Monday, April 26, 2021

KL-7 Crypto Machine - Last Details Uncovered

The ingenious sliding switch
Image © Dirk Rijmenants
We documented many technical details of the fascinating TSEC/KL7 crypto machine in 2011. Although we already knew how the KL-7 worked, the details on how the machine actually achieved this electronically and mechanically are only fully understood after the recent release of all technical documents, and these kept surprising us.

The KL-7 rotors, their flexible settings and complex irregular stepping, the use of electronics and the ingenious keyboard made it a cryptologic marvel when it was introduced by the National Security Agency (NSA) in 1952.

The compact printer
Image © Dirk Rijmenants

However, three important design features stretched the imagination of the ASA and AFSA engineers: using electronics to put their ideas into hardware, design a compact print mechanism, find a flexible way to power the KL-7,  and all these properties in a small 12 by 12 inches (30 x 30 cm) machine, weighing a mere 20.5 lbs (9,3 Kg).

The circuitry and various timing signals to control its mechanics and operate the KL-7 required only four vacuum tubes. To power the KL-7, the machine uses 24 volts to run a DC motor that drives an AC generator, which in turn provides all voltages, from -70 to +220 volts, for the tubes. That same motor also drives a pulse generator that provides accurate timing to control a rotating drum printer, and the vacuum tubes ensure precise printing of alpha-numeric characters, all securely encrypted.

The Pulse generator explained
Image NSA

Only recently we had the chance to study the plans and schematics in detail to discover how all this was actually achieved, and it took some time to grasp some of the details. A circuit with thyratron and double triode vacuum tubes and the clever use of resistor networks that influence various voltages on the tube grids requires perseverance to be understood.

As of today, these newly uncovered details are available on the website. You will find several new and updated drawings, photos and thorough detailed explanation about various parts of the machine. All you wanted to know about the KL-7 but were afraid to ask...

Examine the machine, its history of development, how it was used and the simulator at the TSEC/KL-7 ADONIS and POLLUX page.

More on the KL-7

Thursday, April 08, 2021

Operation Tinker Bell Anniversary

Can you solve the case?
Operation Tinker Bell is running exactly eight years. The cryptologic challenge is the ideal introduction to cryptography, crypto equipment and spy tradecraft for the novice. All those years I noticed at the webstats how people worked through all messages, some in a few days and others took their time. Many e-mailed me with kind feedback and some dropped a note in our guestbook, but they could never share their results with others. Therefore, I decided last year to introduce a Wall of Honor to give participants the chance to document their achievements (see below).

What is Operation Tinker Bell about? You will learn to work with the TSEC/KL-7, a 1960's state-of-the-art crypto machine (free simulator available), and decrypt operational one-time pad messages, used for one-way voice links, commonly known as numbers stations. Once you're briefed, you start in the CIA communications center and its crypto room, the inner sanctum where the most sensitive information arrives.

Robert Novak needs your support!
You are immersed in a true Cold War espionage atmosphere and witness the modus operandi of your fellow CIA officers and their KGB counterparts. Experience at first hand the spy tradecraft, CIA transmitter sites in West Germany, illegal border crossings, fake passports, safe houses, the dreaded East-German Stasi and Czech StB secret police.

British intelligence helps to arrange clandestine meetings, you receive SIGINT support from the U.S. Army Security Agency and some of the USMLM operations flirt with the rules of engagement. The Cold War at its best. It's all there, authentic details and as real as it gets!

Operation Tinker Bell starts in 1964, at the height of the Cold War. CIA case officer Robert Novak investigates the sudden disappearance of a CIA operative in Moscow. Operation Tinker Bell, the hunt for a KGB colonel starts and Novak travels across the Soviet Union.

Ausweis bitte! Keep calm when East German border guards check your forged papers!

For obvious security reasons, all communications between Langley, the CIA stations abroad and their agents behind the Iron Curtain are encrypted. It's your task as COMSEC officer to decrypt all that message traffic. This sounds harder than it actually is. All required crypto tools, keys and clear instructions are provided and used exactly as in real life. Make sure to carefully read the briefing!

Below the first names engraved in the Wall of Honor. Get to work, assist your CIA colleagues that operate across the Eastern Bloc and get your name on that wall. Join Operation Tinker Bell.

New case officer Arindam Chakraborty added April 16, 2021

Did you completed the operation before the Wall of Honor?
Contact us!

Friday, February 12, 2021

Tracking Cold War Signals

Adcock four element antenna array
WWII Naval direction finding station
(source: Frontline Ulster)
The Cold War was also a war of signals. This battle comprised chatter over radio, Morse, data and technical signals. Eavesdropping on enemy communications and analysing their technical signals was a vital part of that battle. However, to know where those signals came from was just as important.

Directional antennas find the bearing of a signal. Early simple loop antennas had to be turned mechanically to find the signal bearing. With two or more such antennas on different locations, the target is located at the crossing of those bearings, but it was a cumbersome task. Later, double loop antennas and Adcock antenna arrays with four elements improved performance, but many more special  direction finding (DF) antennas were built to locate signals, and some were quite extraordinary.

German Wartime Research

The Wullenweber antenna array
(source: FGCRT)
Significant progress was made during the Second World War by Dr. Hans Rindfleisch, who invented the Circularly Disposed Antenna Array (CDAA). Rindfleisch also headed the Communications Research Command of the German Navy, and together with Telefunken they developed his antenna array under the codename Wullenweber.

The first Wullenweber, build in Skibsby in northern Denmark, was designed as high-frequency direction finding (HF/DF) antenna array and operated in the 6-20 Mhz range. The above drawing shows, at the top, the view of the antenna array and the reflector screen wires behind them (click image to enlarge)
First Wullenweber at Skibsby site
(source unknown)
The antenna consisted of 40 vertical radiator elements, each supported by a wooden structure and placed in a large circle, 120 m (392 ft) in diameter. Inside that circle was a reflector screen of wires, supported by 40 poles and arranged in a smaller circle, 105 m (344 ft) in diameter.

The Foundation for German communication and related technologies (main page) has a description of the Wullenwever (original spelling), including German Naval research on Wullenwever (pdf p11-20).

German Technology in Soviet Hands

Many German scientists were rounded up by US and Soviet forces in the final days of the war. Both were interested in this new CDAA technology, but the Soviets were the first to start building them in 1951 with assistance of German scientists.

The Soviets eventually build 31 CDAA's of various types and called them KRUG. They were places in Russia, Warsaw Pact countries, Mongolia, Cuba, Vietnam and Burma. These KRUG stations tracked radio communications of US and NATO reconnaissance aircraft and nuclear bombers. GlobalSecurity has info and photos on Soviet KRUG antenna arrays.

The Global U.S. Antenna Network

One of the German antenna researchers was moved to the United States to assists in the development of a CDAA. The US version of the Wullenweber was the AN/FLR-9 antenna, nicknamed "Elephant Cage". The first was built in 1962 at the RAF Chicksands base in the UK, leased by the US Airforce.

FLR-9 at USASA Field Station Augsburg, Germany (source: US Air Force ISR)

The huge FLR-9 antenna had an outer diameter of 440 m (1,443 ft) and height 37 m (121 ft). A network of eight FLR-9 was constructed in Alaska, England, Germany, Italy, Japan, Philippines, Turkey and Thailand. This network could accurately locate HF signals anywhere on Earth, to track enemy airplanes, ships or ground based transmitters, but also to follow own or friendly targets.

The US Naval Security Group operated the AN/FRD-10, also a Wullenweber antenna but smaller than the FLR-9. Its outer diameter was 133 m (435 ft) and height 27 m (90 ft). A network of sixteen FRD-10's was located at coastal lines of the Pacific and Atlantic on US mainland and Alaska, Hawai, Puerto Rico, Canada,  Panama, Japan, Spain and Scotland.

More about the Wullenweber

FLR stands for Fixed Countermeasures Receiving. FRD stands for Fixed Radio Direction-finder (see JETDS designations). More about the FLR-9 on FAS and Freedom Through Vigilance Association (USAFSS). Navy Radio has details of the AN/FRD-10. There's a report on the dismantling of the AN/FLR-9 at Misawa air base in Japan and the decommissioning of Joint Base Elmendorf-Richardson in Alaska (video).

More on WWII direction finding at the RSS Secret Listeners website and on Frontline Ulster's WWII Aircraft Direction Finding in the UK.

The NSA video below explains the history and purpose of the FLR-9.

The American Forces Network Pacific gave a look inside Misawa’s FLR-9, build in 1962. The antenna was demolished in 2014.

More on Signals

Many different signals were sent, received and analysed during the Cold War. Below some posts on this blog about Signals Intelligence (SIGINT), but there's much more to discover...

Visit also the Cold War Signals page about the battle over radio waves on our website

Monday, February 01, 2021

Le Carré's Legacy for Spies

David Cornwell - John Le Carré
Source: Krimidoedel
David Cornwell passed away last December. He was not only a brilliant writer, but also someone who once in a while kicked the conscience of the establishment. John Le Carré was the alter ego of David Cornwell, who wrote his first three novels while still working for MI5 and MI6, from 1959 to 1964.

Le Carré is renowned for spy novels that depict pretty realistically the live of spies, their masters and a bureaucracy full of backroom politics with a distinguished disregard for the very spy who risked his life for them. A huge contrast to the James Bond action-packed books and movies. History has unfortunately shown that the success of intelligence services is mostly measured by their failures and rarely by their successes, because the latter often should stay secret to remain a success.

Filter this blog by the label espionage and you will encounter many failures, tormented spies, executions and imprisonment. They often leave behind lots of debris, if not their life. The not so glorious life of spies, as Le Carré described so masterfully in his books.

From his Cold War marvels such as The Spy Who Came In from the Cold, Tinker Tailor Soldier Spy, A Small Town in Germany, A Perfect Spy or his brilliant but introvert spy catcher George Smiley, to his more recent and more critical Our Kind of Traitor, Legacy of Spies or Agent Running in the Field. All these, and many more books Le Carré wrote, and were filmed, show the game of espionage, all but glamorous, often taking a heavy toll on people involved.

He also wrote The Pigeon Tunnel: Stories from My Life, a splendid biography with countless dramatic, hilarious or weird events and all kinds of people, honourable or questionable, that he encountered. Only a former MI5/MI6/secretary/consul/journalist could have lived such a curious life, of course neither confirmed nor denied. Le Carré's real legacy for spies is the knowledge that their life won't be all that great.

John Le Carré, the spy novel master who made it almost impossible for writers to create a credible spy with a loyal wife, a successful career, and caring superiors. He will forever remain my favourite writer of stories that could have been so beautiful but end so tragic.

Below some of the rare interviews David Cornwell gave. Or was it John Le Carré? One thing's for sure, we'll miss him dearly.

In a CBC 2017 audio interview with John Le Carré (67 min), he talks about his early life, his work for the intelligence service, the characters in his books, the TV series and movies, and shares his view on contemporary politics. A Conversation with John le Carré (27 min) is a 2002 video interview about his books, the Cold War and intelligence services.

In the CIA Studies in Intelligence Volume 61 No 1, historian David Robarge wrote A Review of The Pigeon Tunnel (pdf, archived).  More about John Le Carré's life at The Guardian's Obituary.

Friday, January 29, 2021

Podcast Nuggets Episode 8

Click for more

Time to spoil the ears again with another selection of podcast nuggets from across the Internet. We start with a man who knows the Soviet Union inside out. Next, a stupendously dangerous extortion that ends spectacular, how to catch a most damaging spy in your own ranks and finally the struggle between government and public for right to digital privacy.

COLD WAR CONVERSATIONS - A UK Journalist in the Soviet Union & the GDR is an interview with Mark Brayne who studied in 1972 two years in Moscow and traveled around Russia. He returned to the Soviet Union in 1974 as Reuters reporter and befriended Andrei Sakharov, the nuclear scientist who eventually became a Soviet dissident. After Russia he became correspondent for Reuters in East Berlin and later for BBC in Beijing and the BBC World Service. Also listen to Brayne under Stasi Surveillance and his Reporting the 1989 Romanian Revolution. So many fascinating stories about the many people Brayne got to know. The interview show notes contain photos and videos of Brayne's trips.

DAMN INTERESTING - The Zero-Armed Bandit brings the stunning story of  John Birges who lost a lot of money in Harvey’s Wagon Wheel Casino. He got the brilliant idea to extort three million dollars from the casino by planting a 1000 pounds dynamite bombe in Harvey's Resort Hotel. The bombe had a complex tamper-proof detonation mechanism and once the ransom was paid, Birges would provide the instructions to disarm the bombe. He warned the FBI not to disarm the bombe but they decided to let the bombe technicians have a go at it.

SPYCAST - Cuban Intelligence and the Ana Montes Spy Case interview with Scott Carmichael, a senior counterintelligence investigator of the Defense Intelligence Agency (DIA). Carmichael was the man who identified Ana Belen Montes, one of the most damaging spies in recent U.S. history. Montes joined the DIA in 1985 and quickly became a rising star and later DIA's most senior and distinguished Cuba analyst. In reality, she worked for the Cuban intelligence service.

DARKNET DIARIES - Crypto Wars Jack Rhysider talks with Cindy Cohn, Executive Director of the Electronic Frontier Foundation (IFF), the well known non-profit digital rights group. For many decades, cryptography was in the hands of governments and their military. That changes in the 1980s when the Internet arrived and ordinairy people began to use cryptography to protect their communications and data. Since then, governments have tried to restrict or weaken publicly available encryption.