Code Warriors
Page 24
“The present outlook…is very bleak,” an NSA review of the effort concluded. “There can be no doubt that [the Soviets] are aware of the basic principles of correct pad usage and that they are now capable of producing key properly….There is every reason to believe that they are now operating their pad systems correctly.”2
The Soviet military’s Albatross machine was proving equally unyielding. CIA analysts who were consulted by NSA’s scientific advisory group stressed that solving Albatross was so important from an intelligence standpoint that it would be worth doubling NSA’s budget if that was what it took to achieve it. Fifteen Robin comparators, built by ERA on a rush order in 1950, had been at work for five straight years searching through one million Albatross messages trying to find a handle on the problem. Long streams of messages were punched on paper tape and each tape was then formed into a loop, one of them ten characters shorter than the other; they were then fed at a rate of five thousand characters per second past photoelectric readers that compared the two data streams, ten characters at a time, counting coincidences between the two until every message on one tape had been run against every possible position on the other. To complete all possible comparisons within a set of 480 messages required almost two weeks of continual runs on a Robin machine.
These massive “round robin” searches were hoping to turn up depths, or more particularly what were known as “busts,” messages that had been enciphered with the machine set improperly or the mechanism malfunctioning. One kind of bust occurred when the rotors of the machine failed to turn as the keys were pressed, which resulted in the machine generating an easily broken monoalphabetic substitution cipher that would not only render the immediate message readable but might give away some general details of the machine’s internal wiring. Another type of bust that could lead to a message being read was when the operator retransmitted a message that the recipient had failed to receive properly and reused the same rotor settings but slightly changed the wording or spacing the second time, producing a long and exploitable depth.
But those five years and one million messages located only 138 busts, and Albatross continued to resist routine solution. Arlington Hall was not even sure how many rotors the machine had, and the agency’s scientific advisory group, which included Engstrom, von Neumann, Robertson, and other mathematical and computing experts, glumly concluded that by far the best hope for a quick solution of Albatross “lies in the direct approach”—that is, stealing one.3
Weisband’s leaks hastened the Soviets’ adoption of much more secure and resilient systems, but perhaps not by much: the weaknesses of the Enigma and other first-generation rotor machines were readily apparent to any reasonably sophisticated, mathematically minded cryptologist. The larger technical reality was that in the seesawing competition between codemakers and codebreakers, the former were surging ahead in the postwar era. Even before the war, the United States had recognized the vulnerabilities of the Enigma’s architecture, and William Friedman’s SIGABA machine—which remained unbroken by the Germans throughout the war and, as far as is known, was never broken by the Soviets after the war either—incorporated a number of design features intended specifically to thwart the kinds of cryptanalytic attacks that ultimately defeated the Enigma’s apparent security.
A basic measure of the statistical resilience of a cipher is the keyspace, which is basically the number of different possible permutations that have to be tried to find the one key sequence that will successfully decipher a given message. The keyspace of the four-wheel naval Enigma was in theory about 1025, or 10 million billion billion, which understandably inspired confidence on the part of the Germans. But much of that apparent security was illusory, owing to design choices that had no doubt seemed inconsequential but had subtly undermining effects. The art of cryptanalysis of a cipher is fundamentally an attempt to discover shortcuts that can reduce the keyspace to a small enough size that it becomes feasible just to try all of the remaining possibilities. Alan Turing’s brilliant solution of the Enigma effectively reduced the keyspace that had to be tested to half a million or less—well within the capabilities of even a primitive electromechanical calculator like the bombe. A major flaw of the Enigma that made Turing’s method possible was its reciprocal substitution, which also meant that no letter could ever be enciphered by itself: Q could never stand for Q. That design permitted the same setting of the machine to be used for both enciphering and deciphering. But among other things it also greatly simplified the cryptanalysts’ challenge of placing a plaintext crib in the proper position alongside its matching cipher text, the first step in Turing’s process: the crib could be slid along the cipher text until it was in a position where no “crashes”—the same letter occurring in both texts in the same spot—occurred.
The predictable, odometer-like sequence in which the Enigma rotors stepped, with the moving middle and left rotors advancing only when the rotor to the right of them had made a full revolution, also proved a fatal weakness. This meant that for long stretches of text the middle and left rotors did not move at all; only the right rotor, where the electrical pulse entered and exited the entire scrambler unit, moved with every letter. Had the Germans designed the Enigma so that its “fast” wheel was instead in the left or middle position, a cryptanalytic attack would have been vastly more complicated.
The SIGABA had a keyspace considerably smaller than the Enigma’s (effectively a little less than 1015 as it was actually used during the war), but it resisted cryptanalysis by avoiding this fundamental flaw of regular, cyclic rotor movement. Its most notable feature was a bank of control wheels that themselves changed position with each enciphered letter; the electrical impulses that emerged from this second scrambler bank controlled whether each of the five cipher rotors advanced, or not, at each successive step, thereby generating a seemingly random and highly unpredictable pattern to the cipher wheel movements.4
The follow-on to the Albatross machine adopted by the Soviet army and Warsaw Pact closed even more of the Enigma’s cryptographic loopholes. Named the Fialka—Russian for “violet”—the machine had ten cipher rotors, the odd-numbered wheels turning in one direction, the even-numbered wheels in the opposite direction. Multiple turnover pins allowed each wheel to cause the next odd or even rotor down the line to step, or not. Most shrewdly of all, a semiconductor circuit caused one letter at each position to be enciphered by itself, while three other letters were scrambled in a sequential, nonreciprocal pattern (for example, И becomes Ы, Ы becomes Д, Д becomes И).
A simplified schematic of the German Enigma (showing only ten letters instead of the complete twenty-six), tracing the path from keyboard to lampboard for one letter. Because of the reflector, a letter could never be enciphered by itself. Alan Turing’s method for recovering the daily setting of the Enigma shrewdly exploited this and other design flaws to eliminate the effect of the plugboard, or stecker, altogether, cutting the number of possibilities to be tested by a factor of about 1014.
The Russian Fialka machine eliminated the major insecurities of the Enigma by allowing a letter to be enciphered by itself and by employing ten rotors that turned in a complex fashion, as opposed to the Enigma’s far more predictable stepping pattern. A punch card took the place of the Enigma’s plugboard.
Decades later, after the fall of the Soviet Union and the demise of the Warsaw Pact, a few Russian, Czech, and Polish Fialkas that had not been returned to Moscow for destruction as ordered in 1989 came on the collector’s market and were analyzed by academic cryptologists outside of NSA. The total keyspace of the Fialka was calculated to be 1075, which was getting close to the number of atoms in the universe, and was nearly equivalent to the 256-bit key length of the Advanced Encryption Standard, approved by NSA in 2002 for protecting Top Secret information in electronic data.5
Faith in American know-how was one thing, but scientific objectivity was another, and as yet another external review of NSA’s cryptanalytical efforts in the late 1950s pointe
d out:
Our cryptanalysts believe that some of our own cipher machines are entirely unreadable with foreseeable technology, even if the enemy has a complete machine, and we have no reason to feel that a similar degree of security is beyond the capabilities of other countries….It is the Panel’s opinion that the advantages will be increasingly in favor of the cryptographer as against the cryptanalyst, in spite of the introduction of computer techniques….Technology is irresistibly making the situation worse rather than better, and what is now true of the [Soviet Union] may become true of other, technically less-sophisticated countries.
This panel was headed by an even more distinguished outside scientist, William O. Baker, vice president for research at Bell Labs, and their final conclusion was delivered with blunt scientific objectivity indeed: “No national strategy,” the Baker Panel warned, “should be based on the hope or expectation that we will be able to read” high-level Soviet encrypted traffic in the near future.6
—
If the problem would not yield to ingenuity, it was always possible to steal the answer, as von Neumann and company had proposed.
The Russians were past masters at this game. As far back as the 1930s, foreign diplomats in Moscow assumed as a matter of routine that their rooms were bugged and their telephones tapped. In May 1937, an assistant at the American embassy discovered in the attic of the ambassador’s residence, Spaso House, heaps of fresh cigarette butts, “several piles of human excrement,” and a fishing pole strung with thin wires that had apparently been used to lower a microphone into the wall behind the ambassador’s study, where he was accustomed to dictate much of his correspondence. George Kennan spent days trying to catch the eavesdropper, including one sleepless night lying in wait armed with a nonfunctioning flashlight and an unloaded revolver, but the intruder never made a reappearance.7 In 1944 a Navy electrician brought in to make the first thorough electronic sweep of the embassy found 120 hidden microphones. After that, recalled a member of the embassy staff, “They kept turning up, in the legs of any new tables or chairs that were delivered, in the plaster of the walls, any and everywhere.”8
By the 1950s the efforts of the MGB’s Second (Counterintelligence) Chief Directorate against embassies in Moscow were often directed specifically at acquiring cryptographic information that might help solve foreign diplomatic code systems, either by scooping up the texts of messages before they were enciphered (as with the American ambassador’s dictated correspondence) or by directly tapping into code rooms. The electronic surveillance was supplemented by breakins, spies planted among the Russian housekeeping staff, and a veritable assault division of prostitutes, comely ballerinas from the Moscow Ballet, and other seductresses who worked tirelessly to compromise the marine guards, code clerks, even CIA officers stationed at the U.S. embassy.
During Charles Bohlen’s four years as ambassador from 1953 to 1957, a dozen U.S. officials, including the CIA’s first Moscow station chief, Edward Ellis Smith, confessed to having been confronted by the KGB with graphic photographs of their sexual escapades with Russian women. “All of these people were out of the country in twenty-four hours,” Bohlen said. But those were only the ones he knew about. The maids, cooks, housekeepers, and other local employees who worked for foreign missions were all supplied by a Soviet agency, Burobin, which was little more than a wholly owned subsidiary of the Second Directorate. As George Kennan recalled from his brief tour as ambassador in 1952, “I and all the rest of us were substantially helpless” to control their activities on embassy premises. The longtime caretaker at Spaso House, Sergei, occupied his own apartment, which he always kept locked; when Kennan finally demanded he turn over the key to U.S. officials, Sergei stalled for a few weeks, then shortly afterward vanished into retirement.9
The most famous penetration of the U.S. embassy was the Great Seal bug, also discovered during Kennan’s ambassadorship. Having requested a thorough sweep of his residence and the embassy, Kennan was sent a security team from Washington. To check for any voice-activated bugs, one of the technicians asked the ambassador to sit at his desk at Spaso House after hours and go through the motions of dictating a letter to his secretary. Kennan, with a certain touch of humor, chose to read from his 1936 cable in which he did nothing but recycle his predecessor’s dispatches from czarist Russia to show that nothing had changed under the Communist regime. Suddenly detecting a UHF signal coming from behind Kennan’s desk, the technician began hacking at the wall behind a wooden replica of the Great Seal of the United States that hung there. He then turned his hammer to the seal itself and pulled from behind the carved eagle’s beak a three-quarter-inch-diameter diaphragm-covered cylinder, attached to a short rod antenna.10
The seal had been presented as a gift from Russian schoolchildren to Ambassador Averell Harriman in 1945 and had hung there ever since. The American engineers who discovered it dubbed it “the Thing.” Its principle of operation was ingenious. The Thing was entirely passive, requiring no power supply and giving off no signal itself until it was illuminated by a microwave radio beam aimed from an adjoining building. As the diaphragm vibrated in and out in response to sound waves coming from the room, it minutely changed the shape, and thus the resonant frequency, of the cavity formed by the small cylinder. That slight distuning of a resonant frequency around 1800 MHz caused the strength of one of the harmonics of the incoming illuminating signal to fluctuate, producing a modulated radio signal of the same kind generated by an AM radio transmitter. The resulting signal could be picked up from a nearby location outside the building.11
Even more remarkable was the story behind the device. In 1987 the English-language Moscow News ran a series of articles about the musical inventor Léon Theremin, revealing him to have been the secret genius behind the Great Seal bug. Theremin, inventor of the eponymous electronic instrument, had come to America in 1927, hailed as “the Soviet Edison.” In New York he performed concerts, including two at Carnegie Hall, on his futuristic musical instrument, cutting a dashing appearance as a slim figure in white tie and tails standing intently before the strange device, hands hovering near two antennas and circling in small, dramatically precise motions to vary the pitch and volume of the otherworldly sounds emerging from the theremin. He also invented during the prewar years a remote-control device for aircraft, a wireless intruder alarm (the “radio watchman”), and a prototype television system.
He was also a Soviet spy, having been recruited by the GRU before leaving Russia, and throughout his time in America he supplied reports on aircraft and avionics technology gleaned from his consulting work with Bendix and other U.S. defense contractors. In 1938, Theremin abruptly vanished from New York. Friends were convinced he had been kidnapped by the Soviet authorities. In fact, his business going bad, deeply in debt, and with a messy trail of marriage, divorce, and girlfriends behind him, he had decided to return on his own to Russia. He chose the worst possible time. It was the height of Stalin’s purges, and Theremin was immediately arrested and forced to confess to being a “fascist spy.” He was sentenced to eight years in the Gulag. But after a few months at a labor camp under brutal conditions, he was transferred to a sharashka, a special facility where prisoners with scientific training were put to work on research projects for the state. (Other famous sharashka inmates during this time were Andrei Tupolev, the aircraft designer; Sergei Korolev, a major figure in the future Soviet space program; and the writer Aleksandr Solzhenitsyn.) It was there that Theremin designed the Great Seal bug. He later also developed the Buran, an eavesdropping device that reflected a beam of infrared light off the glass of a window to detect vibrations generated by sounds inside a room. Freed in 1947, Theremin was awarded the Stalin Prize for his achievements while a prisoner of the state.12, *1
Despite all of the warnings that U.S. embassy officials had received by the early 1950s, they continued to fall prey to Russian surveillance and bugging that made codes and codebreaking irrelevant. In 1953, when construction of a new American embass
y on Moscow’s Tchaikovsky Street began, Ambassador Bohlen had guards keep a close eye on the Russian workmen during the day, but blithely assumed there was no need to extend the vigilance to after hours. In April 1956, State Department security technicians examining the U.S. embassy in Prague uncovered a network of microphones with wires snaking into the attic; similar discoveries were made in Budapest and Belgrade. Only in 1964, after a tip from KGB defector Yuri Nosenko, however, were the experts called in to conduct a thorough search of the Tchaikovsky Street building. Two security men spent ten days pulling the top floor apart, tearing out electrical wires and phone jacks, jackhammering the plaster walls (burning out one jackhammer in the process), ripping up the parquet floors, prying loose doorjambs, finding nothing.
Only when they cut the heavy iron radiator from the floor did they discover a tiny hole, three-sixteenths of an inch in diameter, drilled into the wall behind where the radiator stood. Hacking into the plaster, they soon found a microphone. The building’s top two floors, which housed the most sensitive parts of the embassy, including the ambassador’s office, the CIA station, and the code rooms, were in fact honeycombed with hidden listening devices: eventually fifty-two were found, feeding into a coaxial cable that ran to an antenna in the attic. A search of the new embassy in Warsaw was then ordered; it turned up fifty-four bugs hidden behind radiators.13
Interviewing Nikolai Nikolayevich Andreev, the retired head of the KGB’s Eighth (Communications) Chief Directorate, in 1996, the historian of cryptology David Kahn concluded that during the Cold War “the Soviet Union seems to have gained most of its communications intelligence not from cryptanalysis, but from bugs and traitors.” Although the KGB was able to cryptanalytically solve the Hagelin machines used by the Swiss and Italians plus a few other less secure systems in the postwar period, its success against other countries’ communications mostly relied on direct measures, including breakins of the Japanese embassy and those of a number of Middle Eastern countries to steal code materials, and the planting of ubiquitous bugs. The choice of Andreev to lead the Soviets’ communications intelligence effort in the 1960s and 1970s underscored the point: he was not a mathematician, Kahn observed, but a bugging expert.14