Monday, July 7, 2014

Case ‘Wicher’ – Information from the war diary of Inspectorate 7/VI

In the Second World War the Allies and the Axis fought battles not only with tanks, aircraft and infantry but also in the fields of signals intelligence and cryptology. Both sides tried to protect their communications from outsiders by using complicated cipher procedures and their codebreakers made every effort to solve enemy codes and thus gain valuable intelligence.

The Anglo-Americans were able to gain information of great value from reading their enemies secret communications. In Britain the codebreakers of Bletchley Park solved several enemy systems with the most important ones being the German Enigma and Tunny cipher machines and the Italian C-38m. Codebreaking played a role in the Battle of the Atlantic, the North Africa Campaign and the Normandy invasion. In the USA the Army and Navy codebreakers solved many Japanese cryptosystems and used this advantage in battle. The great victory at Midway would probably not have been possible if the Americans had not solved the Japanese Navy’s code.
However the Axis codebreakers also had their successes and they were also able to compromise various Allied crypto system both low and high level.

One interesting question that often comes up in history books is whether the Germans ever suspected that their Enigma cipher machine was being read by the Allies and how the war could have taken a different turn had they managed to discover that it was not secure.
The truth is that the Germans never considered the Enigma to be unbreakable and in fact they had discovered in 1939 that the Poles had solved messages. During the war they continued to investigate the Polish solution of the Enigma, which they called case ‘Wicher’. (1)

The plugboard Enigma and the German armed forces
The Germans adopted a modified version of the commercial Enigma machine as their main cipher system in the 1930’s. The modification they introduced in the commercial model was a plugboard. This vastly improved the cipher security of the Enigma device.

In 1934 the Army and Navy agreed to use the plugboard Enigma as their main cipher system and in 1935 the Airforce followed (2). At the start of WWII Germany was the only country in the world to use a cipher machine for all its mid and high level traffic.
During WWII tens of thousands of Enigma machines were used by the Germans. It seems that no one knows for sure how many Enigma machines were built however a good estimate, based on their serial numbers, is that more than 40.000 were constructed. (3)

The Germans used the Enigma extensively and they were always worried about the security of their main cipher system. Their cryptologic security departments, scattered across their cryptologic agencies, researched ways to break the Enigma and based on their observations changes were made in operating procedures. Although it is often claimed that they considered the Enigma to be unbreakable the truth is that they constantly upgraded its security, both with physical modifications and with new, more secure cipher procedures.
One of the reasons that they improved the Enigma during the war was that they had learned that in the prewar period the Polish codebreakers had been able to solve messages.

The Polish solution of the Enigma in the 1930’s
In the 1930’s the rise of Hitler’s National Socialist German Workers' Party led to German rearmament and a more aggressive foreign policy. This change in policy alarmed European nations and especially in neighboring Poland there was a great need to keep a close eye on the military developments in Germany.

The Polish state had limited resources but the intelligence service operated efficiently and was able to gather valuable intelligence against the main Polish enemies which were Nazi Germany and the Soviet Union. The Poles had a tradition in the field of cryptanalysis as their codebreakers had contributed to the defeat of Soviet troops in the war of 1919-1921 by solving the codes of the Red Army.
In the early 1930’s the Polish cipher bureau concentrated on the solution of the widely used Enigma cipher machine and for this reason hired three young mathematicians: Marian Rejewski,  Henryk Zygalski and Jerzy Różycki. Thanks to cipher material obtained through France these codebreakers were able to solve the plugboard Enigma and read German messages. In this task they succeeded where the French and British codebreakers had failed!

German indicator procedures and the ‘Grundstellung’
The Polish solution was based on the German indicator procedure. Each Enigma network had its own settings which changed monthly, up to October 1936 when they were changed each day. The key list specified which rotors would be used and their position in the scrambler unit, the ring settings on the rotors and the plugboard settings. In addition the keylist specified the Grundstellung (basic setting) for the network. This was the position of the rotors used to encipher the indicator of each message.

The indicator specified the starting position of the rotors which was different for each message. The way the system worked was that the Enigma operator had to set up the machine according to the instructions of the keylist and then had to select a random starting position for the 3 rotors for each message. This position was communicated to the other party after doubly enciphering it on the basic setting.
So let’s imagine that a cipher clerk has set up his Enigma machine according to the daily settings and is ready to encipher a message. He turns the rotors of the machine at random and stops when they are at WJS, which will be his ‘message key’. With the wheels at WJS he starts typing out the message and the cipher text is written down by another clerk. In order to send this message to another party he needs to add at the beginning of the message the enciphered indicator so the operator who receives it will know to set his machine rotors at WJS. The procedure used up to May 1937 (for the Navy) and September 1938 (for the Army and Airforce) was to take the initial position of the rotors for the message (in our case WJS) and encipher it twice in succession at the Grundstellung/basic setting. So in our example the cipher clerk would have to set the Enigma rotors to the network’s Grund setting, let’s say KJW and type WJS twice. Let’s assume that the output is HCE VKR. These 6 letters would be placed at the start of the message as the indicator. Then the cipher clerk who received the message would turn his rotors to the Grund setting KJW and type HCE VKR, which would give him WJS WJS. Thus he would know that the message key is WJS and he would be able to decipher the message.

The Polish codebreakers were able to exploit the use of a Grund setting and the double encipherment of the message key. The flaw in this procedure was that there was a connection between the first and fourth, second and fifth and third and sixth letters of the indicator. It is obvious that these letters represented the same initial letters of the message ‘key’ at three stages apart. Using mathematical theory the Polish mathematicians were able to recover the Enigma settings and the messages keys so they could decode the radio traffic.
However in the late 1930’s the Germans upgraded the security of the Enigma by modifying their operator procedures. In May 1937 the Navy introduced an indicator book and encipherment tables for the indicators thus defeating the Polish method. In September 1938 the Army and Airforce abandoned the use of the Grundstellung and each Enigma operator had to choose a random starting position as the message key and encipher it twice at another random position. In our example instead of KJW the operator will choose another rotor position, let’s say JME and encipher the message key WJS twice thus giving KDB CUJ. The indicator sent with the message will be JME KDB CUJ. The receiving party will set their Enigma at JME and type KDB CUJ, giving WJS WJS which will be indentified as the message key.

Although the German Army and Airforce abandoned the Grundstellung they continued to encipher the message key twice thus allowing the Poles to compromise this new procedure. However the Polish operation would finally end in December 1938, when two more Enigma rotors were issued (making a total of 5), as the Polish cipher bureau did not have the resources needed to overcome this setback.
The greatest contribution of the Polish codebreakers to the Allied cause came in July 1939 when their officials revealed to British and French codebreakers that they had been solving the Enigma for years and shared their method of attack. This breakthrough allowed the Franco-British alliance to solve some Enigma traffic in the period 1939-1940 and made it possible for Bletchley Park to avoid a costly and time consuming attack on the Enigma.

Der Fall Wicher
In September 1939 Germany invaded Poland and after a brief period of fighting was able to defeat its armed forces and occupy the country. The Polish cipher burau was based in an area south of Warsaw and was evacuated before the German troops arrived but it seems that not all of their documents were properly disposed of. When the Germans examined the area they were able to find documents pointing to a very secret department in the cipher bureau, unusually large payments made to mathematicians and translations of messages thought to have been sent on the Enigma machine (4).  

This information obviously alarmed the German officials and during the war they made efforts to locate and interrogate Polish officials that might know more about the Enigma compromise. The German called this investigation case ‘Wicher’ (der fall Wicher).
Unfortunately the information we have on their investigations is very limited and often contradictory. The NSA article ‘Der Fall WICHER: German Knowledge of Polish Success on ENIGMA’ by Joseph A. Meyer has a summary of the information from various TICOM reports but some of the statements made are not correct.

At the same time there are a few references to case ‘Wicher’ in the war diary of Inspectorate 7/VI but I haven’t been able to locate any actual reports. It should also be noted that the German cryptanalysts involved in these investigations were not interrogated after the war, so we do not have their side of the story.

German investigations and information from the War Diary of Inspectorate 7/VI

According to ‘Der Fall WICHER’ and various TICOM reports (5) in 1939 the Germans were able to find incriminating evidence left behind by the Polish codebreakers when they evacuated their headquarters.  It seems that the plaintext versions of a few Enigma messages were found thus showing the compromise of the cipher machine. Unfortunately I don’t have the 1939 and 1940 reports of the German Army’s codebreaking agency Inspectorate 7/VI, so I can’t say whether more information can be found there.
In any case the Germans after researching the security of the indicator procedure seem to have discovered on their own that the double encipherment of the indicator was a risk and in May 1940 it was changed. From then on the cipher clerk chose a random message key and enciphered it on another random setting only once. In our previous example this means that instead of sending the indicator JME KDB CUJ, only JME KDB would be sent.

Since the Polish solution was based on the double encipherment of the indicator this change defeated their method. From then on the codebreakers of Bletchley Park had to employ their own method of solution which was based on the use of ‘cribs’ (suspected plaintext in the ciphertext) and high-speed cryptanalytic equipment called ‘bombes’.
However there is no indication that this indicator change was implemented due to the ‘Wicher’ case. A German Army cryptanalyst named Buggisch said in TICOM report I-92Final Interrogation  of Wachtmeister Otto Buggisch (OKH/In 7/VI and OKW/Chi)’, p5 that the change came as a result of standard security studies:

The war diary of Inspectorate 7/VI, in the report of February 1942, says that an investigation of captured Polish files revealed deciphered German radio messages and this material was forwarded to Inspectorate 7/VI to clarify if the compromise was a result of treason or deciphering and if it was the latter to identify the compromised cipher system.

During the war representatives from the German cipher departments and the military intelligence service Abwehr had meetings on case ‘Wicher’. Although ‘Der Fall WICHER’ says in page 9 that the Naval High Command – OKM did not know about the Polish affair the war diary of Inspectorate 7/VI for the month of April 1942 shows that a meeting took place between the Naval officers Stummel and Singer, the Abwehr officials Dr Schneider and a captain and the Army cryptanalyst Dr Pietsch. 

The report says that the naval officers wanted closer cooperation between their department and the Army’s on the Enigma investigations.

Another reference to case ‘Wicher’ can be found in July 1942 when the aforementioned Dr Schneider together with the department head of Inspectorate 7/VI visited imprisoned Polish intelligence officers who had served in the General Staff.  The report says that the results were meager as some of those that the police had arrested were the wrong people and those that were interrogated either did not volunteer information or had such a low position that they did not know anything of value. The only admission made by the Poles was that they had solved the hand cipher used by the German Army and Police.

The only other reference I’ve found is in September 1943 when Dr Schneider, the OKM’s Captain Singer and Inspectorate’s 7/VI Dr Pietsch visited the Neuengamme concentration camp (near Hamburg) and interrogated the Polish intelligence officer Leja. A report was issued but I’m afraid I don’t have it.

After the fall of Poland a few Polish codebreakers were able to reach France and started working for the French signals intelligence organization (codenamed PC Bruno), commanded by Gustave Bertrand.  After 1940 this unit changed name (codename Cadix) and location and continued to monitor and decode some German communications, including a few Enigma keys (6). ‘Der Fall WICHER’ says in page 5 that ‘The French cryptanalyst Bertrand was arrested and interrogated at this time, but he did not disclose the ENIGMA work, and it is very likely that he did not know what was happening in England and America on the problem’. This might not be entirely accurate as ‘the book Enigma: The Battle for the Code’, p319 says that in January 1944 ‘Gustave Bertrand is arrested by the Germans while working under cover for the Resistance in France. He admits to himself that he will not be able to remain silent if he is tortured, so, in order to obtain the chance to escape, he agrees to collaborate with the Nazis‘.

The same source, ‘Enigma: The Battle for the Code’, p319 says that in March ’44 the Polish officers ‘Gwido Langer and Maksymilian Ciezki confess to the Germans that the Enigma cipher was broken before the war’. However there is no reference to this event in the war diary of Inspectorate 7/VI, at least in the files I have.
Unanswered questions

From the information presented so far it is clear that in 1939 the Germans were able to find proof that their Enigma cipher machine had been read by the Poles. However it doesn’t seem like they were able to conclusively identify the Polish methods of solution. In any case they correctly dropped the double encipherment of the indicator in 1940, thus defeating the main Polish method of solution. During the war they continued to investigate case ‘Wicher’ but unfortunately we do not know what kind of information they got from interrogating the Polish officers. Buggisch said in TICOM report I-92, p5 that when Dr Pietsch (head of the mathematical research department of Inspectorate 7/VI) interrogated the two Polish officers in 1944 ‘he did not bother to get the details of the Polish method’. This seems nonsensical and it’s possible that Buggisch either did not know more on the subject or was trying to mislead his interrogators.
In any case the people they interrogated could not have told them what they really needed to know, mainly that the British codebreakers could solve daily keys through the use of ‘cribs’ and high speed cryptanalytic equipment.

The Germans certainly did not think that the Enigma was unbreakable and they continuously upgraded its security from the 1930’s till the end of the war (7). Regarding their investigations on the theoretical solution of the machine so far we know that the Army codebreakers wrote several reports on how the internal settings could be retrieved under different sets of circumstances (8). In 1944 the naval cryptanalyst Frowein showed that the 4-rotor Enigma could be solved on a crib of 25 letters (9).
Unfortunately with different agencies investigating the security of the Enigma and with their reports scattered across different government archives it is difficult to reach a conclusion regarding their investigations. It is up to researchers to locate and study the relevant reports so a conclusion can be reached regarding the German knowledge of possible solution methods for the Enigma.

(1). Der Fall WICHER: German Knowledge of Polish Success on ENIGMA

(2). ‘Decrypted Secrets Methods and Maxims of Cryptology’, p118
(3) The Journal of Intelligence History article: ‘The Admiralty And Cipher Machines During The Second World War: Not So Stupid After All’, p3

(4). Der Fall WICHER: German Knowledge of Polish Success on ENIGMA, p3-4
(5). TICOM reports I-78, I-92, I-127, I-200

(6). Intelligence and National Security article: ‘Signals intelligence and Vichy France, 1940-44: Intelligence in defeat ‘, p184: ‘According to Bertrand, between October 1940 and November 1942, 'Cadix' decoded 673 Wehrmacht and 3,097 police and SS transmissions pertaining to France and occupied Europe. Bertrand subdivides these decrypts into Wehrmacht Enigma transmissions, police and SS messages, Abwehr agents' instructions and reports, and Armistice Commission signals encoded manually.
(7). Enigma security measures

(8). TICOM DF-190 series reports
(9). TICOM I-38 ‘Report on interrogation of Lt. Frowein of OKM/4 SKL/III, on his work on the security of the German naval four-wheel Enigma

No comments:

Post a Comment