‘Only an intelligence flaw explains this,’ says the researcher who led the study on CIA espionage in Brazil


Vitelio Brustolin is the researcher at the Universidade Federal Fluminense (UFF) and Harvard who led the study published last week in the Cambridge Review of International Affairs which, as O GLOBO revealed on Sunday, detailed the use by Brazilian state agencies, including the army. , from cryptographic teams at Crypto AG, a Swiss company that for decades was secretly controlled by the CIA.

In an interview, he assures that the mere “suspicion that the equipment is being manipulated should be enough to stop using it.” He also says that the possible use of the equipment in Brazilian submarines “endangers not only the effectiveness of our submarines, but also their operations and the lives of the people inside them and in our country.”

In the study, Brustolin counted with the collaboration of researchers Dennison de Oliveira, from the Federal University of Paraná (UFPR), and Alcides Peron, from the University of São Paulo (USP).

What do the findings of the scientific article published by you indicate about how the Brazilian state handles its secrets?

In the article, we revealed that some countries were even suspicious of the team. This was the case in Argentina, during the Malvinas War. Argentina lost the war and tampering with encryption machines was one of the reasons for the defeat. In 1992, an executive of the company was kidnapped in Iran and revealed the fraud. Starting in 1995, more and more frequent reports began to be published about the manipulation of Crypto AG equipment. For us scientists, it is necessary to collect evidence and evidence for the publication of an article like this. For a country’s intelligence services, it is not necessary to go that far. The suspicion that the equipment may be being tampered with should already be enough to stop using it. After all, it is a confidential and strategic communication of a country. The evidence is everywhere. Just type “Crypto AG” into Google.

Could intelligence have failed?

There is no other possible explanation. The United States National Security Agency (NSA) itself admitted the fraud. The secret US documents, proving the CIA’s deal with Crypto AG, were declassified in 2014. This raises at least three central questions. First, how is it possible that there is no “evidence of compromise in the communications system”, given all the information available to anyone about it? Second, how did the Brazilian intelligence agencies let this happen? Third: why did the Brazilian Navy continue to acquire cryptographic equipment from this company between 2014 and 2019? Only an intelligence failure explains this.

The Navy did not say whether to stop using this equipment. Does the continued use represent a risk?

The team endangers not only the effectiveness of our submarines, but also their operations and the lives of the people within them and in our country. The Navy affirms that “it uses its own software and algorithms for the protection of confidential data, a state cryptography, totally restricted and developed within the scope of the Force.” If this is true, why was the Crypto AG software acquired, as the Transparency Portal reveals? Why was a license to use this software acquired from Crypto AG itself? The equipment that the Navy acquired from 2014 to 2019, its software and its license were paid for with public money. What good is spending public money on something that will not be used? Also, who can believe in the communication systems of our submarines, after the US intelligence agencies themselves admitted that they tampered with the equipment? The CIA only got rid of Crypto AG in 2018. Brazil bought a system in 2014 and continued to acquire software and a license until 2019. Did the CIA, which owned the company, do nothing on the system?

Is Brazil capable of developing this team in a totally national way?

Brazil has the capacity to produce radio communication systems. Imbel itself, which is a strategic defense company in Brazil, produces electronic and communication systems. Why not invest in expanding and diversifying national hardware production, since, according to the Navy, the software and algorithms are already produced in Brazil? In addition, Brazil has had the Research and Development Center for Communications Security (Cepesc) since 1982. This center operates within Abin. Since there were breaches in communications by the Brazilian authorities in 2013, this center has begun to produce solutions to protect some authorities. Greater investment in the area would make the Navy’s acquisition of crypto platform Crypto AG unnecessary, from 2014 to 2019. As the movements on the Transparency Portal demonstrate, Crypto AG equipment cost thousands of dollars, not millions. How much would it be worth for Brazil to invest in this area and make us less vulnerable and dependent on foreign countries? How much does it cost us to remain dependent?

Currently, there is a great controversy surrounding 5G technology and possible espionage. Do the article’s findings tell us anything about the United States’ willingness to spy on its allies?

The article deals with espionage promoted by US agencies (CIA and NSA), in addition to the German BND. The article is robust and completely document-based. That said, there is no question that the crypto team has been rigged for decades. It is important to know if anything has changed since the use of the first adulterated machines, the CX-52, since the 1950s. It is important to know if anything has changed since the espionage revelations of the US agencies about the Brazilian authorities and companies in 2013. It is important to know what Brazil will do to stop being hostage to situations like this.
