Sunday, April 26, 2015

The unscrupulous Italian official and the code of colonel Fellers

One of the most damaging compromises of Allied communications security, during WWII, was the case of Colonel Bonner Fellers, US military attaché in Cairo during 1940-2. Fellers sent back to Washington detailed reports concerning the conflict in North Africa and in them he mentioned morale, the transfer of British forces, evaluation of equipment and tactics, location of specific units and often gave accurate statistical data on the number of British tanks and planes by type and working order. In some cases his messages betrayed upcoming operations.

Fellers used the Military Intelligence Code No11, together with substitution tables. The Italian codebreakers had a unit called Sezione Prelevamento (Extraction Section). This unit entered embassies and consulates and copied cipher material. In 1941 they were able to enter the US embassy in Rome and they copied the MI Code No11. A copy was sent to their German Allies, specifically the German High Command's deciphering department – OKW/Chi. The Germans got a copy of the substitution tables from their Hungarian allies and from December 1941 they were able to solve messages. Once the substitution tables changed they could solve the new ones since they had the codebook and they could take advantage of the standardized form of the reports. Messages were solved till 29 June 1942 and they provided Rommel with so much valuable information that he referred to Fellers as his ‘good source’.
The British realized that a US code was being read by the Germans when they, in turn, decoded German messages containing information that could only have come from the US officials in Egypt. The Americans however were not easily convinced that their representative’s codes had been ‘broken’ and it took them months before they changed Colonel Fellers code.

The Germans didn’t know that the Brits had solved messages enciphered on their Enigma machine and thus had different ideas about who betrayed their codebreaking success. Wilhelm Flicke, who worked in the intercept department of OKW/Chi wrote in TICOM report DF-116-Z about this case:
During the war there was stationed at the Vatican a diplomatic representative of the U.S.A. who stood in radio communications with Washington like any other ambassador or minister. In a radiogram sent to Washington in June 1942, enciphered by means of a diplomatic code book, one could read of a conversation which representative of the Vatican had had with an Italian of high position. During this conversation the Italian had mentioned that the Germans could read the most important cryptographic system of the American Military Attaché. The American representative had learned this at the Vatican through a Vatican official and was therefore warning the American War Department against any further use of this cryptographic system.

 
 


Weisser (a cryptanalyst of OKW/Chi) also said that it was the Italians who betrayed the German success in his report TICOM I-201:


 

Did the Germans have a reason to mistrust their Italian allies?
It seems that the answer is yes. On July 24 1942 Leland B. Harrison, US ambassador to Switzerland, sent a telegram to assistant secretary Gardiner Howland Shaw (who was in charge of the State Departments cipher unit) warning him that an Italian official had met with Harold Tittmann (US representative to the Vatican) and had told him that the US diplomatic code used by the embassy in Egypt was compromised.

 
 
The Germans clearly solved this message and thus attributed the end of the Fellers telegrams to Italian treachery. However looking at the dates it’s clear that this was not true. Fellers changed his cryptosystem in June 1942, while this telegram was sent in July.

Sunday, April 19, 2015

NAAS 5 reports retrieved from France - 1945

During WWII the German Army’s signal intelligence agency OKH/In 7/VI had signal intelligence regiments assigned to Army Groups in order to supply them with radio intelligence on Allied formations. Western Europe was covered by KONA 5 (Signals Intelligence Regiment 5), whose cryptanalytic centre NAAS 5 (Nachrichten Aufklärung Auswertestelle - Signal Intelligence Evaluation Center) was based in Saint-Germain-en-Laye, a suburb of Paris.

In summer 1944 the Germans had to evacuate France and it seems that this unit tried to destroy some of its reports but they didn’t have time to properly dispose of them. Instead many reports were buried.
The US authorities were able to locate the site and they recovered many of these documents. A US report, dated 25 January 1945, says that about 2.000 sheets of paper were recovered and were 30% readable. They included intercepts and decrypts of the M-209 cipher machine, the War Department Telegraph Code, possibly Combined Cipher Machine traffic, as well as the British Aircraft movement’s Code and Syko system.

There was even a message from Washington to the US Military Mission in China from 1942 sent via the gunboat TUTUILA.

Sunday, April 12, 2015

The US Division Field Code

When the United States entered WWII, in December 1941, US military and civilian agencies were using several cryptologic systems in order to protect their sensitive communications. The Army and Navy only had a small number of SIGABA cipher machines so they had to rely on older systems such as the M-94/M-138 strip ciphers and on codebooks such the War Department Telegraph Code, the Military Intelligence Code and the War Department Confidential Code.

Another system prepared for the Army was the Division Field Code. This was a 4-letter codebook of approximately 10.000 groups and in the 1930’s several editions were printed by the Signal Intelligence Service (1). However the introduction of the SIGABA and especially the M-209 cipher machine made this system obsolete. Still it seems that the DFC was used on a limited scale, during 1942-44, by the USAAF and by US troops stationed in Iceland and the UK.
Examples of DFC training edition No 2:








Solution of DFC by German codebreakers
The German Army and AF signal intelligence agencies were able to exploit this outdated system and they read US military messages from Iceland, Central America, the Caribbean and Britain. Most of the work was done by field units, specifically the Army’s fixed intercept stations (Feste Nachrichten Aufklärungsstelle) Feste 9 at Bergen, Norway and Feste 3 at Euskirchen, Germany.

According to Army cryptanalyst Thomas Barthel several editions of the Division Field Code were read, some through physical compromise (2):

The DFCs (Divisional Field Codes).
(a). DFC 15

In use in autumn 42, broken in Jan 43. Traffic was intercepted on a frequency of 4080 Kos from US Army links in ICELAND (stas at REYKJAVIK, AKUREYRI and BUDAREYRI). Stas used fixed call-signs till autumn 43, and thereafter daily call -signs. This field code was current for one month only. It was a 4-letter code, non-alphabetical, with variants and use of "duds" (BLENDERN). It was broken by assuming clear routine messages were the basis of the encoded text, such as Daily Shipping Report, Weather Forecast etc.
(b) DFC 16

This was current for one month, probably in Nov 42. It was similar to  the DFC 15 above.
(c) DFC 17

This was current from Dec 42 to Feb 43. About the latter date one or two copies of the table were captured. Very good material was intercepted from ICELAND, also from 6 (?) USAAF links in Central America, Caribbean Sea etc. Traffic was broken and read nearly up to 100%.
(d) DFC 21

This succeeded the DFC 17. Results were the same.
(e) DFC 25

Current only in CARIBBEAN SEA area, and read in part.
(f) DFC 28 

This succeeded the DFC 21 in summer 43. It was used by the ICELAND links and the 28 (or 29) US Div in the South of ENGLAND. The code was read, Now and again it was reciphered by means of alphabet substitution tables ("eine Art von Buchstabentauschtafel") changing daily. This method was broken because the systematic construction of the field code was known.
(g) DFC 29

A copy of this table was captured in autumn 43. It was never used, PW did not know why.

 

The War Diary of the German Army’s signal intelligence agency OKH/In 7/VI shows that the DFC was called AC 6 (American Code 6) and several editions were solved in the period 1943-44. Most of the processing was left to field units, with only a few messages solved by Referat 1 (USA section) of Inspectorate 7/VI. The report of March 1943 says that the captured specimen DFC 17 could be used to solve the preceding and following versions (since they were constructed in the same way) and it showed that the code values retrieved by field units and the central department through cryptanalysis were mostly correct (3).

 
The Luftwaffe’s Chi Stelle was also interested in the DFC and according to Dr. Ferdinand Voegele, the Luftwaffe's chief cryptanalyst in the West, USAAF messages from the Mediterranean area were read (4).

 

The 29th Infantry Division and the invasion of Normandy
In 1943 the M-209 cipher machine replaced the M-94 strip cipher as the standard crypto system used at division level by the US Army, however older systems like the DFC continued to be used for training purposes. The US military forces in Britain took part in many exercises during the latter part of 1943 and early 1944, since they were preparing for the invasion of Western Europe and some of their training messages were sent on the 28th edition of the Division Field Code.

These messages were intercepted and decoded by the German Army’s KONA 5 (Signals Intelligence Regiment 5), covering Western Europe.  NAAS 5 was the cryptanalytic centre of KONA 5 and its quarterly reports (5) show that training messages from the US V Expeditionary Corps and the 29th Infantry Division were solved.
 

 
The solution of these messages allowed the Germans to identify the 29th Infantry Division and considering the unit’s rule during operation Overlord it is possible that they gave the Germans vital clues about the upcoming invasion of France.

Notes:
(1). Rowlett-1974 and Kullback-1982 NSA oral history interviews

(2). CSDIC/CMF/Y 40 – ‘First Detailed Interrogation on Report on Barthel Thomas
(3).War diary Inspectorate 7/VI - March 1943

(4). TICOM IF-175 Seabourne Report, Vol XIII, p9 and 16.
(5). E-Bericht der NAASt 5 Nr 1/44 and Nr 2/44.

Sources: Frank Rowlett NSA oral history interview - 1974, Solomon Kullback NSA oral history interview - 1982, CSDIC/CMF/Y 40 – ‘First Detailed Interrogation on Report on Barthel Thomas’, War diary Inspectorate 7/VI, War diary NAAS 5, TICOM IF-175 Seabourne Report, Vol XIII ‘Cryptanalysis within the Luftwaffe SIS’, DFC training edition No 2.
Acknowledgments: I have to thank Rene Stein of the National Cryptologic Museum for the Rowlett and Kullback interviews and Mike Andrews for the DFC pics.

Sunday, April 5, 2015

Who was source 206?

During WWII the US Office of Strategic Services station in Bern, Switzerland (headed by Allen Dulles) recruited agents in occupied Europe and transmitted intelligence reports back to Washington. Dulles collaborated in intelligence gathering activities with Gerald Mayer, local representative of the Office of War Information and General Barnwell Legge, US military attaché to Switzerland.

Some of these reports were decoded by the Germans and the Finns and we can see that they mention specific agents.
For example message No. 73 Bern-London of 4/4/1943, by General Legge lists several German divisions stationed in France and says that the information came from Source 206. Who was this mysterious agent?