Exposed – Codewords Related to Crypto AG – The Swiss Code Company Owned By CIA & BND

250'000 Franken Schweigegeld!: Crypto AG wollte Ex-Mitarbeiter ...

(Between 1970 and 2018, the CIA secretly owned the Swiss manufacturer of encryption equipment Crypto AG, until 1994 in a 50/50 partnership with German BND)

ALTER – Cryptonym for the chief of Research & Development at Crypto AG (1981) *
ATHENA – Cryptonym for Kjell-Ove “Henry” Widman, the principal crypto-mathematician of Crypto AG (1980-1995) *
AURORA – Cryptonym for InfoGuard, a Swiss company that became a joint venture between Crypto AG and Ascom in 1989 *

BALL – Cryptonym for Sture Nyberg, CEO of Crypto AG (1970-1975) *
BLOCK – Cryptonym for Heinz Wagner, CEO of Crypto AG (1976-1989) *
BUTCHER – Cryptonym for Gerrit Brussaard, who in 1978 was briefly head of R&D of Crypto AG *

CLAPPER – Cryptonym for Kurt Kirchhofer, in 1978 head of R&D, later sales manager at Crypto AG *

EOS – Cryptonym for the CIA in relation to Crypto AG *

FIDELIO – Cryptonym for Deutsche Treuhand Gesellschaft (DTG), the accounting firm involved in the purchase of Crypto AG *

GAMMA – Cryptonym for the German intelligence service BND in relation to Crypto AG *
GOLF – Cryptonym for AEH, the holding company that owned Crypto AG *

HOCKEY – Cryptonym for the NSA in relation to the Crypto AG operation *
HYDRA – Cryptonym for Hans Buehler, a salesman for Crypto AG *

METAL – Cryptonym for a BND officer involved in the Crypto AG operation *
MINERVA – Cryptonym for the Swiss manufacturer of encryption devices Crypto AG, which was purchased by CIA and BND in 1970 under operation THESAURUS *

NAVAHO – Cryptonym for Motorola in relation to Crypto AG *

OLYMPIA – Cryptonym for the German company Siemens in relation to Crypto AG *

QUINCE – Cryptonym for Switzerland in relation to Crypto AG *

REX – Cryptonym for Sigmar Horst-Joachim “Mickie” Grützmann, chief of Research & Development of Crypto AG (1978-1980) *
RUBICON – Code name for the joint CIA-BND project to secretly run the Swiss manufacturer of encryption devices Crypto AG (cryptonym: MINERVA). Before 1987 codenamed THESAURUS.*

SIEGFRIED – Cryptonym for Oscar Stuerzinger, technical director of Crypto AG *
SIGMA – Cryptonym for the German cryptologic service ZfCh in relation to Crypto AG *
SOCRATES – Cryptonym for a CIA fiduciary involved in the Crypto AG operation *
SPARTAN – Secret licensing agreement between the CIA and Boris Hagelin, owner of Crypto AG (1960-1970) *

THESAURUS – Code name for the joint CIA-BND project to buy (in 1970) and secretly run the Swiss manufacturer of encryption devices Crypto AG (cryptonym: MINERVA). In 1987 renamed into RUBICON.*
THRAN – Cryptonym for Transvertex *
TIGER – Cryptonym for Gretag, a Swiss competitor of Crypto AG *


Vault 7 and Vault 8 codewords

(From March to September 2017 Wikileaks published user guides and other documents (Vault 7) and in November 2017 also the source code (Vault 8) of CIA hacking tools)

Achilles – Capability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution; part of the Imperial project.
Aeris – Automated implant written in C that supports a number of POSIX-based systems; part of the Imperial project.
AfterMidnight – Framework that allows dynamically loading and executing malware payloads on a target computer.
Angelfire – Persistent framework that loads and executes custom implants on target computers running Windows XP or Win7; comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system.
Archimedes – Tool used to attack a computer inside a Local Area Network (LAN).
Assassin – Automated implant that provides a simple collection platform on remote Windows computers.
Athena – Provides remote beacon and loader capabilities on target computers using Window XP to Windows 10.

BothanSpy – Implant that targets the SSH client program Xshell and steals user credentials for all active SSH sessions.
Broken Promise – Postprocessor to evaluate colelcted information; part of Brutal Kangaroo
Brutal Kangaroo – tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives.

CherryBlossom – Tool for monitoring the internet activity of and performing software exploits on targets of interest.
CherryTree – Command and Control server for contacting the FlyTrap beacon
CherryWeb – Browser=based user interface to monitor the status of FlyTrap devices
CouchPotato – Remote tool for collection against RTSP/H.264 video streams.

Dark Mallet – Infector for the Triton MacOSX malware
Dark Matter – Projects that infect Apple Mac firmware, persisting evenwhen the operating system is re-installed.
DarkSeaSkies – An implant that persists in the EFI firmware of an Appple MacBook Air computer.
DerStarke – EFI persistent version of the Triton MacOSX (or Dark Mallet) malware.
Drifting Deadline – Thumbdrive infection tool; part of Brutal Kangaroo
Dumbo – Capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a physical access operation.

ELSA – Geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system
ExpressLane – Covert information collection tool used by the CIA to secretly exfiltrate data collections from systems provided to liaison services.

FlyTrap – A wireless device compromized by CherryBlossom

Grasshopper – Platform used to build customized malware payloads for Microsoft Windows systems.
Gyrfalcon – Implant that targets the OpenSSH client on Linux platforms to steal user credentials of active SSH sessions and collect full or partial OpenSSH session traffic

HighRise – Redirector function for SMS messaging that could be used by IOC tools that use SMS messages for communication between implants and listening posts
Hive – Back-end infrastructure malware used by CIA implants to transfer exfiltrated information from target computers to the CIA.

Imperial – Hacking project consisting of the Achilles, Aeris and Seapea components

Marble Framework – Used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

NightSkies – A beacon/loader/implant tool for the Apple iPhone.

OutlawCountry – Malware that allows for the redirection of all outbound network traffic on a target computer

Pandemic – A persistant implant for Microsoft Windows machines that share files or program with remote users in a local network.
Protego – PIC-based missile control system developed by Raytheon

Scribbles – A document-watermarking preprocessing system to embed “web beacon”-style tags into documents that are likely to be copied by insiders, whistleblowers, journalists or others.
SeaPea – OS X Rootkit that provides stealth and tool launching capabilities; part of the Imperial project
Shadow – Primary persistence mechanism for Brutal Kangaroo.
Shattered Assurance – Server tool that handles automated infection of thumbdrives; part of Brutal Kangaroo.
Sonic Screwdriver – A mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.

Triton – MacOSX malware

Weeping Angel – An implant designed for Samsung F series smart televisions.


Some other CIA codewords

APPLESAUCE – CIA station on Cyprus (1950s)
AQUATONE – Cryptonym for the development of the Lockheed U-2 spy plane

CHAOS – CIA domestic spying operation (1967-1973)
CONDOR – Operation in which the secret services of Argentina, Chile, Uruguay, Paraguay, Bolivia and Brazil, backed by the CIA, cooperated to suppress left-wing opposition movements and assassinate their leaders (1968–1989)
CONQUERER – NSA ECI compartment for joint NSA-CIA clandestine radio frequency operations (since 2003) *
CRISSCROSS – Database of telecommunications selectors, operated by the CIA and also used by DOJ, DOD and NSA

EASYCHAIR (EC) – CIA research project for developing resonant cavity covert listening devices (1954-1967)

GLOTAIC – Joint BND-CIA operation to acquire foreign telephone communications from the German subsidiary of MCI (2005) *
GOLD – Joint SIS-CIA operation to wiretap Soviet army landlines through a tunnel under Berlin (1953-1956; British codename: STOPWATCH)
GREYSTONE (GST) – CIA’s highly secret rendition and interrogation programs (since 2001) *

HERCULES – CIA terrorism database
HYDRA – Program to secretly access databases maintained by foreign countries and extract data to add to US watchlists *

IVY BELLS – NSA, CIA and US Navy operation to place wire taps on Soviet underwater communication cables (1970s-1980s)

KLAMATH (KLM) – Classification control system which in 2003 included the NSA ECI compartments CONQUERER, LYSERGIC and WASHBURN *

OXCART – Code word for the development of the Lockheed A-12 reconnaissance aircraft and for the plane itself (since 1958)

PISCES – Joint NSA, CIA and State Department program collecting biometric data on border crossings from a wide range of countries *
PROTON – Storage and analysis system for the CRISSCROSS database of (telephony?) metadata of (counterintelligence) targets; operated by CIA and used by DOJ, DOD and NSA *
PSALM – Defunct Top Secret control system for intelligence related to the Cuban missile crisis (October 1962) *

QUANTUM LEAP – CIA tool to “find non-obvious linkages, new connections, and new information” from within a dataset *

RAINFALL – The joint CIA/NSA/DSD satellite ground station Pine Gap, Australia (F78) *
RAMPART-T (RAM-T) – Program providing access to land-based cables, in cooperation with the NSA, to collect communications from state leaders and their entourage (since 1991)*
ROCKING CHAIR (RC) – Dutch research program on behalf of the CIA for developing a telephone line bug (1960s) *

SHENANIGANS – Aircraft-based NSA geolocation system used by CIA (ca. 2013) *

TRIGON – Codename for Soviet diplomat and CIA agent Alexander Ogorodnik *

ULTIMATE – CIA operation sending weather balloons into Eastern Europe in order to map Soviet defense radar activity (1950s) *
UMBRAGE – Unit of the Remote Development Branch (RDB) that stockpiled hacking techniques from other hackers (before 2017)

VICTORYDANCE – Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen (ca. 2013) *

WASHBURN – NSA ECI compartment for an NSA-CIA CLANSIG effort to exploit a source in a Middle Eastern location (since 2003) *



AED – Applied Engineering Division (part of the EDG)
AIB – Automated Implants Branch (part of the AED)

BTTP – Basic Telecommunications Training Program

CAG – Crypto AG (Swiss crypto manufacturer purchased by CIA and BND in 1970)
CCI – Center for Cyber Intelligence (CIA hacking division, part of the DDI)
CIB – ? (part of the NOD)
CICM – Counterintelligence Mission Center
CIG – Central Intelligence Group (1946-1947)
CINEMA – CIA Information NEeds MAnagement (database)
CLANSIG – Clandestine Signals (joint NSA/CIA interception program) *
CMO – Collection Management Officers
CNB – Closed Network Branch (part of the ESD)
CO – Case Officer
CoB – Chief of Base
COG – Computer Operations Group (part of the CCI)
CoS – Chief of Station
CRD – ? (sub-compartment of HCS-P)
CREST – CIA Records Search Tool
CRT – Computer Research Team (part of the NOD)
CRU – ? (classification control system which includes GREYSTONE)
CTC – CIA CounterTerrorism Center
CTC/SO – CTC Special Operations

DA – Directorate of Analysis
DCI – Director of Central Intelligence (1946-2005)
D/CIA – Director of the Central Intelligence Agency (since 2005)
DDI – Directorate of Digital Innovation (CIA cyber division)
DDO – Deputy Director for Operations
DevLAN – Developers Local Area Network (internal computer system from which the Vault7 hacking tools were stolen)
DI – Directorate of Intelligence
DO – Directorate of Operations (Clandestine Service)
DS – Directorate of Support
DS&T – Directorate of Science & Technology

ECI – Exceptionally Controlled Information
EDB – Embedded Devices Branch (part of the AED)
EDG – Engineering Development Group (part of the CCI)
ESD – ? (part of the EDG)
ETB – ? (part of the ETB)

FINO – ? (part of the CCI)
FIO – ? (part of the CCI)
FSG – Field Service Group

GB – ? (part of the OED)

HCS – HUMINT Control System
HCS-O – HUMINT Control System-Operations
HCS-P – HUMINT Control System-Product
HUMINT – Human Intelligence

IB – Infrastructure Branch (part of the SED)
ICE – ? (part of the COG)
IOC – Information Operations Center
IVV – Independent Verification & Validation (part of the SED)

JIS – Joint Issues Staff (CIA liaison offices in foreign countries)

KLM – KLAMATH (see codewords listing)

MDB – Mobile Development Branch (part of the AED)
MRB – Mission Requirements Branch (part of the OED)

NCS – National Clandestine Service (2005-2015)
NDB – Network Devices Branch (part of the SED)
NEA – ? (part of the COG)
NEB – ? (part of the NOD)
NHB – New Headquarters Building (opened in 1991)
NOC – Non-Official Cover (for CIA operatives)
NOD – Network Operations Division (part of COG)
NRT – Network Research Team (part of the NOD)

OED – ? (part of the OTR)
OHB – Old Headquarters Building (opened in 1961)
OO – Operations Officers
OS – Office of Security
OSB – Operational Support Branch (part of the AED)
OSD – ? (part of the COG)
OSE – Open Source Enterprise (part of the DDI)
OSS – Office of Strategic Services (1942-1945)
OTR – Office of Technical Readiness (part of the DST)

P6 – Project 6 (joint BND, BfV and CIA anti-terrorism unit, stationed in Neuss, Germany; 2005-2010)*
PAG – Physical Access Group (part of the CCI)
PAG – Political Action Group (part of SAC)
PX – ? (database supporting the joint BND, BfV and CIA anti-terrorism unit Project 6)*

RDB – Remote Development Branch (part of the AED)

SAC- Special Activities Center (since 2016)
SAD- Special Activities Division (prior to 2016)
SCS – Special Collection Service (joint NSA-CIA unit)
SDB – Software Development Branch (part of the ESD)
SED – ? (part of the EDG)
SIB – Special Investigations Branch (part of OS)
SOG – Special Operations Group (part of SAC)
SOO – Staff Operations Officers
SPO – Special Police Officer
SRD – Special Requirements Division
SSO – Specialized Skills Officers

TAC – Technical Advisory Council (part of the EDG)
TISO – Technical Information Security Officer
TOB – ? (part of the NEA)
TOE – ? (part of the ICE)

UCL – UMBRAGE Component Library

WGB – Wireless Geolocation Branch (part of the ESD)
WTC – Warrington Training Center

X-2 – Counter Espionage Branch (1943-1945)


Organizational chart

Wikileaks has a partial organizational chart of the CIA, which provides a rough outline of its internal organization. It’s a reconstruction and can also be subject to changes due to internal reorganizations. A chart of the National Clandestine Service (now Directorate of Operations) can be found here.