You may feel compelled to roll your eyes at the topic of this article, but we're not here to theorize – we don't deal in guesswork. The history of national organizations cracking ciphers and covertly obtaining private information is long and varied. And has an uncanny tendency to repeat itself.
Today, we're looking back into the past to understand our present. This article will briefly outline the history of cryptography, ciphers, and backdoors and explain how it affects secure communications today.
Case 1) The First Backdoor
Cryptography and codebreaking are perhaps as old as civilized society itself. One of the first ciphers we currently know of dates back to 400 BC, which Greeks used to safely communicate military tactics between army commanders.
The first example of a cryptographic backdoor wouldn't appear until World War II. But it wasn't the world-famous Enigma Machine that was responsible. Instead, that credit goes to a lesser-known company called CryptoAG.
However, before we open that can of worms, you must understand what a backdoor is.
A backdoor is an intentionally installed “security flaw” designed to give access to a system.
Malicious intent is not a requirement. ISP providers and software developers often use ethical backdoors to streamline customer support.
The story of the first backdoor began in 1921 when a certain Boris Hagelin designed one of his first cipher machines while working for a company called A.B. Cryptoteknik, owned by Arvid Gergam Damm.
Following Damm's death and shortly before the start of World War II., Hagelin gained control of the company, renamed it CryptoAG, and set out to sell his machines to the US Army.
On the outside, this turned CryptoAG into a successful company that would continue operations until 2018 and has branches worldwide with over 230 employees. However, underneath the facade, it hid a dark secret.
During his deals with the US, Hagelin became involved with William F. Friedman, a chief cryptologist for the National Security Agency (NSA), and fostered a friendship with him. In the following years, Hagelin and Friedman corresponded often. The NSA was concerned about CryptoAG's devices as they found them difficult to crack.
That’s when the first backdoor was created.
To keep an eye on America's perceived “enemies,” the NSA incentivized Hagelin to sell “weaker” devices to non-NATO countries while others received ones with better encryption.
Eventually, this arrangement would allow CryptoAG to sell all its machines worldwide. However, it was on the condition they all come packaged with instructions leading to weaker encryption. NSA would then grant NATO countries brochures containing information on achieving better results.
In 1970, following Hagelin's retirement in 1958, the US took on a more hands-on approach. The CIA, in association with the West-German Intelligence Service (BND), secretly purchased CryptoAG for $5,75 million.
This “Operation Rubikon” meant that CryptoAG would offer secure communication solutions and digital encryption services to various entities. However, throughout its existence, it aided the CIA, NSA, and BND in cracking foreign correspondence and siphoning private data. More than that, the manipulated devices from Crypto AG also allowed the NSA and BND to read the military and diplomatic communications of allied EU or NATO countries.
Case 2) The International Chat App Sting Operation
In 2018, a new secure communication app appeared on the market. For the price of $1,700 for a custom Android-based device and a $1,250 annual subscription, users were promised an entirely private experience.
The app, called ANOM, boasted several security measures, including secure proxy servers, no location, email, or telephony services to prevent identification and localization, PIN screen scrambling for hard manual hacking, and a manual wipe feature.
It even marketed itself with a catchy slogan on Reddit:
“Introducing ANOM - a Ultra-Secure Mobile-Cell-Phone Messaging App for Android.
Your Confidentiality Assured. Software Hardened Against Targeted Surveillance and Intrusion. Anom Secure. Keep Secrets Safe!”
And the timing could not have been better, as ANOM was released only six months after the secure communication provider Phantom Secure was shut down by government organizations for enabling criminal activity.
Only there was one issue. ANOM was developed with the FBI and Australian Federal Police (AFP) to serve as a “honeypot” and attract criminals.
The app featured a backdoor that beamed all sent messages to FBI servers, each with a corresponding ID number to track and identify all users accurately. It was distributed online and via unaware black market merchants in the US, Australia, Germany, Netherlands, and Sweden.
ANOM was used across 11,800 devices and collected over 20 million messages during its operation. However, that all ended in June 2021 with a worldwide issue of search warrants, culminating in 800 arrests in 16 countries.
The entire project, dubbed Operation Trojan Shield in the US and Operation Ironside in Australia, seized almost 40 tons of drugs, 250 guns, 55 luxury cars, and more than $48 million in various currencies and cryptocurrencies.
The Lesson to be Learned
If there's one thing to take away from these two cases of government-led backdoor operations, it's that you can never be too careful. Although ANOM mainly targeted criminals, there's no doubt several innocent people got caught in the fray.
Nowadays, a plethora of “secure” chat apps are vying for our attention, but as you've just seen, not all that glitters is gold. And not all software and apps from foreign “ally” countries do only ally stuff.
As Yasha Levine, a Soviet-American investigative journalist, pointed out in 2021, even the industry-beloved Signal received an initial investment from the Open Technology Fund (OTF), an organization with well-known ties to the US government:
“Well over two billion people globally use OTF-produced software, including communications app Signal and web browser Tor, services that are specifically marketed to privacy-conscious consumers looking to circumvent government censorship and surveillance. Yet its close links to the U.S. national security state raise many worrying questions.”
And so, we urge you to stay vigilant – for your own privacy's sake.