This Joint Intelligence Bulletin (JIB) is intended to highlight the threat of violence from domestic violent extremists (DVEs) in the wake of the 6 January violent breach by some DVEs of the US Capitol Building in Washington, DC, following lawful protest activity related to the results of the General Election. Anti-government or anti-authority violent extremists (AGAAVE), specifically militia violent extremists (MVEs); racially or ethnically motivated violent extremists (RMVEs); and DVEs citing partisan political grievances will very likely pose the greatest domestic terrorism threats in 2021. In 2021 , threats and plotting of illegal activity, including destruction of property and violence targeting officials at all levels of the government, law enforcement, journalists, and infrastructure, as well as sporadic violence surrounding lawful protests, rallies, demonstrations, and other gatherings by DVEs will very likely increase due to renewed measures to mitigate the spread of COVID-19, socio-political conditions, and perceived government overreach. The FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, and private sector security partners to remain vigilant in light of the persistent threat posed by DVEs and their unpredictable target selection in order to effectively detect. prevent. preempt. or respond to incidents and terrorist attacks in the United States.
(U//FOUO) The 6 January 2021 Violent Breach by DVEs of the US Capitol Building Very Likely Will Serve as an Enduring Driver for Violence by a Range of DVEs
(U//FOUO) The 6 January 2021 violent breach by suspected DVEs into the US Capitol Building very likely will serve as a significant driver of violence for a diverse set of DVEs. Attendance at the lawful protest by ideologically diverse DVEs and others, the subsequent engagement of a sizeable group from that protest in the breach, and the death of an individual directly engaged in the breach very likely will serve to galvanize DVEs and increase collaboration primarily between MVEs and RMVEs, as well as DVEs who adhere to QAnon conspiracy theories. These DVEs and others may also perceive the event as a step toward achieving their initiatives, and consider the death of a perceived like-minded individual as an act of martyrdom. Some DVEs’ view the 6 January event as a success, in conjunction with the potential to exploit follow-on lawful gatherings and ideological drivers–including conspiracy theories, such as QAnon–likely will also inspire some DVEs and others to engage in more sporadic, lone actor or small cell violence against common DVE targets, including racial, ethnic, or religious minorities and institutions, law enforcement, and government officials and buildings. Criminal activity by rioters targeting members of the media at the breach is also indicative of an increased and prolonged DVE threat of targeted violence against members of the press due to perceived complicity in a system hostile to their beliefs.
» (U//FOUO) Shortly after 2:00PM on 6 January, multiple rioters broke windows, scaled walls, and forced entry into the US Capitol Complex. Rioters assaulted law enforcement, illegally entered congressional offices and chambers, and vandalized and stole property. Separately, two suspected improvised explosive devices (IEDs) were found on the US Capitol grounds and were rendered safe.
» (U//FOUO) During the riot, an alleged QAnon-supporter who traveled to Washington, DC, engaged in lawful protests, entered the US Capitol illegally, and was shot by law enforcement as she attempted to gain access to a restricted area, subsequently succumbing to her injuries, according to open source reporting.
» (U//FOUO) Some participants active at the Capitol displayed insignias used or adopted by multiple DVEs, including three percenters (III%) and other MVE symbols–the Confederate flag and symbols associated with neo-Nazis–popular with RMVEs. Nooses and plastic restraints were carried or stationed at or near the Capitol by some rioters, possibly to demonstrate their intent to cause harm to government officials. Symbols associated with QAnon conspiracy theories were also displayed by some rioters.
(U//FOUO) Diverse Range of DVEs Very Likely to Mobilize in an Effort to Target Elected Officials and Government Buildings with Violence Following Perceived Political Shifts
(U//FOUO) Amplified perceptions of fraud surrounding the outcome of the General Election and the change in control of the Presidency and Senate–when combined with long-standing DVE drivers such as perceived government or law enforcement overreach, and the anticipation of legislation perceived by some DVEs to oppose or threaten their beliefs–very likely will lead to an increase in DVE violence. Additionally, narratives surrounding the perceived success of the 6 January breach of the US Capitol, and the proliferation of conspiracy theories will likely lead to an increased DVE threat towards representatives of federal, state, and local governments across the United States, particularly in the lead-in to the 20 January Presidential Inauguration. The targeting of government buildings and officials is consistent with observed activity in 2020, when armed individuals, including DVEs, threatened elected officials and occupied state government buildings.
» (U//FOUO) Since the 6 January event, violent online rhetoric regarding the 20 January Presidential Inauguration has increased, with some calling for unspecified “justice” for the 6 January fatal shooting by law enforcement of a participant who had illegally entered the Capitol Building, and another posting that “many” armed individuals would return on 19 January, according to open source reporting. The recent removal efforts by social media platforms used by DVEs may push some to revert back to other platforms they perceive as more secure, further challenging our ability to identify and warn of specific threats.
» (U//FOUO) The increasing prevalence and influence of conspiracy theories based on a belief in the existence of global or “deep state” actors who work to manipulate various social, political, and/or economic conditions of the United States very likely serves as a driver of some DVE violence. Some rioters at the 6 January breach were alleged supporters of QAnon conspiracy theories, according to open source reporting. Other DVEs may be motivated to target government officials and buildings because of similar theories, including the “Great Reset.”
(U//FOUO) The FBI, OHS, and NCTC remain concerned about the potential for a loosely organized, sustained, and significant DYE population mobilizing to violence based on social media calls to target government infrastructure or officials. The shared false narrative of a “stolen” election and opposition to the change in control of the executive and legislative branches of the federal government may lead some individuals to adopt the belief that there is no political solution to address their grievances and violent action is necessary. Additionally, in-person engagement between DVEs of differing ideological goals during the Capitol breach likely served to foster connections, which may increase DVEs’ willingness, capability, and motivation to attack and undermine a government they view as illegitimate.
(U//FOUO) In the near term, DVEs could exploit upcoming events to engage in or justify violence, including events attended by MVEs and “boogaloo”‘ adherents scheduled nationally from 16 to 20 January; the 20 January Presidential Inauguration and associated events in Washington, DC; and any departure of the 4Sth President from office prior to the end of his term. The “boogaloo” is a concept most commonly used by DVEs, particularly MVEs, to reference an impending second civil war or insurgency against the US Government Calls for revolution may especially resonate with MVEs, who often justify violence based on their belief that they are guardians of the Constitution and the legacies of the American Revolution. While they may not necessarily share the partisan views of those who engaged in the 6 January breach, MVEs and other DVEs who adhere to the “boogaloo” concept and seek a politically motivated civil war, and RMVEs who seek a race war may exploit the aftermath of the Capitol breach by conducting attacks to destabilize and force a climactic conflict in the United States. These factors, and the broad perception among DVEs that the violent breach was successful, may contribute to DVEs’ willingness to carry out sporadic, lone actor or small cell violence. Such DYE violence may be targeted against racial, ethnic, and/or religious minorities and associated institutions, journalists, members of the LGBTQ+ community, and other targets common among some DVEs.
(U//FOUO) Ongoing law enforcement efforts to arrest individuals who participated in the 6 January Capitol breach could deter some DVEs, and lead others to adjust their tactics and to lessen law enforcement scrutiny. Existing trends in some DVEs’ transition to what they perceive as more secure online communication platforms to discuss threat activity following increased law enforcement scrutiny very likely will continue. Law enforcement may seek to disrupt DVEs prior to any potential violence based on their pre-mobilization illegal activities, including charges related to explosives; illegal or illegally modified weapons; unlawful use of restricted firearm components; and unlawful possession of firearms, ammunition, or body armor by prohibited possessors. Law enforcement may also leverage state and local laws and ordinances that limit or restrict paramilitary activities of private militias. The FBI, OHS, and NCTC urge state and local authorities, to promptly report suspicious activities related to potential domestic violent extremism. The FBI, OHS, and NCTC note that, due to the highly personal nature of radicalization to violence, it is difficult to assess specific indicators that are indicative of US-based violent extremists attempting to support violence at home or abroad.
Police agencies have long known that Mexican drug cartels help supply Europe’s nearly US$10 billion annual cocaine habit, but acknowledge they have little idea about the workings of these highly organized and well-financed operations.
But now, a recent Italian police investigation, code-named Operation Halcon, has provided the most in-depth look yet into how Mexico’s leading drug traffickers, the Sinaloa Cartel, do business in Europe. IrpiMedia, OCCRP’s Italian partner, obtained access to police files and surveillance reports that show the cartel’s methods in unprecedented detail.
Operation Halcon started in early 2019, at a time when Europe was being flooded with cocaine from Latin America. The Sinaloa Cartel, a global leader in cocaine sales with operations in at least 50 countries, was looking for new routes into Italy as a way to expand its European presence. Mexican cartels already sold synthetic drugs such as methamphetamine on the continent, but Colombian, Albanian, and Italian organized crime have historically dominated Europe’s cocaine trade.
Most drugs arrive in Europe by ship, usually to large ports with good connections to other major cities. Sinaloa wanted to establish another route: Bulk shipment by private planes flying into small airports in Southern Italy, with the drugs then trans-shipped to other parts of the country.
Catania, a mid-size city on Sicily’s eastern coast, was chosen for a test. The area, which was rapidly becoming a tourist destination, offered an international airport and a special draw: an airport official willing to help.
The cartel’s plan didn’t stay secret for long. The Organized Crime Investigation Group (GICO), the anti-mafia unit of Italy’s financial police in Catania, learned from an informant in January 2019 that Sinaloa was planning to fly in cocaine from Colombia.
The tip seemed odd. Catania isn’t known as a hub for international drug trafficking, and direct drug flights using private planes are generally unknown in Italy. Catania–Fontanarossa Airport had only limited international service, while the local port sees relatively little commercial traffic.Credit: Notiziecatania/PixabayCatania from above, with Mt. Etna in the background.
But the local head of the GICO, Captain Pablo Leccese, took the report seriously. In less than three months, the unit identified the cartel’s players in southern Italy: Guatemalans Daniel “Tito” Esteban Ortega Ubeda and Felix Ruben Villagran Lopez. The airport insider was identified only by his nickname, Don Señor.Credit: Guardia di FinanzaFelix Ruben Villagran Lopez.
Ortega and Villagran were working with another Guatemalan, Luis Fernando Morales Hernandez, alias “El Suegro,” or “The Father-in-Law,” who would make arrangements for the shipment in Colombia.
The police informant added more names to the file. The cell operating in Catania was under the direction of a shadowy Sinaloa leader known as “El Flaco,” or “Skinny,” whom police identified as second-in-command of the entire cartel after drug lord Ismael “El Mayo” Zambada Garcia.
El Flaco was soon to meet Don Señor to work out the logistics for handling the cocaine flight and the distribution of its cargo to buyers from various organized crime groups who would come for it.
The Italian police would be waiting for them.Credit: Aurélien Sesmat
On June 1, 2019, El Flaco landed in Catania with a female companion. After the couple checked in at the luxury seaside Romano Palace Hotel, the police learned his real name for the first time: José Angel Rivera Zazueta.
The following day El Flaco, Don Señor, and their associates met in a hotel restaurant to go over the plan. A private plane would fly from Mexico to Cartagena, Colombia, where it would be loaded with cocaine. After refueling in Cape Verde, it would land in Catania, where Don Señor would shift the drugs to a vehicle, avoid customs, and head to northern Italy — likely to Verona.
Two elements of the plan were a surprise to the financial police: The contraband was to be flown by a pilot usually entrusted with similar tasks by Joaquín “El Chapo” Guzmán Loera, the legendary former Sinaloa leader. And the size of the “test” was staggering.
“We know this Sinaloa cell had already imported cocaine to Europe and that they already had 1.5 tons of cocaine ready to be sent after a couple of hundred kilos of trial,” Leccese told IrpiMedia.
On arrival in Italy, the drugs would be sold to the Calabrian mafia, the ’Ndrangheta, which is widely considered to be Europe’s most powerful cocaine distributor. Mafia involvement made sense. Sinaloa is known to forge partnerships with existing organizations, rather than trying to steamroll its way into new markets.
Cops bugged a restaurant where the narco traffickers would meet, and settled in to listen. What they heard was a revelation. Italian law enforcement seldom gets an inside look at Mexican cartels, but now El Flaco was laying it all out for his associates, unaware that his tutorials were reaching the ears of the police.
Catania police heard boasts of 35 small planes each week leaving Venezuela to Chetumal, a resort town on the border of Mexico and Belize. Each allegedly carried 500 to 800 kilograms of cocaine — more than half of the world’s total annual cocaine production — and all with the blessing of the Venezuelan military.
The flights likely came from San Felipe, in northwest Venezuelan state of Zulia, where there are so many traffickers that locals call their town “Sinaloa,” according to the InSightCrime website.
The restaurant talk also turned to more personal news. The traffickers spoke about Villagran’s family, which was said to handle two to three tons of cocaine per month. They spoke of “El Sordo” (The Deaf), who is now part of Mexico’s Guardia Nacional, and of “El Calvo” (The Bald), a key cartel operative in Canada.
Tales were told about El Flaco’s two girlfriends, one a relative of the late drug lord Amado Carrillo Fuentes, and about his father, who supposedly owned thousands of currency exchange shops, as well as his alleged contacts in the CIA.
Although the Italian investigators couldn’t confirm much of the restaurant talk, they were fascinated.Credit: Amrai CoenA Sinaloa Cartel member testing a weapon after repairing it in a small town in Sinaloa, Mexico.
A Little “Help” From the Police
In mid-June, the informant told police that El Flaco had a 300-kilogram test shipment ready in Colombia and would send it to Catania as soon as the cartel could line up a facilitator in Cartagena.
On June 18, Don Señor met the cartel members in Rome. As police listened in, El Flaco offered to follow the test run with another 1,500 kilograms via private jet from Cartagena, through Mexico, to Catania.
But the cartel encountered unforeseen problems. It had trouble finding someone in Cartagena to facilitate the shipment. The whole operation was accumulating delays.
So the police decided to “help” them.
Working with the Antidrug Central Directorate, a police body that coordinates antidrug operations in Italy, and the Italian antidrug attache in Bogotá, Captain Leccese brought in two Latino informants based in Italy, code-named Rodriguez and El Cholo, along with a Colombian Dirección de Antinarcóticos undercover officer, known as Lucas, to pose as drug dealers.
In late August, Villagran and Morales took El Cholo and Lucas to meet suppliers in the mountains in southern Colombia’s Cauca region. After passing through a checkpoint, where they were likely photographed, they reached a place in the jungle where traffickers confiscated their cellphones. From there, they walked through the jungle to a cocaine refinery.Credit: Guardia di FinanzaCocaine prepared by Colombian suppliers.
El Abuelo, “The Grandfather,” a former member of the now-defunct Revolutionary Armed Forces of Colombia (FARC) guerrillas, showed them around, displaying drugs being cooked and shipments ready to go out.
Meanwhile, Rodriguez was halfway around the world, meeting El Flaco in Kaohsiung, Taiwan. Police in Catania had learned that El Flaco lived mainly in Asia, where he managed an important part of the cartel’s synthetic drug business.
The undercover operation soon encountered logistical problems of its own. The Colombian cocaine cooks delayed shipment to the cartel until October. Still more time was lost when a national strike closed Colombia’s airports.
Once again, the Italian and Colombian police stepped in to help. The informant, El Cholo, offered to provide a “better alternative” using his contacts at the Bogotá airport to place the drugs on an airline flight.
Finally, on January 9, 2020, around 400 kilograms of cocaine arrived in Catania aboard a passenger flight. Don Señor moved it to a safe house at the edge of the city.
Don Señor, Ortega, Rodriguez, and El Cholo were on their way to inspect the cargo when El Flaco called from Cancun for an update. Again, police listened in as Ortega checked the shipment and produced El Flaco’s written instructions about how the drug should be distributed.
“So the compensation is 32,” he said, referring to the number of cocaine bricks Don Señor would get for his labor. That much cocaine would be worth nearly $1 million in Europe.
“The compensation is better than a payment,” Rodriguez said with a laugh.
Cartels like to compensate collaborators outside their organization by giving them product, rather than money. Cash payments would mean the smugglers would have to divulge business information, such as profits, to outsiders.
“My uncle told me he needs 20 in Genoa,” Ortega continued. “And we need three in Verona if possible.”
Again, the traffickers’ work didn’t go smoothly. An emissary of a Chinese criminal organization based near Milan but with ties to Mexico, already angry at the delayed delivery, demanded a kilogram to test. If his organization liked the quality, he would want 50 kilograms upfront.
The Mexicans stalled. “Charlie,” an Italian working for a mysterious figure referred to only as “Tocayo,” was their priority for this load because he wanted to make a far bigger purchase.
The plan, Ortega told El Flaco in a call, was to take three kilograms to Charlie in Verona, followed by deliveries of 20 kilograms at a time, for a total sale of up to 300 kilograms.
On January 16, Ortega and Villagran flew to Verona to meet “El Arquitecto,” an important cartel figure who was coming from Mexico to oversee the sale, and met Don Señor, who had brought his order. Again, Italian police managed to listen in.Daniel “Tito” Esteban Ortega Ubeda and Felix Ruben Villagran Lopez in Verona, where they traveled from southern Italy for a cocaine deal.
An indictment later filed in Catania describes El Arqui as El Flaco’s representative, sent to guarantee the quality of the Sinaloa cocaine. Villagran told his associates that El Arqui wanted to test the product before delivering it.
But the traffickers couldn’t catch a break. El Arqui and Charlie were delayed by snow. On January 22, they reached Milan and went straight to meet the buyer, Charlie’s boss. Later, they delivered 35,000 euros for the initial three kilograms to Ortega and Villagran near Verona.
Italy’s Financial Police, who were watching both groups all along, arrested Ortega and Villagran in Verona. They were charged with international drug trafficking and distribution and taken into custody, but have not yet been put on trial.
The police also set up a roadblock as an excuse to stop the Milan contingent’s Mercedes E350 and identify — but not arrest — El Arqui and Charlie.
El Arqui proved to be Jalisco-born Salvador Ascensio Chavez. Charlie is Mauro Da Fiume, an Italian from San Remo. Both are experienced drug traffickers.
Records obtained by The Cartel Project show that El Arqui, identified by Canada’s iNFOnews as a Mexican architect married to a Canadian, served a three-year prison term in Canada after being convicted for importing 2.2 kilograms of cocaine in 2001. His record was erased after he was granted a pardon.
In 2010, El Arqui was caught smuggling 97 kilograms of cocaine hidden in a fruit-grinding machine imported from Argentina, and was sentenced to more than seven years in prison in 2014. In 2017 he was granted release and deported to Mexico.
In a Canadian parole board document, authorities summarize El Arqui’s admission of guilt and his promise to go straight: “You admitted associating with cartels and/or organized crime in Mexico,” the Canadians wrote. “You told the Board that you have a large positive community support in your country and are planning to design and build homes.”
The document doesn’t mention plans to supervise Sinaloa cocaine sales in Europe.Credit: Guardia di FinanzaA map put together by Italian authorities investigating Mauro Da Fiume, an experienced Italian drug trafficker.
Da Fiume owned a restaurant and two import-export companies in Barcelona. His involvement in the deal suggests the drugs were destined for one or more ’Ndrangheta clans.
Spanish police arrested da Fiume on February 4 on behalf of Catania authorities for being part of a “criminal association aimed at drug trafficking and possession” which planned to move “huge amounts of cocaine” through “a criminal organization operating in Italy, Colombia, Mexico and Spain.”
A list maintained by the police agency puts Da Fiume among “people linked to the ‘Ndrangheta,” and identified him as having ties to the Sinaloa Cartel.
Mauro Da Fiume was allegedly associated with a long-running operation trafficking cocaine between Italy, France, Spain and Morocco. That operation, exposed in 2015 by the Genoa anti-mafia bureau’s “Operation Trait d’Union,” dealt with the Piromalli-Molè clan’s infiltration of Genoa and the movement of drugs through the French Riviera.
Da Fiume was not arrested in Operation Trait d’Union, but was identified as the right-hand man of clan boss Antonio Magnoli.
Ascensio Chavez, El Flaco, and Morales remain at large. They will soon be tried in absentia in Catania for international drug trafficking.
Antonio Baquero (OCCRP), Marco Oved (Toronto Star), Mathieu Tortlieur (Proceso), and Paolo Frosina (IrpiMedia) contributed reporting.
Since the Fall of 1993, the Strategic Intelligence Service (German: Strategischer Nachrichtendienst or SND) managed to get reliable information about Crypto AG. It learned that the company was owned by foreign intelligence agencies and exported “weak” devices, the encryption of which could be broken with a realistic effort.
In order to be able to break the encryption of such devices itself, the SND began to gather technical information about their encryption methods and customer lists. Later, when the SND had become a civilian office, it managed to get enduring access to this knowledge with the consent of the American intelligence agencies.
From a legal point of view, the parliamentary audit committee (GPDel) therefore sees it as an intelligence cooperation, like in the past it was provided in the military law and today in the Intelligence Service Act (Nachrichtendienstgesetz or NDG). From the fact that the SND and the American agencies acted by mutual agreement, it follows that the Swiss authorities share responsibility for the activities of Crypto AG.
It was legally allowed that the SND and a foreign intelligence agency used a company in Switzerland to gather information about foreign countries. Given the big political implications of this cooperation, however, the GPDel considers it wrong that except for the current head of the Federal Department of Defence, Civil Protection and Sport (VBS) none of her predecessors were informed about this operation.
The east wing of the Federal Palace (Bundeshaus) in Bern, Switzerland, home of the Federal Department of Defence, Civil Protection and Sport (VBS) (photo: Mike Lehmann/Wikimedia Commons – click to enlarge)
In addition, the SND’s findings on Crypto AG during the Bühler affair, which was investigated by the federal police (Bundespolizei or BuPo) in 1994 and 1995, should not have been withheld from the political leadership. The head of the federal military department (EMD) at the time did not learn the truth about Crypo AG via other ways either, as he explained to the GPDel.
The GPDel also did not found any evidence that the government unduly influenced the investigations by the BuPo. Rather, the head of the Federal Department of Justice and Police (EJPD) made an effort to clarify the ownership of the company. Ultimately, however, the BuPo had to stop its investigations without being able to answer this question.
In 1994, the GPDel was informed repeatedly about the ongoing investigations of the BuPo. Just like the military and political superiors of the SND, the GPDel did not learn anything from the foreign intelligence service related to Crypto AG. The company was never subject of the information provided by the Defense Department (VBS) when the overall supervisor specifically dealt with the topic of cryptology in 2007 and 2009.
Storage and destruction of documents related to Crypto AG
Especially valuable for the inspection of the GPDel were the operational files of the SND and the BuPo, which the federal intelligence service (Nachrichtendienst des Bundes or NDB) stored in a converted K-Anlage [Kriegsanlage, a well-hidden former command bunker of the Swiss army near Bern]. Their archiving in accordance with the applicable regulations is still pending. Due to the archiving practice of the intelligence services, however, there is no guarantee that all important documents are still available.
The destruction of such records was in part allowed by law and regulations, but in some cases it contradicted them. Between 2011 and 2014, the NDB destroyed documents from their correspondence with foreign partner services, instead of storing them internally as prescribed. Its inspection showed the GPDel that the destruction of files by the intelligence service is not an effective method for source protection. Rather, there is a risk that former sources can be compromised when authorities don’t have the proper information.
Foreign espionage under the guise of a Swiss company
Companies and organizations that operate on Swiss soil benefit from Switzerland’s image as a neutral state. Accordingly, foreign intelligence services may have an interest to operate under the guise of a Swiss company to the detriment of other countries.
Under certain circumstances, such a company can be guilty of the criminal offense of forbidden intelligence service against foreign states. However, such an operation is permissible under applicable law when a foreign agency uses such a company together with the NDB to collect information about foreign countries (cf. Art. 34 Para. 2 NDG).
In the view of the GPDel, planning such an operation should include a political assessment of the possible consequences for Switzerland, as well as for any affected employees of the company. The Federal Council (Bundesrat) should therefore clarify in principle how much room for maneuver it wants to grant the Defense Department (VBS) in this regard.
Not enough attention for the supply of secure encryption devices
The case of Crypto AG shows that companies under the influence of foreign intelligence services can produce devices with “weak” encryption methods. However, the GPDel assumes that Crypto AG has never supplied the “weak” encryption equipment to the Swiss authorities. Important in this case was that the Swiss authorities were able to inspect the security of the purchased devices or even influence their design. However, this is only possible with suppliers who develop and manufacture their devices in Switzerland.
For security reasons, it is not responsible for the federal government to purchase encryption solutions from foreign suppliers. Right from the start, the Federal Council did not pay the necessary attention to the role that domestic suppliers play in ensuring the availability of secure encryption technology for the Swiss authorities. As the responsible department, the Defense Department (VBS) didn’t analyze the risks for a reliable supply in time and informed the Federal Council about this matter.
Access to Crypto AG at the management of the intelligence services
The information access to the Crypto AG was a well-kept secret at the management level of the SND. But when the Federal Intelligence and Security Service (NDB) was created [in 2010], this knowledge remained hidden for its first director. When confronted with this a few years later, he refused to take his responsibility.
It was only in the summer of 2019 that the current director commissioned a position paper for this case, although he was not informed by his predecessor and it was still before the NDB learned from the research of the media about Crypto AG. However, he did not use this informational advantage to uncover the relations between Crypto AG, the NDB’s predecessors and the American intelligence agencies. Instead of clarifying the legal situation and recognizing the political implications, the NDB downplayed the relevance of the Crypto AG case for the current organisation.
The Defense Department (VBS), which already informed the Federal Council and the GPDel in November 2019, did not succeed in identifying the need for political action. The interdepartmental working group, which the VBS also set up, was not able to support the political leadership because of the reluctance of the NDB to provide information for the looming intelligence affair.
In its application for the Federal Council meeting on December 20, 2019, the Defense Department asserted that the level of information was insufficient for a substantive discussion about the case of Crypto AG. After finding the files in the K-Anlage, about which the Defense Department had informed the Federal Council, this finding was no longer valid.
Since the NDB had not evaluated the extensive files before the Federal Council meeting, the Council decided to establish an external committee of experts to clarify the apparently purely historical questions. With this, the Federal Council gave the strategic leadership for dealing with the Crypto AG case of the hand from the start.
Ending the parallel investigation by judge Oberholzer
When the GPDel opened its inspection on February 13, 2020, former federal judge [Niklaus] Oberholzer had been active as an external expert on behalf of the Federal Council for a month, but without having access to the files from the K-Anlage. After the GPDel had requested all relevant files from the NDB, it recognized that the Crypto AG case went beyond pure history and was of current importance. This proved the approach of the defense department, to examine the historical and current aspects of the case separately, as not very effective.
Given the various parallel investigations, the GPDel considered it necessary to discuss the unresolved coordination issues with the head of the Defense Department before the work was continued. However, when the Defense Department expanded the scope of the Oberholzer investigation before to the meeting agreed with the GPDel, the GPDel revoked its authorization to the Federal Council to commission Mr Oberholzer on February 21, 2020. As an investigative officer for the GPDel, he then reported on the intelligence-related aspects of the Crypto AG case in a secret report for the GPDel.
On February 25, 2020, the GPDel discussed its revocation of the authorization with the head of the Defense Department. The subsequent written exchange with the Federal Council led to a meeting with the federal president and the head of the Defense Department on May 25, 2020, where the GPDel provided information about the most important facts about the role of the intelligence services in the case of Crypto AG. In a classified letter this information was also brought to the attention of the Federal Council.
Former headquarters of Crypto AG in Steinhausen, Switzerland (photo: Keystone – click to enlarge)
Suspension of the export licenses for Crypto AG’s successors
After the meeting of the Federal Council on December 20, 2019, the Federal Department of Economic Affairs, Education and Research (WBF) decided to suspend the general export licenses for the successor companies of Crypto AG [Crypto International AG and TCG Legacy AG]. The goal was apparently to avoid unfavorable media coverage for the WBF.
From the point of view of the GPDel, however, the suspension of these licenses was neither materially nor legally justified, just like the way the State Secretariat for Economic Affairs (SECO) delayed matters related to those companies. Individual export applications could still be submitted though.
There were also no legal arguments against their issuance, as the export control group rightly recognized on March 4, 2020. However, due to the position of the Federal Department of Foreign Affairs (EDA), it was decided in May 2020 to submit all applications to the Federal Council for decision.
Filing a criminal complaint against Crypto AG
On February 25, 2020, the SECO, with the support of the WBF, filed a criminal complaint at the federal prosecutor’s office. Because of the first media coverage, the SECO suspected that by exporting “weaker” encryption technology before 2018, Crypto AG had violated individual declaration obligations from the export control law (Güterkontrollrecht).
Without further scrutiny, the WBF took over the argument of the SECO according to which there was a legal obligation to file a complaint. However, in an opinion at the request of the SECO, the federal prosecutor had advised against filing a criminal complaint; the SECO did not discussed the matter with other federal agencies.
From the point of view of the GPDel, the criminal complaint was based on an insufficient assessment of the facts and an inadequate legal reasoning. Since the complaint was apparently made for political reasons, it should have been submitted by the Department of Economic Affairs (WBF) instead of by the SECO.
Authorization to prosecute Crypto AG
On March 13, 2020, the federal prosecutor asked the Justice and Police Department (EJPD) for the authorization to prosecute the violations of the export control law as reported by he SECO. Three months later, the EJPD submitted the prosecutor’s application for decision to the Federal Council. Before that, the EJPD had a discussion about it with the GPDel on May 25, 2020.
The WBF for its part, requested the Federal Council on June 10, 2020 to approve all pending export applications, this although it had supported SECO’s criminal complaint. After the Federal Council had postponed the issue by a week, the WBF requested to suspend the decision until the prosecutor’s investigation had been finished. The Federal Council followed this proposal on June 19, 2020 and on the same day it granted the authorization to the federal prosecutor.
Violation of good faith and of the separation of powers
The GPDel recognizes the coherence between the decisions of the Federal Council regarding the authorization application by the federal prosecutor and the individual export applications from the successor companies of Crypto AG. With their indefinite postponement, however, the Federal Council may have violated the principle of good faith, because in principle every Swiss company can expect an authorization of its exports, unless there are legal arguments against it.
The export control law was also not a suitable means of approaching the Crypto AG case, while the criminal complaint was obviously an attempt to get rid of political responsibility by letting the justice system tackle the Crypto AG case. With this, the Federal Council ultimately linked the criminal case with the ongoing investigation of the GPDel, which was problematic given the separation of powers.
The Swiss foreign intelligence service
Initially, the Swiss foreign intelligence service (German: Strategischer Nachrichtendienst or SND) was part of the Untergruppe Nachrichtendienst (UG ND), which reported to the general staff of the Swiss army. In 2001, it was removed from the military hierarchy and turned into a civilian office, but still under the responsibility of the head of the Defense Department.
On January 1, 2010, the SND was merged with the domestic security service (Dienst für Analyse und Prävention or DAP) into the current federal intelligence and security service (Nachrichtendienst des Bundes or NDB), which is also responsible for signals intelligence.
Known divisions of the NDB are:
– NDBA for Auswertung (Analysis) – NDBB for Beschaffung (Acquisition) – NDBB-A for Beschaffung Ausland (Foreign Acquisition) – NDBB-I for Beschaffung Inland (Domestic Acquisition) – NDBS for Steuerung und Lage (Coordination) – NDBU for Unterstützung (Support)
Headquarters of the Nachrichtendienst des Bundes (NDB) in Bern, Switzerland (photo: Samuel Schalch – click to enlarge)
More details from the Crypto AG report
Besides the general conclusions as translated above, the GPDel report about the Crypto AG case also contains some more detailed information that is worth to be translated:
The MIVERVA report
The NDB provided the parliamentary audit committee (GPDel) with a copy of the internal CIA report about Crypto AG. This report is titled “MINERVA – A History” and describes how since the 1950s, US intelligence agencies cooperated with the Swedish owner of Crypto AG and was taken over by CIA and BND in 1970. The report includes the withdrawel of the Germans from the operation in 1993 and ends in 1995. The MINERVA report was written after the year 2000 with input from representatives of the BND.
It seems that around 2005, the Germans were provided a copy of the report and prepared additional assessments. This version of the American report, together with German documents, came in the hands of the press, which in February 2020 published about certain sections of the report. The full MINERVA report of almost 100 pages has not yet been released.
The GPDel analyzed the MINERVA report and additional information from the NDB confirmed the authenticity of the document. Regarding the situation in Switzerland, the report is not always accurate and contains small mistakes. Apparently the American authors were not very familiar with Switzerland and its government. (p. 9-10)
Acquiring and using information about weakened algorithms
Since the autumn of 1993, the SND got informed about the fact that Crypto AG was owned by American and German intelligence services and that the company built encryption devices with weaker algorithms. The SND aimed at breaking the encryption of these weakened devices themselves and gathered technical information about the encryption methods of the exported Crypto AG devices. This knowledge could also be used to identify weak encryption methods used in devices bought by Swiss customers. (p. 20)
This search for information about the weak algorithms continued after the SND became a civilian office in 2001 and was only successful because American intelligence agreed that Switzerland got the necessary information but only as far as necessary. (p. 20)
In order to actually use its knowledge about the weakened encryption methods for national security interests, the SND also had to gain access to encrypted communications. Interception of radio communications was conducted by a unit of the Swiss army (Führungsunterstützungsbasis der Armee or FUB).
After modernizing systems to intercept short wave (high frequency) radio communications, Switzerland started to set up a system to intercept satellite links, which is codenamed Onyx and became fully operational in 2006. The decryption capabilities were integrated in the interception process managed by the SND. (p. 20)
The Onyx satellite intercept station in Leuk, Switzerland (photo: Martin Steiger/Wikimedia Commons – click to enlarge)
Knowledge about Crypto AG at the SND and the NDB
At the SND the information about Crypto AG was a closely held secret. Only the head of the SND (Fred Schreier) and his successors (Hans Wegmüller and Paul Zinniker) and no more than two other employees of the SND knew about it. The director of the newly created NDB, Markus Seiler, was (orally) informed about the existence of weak Crypto AG devices when he assumed office in 2010. (p. 21)
Only during his last year in office, 2017, Seiler was also informed about what made his organization able to decrypt the weak algorithms, but he declined to accept a note about further options. Vice-director Paul Zinniker supported him in not taking further actions. The former heads of the Swiss Defense Department (VBS) were not informed about the fact that Crypto AG was under control of American intelligence and that Swiss intelligence was using its knowledge about the weak algorithms. (p. 21)
In the spring of 2019, the current director of the NDB, Jean-Philippe Gaudin, got basically the same information about Crypto AG as his predecessor two years earlier. But this time, Gaudin requested a detailed presentation and demanded a written position paper. On August 19, 2019, Gaudin also informed the head of the Defense Department (p. 21)
Mid-October 2019, the NDB was provided with a copy of the MINERVA report and its director was informed about its contents. As of the end of October there was an increase in the communications between the NDB, the American and other foreign intelligence services, also in order to anticipate the media coverage about the MINERVA report. (p. 22)
Awareness about weaknesses in encryption devices
In 2007, the GPDel was briefed about how the SND’s decryption capabilities are integrated in the process of intercepting foreign communications. A fact sheet showed that many manufacturers of encryption devices built in weaknesses for some of their customers. Behind this practice were the intelligence agencies of the United States and some of its allies. However, other states with the proper capabilities, like Switzerland, could also benefit from this. (p. 23)
According to the GPDel, the knowledge about the weakened Crypto AG devices provided useful intelligence for Switzerland as it could be used to decrypt the communications from foreign targets and exchange information with foreign intelligence services, which also strengthed the position of Switzerland. However, it should also be noticed that encryption methods and access to relevant communications are changing continously and know-how can rapidly loose its value. (p. 27)
The GPDel found that it was possible to identify weaknesses in various types of encryption devices used by Swiss institutions and to repair the deficiencies. This shows how important it is to have good insights on domestic manufacturers and influence the quality of their products. (p. 27) The GPDel was assured that all inspections made clear that Crypto AG never provided weak encryption devices to Swiss government agencies – unlike another company. (p. 31)
A second Swiss company selling weakened encryption devices
From hand-written notes from the head of the Defense Department, the GPDel learned that the security of encryption devices used by federal agencies had regularly been a talking point between the director of the SND and the head of the Defense Department. Somewhere between 2002 and 2008 it became clear that a Swiss manufacturer (not being Crypto AG) had sold unsecure equipment to the federal government and two large corporations. After learning about this, the Defense Department took measures to close the hole. (p. 28)
In November 2020, the Swiss broadcaster SRF revealed that this other Swiss company was Omnisec AG, which was founded in 1987 and dissolved in 2018. According to SRF, Omnisec had sold less secure encryption devices from their 500-series to Swiss federal agencies and even to the secret services SND and DAP. These weakened devices were also sold to at least two private companies, including the UBS bank – around the time when the US pressed Swiss banks to lift their banking secrecy.
Former headquarters of Omnisec AG in Dällikon, Switzerland (photo: ZVG – click to enlarge)
Citi American Airlines Platinum – Experian (720+ $6,500)
Citi Double Cash / Citi Thank You Premier – Experian (720+ $6,800)
Citizen’s Bank (location specific) Equifax
Community First Credit Union – Equifax (region specific)
Community – Transunion or Equifax
Credit Union of Texas – Equifax
Credco Auto Reseller – Experian – Transunion
Chrysler Credit – Transunion – Does Not Re Report to D&B Dell Computers Preferred Account – Experian (690+ $1,500) Delta Skymiles Gold Amex – Experian (660+ $5,000) Digital Credit Union DCU Personal Loan – Experian (700+ $26,000) Digital Credit Union DCU Auto Loan – Experian (700+ $25,000 with Proof of Income)
Direct TV – Equifax
Discover Card – Equifax – Transunion
Discover It – Experian (620+ $1,500 – $5,500)
Drive Finance Auto Financing – Experian – Transunion
Elan Financial – Equifax
Fifth Third Bank – Transunion
FIA Amex Fidelity American Express – Experian (740+ $9,000)
First Choice Bank – Primer Visa – Experian – Equifax – Transunion First Data Merchant Services – Credit Card Merchant Account Processor Greater Texas FCU – Experian (620+ $27,000) Hertz Corporation – Equifax Home
Depot – Experian (650+) HSBC –
Jared/Sterling – Experian (600+ $1,500)
JCB Marukai Premium California – Experian (750+ $5,000 with Proof of Income)
JCrew (Comenity) – Experian (600+ $750)
JP Morgan Chase Business – Transunion – Chexsystems JP Morgan Chase Bank – Equifax Kohls – Experian (560 $300)
Lexus Financial Services – Experian (690+ $90,000 with Lease)
Mercedes Auto – Transunion + Experian + Equifax
Macys – Experian (700+ $1,000)
NASA FCU Platinum Rewards – Experian
NASA Visa Platinum Cash Rewards – Experian (735+ $20,000)
Navy Federal Credit Union – Equifax – Transunion
NFCU GoRewards Visa – Experian (660+ $1,000)
Navy Federal Credit Union – Business – Transunion
Nordstrom – Experian (620+ $1,000)
OneMain Financial – Equifax
Overstock.com Comenity Bank – Experian (640+ $2,200)
KEMBA Financial CU (Angie’s List Eligible, used to pull Equifax)
Lake Michigan CU (ALS Assoc Eligible)
Mazuma CU (Join Harry S Truman Library & Museum
Mercedes Benz Credit Corp
Michigan First CUPNC (TU 50% of the time)
Regions Bank (region specific)
Smart Financial CU ($60 to join Houston Museum)
Synchrony Bank (See store card listing below held by Synchrony bank). Note synchrony also pulls from Experian
U.S. Bank VW
BRANDS AND STORE CARDS TRANSUNION BASED:
Amazon Store (SYNCHRONY AND CHASE)
American Eagle (SYNCHRONY)
Ashley Furniture (SYNCHRONY)
Banana Republic (SYNCHRONY)
Babies R Us (SYNCHRONY)
Care Credit (SYNCHRONY)
Dillard’s (SYNCHRONY) eBay
Guide Dogs (UMB)
Hooters (Merrick Bank)
Rooms To Go (SYNCHRONY)
Sallie Mae (Barclays)
Sam’s Club (SYNCHRONY)
Texaco (SYNCHRONY) TJX
Toys R Us (SYNCHRONY)
UPromise (Barclays) US Air
Williams Sonoma (Barclays)
Your geographical location can impact which credit bureau a lender will pull from. This list is a collection of what we have researched in various places across the United States. Banks change their policies from time to time so if you experience that anything has changed, let us know!
A Boston doctor said he built up a serious unfavorably susceptible response minutes in the wake of accepting Moderna’s Covid antibody on Thursday, in the principal seven day stretch of the cross country rollout for the organization’s shots.
The case was the first of its sort answered to be connected to Moderna’s immunization. Government organizations are researching at any rate six cases including individuals who endured hypersensitivity subsequent to accepting the Pfizer-BioNTech antibody, which contains comparative fixings, during the initial not many long stretches of its dissemination in the United States.
Authorities with the Food and Drug Administration and the Centers for Disease Control and Prevention had talked about the responses including a portion of the Pfizer cases, yet have not decided if a fixing in the immunization caused the unfavorably susceptible reactions. A couple of medical care laborers in Britain had additionally experienced hypersensitivity subsequent to accepting the Pfizer immunization recently.
The occurrence on Thursday included Dr. Hossein Sadrzadeh, a geriatric oncologist at Boston Medical Center, who has an extreme shellfish sensitivity and had an arrangement to get the Moderna shot in the early evening. In a meeting, Dr. Sadrzadeh said he encountered a serious response very quickly after he was immunized, feeling tipsy and with his heart dashing.
In an assertion, David Kibbe, a representative for Boston Medical Center, affirmed that Dr. Sadrzadeh had gotten Moderna’s immunization on Thursday. The assertion said that Dr. Sadrzadeh “felt he was building up an unfavorably susceptible response and was permitted to self-direct his own EpiPen. He was taken to the Emergency Department, assessed, treated, noticed and released. He is doing great today.”
Ray Jordan, a representative for Moderna, said on Thursday night that the organization couldn’t remark freely on an individual case. On Friday, Mr. Jordan added that the organization’s clinical wellbeing group would investigate the issue, and he alluded further inquiries to authorities at Operation Warp Speed, the government program managing antibody appropriation.
The F.D.A. would not remark on the new report on Friday.
Tom Skinner, a representative for the C.D.C., said that data on responses to the new antibodies would be presented on the office’s site beginning one week from now. Belsie González, a representative for the C.D.C., alluded further inquiries to neighborhood general wellbeing specialists.
With more than 1.1 million infusions previously conveyed to arms the nation over, extreme unfavorably susceptible responses remain an extraordinariness, and ought not incite worry in a great many people, said Dr. Merin Kuruvilla, an allergist and immunologist at Emory University. “This ought not hinder individuals who are not clearly at expanded danger,” she said.
After the underlying cases going with the Pfizer shots, the C.D.C. given guidance that the Pfizer and Moderna antibodies probably won’t be proper for individuals with a background marked by hypersensitivity to fixings in one or the other infusion. Hypersensitivity, which normally occurs inside the space of minutes after openness to a setting off substance, can hinder breathing and cause sharp drops in circulatory strain, possibly turning out to be dangerous.
The office suggested that individuals with different hypersensitivities should at present get their shots and stand by the standard 15 minutes post-infusion prior to leaving the inoculation site. Any individual who recently had an anaphylactic response to a substance, including another immunization or injectable medication, should be checked for an additional 15 minutes.