Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor.

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia.

Philips, together with Siemens, built an encryption machine in the late 1970s. The device, the Aroflex, was used for secret communication between NATO allies. In addition, the companies also wanted to market the T1000CA, a commercial variant of the Aroflex with less strong cryptography.

The Volkskrant investigation shows that the Ministry of Foreign Affairs and the Marine Intelligence Service (MARID) cracked the cryptography of this device before it was launched. Philips helped the ministry and the intelligence service.

Normally it would take at least a month and a half to crack the T1000CA encryption. "Too long to get useful information from intercepted communication," the newspaper writes. But MARID employees, together with Philips, succeeded in accelerating this 2.500 times by developing a special microchip.

The T1000CA was then sold to numerous non-NATO countries, including the Middle East and Asia. These countries could then be overheard by the Dutch intelligence services for years.

The 1970s was a decade of really bad commercial cryptography. DES, in 1975, was an improvement with its 56-bit key. I'm sure there are lots of these stories.

Here's more about the Aroflex. And here's what I think is the original Dutch story.

Posted on April 21, 2020 at 6:22 AM • 13 Comments

Comments

Clive RobinsonApril 21, 2020 9:22 AM

@ Bruce, ALL,

This harks back to another story...

For those that have been around for a while will know that,

    Iran, Egypt and Saudi Arabia.

Were all Crypto AG customers.

What is now public but was known fairly well for years is that Crypto AG were owned in part and later in full by a Five-Eyes IC agency.

From this story you will see,

Philips, together with Siemens, built an encryption machine in the late 1970s.

In the industry "Philips" is well known for producing "weak consumer crypto" MiFare being one of the more well known. It's been suspected that the Dutch IC has had a hand not just in the design of this crypto but also a "hidden hand" with regards to the control of Philips.

Then you see "Siemens" and the story is almost the same except it's the German IC and more interestingly telecommunications chips with lets just say "side chanbel issues that could easily have been avoided". What I know from direct experiance is that the German Telco Equipment Approval Agency used to "nod through" anything with Siemens chips in, but raise obstical after obstical if you tried to go another way. Thus equipment designers were effectively forced to use Siemens chips untill atleast the end of the last century.

Yes some of us have been knocking around for a while, and if you think "We've seen it all" well the answer is we have not, just the snow on top of the iceberg at best. But we can "think hinky" and that would make the average person feel paranoid, but as I found out on standards committees "It's not paranoid if they realy are out to get you" and trust me they were and have been for atleast as long as anyone alive can remember.

Nearly all European telecommunications companies were "owned" by their respective governments not that long ago. Which gave those governments IC agencies / entities almost unfettered access and control.

When you have that sort of power you do not willingly give it up, even if the Government sell the organisations off to become Public Limited Companies as the UK did with British Telecom back last century. It's well known amongst some of the older staff who are the "planted spooks" because their are "tells" that give them away.

The thing is that whilst the older staff know and the IC entities know, neither the shareholders or Government Ministers get told. Nore for that matter do most of the company officers. It's the same as with AT&T and other telcos in the US. Sometimes the information leaks, but mostly it does not.

metaschimaApril 21, 2020 9:53 AM

Classic. I'm sure most of us can imagine that intelligence agencies want to promote and sell crypto that they can already crack by one means or another. If you think this isn't still going on today, you are mistaken. I personally don't trust any crypto endorsed, recommended or sold by any intelligence agency. There's also that time the NSA backdoored the NIST ECC recommendations, another classic. Just like this it's not exactly a backdoor, but it's weak enough for the NSA to crack.

vas pupApril 21, 2020 4:10 PM

I guess that is the reason why North Korea developed own data protection mechanism.

Kim as a kid was attending High School in Switzerland, so it is probably not so easy to fool him on similar tricks described in this post.

By the way, Russia and China are using own encryption soft/hardware.

La AbejaApril 21, 2020 11:09 PM

What's this "Teller Report" business? Apparently I haven't been keeping up.

https://www.tellerreport.com/tech/2020-04-21-police-want-to-keep-young-people-out-of-cybercrime-with-new-campaign.BkbtfXS3OL.html

Research has shown that one in six young people between the ages of 12 and 17 have committed a cyber crime, either consciously or unconsciously. This includes hacking, phishing and ddos ​​attacks.

With Gamechangers, the police want to give young people the opportunity to safely test and improve their skills. Young people can complete four different challenges on the website. At the same time, they gain knowledge about what is and what is not punishable on the internet.

I'm sorry. Get the cops off the property. They don't have a warrant to ruin these kids' lives from such a young age. The corps gotta learn to secure their shit from the teens online. We're all sick and tired of the corps leaving our personal info unattended on the web and blaming the kids for every breach. We're not letting the kids take the fall for that adult ISO 9001/2 MBA-with-a-psych-major crap. Not this time around. We've been there done that.

gApril 22, 2020 1:57 AM

Cryptography broken before product launch, with the help of the vendor? To me that sounds almost indistinguishable from a backdoor.

llamasApril 22, 2020 5:53 AM

What is made clear in the original Volkskrant article, not so much in the translation (which is more of a transcript) is that this activity was headed up by the US NSA and the West German BND, with the cooperation of the Dutch Navy and Philips (and its subsidiaries) for the technical support. The Dutch developed and made the special chip which sped up the decryption process, and then sold it to the NSA and BND, who did the actual eavesdropping and decrypting. In turn, the Dutch, along with other US and NATO allies received the benefit of some of the decrypts. So it's not quite a correct interpretation of the original article to state that " . . . . .These (non-NATO) countries could then be overheard by the Dutch intelligence services for years."

llater,

llamas

laycyApril 23, 2020 2:09 PM

Nobody thinks China would do something like this, which is why it's ok that Huawei build ALL of the 5G networks in the West. We all know that the Chinese are lovely, humanitarian, egalitarian people. They do NOT want to rule the world. Only white people are ambitious like that. Any criticism of China is US imperialist propaganda.

Darryl H. AlvarezMay 5, 2020 7:50 PM

China has consistently been a nation with incredible turns of events. Each time they present new methodologies in the nation the individuals get best resume writers with more made sure about spot in the general public. I am satisfied to think about this standard also. It would lessen the proportion of digital wrongdoing.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.