Federal Intelligence Service."