Tuesday, February 02, 2016

Castle Feuerstein Laboratorium

There are many stories, some more fiction than others, about mysterious Nazi laboratories in dark castle dungeons where SS scientists perform all kinds of occult experiments. Return to Castle Wolfenstein and Mortyr are some well known PC games that portrait the Nazi obsession with the Ahnenerbe, the occult and paranormal experiments. Wewelsburg, the elite SS school and a center for archaeological excavations, is probably the most sinister of all.

What if I told you that scientists, lead by Dokter Oskar Vierling, worked in a secretive laboratorium in Castle Feuerstein. Does this sound to you like a sequel to Castle Wolfenstein? Not quite! Burg Feuerstein, located in Ebermannstadt, close to Nürenberg, was all but fiction. A physicist in a mysterious laboratorium, how could that possibly relate to cryptology and intelligence? Exactly!

Feuerstein was an important target of TICOM, a secret Allied project to capture German scientists and seize SIGINT stations,  cryptographic and communications equipment, just before Germany surrendered. The mission of TICOM (Target Intelligence Committe) was to collect as much as possible German science and technology, preferably before Soviet forces got their hands on it. To achieve this, TICOM sent fast-moving special teams to pre-determined valuable locations inside the collapsing Germany, sometimes way ahead of Allied troops.

Burg Feuerstein in Ebermannstadt

Laboratorium Feuerstein started its research in 1942 and developed experimental communications systems. At its peak, Feuerstein housed 200 staff and workers. The scientists, lead by Dr Vierling, worked on a variety of projects, including high speed transmitters for covert agents, receivers, wave traps, accurate filter design, speech scramblers, voice frequency spectography, teleprinter cipher (crypto) attachments, improvements on cipher machines, a synchronisation system for the Lorenz SZ42 cipher teleprinter, acoustics and filter components for acoustic torpedoes, anti-radar coating for submarines, night fighter control systems, various frequency generators and an electronic calculator to solve sine and cosine equations. They were a busy bunch!

Dr. Oskar Vierling
Just before the German collapse, Dr Vierling was ordered to relocate his speech projects to Berchtesgaden in the Bavarian Alps and to destroy all other projects and equipment. Vierling, however, had other plans with his Feuerstein legacy. Once the Nazi's were off to Berchtesgaden with the speech equipment, he stored the most valuable equipment and plans in a large bomb proof vault, hidden behind a false wall in Feuerstein. There, he awaited the end of the war.

Castle Feuerstein was used as a German Army hospital at the time the TICOM team arrived. They rounded up the scientists and Dr Vierling proved very willing to cooperate with TICOM. Vierling and his group rushed to restore the laboratory and continued their work on selected projects under control of TICOM investigators.

More details about the Feuerstein laboratory and Dr Vierling's work is available in chapter VIII, page 37 from Volume 8 Miscellaneous (alternative link here) of NSA's declassified files on European Axis Signal Intelligence in World War II. The rebuild of the lab under control of TICOM is described the Interim Report on Laboratorium Feuerstein (pages 3 to 5 are double) from the NARA archive. Another excellent source is the TICOM Archive. These documents contain enough inspiration for a few Wolfenstein sequels.

The importance of Feuerstein for TICOM is shown in U.S. Army Security Agency (ASA) documents. The Temporary Duty Report of Mr William Friedman, the renowed U.S. cryptologist, is a resume of his tour in Germany from July to September 1945, in cooperation with TICOM. Vierling's Laboratorium, noted as important TICOM target, was one of the sites he visited in July 1945. NSA has a few more documents related to Dr Vierling.

After the war, Prof Dr Oskar Vierling continued his work at Feuerstein with his 1941 established firm VIERLING GmbH. He had quite a prolific career, developing crypto machines, covert radio transmitters, eavesdropping devices, radio direction finding and various measuring and test equipment. He worked for Organisation Gehlen (post-war West-German intelligence), its successor Bundesnachrichtendienst (foreign intelligence), Zentralstelle für Chiffrierwesen (central cryptologic service) and the Deutsche Bundespost.

Due to legal restrictions on crypto export, Dr Vierling sold the rights for his crypto equipment to Crypto AG's predecessor Hagelin Cryptos. NSA archives also show that Dr Vierling developed crypto machines in cooperated with ASA and NSA, at least until 1953 (see here and here). His firm is currently still located in Ebermannstadt.

Today, Burg Feuerstein is a catholic youth center.

Thursday, November 26, 2015

U.S. COMSEC History - Additional Releases

The National Security Agency (NSA) just published an update of the 2007 release of the David Boad lectures on communications security (see my old post). Many blank pages of the old version are now unredacted and show newly released information on various crypto systems, such as the TSEC/KL-7, KW-7, KW-26, KW-37 and one-time pad systems.

After the 2011 FOIA releases of the KL-7 operating instructions, I'm happy to see another bit of information on that pretty crypto machine ooze out of Fort Meade. More on the KL-7 at my website (including an accurate simulation). Of course there's much more to discover in the wonderful David Boak lectures.

The new almost unredacted version:

Friday, November 06, 2015

The Able Archer 1983 Source Book - Finally!

The Cold War was (and actually still is) often far from cold in many Asian, African, Middle Eastern and South American countries. At times, we were much closer to a nuclear war than many ever realised. Two events, however, really stand out if it comes to getting truly at the brink of Armageddon.

The first one was the Cuban missile crisis, caused by the Soviet preparations for installing nuclear missiles at a stone's throw from the United States. The second, lesser known crisis was the Soviet reaction to, or rather perception of, NATO exercise Able Archer. The purpose of Able Archer was to test NATO command level communications and the readiness of nuclear armament in Western Europe, with the exercise scenario ending in a fictitious DEFCON 1 alert. The Soviets believed this exercises to be a cover for an actual nuclear attack by NATO against the Soviet Block.

Today, the National Security Archive released over a thousand declassified pages with details on how the Soviets perceived Able Archer and how the exercise lead them to the idea that the Western Allies were about to launch an all-out war against them. The sources include KGB papers, reports from East Germany's STASI, various Warsaw Pact countries and Western intelligence services. They are a real treasure trove that gives you a front seat in the decision making process and the reactions of the various countries involved. More importantly, these documents finally end the speculations about how scary the 1983 War Scare actually was.

All documents are available at the Able Archer Source Book web page. Before submerging in this fascinating Cold War event, you might first want to read the short recap 1983 - The Brink Of Apocalypse that I wrote some years ago, just to get you in the picture, because exercise Able Archer was only the grand final of various events that culminated into tense nerves at the Kremlin.

The documentation of this 1983 War Scare for the National Security Archive was in large part Nate Jones' project. As FOIA coordinator, he succeeded in getting all these wonderful documents declassified and released. In the video below, Nate explains how the Able Archer Source Book was compiled.

I can highly recommend a visit to the Able Archer Source Book pages, the newest addition at the National Security Archive's Nuclear Vault!

Tuesday, April 07, 2015

Operation Tinker Bell - KGB On The Run Anniversary

I usually write about the real stuff, but I do enjoy creating a fun challenge once in a while. Exactly two years ago I published Operation Tinker Bell, a spy adventure about the hunt for a KGB defector, set at the height of the Cold War. Meanwhile, many participants have already taken up the challenge to unveil the secret behind the KGB defector and it continues to amaze me how many people are attracted to the combination of espionage & cryptology.

Although the story itself is fictional (or maybe not ;-) I took care to make it as realistic as possible, using actual modus operandi of intelligence organisations and their tricks of the trade. Accurate details about organisations, locations and historical facts are woven into the story, submerging the participant in a true Cold War espionage atmosphere. In contrast to my previous challenges, you don't need any cryptologic skills to crack messages. All required keys and tools are provided.

You love spy stories, liked watching The Americans or got fascinated by the news paper reports about ten Russian sleepers, caught by the FBI? Then rush to Operation Tinker Bell, visit the briefing, start the hunt and earn your stripes in the field!

Our friend here is on the run for two years now. Can you solve the case?

Tuesday, February 10, 2015

BAPCO 's Use of One Time Pads During WWII

Mounted camel guard at the refinery.
Source: BAPCO
The Bahrain Petroleum Company (BAPCO) was a Canadian subsidiary, founded in 1929 by the American Standard Oil of California (Socal) to run its operations at the Awali oil fields on Bahrain Island at the inlet of the Persian Gulf. BAPCO was one of the companies that became a possible target of Axis forces when Britain declared war on Germany. In 1940, the Bahrain oil refinery was targeted by Italian bombers, forcing the Allies to strengthen Bahrain's defense. Bahrain, in 1943 still a British Protectorate, decided to implement a censorship on messages that were sent over commercial cable and wireless, to prevent disclosure of information that might be useful to the enemy.

This censorship, however, greatly restricted the communications and operations of BAPCO. The majority of their messages contained information about oil production, shipping, personnel and food supply. Those messages fell into three main categories: a) cables that could be sent in plain text without objection, b) security cables that contained information that, in conjunction with other information, might indirectly be useful to the enemy, and c) secret cables that would be of direct use to the enemy if intercepted, such as ship movements, especially oil tankers.

On April 4, 1943, Ward P. Anderson, the general manager and chief local representative of BAPCO, asked E. B. Wakefield, the British Political Agent in Bahrain, permission to encrypted their cables between the local branch and their New York office. This would allow them to send security related cables, at the same time respecting Bahrain's censorship. Anderson proposed a secret company code, superimposed (enciphered a second time) with a transposition cipher for added security.

The Political Resident of the Persian Gulf in Camp Bahrain forwarded the request on April 8 to the Secretary of State for India in London, who approved the use of a secret code, provided that censorship received a plain text version of all messages, sent in that code, BAPCO should continue to send messages through the Navy if they contained vital information that would be of direct use to the enemy, and messages regarding political matters were to be sent through the Political Agent. After consulting the New York office, Ward Anderson agreed to these conditions.

P.A.I.C. in Baghdad asked whether the code had already been vetted for security. As this was not the case, the British Political Resident forwarded the request to SNOPG (Senior Naval Officer in the Persian Gulf) in Basra but they had no officer qualified to vet the code. Therefore, PAIFORCE suggested to vet the code.

The new code, proposed by the California Texas Oil Company, arrived from New York on October 24, and Bahrain forwarded the code on November 10 by courier for examination to the Cipher Security Officer of P.A.I.C. in Baghdad. After reviewing the code, the Security Officer responded that the code offered little resistance against cryptanalysis and provided no security whatsoever.

Note: P.A.I.C. (Persia and Iraq Command) in Baghdad was the headquarters of PAIFORCE (Persia and Iraq Force), the British and Commonwealth military formation in the Middle East from 1942 to 1943.

Surprised by this answer, Ward Anderson explained that the code was allocated by the U.S. Navy Department and considered the most secure known, used for the most secret messages. He clarified that "each page of the pad of sheets is used only once and destroyed after use". He continues, "In fact, the code changes with each succeeding letter of the message. When the pad is exhausted, a new set of pads is produced".

To Anderson, it seemed unlikely that British military authorities would be unfamiliar with the proper use of this type of code, so he asked to verify whether the code was indeed insecure, adding that U.S. authorities would be most interested if the British claims proved correct.

This was probably his polite way to hint the Political Agency and the PAIFORCE Security Officer that they were going to embarrass themselves. To their defense, it might be possible that the code was not accompanied with the complete and proper coding instructions, thus failing to show that the code was for one-time use.

Soon after, the Secretary of State for India in London informed the Political Resident in Bushire, Iran, that the U.S. Chief of Cable Censorship urgently requested permission to use the code, adding that it was a one-time pad, similar to the one used by the Ministry of War Transport in London. P.A.I.C. also received note of this. Apparently, someone pulled some strings.

Subsequently, the Political Resident confirmed to its agency in Bahrain that the code was indeed a one time pad from the U.S. Navy Department. Eventually, the agent informed the BAPCO representative that objection to the code had been withdrawn and that "the one time pad can be used on the understanding that the pad is not worked through more than once".

BAPCO started using the one-time pads as of January 15, 1944, more than eight months after their initial request. Yes, even during wartime, bureaucrats persist. Of course, we have to take in account that transportation and communication means in 1943 were quite different from today, and codes were always transferred safe-hand by courier.

Once the war had ended, BAPCO requested on August 22, 1945 permission from Bahrain to commence the use of the company's own cable code again, as used before the outbreak of hostilities in 1939.

Below one of the BAPCO coded messages from Bahrain to New York, with plain version included, submitted to Censorship as agreed with British authorities.

These archived conversations are a rare example of a commercial firm using the unbreakable one-time pad in the early 1940s. At that time, the use of such strong encryption was generally limited to governments, their military, intelligence agencies and diplomacy. BAPCO's use of one-time pads, allocated to them by the U.S. Navy Department, is a nice example of how government and commercial firms teamed up to ensure the highest level of communications security for those companies that were somehow important to the war effort.

All letters and cables regarding this request for using one-time pads are found in the British Library: India Office Records and Private Papers as File 10/5 BAPCO CODES, reference IOR/R/15/2/423. More examples of coded messages and their plain text version, submitted to censorship, are found in File 10/23 Code Messages - BAPCO, reference IOR/R/15/2/450. These records are archived in the Qatar Digital Library. More on the 1940 bombing raid on Bahrain in the Qatar Library, and an account of the attack on the BAPCO refirey is available at the Saudi Aramco website.

These documents are also unique as a reference, because the use of one-time pads is hardly mentioned in official documents from that era (for obvious security reasons) and they are, as far as I know, the earliest I came across. They confirm the use of one-time letter pads  by Political Residents of the British Imperial Civil Administration, the British Army, the Ministry of War Transport in London and the U.S. Navy, at least as early as 1943. Both British and U.S. authorities were quite familiar with the system and surprisingly even shared it with commercial firms. The archives also show that British Residents in the Middle East regularly received sets of two-way one-time pads.

More historical and technical information about one-time pad is available at my Cipher Machines and Cryptology website.

The Bahrain Petroleum Company (BAPCO), one of the oldest oil companies in the Middle East, was established in 1929 by Standard Oil Company of California. In 1930, BAPCO obtained the only oil concession in Bahrain. In 1936 they discovered the Awali oil field and opened a refinery with a capacity of 10,000 barrels per day. That same year, Standard Oil Company of California signed an agreement with Texaco, creating the joint venture California Texas Oil Company (Caltex). These companies are now known as Chevron and Texaco. The Bahrain government took over all BAPCO shares in 1980 and acquired full ownership in 1997.