Thursday, September 09, 2021

The KL-7 on Merchant Ships during the Falklands War

The KL-7 © Photo Dirk Rijmenants

The TSEC/KL-7 was the first tactical lightweight electronic crypto machine, developed by the National Security Agency (NSA). In 1952, this cryptologic marvel was introduced as standard crypto device for the U.S. military. Soon after, NSA proposed to share the KL-7 with NATO allies to improve communications security.

The machine had excellent cryptographic properties and was certified for top secret messages. NSA did recognized that its cryptographic principles eventually would also find their way to non-military use in NATO countries, or might even end up in Soviet hands. Still, having such strong encryption, the machine was never meant to end up in non-government civilian hands. Nevertheless, there are a few rare cases when civilians did work with the KL-7.

One such case were civilian radio officers on merchant ships during the 1982 Falklands War. The Falkland Islands (Malvinas in Spanish) is British overseas territory, disputed since long by Argentina. On April 2, Argentina invaded the Falklands and the British government sent a huge naval task force with two aircraft carriers, 65 Royal Navy and Fleet Auxiliary vessels, 62 merchant ships and two ocean liners that carried two brigades.

To sail that task force 6500 nautical miles or 12.000 Km across the Atlantic was an enormous logistic operation and they needed vast quantities of fuel for the trip and to keep the task force operational near the Falklands. The British Ministry of Defense chartered a large number of commercial merchant ships to support the operation, a procedure called STUFT (Ships Taken Up From Trade).

One of these STUFT ships was the Eburna tanker that carried fuel oil, diesel and aviation fuel which had to be transferred by RAS (replenishment at sea) to other ships. This involved two ships steaming alongside each other at close range while maintaining a steady speed throughout complex anti-submarine manoeuvres. The communications between the task force and the STUFT ships had to be secure and the Eburna radio room received a KL-7.

The Eburna fuel tanker (source: helderline.com)

Bernard Kates was the radio officer on the Eburna. He had no experience at all with naval communications nor crypto systems and had learn the basics of cryptography and operating the KL7 within very short time. Fortunately, he got a radio officer from the Royal Fleet Auxiliary, who knew the KL-7 very well, as assistant.
 
They received encrypted traffic by teleprinter broadcast (FEC mode) via Portishead Radio and transmitted Eburna's encrypted replies using ARQ (Automatic Repeat Request protocol). They managed to keep the radio room going, processed encrypted traffic and maintained a 24 hour watch on the UHF tactical net.

Their KL-7 had an extension to read punched tape and they attempted to receive traffic by setting the teleprinter to copy to both tape and paper, but as traffic was too heavy and mixed with messages from many other ships they had trouble separating the punched tapes correctly. They therefore let the teleprinter simply print the messages and then typed the ciphertext onto the KL-7. The deciphered text, printed on gummed tape, was stuck onto a message form and delivered to the Captain, although they sometimes had to translated the "navy-speak" into plain English to make it understandable to their civilian Captain.

The system indicator "FDDND" was always the first group of ciphertext. They would set up the KL-7 following the key setting instructions for that day, then switch it to "P" and type in that group, then switch to "E" and do the encryption. The daily machine settings were printed in a booklet which had the edges of all its pages stuck together, one page per day and one month per booklet. To set up the machine you would peel off the sheet from the previous day, revealing today's settings. Used sheets would were torn out and incinerated.

Eburna's KL-7 was supplied with only one rotor cage and one set of rotors. According to the instructions, the rotor setting were changed at 00:00 UTC and the key sheet of the previous day had to be destroyed. Thus, when a message of the previous day arrived a few hours later, they could not go back to the old settings. They decided to keep the old key sheet for an additional 24 hours to go back if they had to. In the military, the KL-7 was usually supplied with two rotor cages, and the rotor cage with settings of the previous day was kept the next day. Going back then simply meant swiftly detaching the current cage and attaching the old one. The Eburna radio office did not have this luxury.

The KL-7, rotor set and setting instructions were supposed to be kept in the safe but the Eburna didn't have a safe, so they kept them in a cupboard. They assumed there were very few spies running around in the middle of the South Atlantic and their solution was probably secure enough. Bernard also recalled rewiring at least one of the rotors every month, and that it was quite a fiddly task involving many small parts.

Bernard also commented on the KL-7 simulator. "I downloaded the KL7 simulator and am having fun with it reliving old memories. The only thing the simulator doesn't do that the real machine did is to fail occasionally (actually quite often!) due to dirt under the keyboard. In accordance with Murphy's Law it would always do that when urgent traffic was on hand. Then there was nothing for it but to take the machine apart and clean it out". The need for intensive maintenance was indeed one of the KL-7's disadvantages and essential to avoid the co-called dead-rove.

The Navy didn't quite understood how merchant ships operated or how they were equipped, and never realized that keeping a 24 hour radio watch with only two men for the duration of the entire campaign was a daunting task. The Navy also expected them to know how to handle a tactical radio net and encrypt figures and phrases using NATO code books.

At first, Bernard had no idea what was going on and it took several days to work it out. He noted that a tactical radio net in a war zone is not the best place to learn military radio procedure. To their excuse, the Navy also had a daunting and unprecedented task to compile a huge naval task force within days.

The Eburna story is a rare example of civilian merchant radio officers that worked with the KL-7. Undoubtedly, more people outside the military, intelligence and state departments worked with this beautiful cipher machine. Let's hope their stories and will also be recorded some day, before that fascinating history is lost.

In the end, the Argentine forces surrendered after 74 days and many lives were lost on both sides. The 1982 Falklands War was probably the last time the KL-7 was used during combat operations.

You can read the full story about the Eburna radio room during the Falklands War (pdf). More information on the KL-7, including a detailed description, its history of development and many documents are available at our TSEC/KL-7 ADONIS & POLLUX page.

More about the Eburna tanker at Helderline.com and a detailed history of the Falklands War at Naval History.

Thursday, June 17, 2021

The Iconic Crypto AG Disappears

The recent removal of the iconic Crypto AG logo from its building is the final milestone in the history of the once renowned firm that sold state-of-the-art crypto equipment all over the world. The iconic 1960s building, located in Steinhausen, Switzerland, is to be demolished to make room for apartments. This tale however has a stinging aftermath.
 
This milestone also ends the rather naive era of relying on foreign commercial firms for critical secure communications, certainly in today's digital world. The fate of Crypto AG was sealed in early 2020 when documents revealed the firm was secretly owned by the CIA and West-German federal intelligence service BND since 1970, making it the largest ever compromise of secure communications. Apart from the consequences for the many customers and the firm's reputation, this was also a tragedy for those who worked at Crypto AG.

Take a look at the splendid photos from the bandonned Crypto AG building, taken by photographer Patrick Hürlimann. Seeing these pictures of the empty building, offices and storage rooms, you cannot but feel sad for the many employees, once buzzing around in the hallways and factory, who genuinely gave their best and took pride in developing quality equipment for the best crypto firm in the world.
 
Crypto AG also took good care of its well paid employees, including many benefits. The sailboat in one of the pictures is an eery reminder of the good times, when employees were allowed to sail the firm's boat on Zugersee, the nearby lake. Eventually, some of the firm's engineers and mathematicians became suspicious about interventions by external advisors or illogical modifications to their equipment, but they were either stonewalled by the staff or suddenly lost their job.

To leave behind a lifetime of working can by tough, certainly when they always worked with pride, but imagine seeing decades of hard work turn into an illusion of lies and spying. Not the career ending they dreamed of. But they were not the only disillusioned ones.

Unaware that Crypto AG was owned by the BND and CIA, Swedish entrepreneur Andreas Linde took over the firm and its name in 2018 and established Crypto International AG. In the wake of the revelations, with the export license suspended, Linde had no other options than to dismiss virtually all employees in mid-2020.

Earlier this year, a special prosecutor was appointed to investigate the spy scandal. In May, the Swiss intelligence chief announced he will step down end of August, following criticism about his handling of the Crypto AG case after the scandal broke out.

More about Crypto AG on this Blog and Website

Monday, April 26, 2021

KL-7 Crypto Machine - Last Details Unveiled

The ingenious sliding switch
Image © Dirk Rijmenants
We documented many technical details of the fascinating TSEC/KL7 crypto machine in 2011. Although we already knew how the KL-7 worked, the details on how the machine actually achieved this electronically and mechanically are only fully understood after the recent release of all technical documents, and these kept surprising us.

The KL-7 rotors, their flexible settings and complex irregular stepping, the use of electronics and the ingenious keyboard made it a cryptologic marvel when it was introduced by the National Security Agency (NSA) in 1952.

The compact printer
Image © Dirk Rijmenants

However, three important design features stretched the imagination of the ASA and AFSA engineers: using electronics to put their ideas into hardware, design a compact printer mechanism, find a flexible way to power the KL-7,  and all these properties in a small 12 by 12 inches (30 x 30 cm) machine, weighing a mere 20.5 lbs (9,3 Kg).

The circuitry and various timing signals to control its mechanics and operate the KL-7 required only four vacuum tubes. To power the KL-7, the machine uses 24 volts to run a DC motor that drives an AC generator, which in turn provides all voltages, from -70 to +220 volts, for the tubes.

The ingenious puls generator
alphanumeric double pulse

That same motor also drives a pulse generator that provides accurate timing to control a rotating drum printer, and the vacuum tubes ensure precise printing of alpha-numeric characters, all securely encrypted.

Only recently we had the chance to study the plans and schematics in detail to discover how all this was actually achieved, and it took some time to grasp some of the details. It seems as if they found completely new solutions, then encountered some problems with those solutions, and devised more complicated solutions to those problems.

The Pulse generator explained

A circuit with thyratron and double triode vacuum tubes, and the clever use of resistor networks that influence various voltages on the tube grids, requires perseverance to be understood.

As of today, these newly uncovered details are available on the website. You will find several new and updated drawings, photos and thorough detailed explanation about various parts of the machine. All you wanted to know about the KL-7 but were afraid to ask...

Examine the machine, its history of development, how it was used and the simulator at the Cipher Machines and cryptology.

More on the KL-7

Update June 24 - Added complete circuit diagram with details on signal processing, printing, the shift modes, a discription of the different timing signal circuits, and drawings of the piggyback system with detailed discription.

Update July 29 - NSA study about unwanted stray signals of KL-7 printer that enable recovery of plain text added. Also three documents related to release of AFSAM-7 (KL-7) to UK and NATO countries, and spreading of cryptographic pinciples of KL-7.

Update August 11 - Photos, data sheets and details operation vacuum tubes added. KL-7 page menu created. 

Updates September 10-16 - Expanded history of KL-7 in service, use of KL-7 on merchant ships in Falklands War and added various NATO documents related to the KL-7.

Thursday, April 08, 2021

Operation Tinker Bell Anniversary

Can you solve the case?
Operation Tinker Bell is running exactly eight years. This cryptologic challenge is the ideal introduction to cryptography, crypto equipment and spy tradecraft.
 
All those years I noticed at the webstats how people worked through all messages, some in a few days and others took their time. Many e-mailed me with kind feedback and some dropped a note in our guestbook, but they could never show their achievements to others. I therefore decided to introduce a Wall of Honor to document the result of their hard work (see below).

What is Operation Tinker Bell about? You will learn to work with the TSEC/KL-7, a 1960's state-of-the-art crypto machine (sim available) and decrypt operational one-time pad messages, used for one-way voice links, commonly known as numbers stations. Once you're briefed, you start in the CIA communications center and its crypto room, the inner sanctum where the most sensitive information arrives.

Robert Novak needs your support!
You are immersed in a true Cold War espionage atmosphere and witness the modus operandi of your fellow CIA officers and their KGB counterparts. Experience spy tradecraft first hand, with CIA transmitter sites in West Germany, illegal border crossings, fake passports, safe houses, the dreaded East-German Stasi and Czech StB secret police.

British intelligence helps to arrange clandestine meetings, you receive SIGINT support from the U.S. Army Security Agency and some of the USMLM operations flirt with the rules of engagement. The Cold War at its best. It's all there, authentic details and as real as it gets!

Operation Tinker Bell starts in 1964, at the height of the Cold War. CIA case officer Robert Novak investigates the sudden disappearance of a CIA operative in Moscow. Operation Tinker Bell, the hunt for a KGB colonel starts and Novak travels across the Soviet Union.

Ausweis bitte! Keep calm when East German border guards check your forged papers!

For obvious security reasons, all communications between Langley, the CIA stations abroad and their agents behind the Iron Curtain are encrypted. It's your task as COMSEC officer to decrypt all that message traffic. This sounds harder than it actually is. All required crypto tools, keys and clear instructions are provided and used exactly as in real life. Make sure to carefully read the briefing!


Below the first names engraved in the new Wall of Honor. Get to work, assist your CIA colleagues that operate across the Eastern Bloc and get your name on that wall. Join Operation Tinker Bell.

Update: New case officer Dietmar Sternad added July 15, 2021

Did you completed the operation before the Wall of Honor?
Contact us!

We can neither confirm nor deny the existence of the operation, but, hypothetically, if such operation were to exist, the subject matter would be classified and could not be disclosed [...].

Friday, February 12, 2021

Tracking Cold War Signals

Adcock four element antenna array
WWII Naval direction finding station
(source: Frontline Ulster)
The Cold War was also a war of signals. This battle comprised chatter over radio, Morse, data and technical signals. Eavesdropping on enemy communications and analysing their technical signals was a vital part of that battle. However, to know where those signals came from was just as important.

Directional antennas find the bearing of a signal. Early simple loop antennas had to be turned mechanically to find the signal bearing. With two or more such antennas on different locations, the target is located at the crossing of those bearings, but it was a cumbersome task. Later, double loop antennas and Adcock antenna arrays with four elements improved performance, but many more special  direction finding (DF) antennas were built to locate signals, and some were quite extraordinary.

German Wartime Research

The Wullenweber antenna array
(source: FGCRT)
Significant progress was made during the Second World War by Dr. Hans Rindfleisch, who invented the Circularly Disposed Antenna Array (CDAA). Rindfleisch also headed the Communications Research Command of the German Navy, and together with Telefunken they developed his antenna array under the codename Wullenweber.

The first Wullenweber, build in Skibsby in northern Denmark, was designed as high-frequency direction finding (HF/DF) antenna array and operated in the 6-20 Mhz range. The above drawing shows, at the top, the view of the antenna array and the reflector screen wires behind them (click image to enlarge)
 
First Wullenweber at Skibsby site
(source unknown)
The antenna consisted of 40 vertical radiator elements, each supported by a wooden structure and placed in a large circle, 120 m (392 ft) in diameter. Inside that circle was a reflector screen of wires, supported by 40 poles and arranged in a smaller circle, 105 m (344 ft) in diameter.

The Foundation for German communication and related technologies (main page) has a description of the Wullenwever (original spelling), including German Naval research on Wullenwever (pdf p11-20).

German Technology in Soviet Hands

Many German scientists were rounded up by US and Soviet forces in the final days of the war. Both were interested in this new CDAA technology, but the Soviets were the first to start building them in 1951 with assistance of German scientists.

The Soviets eventually build 31 CDAA's of various types and called them KRUG. They were places in Russia, Warsaw Pact countries, Mongolia, Cuba, Vietnam and Burma. These KRUG stations tracked radio communications of US and NATO reconnaissance aircraft and nuclear bombers. GlobalSecurity has info and photos on Soviet KRUG antenna arrays.

The Global U.S. Antenna Network

One of the German antenna researchers was moved to the United States to assists in the development of a CDAA. The US version of the Wullenweber was the AN/FLR-9 antenna, nicknamed "Elephant Cage". The first was built in 1962 at the RAF Chicksands base in the UK, leased by the US Airforce.

FLR-9 at USASA Field Station Augsburg, Germany (source: US Air Force ISR)

The huge FLR-9 antenna had an outer diameter of 440 m (1,443 ft) and height 37 m (121 ft). A network of eight FLR-9 was constructed in Alaska, England, Germany, Italy, Japan, Philippines, Turkey and Thailand. This network could accurately locate HF signals anywhere on Earth, to track enemy airplanes, ships or ground based transmitters, but also to follow own or friendly targets.

The US Naval Security Group operated the AN/FRD-10, also a Wullenweber antenna but smaller than the FLR-9. Its outer diameter was 263 m (863 ft). A network of sixteen FRD-10's was located at coastal lines of the Pacific and Atlantic on US mainland and Alaska, Hawai, Puerto Rico, Canada,  Panama, Japan, Spain and Scotland.

More about the Wullenweber

FLR stands for Fixed Countermeasures Receiving. FRD stands for Fixed Radio Direction-finder (see JETDS designations). More about the FLR-9 on FAS and Freedom Through Vigilance Association (USAFSS). Navy Radio has details of the AN/FRD-10. There's a report on the dismantling of the AN/FLR-9 at Misawa air base in Japan and the decommissioning of Joint Base Elmendorf-Richardson in Alaska (video).

More on WWII direction finding at the RSS Secret Listeners website and on Frontline Ulster's WWII Aircraft Direction Finding in the UK.

The NSA video below explains the history and purpose of the FLR-9.

 
The American Forces Network Pacific gave a look inside Misawa’s FLR-9, build in 1962. The antenna was demolished in 2014.


More on Signals

Many different signals were sent, received and analysed during the Cold War. Below some posts on this blog about Signals Intelligence (SIGINT), but there's much more to discover...

Visit also the Cold War Signals page about the battle over radio waves on our website