BURG FEUERSTEIN LABORATORIUM 11 February 2016

There are many stories, some more fiction than real, about mysterious Nazi laboratories in dark castle dungeons where SS scientists performed all kinds of occult experiments. The Nazi obsession with the Ahnenerbe or the elite Wewelsburg SS school and center for archaeological excavations are probably the most sinister real examples, portrayed in pc games like Return to Castle Wolfenstein.

What if someone told you that a team of scientists, led by Doctor Oskar Vierling, worked in a secretive laboratorium called Castle Feuerstein. Sounds like another sequel to the Castle Wolfenstein game? Not at all. Burg Feuerstein in Ebermannstadt, close to Nürnberg, was anything but fiction. A physicist in a mysterious laboratorium? How could that relate to cryptography and intelligence?

The Hunt for Science

Burg Feuerstein was an important target of the Target Intelligence Committee (TICOM), a secret WW2 British-American project to capture German scientists and seize SIGINT stations, cryptographic and communications equipment, just before Germany surrendered. The mission of TICOM was to collect as much as possible German science and technology, preferably before Soviet forces got their hands on it. To achieve this, TICOM sent fast-moving teams to pre-determined valuable locations inside the collapsing Germany, sometimes ahead of Allied troops.

Burg Feuerstein in Ebermannstadt

Is there a better way to hide a secret laboratorium than to build a typical Frankischen Schweiz style castle on top of a mountain in plain sight? It was so obtrusive that no one would suspect its purpose. Burg Feuerstein was built from scratch in 1941 by Dr Vierling with private funds. He was a physicist, electronics engineer and professor in high-frequency technology and electroacoustics. Laboratorium Feuerstein started its research in 1942 and developed experimental communications systems. At its peak, Feuerstein housed 200 staff and workers. TICOM only learned about Feuerstein's existence from decoded intercepts that referred to its research.

A Most Prolific Scientist

The scientists, led by Dr Vierling, worked on a variety of projects, including high speed transmitters for covert agents, receivers, wave traps, accurate filter design, speech scramblers, voice frequency spectrography, teleprinter cipher (crypto) attachments, improvements on cipher machines, a synchronisation system for the Lorenz SZ42 cipher teleprinter, acoustics and filter components for acoustic torpedoes, anti-radar coating for submarines, a night fighter control system, various frequency generators and an electronic calculator to solve sine and cosine equations. They were a busy bunch!

Oskar Vierling

Just before the German collapse, Dr Vierling was ordered to relocate his speech projects to Berchtesgaden in the Bavarian Alps and to destroy all other projects and equipment. Vierling, however, had other plans with his Feuerstein legacy. Once the Nazi's were off to Berchtesgaden with the speech equipment, he stored the most valuable equipment and plans in a large bomb proof walk-in vault, hidden behind a false wall in Feuerstein. There, he awaited the end of the war.

Vierling Safeguards His Future

Burg Feuerstein was used as a German Army hospital at the time the TICOM team arrived. They rounded up the scientists and Dr Vierling proved very willing to cooperate with TICOM. Vierling and his group rushed to restore the laboratory and continued their work on selected projects under control of TICOM investigators.

NSA's declassified AXIS SIGINT in WWII, Vol II, Notes on German High Level Cryptography and Cryptanalysis contains some interesting crypto related info. The Lorenz SZ-42c cipher teleprinter with synchronisation, named SK-44 and SK-45, generated and send a continuous pseudo-random five-bit stream. The receiver mixed his identical stream, by XOR-ing, with the incoming stream, resulting in no character, since (K ⊕ K) = 0. When sending a message, the plain teleprinter message was mixed into the stream. The receiver mixed the received signal with his identical stream, cancelling out the pseudo-random stream, since (K ⊕ M) ⊕ K = M, producing the original message instantly.

An eavesdropper would not know if or when the random stream contained an actual message or how long it was, thus effectively preventing traffic analysis. The U.S. Army Security Agency (ASA) suggested that analysis of the continuous mostly non-message-carrying pseudo-random stream, generated by the SZ-42c, might compromise the machine's secret key settings. This would enable them to predict the stream and decipher all messages that follow. The principle of continuous random stream was nevertheless brilliant and used on the 1950s more advanced U.S. KWR-37 JASON and KWT-37 Fleet Broadcast crypto system.

Speech scrambling research by Dr Vierling's team produced little result. In 1943, only Dr Vierling and Telefunken still worked on ciphony (encrypted voice) and from 1944 on only Dr Vierling. At war ends, Feuerstein's research on ciphony focused on synthetic speech, encrypted by triple wobbling. The speech was separated in eight frequency bands. These were encrypted in a three-stage ring wobbling (shifting the frequencies up and down) where the stage was split in half and these halves wobbled separately. However, speech quality after de-wobbling was very bad and ASA considered the German scientists several years away from developing any usable ciphony.

Declassified Feuerstein Documents

More details about the Feuerstein laboratory and Dr Vierling's work is available in chapter VIII, page 37 (pdf p.39) from Volume 8 Miscellaneous NSA of NSA's declassified files on European Axis Signal Intelligence in World War II. The rebuild of the lab under control of TICOM is described the Interim Report on Laboratorium Feuerstein from the NARA archive. (first pages are double, start reading from page 5). Another excellent source is the TICOM Archive (preserved by the Internet Archive). These documents contain enough inspiration for a few Wolfenstein sequels.

The importance of Burg Feuerstein for TICOM is shown in the ASA documents. The Temporary Duty Report NSA of Mr William Friedman, the renowned U.S. cryptologist, is a resume of his tour in Germany from July to September 1945, in cooperation with TICOM. Vierling's Laboratorium, noted as important TICOM target, was one of the sites he visited in July 1945. NSA has a few more documents related to Dr Vierling.

Post-War Crypto and Intelligence Work

After the war, Prof Dr Vierling continued working at his 1941 established firm VIERLING GmbH, but relocated to Ebermannstadt, a mere kilometer from Burg Feuerstein. He had quite a prolific career, developing crypto machines, covert radio transmitters, eavesdropping devices, radio direction finding and various measuring and test equipment. He also worked for Organisation Gehlen (post-war West-German intelligence), and its successor, the Bundesnachrichtendienst (foreign intelligence), the Zentralstelle für Chiffrierwesen (central cryptologic service) and the Deutsche Bundespost. From the 1930s until the 1950s he was also an important pioneer in the development of electronic and electro-acoustic instruments.

Due to legal restrictions on crypto export, Dr Vierling sold the rights for his crypto equipment to Crypto AG's predecessor Hagelin Cryptos. NSA archives show that Dr Vierling developed crypto machines in cooperation with ASA and NSA, at least until 1953. See also documents Crypto devices of Vierling, ASA loan Vierling device and purchase transistors for Vierling. These documents show that Vierling provided a crypto machine for analysis, and ASA supplied transistors for Vierling's crypto experiments. Transistors were quite novel in 1953 and their use in crypto equipment pretty unique. Vierling's firm is still located in Ebermannstadt. Today, Burg Feuerstein is a catholic youth center. The Bayerischer Rundfunk has an audio on the wartime history of Burg Feuerstein (in German).

BAPCO's USE OF ONE TIME PADS DURING WORLD WAR II 10 February 2015

The Bahrain Petroleum Company (BAPCO) was a Canadian subsidiary, founded in 1929 by the American Standard Oil of California (Socal) to run its operations at the Awali oil fields on Bahrain Island, at the inlet of the Persian Gulf.

BAPCO became a possible target of Axis forces when Britain declared war on Germany. In 1940, the Bahrain oil refinery was targeted by Italian bombers, forcing the Allies to strengthen Bahrain's defense. Bahrain, in 1943 still a British Protectorate, decided to implement a censorship on messages sent over commercial cable and wireless, to prevent disclosure of information that might be useful to the enemy.

This censorship, however, greatly restricted the communications and operations of BAPCO. The majority of their messages contained information about oil production, shipping, personnel, and food supply. Those messages fell into three main categories: a) cables that could be sent in plain text without objection, b) security cables that contained information that, in conjunction with other information, might indirectly be useful to the enemy, and c) secret cables that would be of direct use to the enemy if intercepted, such as ship movements, especially oil tankers.

On April 4, 1943, Ward P. Anderson, the general manager and chief local representative of BAPCO, asked E. B. Wakefield, the British Political Agent in Bahrain, permission to encrypt their cables between the local branch and their New York office. This would allow them to send security related cables, at the same time respecting Bahrain's censorship. Anderson proposed a secret company code, superimposed (enciphered a second time) with a transposition cipher for added security.

BAPCO's Ward Anderson's request to use code or cypher to encrypt telegrams

The Political Resident of the Persian Gulf in Camp Bahrain forwarded the request on April 8 to the Secretary of State for India in London, who approved the use of a secret code, provided that censorship received a plain text version of all messages, sent in that code, BAPCO should continue to send messages through the Navy if they contained vital information that would be of direct use to the enemy, and messages regarding political matters were to be sent through the Political Agent. After consulting the New York office, Ward Anderson agreed to these conditions.

P.A.I.C. in Baghdad asked whether the code had already been vetted for security. As this was not the case, the British Political Resident forwarded the request to SNOPG (Senior Naval Officer in the Persian Gulf) in Basra but they had no officer qualified to vet the code. Therefore, PAIFORCE suggested to vet the code.

The new code, proposed by the California Texas Oil Company, arrived from New York on October 24, and Bahrain forwarded the code on November 10 by courier for examination to the Cipher Security Officer of P.A.I.C. in Baghdad. After reviewing the code, the Security Officer responded that the code offered little resistance against cryptanalysis and provided no security whatsoever. Note: P.A.I.C. (Persia and Iraq Command) in Baghdad was the headquarters of PAIFORCE (Persia and Iraq Force), the British and Commonwealth military formation in the Middle East from 1942 to 1943.

The Political Agency's responds that the requested code offers no security

Surprised by this answer, Ward Anderson explained that the code was allocated by the U.S. Navy Department and considered the most secure known, used for the most secret messages. He clarified that "each page of the pad of sheets is used only once and destroyed after use". He continues, "In fact, the code changes with each succeeding letter of the message. When the pad is exhausted, a new set of pads is produced".

To Anderson, it seemed unlikely that British military authorities would be unfamiliar with the proper use of this type of code, so he asked to verify whether the code was indeed insecure, adding that U.S. authorities would be most interested if the British claims proved correct.

This was his polite way to hint the Political Agency and the PAIFORCE Security Officer that they were going to embarrass themselves. To their defense, it might be possible that the code was not accompanied with the complete and proper coding instructions, thus failing to show that the code was for one-time use.

Ward Anderson explains that the code is one-time pad

Soon after, the Secretary of State for India in London informed the Political Resident in Bushire, Iran, that the U.S. Chief of Cable Censorship urgently requested permission to use the code, adding that it was a one-time pad, similar to the one used by the Ministry of War Transport in London. P.A.I.C. also received note of this. Apparently, someone pulled some strings.

Subsequently, the Political Resident confirmed to its agency in Bahrain that the code was indeed a one-time pad from the U.S. Navy Department. Eventually, the agent informed the BAPCO representative that objection to the code had been withdrawn and that "the one-time pad can be used on the understanding that the pad is not worked through more than once".

Political Resident confirms the code is a one-time pad

Political Agency Bahrain confirms objection using code is withdrawn

BAPCO starts using the one-time pad encryption immediately

BAPCO started using the one-time pads as of January 15, 1944, more than eight months after their initial request. Yes, even during wartime, bureaucrats persist. Of course, we have to take in account that transportation and communication means in 1943 were quite different from today, and codes were always transferred safe-hand by courier.

Once the war had ended, BAPCO requested on August 22, 1945 permission from Bahrain to commence the use of the company's own cable code again, as used before the outbreak of hostilities in 1939. Below one of the BAPCO coded messages from Bahrain to New York, with plain version included, submitted to Censorship as agreed with British authorities.

BAPCO encrypted messages to New York with plain version included to Censorship.

These archived conversations are a rare example of a commercial firm using the unbreakable one-time pad in the early 1940s. At that time, the use of such strong encryption was generally limited to governments, their military, intelligence agencies, and diplomacy. BAPCO's use of one-time pads, allocated to them by the U.S. Navy Department, is a nice example of how government and commercial firms teamed up to ensure the highest level of communications security for those companies that were somehow important to the war effort.

All letters and cables regarding this request for using one-time pads are found in the British Library: India Office Records and Private Papers as File 10/5 BAPCO CODES, reference IOR/R/15/2/423. More examples of coded messages and their plain text version, submitted to censorship, are found in File 10/23 Code Messages - BAPCO, reference IOR/R/15/2/450. These records are archived in the Qatar Digital Library. More on the 1940 bombing raid on Bahrain in the Qatar Library, and an account of the attack on the BAPCO refinery is available at the Saudi Aramco website.

These documents are also unique as a reference because the use of one-time pads is hardly mentioned in official documents from that era (for obvious security reasons) and they are, as far as I know, the earliest I came across. They confirm the use of one-time letter pads by Political Residents of the British Imperial Civil Administration, the British Army, the Ministry of War Transport in London and the U.S. Navy, at least as early as 1943. Both British and U.S. authorities were quite familiar with the system and surprisingly even shared it with commercial firms. The archives also show that British Residents in the Middle East regularly received sets of two-way one-time pads. More historical and technical details on one-time pads at our one-time pad page. Also available in Dutch/Nederlands.

The Bahrain Petroleum Company (BAPCO), one of the oldest oil companies in the Middle East, was established in 1929 by Standard Oil Company of California. BAPCO obtained in 1930 the only oil concession in Bahrain. In 1936 they discovered the Awali oil field and opened a refinery with a capacity of 10,000 barrels per day. That same year, Standard Oil Company of California signed an agreement with Texaco, creating the joint venture California Texas Oil Company (Caltex). These companies are now known as Chevron and Texaco. The Bahrain government took over all BAPCO shares in 1980 and acquired full ownership in 1997. Visit their website to read BAPCO's history.

THE GUNMAN PROJECT 13 November 2012

Foreign embassies have always been very attractive intelligence targets. Embassy staff and personnel often handle classified information. One way to obtain such sensitive information is by HUMINT (human intelligence) from embassy personnel. Another - covert - method is SIGINT (signals intelligence) by wiretapping or advanced listening devices, commonly known as bugs.

A most spectacular case of electronic espionage occurred in the 1980s, at the height of the Cold War, when it was discovered that Soviet intelligence had successfully implanted very sophisticated bugs in a large number of electronic typewriters at the U.S. embassy in Moscow.

From Tip to Operation

It all started in August 1983, when a friendly government informed U.S. intelligence that they found a curious bug, implanted in equipment at their embassy. In response, the U.S. National Security Agency (NSA) sent communications security experts to their ally to examine the bug. Its technology proved to be very sophisticated. The efforts required to develop such technology were of such a scale that NSA was convinced that this was not a single case.

NSA realized that such bugs were most likely also implanted in U.S. embassy equipment. This triggered a secret operation codenamed GUNMAN. The first part of the operation was to remove all equipment from the U.S. embassy in Moscow and check it for bugs. This comprised all crypto and communications equipment, computers, printers and much more. However, Soviet intelligence was to be kept ignorant of the operation.

U.S. Embassy in Moscow 1983

The transport of the equipment proved quite a logistic challenge. No less than eleven tons of all kinds of equipment had to be shipped from Russia back to NSA in the United States and replaced by new equipment. All this had to be done in complete secrecy. New techniques and procedures had to be devised to make sure that the new equipment, some ten tons, wasn't again tampered with by the Soviets. At the same time, they had to keep their own embassy personnel ignorant of the real reasons for the exchange of equipment. It took them five months.

Searching for Bugs

All recovered equipment was stacked at Fort Meade. The next part of GUNMAN was to carefully inspect and x-ray each single item. All crypto gear soon proved clean. It took them until July 1984, eleven months after the tip-off, to discover the first bug in a non-crypto device, an IBM Selectric typewriter. It was an extra coil inside a power switch that caught the attention of a technician. X-rays revealed an electronic bug, hidden inside a metal bar. Eventually, they found bugs in sixteen Selectric type II and type III typewriters.

NSA technicians started the complex task of reverse-engineering the bugs. They turned out much more sophisticated than the specialists could ever have imagined. Metal cams were replaced by a non-ferromagnetic version that contained strong little magnets. These magnets caused magnetic disturbances when keys were depressed on the keyboard. The magnetic changes were picked up by the electronics, analyzed and converted into a digital signal. The electronics were hidden completely invisible and sealed into a hollow support bar.

Ingenious High-Tech

The signal was compressed into four-bit frequency selecting words. Up to eight four-bit characters could be stored in a circuit with tiny one-bit core memories. Only when the memory was filled completely (at irregular intervals due to the typist's tempo) the data was sent in a very short burst transmission to a nearby listening post. The burst frequency range was selected deliberately in the same frequency band as Soviet television stations to hide the burst noise. The implants could be turned off remotely to avoid detection when security technicians would sweep the embassy for bugs.

The NSA technicians found several different versions of the bug. Some operated on batteries and others were powered by the AC mains. Some bugs activated a beacon to monitor whether a typewriter was turned on. The technicians were stunned by the technology used and the cleverness of the design to avoid detection by technical teams.

NSA director General Faurer was quoted in 1986: "I think people tend to fall into the trap of being disdainful too often of their adversaries. Recently, we tended to think that in technical matters we were ahead of the Soviet Union, for example in computers, aircraft engines, cars. In recent years, we have encountered surprise after surprise and are more respectful."

That quote says it all. The case had a major impact on all intelligence agencies and many lessons were learned. A damage assessment proved impossible because the whereabouts of the typewriters during all those years were never put on record. They do know that from 1976 to 1984, Soviet intelligence used these bugs to collect sensitive plaintext information, typed on typewriters in the U.S. embassy in Moscow and the U.S. consulate in Leningrad.

Lessons Learned and Adapting

Now came the final part of the GUNMAN project: awareness and prevention. New procedures were implemented for secure shipping of equipment, technologies were developed to make equipment tamper proof and new guidelines were written on how to handle classified information. Over a period of seven years, special GUNMAN briefings were given to various government agencies and the intelligence community.

COMSEC (communications security) was renamed into INFOSEC (information security) to emphasize that security is not merely a case of using secure communications equipment but rather the secure handling of critical information on whatever type of secure or insecure equipment that might process plaintext information. The lessons learned in 1984 are still applied in protecting information that is handled inside embassies and other critical buildings all over the world.

However, this story is also relevant to all of us. Our computers have numerous unknown processes running at the background, multi-functional printer-scanners and various mobile devices are constantly connected to the Internet. We store and process all kinds of confidential information on these new technologies but hardly realize that they are easily turned into bugs. This doesn't even require the implant of sophisticated hardware anymore, as in the GUNMAN case, but only a quick reprogramming of internal software or hidden spyware.

The old school spy equipment has evolved into digital spyware. An evolution quite dangerous when people constantly use these modern media without thinking about the possible consequences. Secrets can leak in most unexpected ways, as the GUNMAN case has shown!

Read NSA's Learning From the Enemy: The GUNMAN Project (archived version) for a detailed account. NSA also covered it in American Cryptology During The Cold War ch26, p401 (pdf p141). (archived version) The Crypto Museum's IBM Selectric Bug also contains excellent technical information on the GUNMAN case.

U-534 ENIGMA MESSAGE DECRYPTED 10 August 2012

I just received fantastic news from Michael Hörenberg, who succeeded in deciphering 12 authentic Kriegsmarine messages, encrypted with the famed four-rotor Enigma M4 cipher machine. These are recovered from the German WW2 U-boat U-534, one of the very few U-boats that were either salvaged or survived the war. U-534 was sunk in May 1945 by a British bomber. When she sank, she took with her the secret documents and equipment used to encrypt their communications. During the salvage of the U-boat, some of the original message sheets were recovered and preserved.

Meanwhile, Michael already managed to recover the key settings to 12 of the 59 available messages with his M4 WinEnigma (Turingbombe) and TBreaker software. Images of the original recovered message sheets and their plaintext version are available on his website. This is fantastic news for the crypto community, and Michael's achievement cannot be underestimated.

Kriegsmarine Enigma M4 messages are very rare, as they are much harder to decrypt than those of the Enigma I, used by the Heer and Luftwaffe. We are looking forward to the coming results of his codebreaking project. Michael's website contains detailed information about his codebreaking project, the software used, and the recovered U-534 messages. He also has a detailed description of the Reservehandverfahren or RHV, a manual backup system to encrypt messages.

U-534 in Birkenhead, England, 2007. Now displayed at U-boat Story Museum

Update 1: Michael made available Kapitänleutnant Hartwig Looks' war diary of U-264, containing the 25 November 1942 message that was solved in the M4 Message Breaking Project.

Update 2: More sensational news. The famous Karl Dönitz message, sent to all U-boats to announce Admiral Dönitz as new Fuhrer after Adolf Hitler committed suicide, is deciphered. You can also learn more about degarbling the Dönitz message.

Do visit Michael's fascinating Breaking German Navy Ciphers, including all encrypted messages and their plaintext version, and how to break Enigma messages.

Also read our history of the German Enigma cipher machine (also in Dutch/Nederlands). You can also download the Enigma Simulator, which you can use to decipher the original U-534 messages with the discovered key setting. More on U-264 and Stefan Krah's M4 Project on our website. More about U-534 on the U-boat.net website.

Story of sinking U-534 and its salvage at Woodside in Birkenhead

The video below is part of the U-534 exhibition in Birkenhead, UK, which also shows one partially and one completely recovered Enigma machine. Notice how well preserved all artifacts are.

U-534, a German World War Two U-Boat

USS PUEBLO INCIDENT 05 February 2011

January 5, 1968. USS Pueblo leaves the US Navy base in Yokosuka, Japan. Its destiny is the Democratic People's Republic of Korea (DPRK), commonly known as North Korea. USS Pueblo, designated AGER-2 (Auxiliary General Environmental Research), is a so-called technical research ship for oceanographic survey.

USS Pueblo AGER-2 in 1967 (source: US Navy)

In reality, the vessel is stuffed with SIGINT (Signals Intelligence) and ELINT (Electronic Intelligence) equipment. Its real mission is a joint Navy/NSA spy program to eavesdrop on North Korean and Soviet communications.

The Secret Mission Detected

January 20. USS Pueblo is observed a first time by a North Korean submarine chaser at 16 miles from the North Korean coast. Two days later, two fishing trawlers pass USS Pueblo at very close distance of . The visitor is sighted and events start to enroll. The next day, January 23, USS Pueblo is approached by a DPRK sub chaser and, according to the US Navy, is challenged to show her nationality. After raising the U.S. flag, USS Pueblo is ordered to stand down or be fired upon.

According to the North Koreans, USS Pueblo is well inside their territorial waters. The U.S. version of the incident locates the spy ship far outside North Korean territory, but the North Koreans claim 50 nautical miles territorial waters, where international standards are 12 nautical miles. Whatever its position, USS Pueblo is in serious trouble. She desperately attempts to maneuver away from the much faster DPRK sub chaser, which is joined shortly after by four torpedo boats and another sub chaser. Two MIG-21 fighter jets fly over.

Damage Contol and Capture

For more than two hours, the DPRK vessels attempt to board USS Pueblo and repeatedly order the vessel to halt or be fired upon. The spy ship constantly manoeuvres to avoid the boarding but the cat and mouse game ends when one sub chaser opens fire with its 57 mm cannon on Pueblo's deck, wounding several crew members. USS Pueblo also receives machine gun fire from other DPRK vessels. Not equipped to respond to a serious threat (only .50 caliber machine guns are aboard but covered to avoid suspicion and thus unmanned) USS Pueblo has no other option than to comply.

During the incident, USS Pueblo has continuous radio contact with the U.S. Naval Security Group in Japan, but air support is not available on time. Meanwhile, below deck, intelligence personnel start destroying all sensitive documents and equipment. Normally, such spy ship, operating alone and close to enemy waters without protection, should carry only the absolute minimum of sensitive material. USS Pueblo, however, is loaded with documents and equipment. After an hour of emergency destruction, only a small percentage of the classified material aboard the ship is destroyed. An intelligence disaster is inevitable.

USS Pueblo is forced to follow the DPRK vessels but is fired upon again when she stops just outside North Korean territorial waters, killing one crew member and wounding several others. North Korean personnel now boards the vessel and takes over control. USS Pueblo is taken to Wonsan Naval Base, in southeastern North Korea. The Pueblo crew is moved to prisoner of war camps where, according to the crew, they are starved and regularly tortured while in North Korean custody.

SIGINT Fallout and Release of Crew

The capture of USS Pueblo was an intelligence nightmare. North Korea and its ally, the Soviets, seized large volumes of sensitive documents and cryptographic equipment, causing shock waves throughout the naval security and intelligence community.

Eleven months later, and only after a written apology and admission by the U.S. that USS Pueblo had been spying, its crew was released. On December 23, 1968, the 82 crew members crossed the DMZ border with South Korea (after the release, the U.S. immediately verbally retracted the ransom admission). The story, however, did not end with the release of the prisoners.

The captured USS Pueblo today in Pyongyang on the Botong river (source: laika ac)

Since then, USS Pueblo remained in the custody of North Korea. In 1999, the vessel moved from Wonsan to the North Korean capital Pyongyang, where it is now a primary tourist attraction on the Botong river, alongside the Victorious Fatherland Liberation War Museum. USS Pueblo AGER-2 is the only American naval vessel held in captivity in the world.

More information on USS Pueblo and its history is found on the USS Pueblo website (archived) and on the Naval History and Heritage Command (archived). Many pictures from a visit to Pyongyang are available on Brian McMorrow's USS Pueblo photo gallery. The Wilson Center published A Reckless Act: The 1968 Pueblo Crisis and North Korea’s Relations with the Third World.

The Damage Documented

The USS Pueblo incident was one of the most catastrophic events to have damaged the codebreaking efforts of the National Security Agency (NSA). They released several historical papers on USS Pueblo, including the Cryptographic Damage Assessment. Robert Newton's paper on USS Pueblo is also available on the NSA website.

The National Security Archive's The Secret Sentry Declassified published two documents related to the incident: The capture of the USS Pueblo and its effect on SIGINT operations (pdf-document 3) and some captured documents, from a North Korean expose on the ship (pdf-document 24).

KW-7 Teletype Encryption

The TSEC/KW-7 teletype encryption and the KL-47, a Navy version of the TSEC/KL-7, were two of the crypto systems, compromised in the incident. To this day, the question remains whether the capture of USS Pueblo was a coincidence, or triggered by communications specialist John Walker's betrayal.

It is questionable whether SIGINT and crypto equipment was indeed a planned target. The North Koreans took long before boarding the vessel, giving the crew the time to destroy documents and equipment. More on the ship's electronics at Jerry Proc's USS Pueblo page. Robert Derencin wrote a detailed overview of Walker's spying in USS Pueblo, John Walker and KGB (pdf).

A Risky Job

Such SIGINT and ELINT missions have always been hazardous, even in peacetime. The Cold War was all but cold for the many intelligence technicians, sailors and pilots who lost their lives while collecting intelligence. Many SIGINT airplanes also got their share in the losses.

The EC-121 shootdown over the Sea of Japan in 1969, and C-130A-II shootdown over Armenia in 1958 (all 17 killed) are only two of more than 40 reconnaissance aircraft that were shot down. More at NSA's Dangerous Business: U.S. Navy and National Reconnaissance During the Cold War.

NICK GESSLER's CODEBOOK COLLECTION 05 November 2010

Nick Gessler published a beautiful collection of old military and civilian code books. He scanned all pages of each book and made them available as pdf files on his website.

The code books are dated between 1878 and 1947. There are several military field codes, Artillery codes, a 1941 Air-Ground Liaison code, but also civilian code books: Telegraph codes, railway codes, cotton trade codes and various merchant and phrase code books, Larabee cipher codes, an Imperial Combination Code, Inter-State cipher and pocket code books.

These are all code books in the true sense of the word code in cryptography: large substitution tables to convert words and phrases into letter groups or digits. Today, such code books would not stand a change against cryptanalysis. However, in the early days of communications they did provide some security and had another important benefit: they could reduce the length of a message considerably. In the 1800's and early 1900's, the often-commercial electric telegraph (land lines) were virtually the only way to communicate over long-distance. Reducing the message length was a plus if a telegram was paid per word or per character.

Visit Nick's Code Book collection, each of which is a pdf file with the full content. Most books are also available on the Internet Archive. On his main page Cryptology & Steganography Collections are links to more books and crypto machines. John McVey also has an extensive archive of scanned telegraph codes and message procedures.

LAMBROS CALLIMAHOS AND THE DUNDEE JAR 17 December 2010

There's a curious story at NSA about a marmalade jar that became a symbol of cryptanalytic skills within the National Security Agency. It all began in the late 1950's, when Lambros Callimahos created the Intensive Study Program in General Cryptanalysis (ISPGC), also known as the CA-400 course.

It was the first extensive high-level course for experienced and senior cryptanalysts. Callimahos based his course on William Friedman's manual on Military Cryptanalysis. He revised and expanded Friedman's work into the new training manuals Military Cryptanalytics I and II and molded it into an extremely demanding course, unequaled in wide range of subjects and in dept.

The students rushed through the Military Cryptanalytics manuals to continue with exercises in cryptanalysis of codes, ciphers, cipher machines and traffic analysis. While solving their crypto problems, they were assisted by aids who helped them to speed up their paperwork. By doing so, Callimahos managed to reduce a most complex course from 12 to 4 months. Clearly not a course for wannabees who were still wet in the pants!

He composed many new examples and problems that the students had to solve. At the end of each course, the students had to solve the notorious Zendian Problem. The students received 375 encrypted military messages, intercepted from the fictional third-world country Zendia. The messages were encrypted with various manual systems and cipher machines. Within two weeks, they had to break all exploitable messages. It was the perfect opportunity to merge all their skills into one single fictional yet most difficult codebreaking operation. The exercise prepared them perfectly to tackle the real stuff.

The course was also the start of a tradition of gatherings for the graduates at a local restaurant. While making the reservation for diner, Callimahos faced the problem that he could not disclose the real - secret - purpose of the group.

He quickly devised the name Dundee Society by looking at a marmalade jar that served as a pencil holder at the CA-400 course. The Dundee Society was born! Since then, every graduate received a Dundee jar, which became a symbol of a truly extraordinary course for elite cryptanalysts. In 1977, Lambros Callimahos passed away much too soon, at the age of 66.

You can read the story of the Callimahos Course (pdf) on the NSA website. More on the Cryptologic Almanac Part 1 and Part 2. In 2003, Callimahos was inducted in the NSA's Hall of Honor. William Friedman's foundational Military Cryptanalysis is also available at the NSA website.

If the Zendian Problem is beyond your cryptanalytic skills, you can always participate in the challenges on our website. Those are quite accessible for those without codebreaking experience.

FORMER STASI CRYPTOLOGISTS WORK FOR NATO 27 September 2010

Archives from the former East German Ministerium für Staatssicherheit (MfS), better known as the Stasi, have already shown the excellent skills of their SIGINT (Signals Intelligence) department HA III. Little was known about what happened with all those most capable experts after the fall of the Berlin Wall and the collapse of the former German Democratic Republic...until now.

The German magazine Der Spiegel now revealed that cryptologists from the former East German central cipher bureau ZCO (Zentralen Chiffrierorgan), were secretly recruited by the German Federal Office for Information Security BSI (Bundesamt für Sicherheit in der Informationstechnik). They are now employed at Rohde & Schwarz SIT GmbH, a front company for the secret recruiting operation and a subsidiary of the renowned German communications and security firm Rohde & Schwarz.

The Stasi cryptologists had already proved very successful in both making and breaking codes during the Cold War era. They managed to break several encryption systems, including the secure communications of the West-German Foreign Intelligence Agency BND (Bundesnachrichtendienst). The last thing the German government wanted, after the dissolution of East Germany in 1990, was the exodus of Stasi crypto expertise to other countries. The defection of these cryptologists and a compromise of Western encryption technology to rogue states would be a nightmare. It was decided to recruit them, whatever it takes.

Rohde & Schwarz SIT became both a surreptitious employment pool for former Stasi crypto experts and a most successful subsidiary of Rohde & Schwarz, in both commercial and security terms. SIT took over Siemens cryptology division and employs many of Germany's top mathematicians. They are specialized in Information and Communications Security, offer encryption for numerous analog and digital systems, and are currently an important supplier of high security crypto equipment for NATO.

Or how a former partner of the Soviets, and enemy of NATO, eventually became a vital part of NATO communications security. The secret operation prevented that critical crypto expertise fell into the worng hands, provided experienced mathematicians for BSI's crypto bureau. A win-win situation.

Let's just hope that none of these Stasi cryptologists are still serving their old mentor, the former KGB 8th Main Directorate Communications and Cryptography, now absorbed by Russia's SIGINT agency FAPSI). The German Federal Intelligence BfV (Bundesamt für Verfassungsschutz) undoubtedly has them all checked thoroughly. Nevertheless, recruiting old enemies is a hazardous undertaking, and far-sighted Russian Intelligence has a splendid record in long-term planning regarding former Soviet states (see Hermann Simm).

The full story is available in English at the newspaper Der Spiegel. Do also visit Rohde & Schwarz Cyber Security. On the extensive SAS- und Chiffrierdienst website (Google Translate) more about the East German Zentralen Chiffrierorgan and lots of information and images of Stasi encryption equipment (click its "Technik" link at the lower left). See also Crypto Museum.

CUBAN NUMBERS STATIONS AND SPIES 16 August 2009

The August Spycast edition is an interview with Scott Carmichael, the Defense Intelligence Agency (DIA) counterintelligence official who investigated the Ana Belen Montes case. Montes, the senior Cuba analyst at the DIA, was arrested in 2001 and charged with committing espionage for Cuba.

The federal prosecutors stated that Ana Montes communicated with the Cuban Intelligence Service and received her instructions through shortwave encrypted radio transmissions from Cuba, the infamous "Attencion" numbers station (also in Dutch/Nederlands).

As in the Spy With No Name case with Czech Cold War spy Vaclav Jelinek, a.k.a. Erwin van Haarlem, the Montes case once again confirms that those mysterious numbers stations are indeed spy stations. The messages on these radio stations are encrypted with the absolutely secure one-time pad (also in Dutch/Nederlands).

Crypto Museum also covers the Ana Belen Montes case and the radio equipment she used to receive Cuban numbers station messages. More about Ana Montes at the Latin American Studies. The article Cuban Agent Communications (pdf) explains the implementation flaws by Cuben Intelligence and its agents Ana Montes, Carlos Alvarez, and Walter Kendall Myers.

Spycast interviewed Scott Carmichael from the Defense Intelligence Agency, and investigative journalist Jim Popkin on his book Code Name Blue Wren: Cuban Spy Ana Montes, the most damaging female spy in the United States.

Update: Ana Belen Montes, sentenced to 25 years in prison, was released on January 6, 2023 after serving 20 years in prison. In 2002 she had pleaded guilty and agreed to cooperate on a full debriefing of her spying activities, to reduce her sentence and avoid a possible death sentence.

Declassified Spy Stories - Cuba: Traitor on the Inside

The Two Faces of Ana: Model Employee/Cuban Spy

DOCUMENTARIES ON CRYPTOLOGY 24 April 2009

Cryptology is a fascinating science with an interesting history. Unfortunately, few people know what cryptology actually entails and what it means for us. Codemakers and codebreakers have influenced history since ancient times, shaping politics and the outcomes of many wars in the past, and will continue to do so in the future.

One of the reasons cryptology is relatively unknown to the general public is that it has been a very obscure science for centuries. Even now, few books on cryptology reach the general public, and documentaries about cryptology on science or history TV channels are rare. Nevertheless, there are some very interesting documentaries. Let's discover the 1990s U.S. National Security Agency.

Discovery - Top Secret NSA

---

<< Page 2 Page 1 >>