"How can such a thing happen in a country that claims to be neutral like Switzerland?" exclaimed Cedric Wemuth, co-head of Switzerland’s Socialist Party, Cedric Wermuth, in an interview with Swiss public broadcaster SRF on Thursday, Dec. 3.
Wermuth has called for a parliamentary inquiry after an SRF investigation, broadcast on Dec. 2, found that a second Swiss firm had been part of an espionage scheme orchestrated by U.S. and German intelligence agencies.
Back in February, the Swiss government ordered an investigation into Crypto AG, a global encryption company based in Zug, Switzerland, following revelations that it was owned and controlled by the CIA and its German counterpart, the Federal Intelligence Service or Bundesnachrichtendienst (BND).
The inquiry found that encryption weaknesses added to products sold by Crypto AG allowed the CIA and the BND to eavesdrop on adversaries and allies alike, all while earning millions of dollars from sales.
"It was the intelligence coup of the century," a CIA report concluded. "Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries."
The mention of "five of six" countries is likely a reference to the Five Eyes electronic intelligence-sharing agreement between the U.S., U.K, Canada, Australia and New Zealand.
According to SRF's new report this week, a second, smaller Swiss encryption firm called Omnisec AG had been used the same way as Crypto.
The company, which had been split off from cryptographic equipment maker Gretag in 1987, sold voice, data and fax encryption equipment to governments around the world until it stopped operations two years ago.
According to Swiss cryptologist and professor Ueli Maurer, a former longtime consultant of Omnisec, the U.S. National Security Agency had contacted the company through him in 1989. (Related: Wikipedia exposed as a CIA disinformation front.)
Of concern are Omnisec's OC-500 devices. Several of these were sold to Swiss federal agencies, but Swiss authorities only noticed that they weren't secure in the mid-2000s.
In addition, several Swiss companies had also received compromised devices from Omnisec. These included the country's largest bank, UBS. It's unknown if authorities informed UBS of the compromised devices when it found out about them. UBS told SRF that the company does not comment on security matters. That said, it did say that there was no indication that any sensitive data was exposed at the time.
The new report triggered outrage in Switzerland, which is still reeling from the February revelations.
"This shows that the problem is broader than just one company and we still have no answers on the political responsibility aspect," said Wermuth.
Other politicians have raised concerns about how much espionage is being facilitated in the country. Hans-Peter Portman, a parliamentarian with the Liberal Party, said that he was concerned that Swiss businesses are both implicated and possibly affected by the spying.
"This raises the question of espionage even within the country," he said in an interview with SRF.
Further investigation by the Swiss parliament's Control Delegation into the espionage concluded earlier this month that the country's own intelligence service had benefitted from the information gathered through the encryption firms.
Now, Swiss politicians are now calling for further investigations into whether anyone in the federal government knew about Omnisec's ties to foreign intelligence.
Follow Cyberwar.news for more on how government agencies have influenced private companies to spy for them.
Sources include: