Teufelsberg

Teufelsberg (Devil's mountain), located in west Berlin, Germany, has a most unique history. With its 375 ft (114 m) it is the highest hill in the Berlin area, and it's man-made! It is made of 12 million cubic meter rubble, from about 400,000 destroyed buildings, during the rebuilt of Berlin after the Second World War.

In the late 1950's, Allied mobile listening post, eavesdropping on East German and Soviet communications, discovered that Teufelsberg was an ideal location, with its unobstructed reception of signals from all directions. In 1961, the US Amry Security Agency (ASA) started their first SIGINT operations out of trucks on top of the hill. Soon after, the first buildings were constructed, and Field Station Teufelsberg gradually grew over the next years to become one of the largest Signals Intelligence (SIGINT) stations ever.

Although Teufelsberg was located in the British sector of Berlin, there was a close cooperation between British and US intelligence. Initially operated by the ASA, the American part of the station came under control of the Army Intelligence and Security Command (INSCOM) in 1977. Since then, the NSA provided most of the personnel and equipment for its ELINT (electronic Intelligence) and SIGINT operations.

With its large antenna park and huge dishes in their radomes, they intercepted East German and Soviet radio communications, directional microwave links and satellite transmissions, and captured and analysed different types of Radar. If it was in the air, they got it. After the fall of the Berlin Wall and the collapse of the Soviet Union, the station became useless and American and British troops abandoned Teufelsberg in 1991.

As if the hill's history wasn't mysterious enough, the secret that lies beneath is just as curious: the Nazi military-technical college, designed by Albert Speer. When the Allies captured Berlin, they tried to demolish it with explosives, which turned out to be impossible. They decided to bury the massive building under a pile of rubble from destroyed Berlin.

That story starts in the 1930's, when Adolf Hitler ordered his chief architect Albert Speer to develop a new Berlin. Nazi Project 'Welthauptstadt Germania' (World Capital Germania) included a huge Olympic stadion, a new Chancellary, an avenue of victory, a triumphal arc and other monumental architecture. Here's a video of how it would look like. In 1937, they started with the first part of the project, the Wehrtechnische Fakultät or military-technical college. Changing priorities during the Second World War halted the project and it was never resumed. Today, there's even an association, called Berlin Unterwelten (underground), that wants to explore the remains of the elite military academy underneath the Teufelsberg.

More about the Teufelsberg SIGINT station on this website. There's also a site with nice panoramic pictures (may take a while to download). To have a birds-eye look on Teufelsberg, start up your Google Earth and type "Berlin Teufelsberg" in the search box. Key in "Bischofsgruen Schneeberg", to fly to another one. With "Brocken Schierke", you'll jump right to the most famous former Soviet station in East Germany. More about US listening stations on US border operations in Germany.

On youtube there are several video's about Teufelsberg and how it looks now. Here's one to start with:

The Berlin Tunnel

One of the most spectacular SIGINT operations in the Cold War era was project PBJOINTLY, the Berlin tunnel. It was a CIA operation to tap the three main Soviet communications cables in the Soviet-occupied sector of Berlin. Planning and construction lasted for five years and started in the late 1940's with penetrating the office of the East German post to covertly obtains plans of the Soviet network. In 1952, they had all information to determine the ideal location for the tap, and trial tappings on other locations were performed.

It became a joint operation between the US and British intelligence. Mid 1953, construction planning started. The US Engineering Corps would dig the 1500 feet (500 m) tunnel underneath the East German border and the British would drive the vertical shaft towards the cables, only 27 inches (68 cm) beneath the surface alongside a highway, and provide the tapping of the cable. Some 3,000 tons of sand had to be disposed without border guards noticing it. A warehouse project near the tunnel was set up as cover and the tunnel dirt was disposed in its basement. All planning and work had to be done in absolute secrecy, with as little as possible people involved. Meanwhile, linguists in Russian were recruited and trained.

In August 1953, tunneling started, right beneath border guards, forcing engineers to halt and keep silent, each time the guards walked over. By March 1955 the tunnel and the tap room, a large air-conditioned sealed room with electronics, were completed. The three main Soviet landlines were tapped, the signals preamplified in the tap room and sent further down the tunnel for recording. It was a marvel of planning and engineering. The cables carried 1200 channels. 28 telex circuits and 121 voice channels were recorded continuously, transcribed and analysed.

Nonetheless, on April 21, 1956, after eleven months of eavesdropping, the tunnel was discovered. Apparently by accident, when East Germans dug up a faulty cable. However, later on, British intelligence discovered that George Blake, an MI6 officer who was involved from the earliest beginning of the planning, had been recruited by the KGB as early as 1952. He informed his Soviet contacts as soon as the final location of the tunnel was planned. The tunnel and the mole, what's in a name.

At the end, the question remains how successful the 6.7 million dollar operation was, and to whom. The Soviets knew right from the start, but could not react as this would compromise their MI6 mole. Why did they allow eleven months of tapping? What was the value of the intercepted intelligence? Did the Russians fed the CIA with fake and misleading information? Was this a magnificent intelligence coup by the West, or one by the East? We'll never know...

More information about the tunnel and its construction in this CIA document (pdf 3.4 Mb), published on the FAS. It includes all technical aspects, describes the aftermath of the operation and the complete report on the discovery by the Soviets. On the CIA Studies in Intelligence pages you will find many original CIA documents regarding the Berlin Tunnel and on this page an account of one of the operations officers.

Spies and Numbers - The Kendall Myers Case

On June 5, 2009 the US Department of Justice announced that US State Department official Walter Kendall Myers and his wife Gwendolyn Steingraber Myers were arrested on charges of espionage for the Cuban government for nearly 30 years. Myers, now retired, worked at the Bureau of Intelligence and Research (INR). He held a Top Secret security clearance and had daily access to classified information. This is without a doubt a most damaging spy case.

He and his wife acknowledged having received encrypted messages from Cuban Intelligence via a shortwave radio they possessed. The Columbia State District Court indictment stated that "Cuban intelligence broadcasts encrypted shortwave radio messages in Morse Code or by a voice reading numbers" and also that "It was part of the conspiracy that Cuban Intelligence would and did broadcast shortwave messages in Morse Code which were receive by Kendall Myers". Cryptome published the State Court indictment (3.3 MB zip file) which contains sections describing the numbers station.

This case once again confirms that the mysterious numbers stations are indeed used by Intelligence agencies to communicate with their agents. The streams of numbers or letters are sent by powerful shortwave transmitters in Morse or by voice. Although there were more numbers stations in the Cold Ware era, many are still very active and, not surprisingly, some of them are Cuban. Radio amateurs monitor these broadcasts and they sometimes give nicknames to stations, according to the introduction phrase. The Cuban Spanish Lady "Attencion", described at Simon Mason's Shortwave Espionage pages, is one of them.

Although no government or legal broadcaster has ever acknowledged the existence of numbers stations or admitted any involvement with these stations, the official court documents again show clearly that these stations are indeed used by intelligence services to send secret messages. And still, every day, numbers messages are transmitted all over the world. Who's listening to them?

If you want to read more about the mysterious numbers stations, just visit my numbers web page. More about the Myers case is found on the US DOJ website. The FBI affidavit (pdf) and the Court Indictment on the Ana Belen Montes case, a Cuban agent caugth in 2001, are also published. It describs in detail how she received and deciphered numbers messages. And as a bonus, here's a video of a numbers reading machine, used by the East German Ministerium für Staatssicherheit.

Nicky Hager's Secret Power

Secret Power, Nicky Hager's fascinating book about New Zealand's role in the ECHELON spy network, is now online and free available. The book brings the story of the global SIGINT (Signal Intelligence) operations (call it spying or eavesdropping or whatever) by the New Zealand GCSB (Government Communications Security Bureau), in close cooperation with the United Kingdom, the United States and other countries.

The information in the book is based on years of research and interviews with staff members of the GCSB and describes in detail who was targeted by ECHELON and how they did it. It also reveals details on the UKUSA agreement, which enables massive gathering and sharing of Signal Intelligence between the US, the UK, Canada, Australia and New Zealand. Due to the combined SIGINT operations of the UKUSA countries, Hager's investigations provide an insight view, not only in GCSB's kitchen, but also in Britain's GCHQ, the American NSA and the Australian DSD. Hager was one of the first to bring out information on the ECHELON project. A truly fascinating book. Don't miss it!

You can view or download the complete e-book on his website. Just right-click the "Full Book" link (at the top of the page) and select "save target as...". It's a 22Mb file containing 301 great pages! More info on my Book Review page. For some other history on the GCSB, check out this previous post.

NSA Director on RSA Conference

On 21 April, Lieutenant General Keith Alexander gave a talk at the RSA Security Conference in San Francisco. Cryptome published the transcript of his talk of which the main topic was cyber security. Keith Alexander is the director of the National Security Agency, so he knows what he's talking about. The talk was a strong pleading for cooperation between the government, industry and academia.

There's a need to protect one country’s networks. The cyber attacks on countries like Estonia, Latvia, and more recently Georgia have shown how devastating these attack can be, and how cyber crime evolved to cyber warfare. Can we provide early warning for such attacks? NSA protects military and intelligence networks, but what’s the NSA’s role in securing the other networks that are vital to the US? How do they assist the Department of Homeland Security? Lots of questions to solve.

That’s where the Comprehensive National Cyber Initiative comes in. But they face tremendous challenges and problems. According to Alexander, the NSA will have to work closely together, not only with other government departments, but also with the industry and academia. However, this means sharing knowledge and technology that needs to be kept secret. That's not obvious. And what's the right balance between civil liberties, privacy and a nations security?

There's a long way to go and it's easy to criticise the government, but they have a tough job. It's clear that the NSA director reaches out to the academics to help fight cyber crime and warfare. Critics will say NSA is recruiting the public (opinion), but still, there's a war to be fought on the Internet, and who's going to fight it?

His talk is written out and published on this Cryptome page. Worth while reading. More information about Lieutenant General Keith Alexander is found on this NSA biography page.

Intelligence on the Web

On the Maryland Loyola College website there's a vast collection of Intelligence web links. These pages cover an enormous number of intelligence organisations worldwide and various subjects and document, related to intelligence. If you don't find it here, it's probably more secret than the NSA. The links are divided into three main groups:

The Strategic Intelligence page covers the intelligence and security organisations from all over the world, documents to strategic intelligence and related laws, reports and journals, terrorism and counter terrorism. It also includes many links to historical documents and subjects.

The Military Intelligence page includes information regarding US military intelligence agencies, military intelligence units, defense intelligence documents and historical references.

The Economic Intelligence section contains links to economic espionage, competitive intelligence, government economic and business intelligence and journals, articles, papers and other documents, related to economic and business intelligence, as well as commercial sites related to intelligence.

Cryptology documentaries

Cryptology is a wonderful science with a most interesting history. Unfortunately, few people know what cryptology actually is, and what is means to us. Code makers and code breakers influenced history for thousands of years and determined politics and the outcome of many wars in the past, and it will continue to do so in the future.

One of the reasons that cryptology is unknown to the public is that it has been a very obscure science for ages. Even today, only a few books found their way to the general public and documentaries about cryptology on TV science or history channels are most rare. Nonetheless, some very interesting documentaries exist and it is a pity that they are seldom showed on TV.

On Youtube, there are quite a few good videos to discover. A nice one is the 45 minutes documentary Top Secret NSA from Discovery, about the role of the National Security Agency in recent history (on the image you see NSA's Puzzle Palace). It was the first time NSA allowed a view inside. The complete video is available as Part 1 Part 2 Part 3 Part 4 and Part 5. Maximize (on the video's right bottom) and enjoy!

There's also a good 40 minutes documentary on History Channel in four parts: Part 1 Part 2 Part 3 and Part 4. It covers the complete history of cryptology from the ancient up to today (only the final part seems to be missing).

It would be nice if the TV programmers aired such documentaries a little bit more so that cryptologists were placed a little bit more in the well deserved spotlight. Their actual work however will rarely see daylight.

Rear Admiral Showers on SpyCast

The International Spy Museum just published a new podcast interview with Rear Admiral 'Mac' Showers. He served 31 years in the US Navy and 12 years in the CIA. During the Second World War he served as CINCPAC intelligence analyst on deciphered Japanese messages, encrypted with JN-25, the main Japanese naval code. Showers worked for Admiral Nimitz in a team of codebreakers, linguists and analysts. Nimitz asked them: "tell me today what the Japanese are doing tomorrow". They did, and made important contributions to the American victory in the Pacific.

Showers explains in the interview the first important achievement of the codebreakers, with the Japanese attack on Port Moresby in March 1942. Deciphered messages enabled the US Navy to counter the offensive in what is known as the Battle of the Coral Sea. However, the most important contribution of the codebreakers to the war in the Pacific is without a doubt the deciphering of the plans for the Battle of Midway on 4 June 1942. The Japanese fleet was heading towards the Midway Atoll with a total of 126 ships, including 4 aircraft carriers. Intelligence from the codebreakers provided the US Navy an important tactical advantage and although completely outnumbered (they only had 3 aircraft carriers and 32 ships) they decisively defeated the Japanese Imperial Navy in a surprise attack.

Admiral Showers also talks about how a single deciphered message lead to the downing of Admiral Yamamoto's airplane. Yamamoto, chief in command of the combined Japanese fleet, made an inspection tour in the South Pacific. The message revealed all flight details about when and where Yamamoto would be, including arrival and departure times and locations. Yamamoto was killed on 18 April 1943 when his G4M bomber, escorted by seven Zeros, was shot down by Airforce P-38's near Bougainville in the Solomon Islands.

This is a unique 30 minutes interview with one of the few surviving veterans of the intelligence battle in the Second World War. You can listen to it on Spycast but it might be more practical to download the 26 Mb file from the Spycast feed. Just right-click the 14 April mp3 file and select "Save Target As...". More about Donald 'Mac' Showers on Navy TV and on NSA's Hall of Honor.

Noor Inayat Khan

Noor Inayat Khan, the exotic in Russia born descent of an Indian muslim prince, was the first British female Special Operations Executive (SOE) agent in WW2 to be sent to occupied France as a wireless operator. Although some officers doubted whether she was suitable for SOE operations, she was infiltrated in June 1943 under the false identity of Jeanne-Marie Regnier and codename Madelaine, to occupy the most dangerous SOE post, Paris.

While constantly relocating to avoid being captured, she transmitted German troop movements to London. Wireless operator was a high risk job, as they could only stay in the air for a few minutes. The German Sicherheitsdienst SD was very skilled in tracing clandestine radios with direction-finding equipment. They managed to track down and arrest virtually all operators. Noor was one of the few remaining. Well aware of the risks, she turned down several offers to return to London.

After four months, Noor was betrayed and consequently arrested by the SD in October 1943. She resisted her arrest so fiercely that she was treated as an extremely dangerous prisoner. Although interrogated in the Gestapo headquarters for five weeks, she never gave any information. She made two escape attempts, one just after her arrest and another on 25 November, together with two other SOE agents. Both attempts failed.

Noor was relocated to a prison in Pforzheim, Germany, where she was regarded as very dangerous and kept in chains and in solitary confinement. Ten months later, on 11 September, Noor was moved to the Dachau concentration camp, where she was cruelly beaten by an SS officer, prior to her execution in the early morning of 13 September 1944. Her last word was "Liberté". She was 30 years old. The remarkable Noor Inayat Khan was posthumously awarded the George Cross as one of only four women ever to receive this award, and also the French Croix de Guerre.

More to read about Noor Inayat Khan on 64-Baker Street, Camp X, Camp Dachau website, and spy master William Sephenson on Noor. Definitely worth reading!

Crypto Machines with One-time Keys

In my previous post I already mentioned the ETCRRM, a device to encrypt teletype signals with one-time tapes. Systems that use the principle of one-time key encryption were very popular until the 1980's, because of their absolute security. Most of these machines encrypted five-bit teletype signals by mixing (Exclusive Or function - XOR ) the plain signal with a one-time key tape. Each one-time tape consisted of truly random five-bit values and there were only two copies of each tape, one for both ends of the teletype link. Each tape was to be used only once, and destroyed after used.

Of course, the one-time tape method required a complex logistical support to securely distribute a large amount of one-time tapes. Something that could only be supported by government departments such as the military, intelligence services and diplomacy. As you can imagine, an enormous amount of one-time tapes travelled around the world by courier or in diplomatic bags, since you needed as much one-time tapes as there were message to be send.


A five bit teletype punched paper tape. Can you read it?

Although a pretty old system (developed by Gilbert Vernam in 1917) its unbreakable encryption kept it popular until sophisticated electronic crypto machines and modern computer algorithms provided enough security. Nevertheless, some electronic or software one-time key systems still exist for special purposes where absolute security has priority.

Some of the one-time key ciphering machines are the American TELEKRYPTON, B-2 PYTHON, SIGTOT and SIGSALY (which used one-time noise), the British BID-590 NOREEN (see image) and 5-UCO, the Canadian ROCKEX, the Dutch ECOLEX series, the Swiss Hagelin CD-57, CX-52 and T-55 with superencipherment, the German Siemens T-37-ICA and M-190, the East-German and T-304 LEGUAN, the Czech SD1, the Russian M-100 SMARAGD and M-105 N AGAT, and the Polish T-352/T-353 DUDEK, and of course, the Norwegian ETCRRM, famous from the Washington/Moscow hotline. I'm sure I forgot many more, any suggestions are welcome.

Apart from being unbreakable, one-time tape systems were quite simple and did not have any secret crypto technology aboard, as mixing one-time keys with plain text is a commonly known basic method of encryption. Whereas other encryption machines were considered as listed secret crypto equipment, one-time tape devices were mostly unclassified. Only the one-time tapes themselves were considered secret material. More about one-time pad on my website.