Breaking Iranian Codes (Re: CRYPTO-GRAM, June 15, 2003)

[R. A. Hettinga]

At 4:03 AM -0500 6/15/04, Bruce Schneier wrote:
>             Breaking Iranian Codes
>
>
>
>Ahmed Chalabi is accused of informing the Iranians that the U.S. had
>broken its intelligence codes.  What exactly did the U.S. break?  How
>could the Iranians verify Chalabi's claim, and what might they do about it?
>
>This is an attempt to answer some of those questions.
>
>Every country has secrets.  In the U.S., the National Security Agency
>has the job of protecting our secrets while trying to learn the secrets
>of other countries.  (Actually, the CIA has the job of learning other
>countries' secrets in general, while the NSA has the job of
>eavesdropping on other countries' electronic communications.)
>
>To protect their secrets, Iranian intelligence -- like the leaders of
>all countries -- communicate in code.  These aren't pencil-and-paper
>codes, but software-based encryption machines.  The Iranians probably
>didn't build their own, but bought them from a company like the
>Swiss-owned Crypto AG.  Some encryption machines protect telephone
>calls, others protect fax and Telex messages, and still others protect
>computer communications.
>
>As ordinary citizens without serious security clearances, we don't know
>which machines' codes the NSA compromised, nor do we know how.  It's
>possible that the U.S. broke the mathematical encryption algorithms
>that the Iranians used, as the British and Poles did with the German
>codes during World War II.  It's also possible that the NSA installed a
>"back door" into the Iranian machines.  This is basically a
>deliberately placed flaw in the encryption that allows someone who
>knows about it to read the messages.
>
>There are other possibilities: the NSA might have had someone inside
>Iranian intelligence who gave them the encryption settings required to
>read the messages.  John Walker sold the Soviets this kind of
>information about U.S. naval codes for years during the 1980s.  Or the
>Iranians could have had sloppy procedures that allowed the NSA to break
>the encryption.
>
>Of course, the NSA has to intercept the coded messages in order to
>decrypt them, but they have a worldwide array of listening posts that
>can do just that.  Most communications are in the air-radio, microwave,
>etc. -- and can be easily intercepted.  Communications via buried cable
>are much harder to intercept, and require someone inside Iran to tap
>into.  But the point of using an encryption machine is to allow sending
>messages over insecure and imperceptible channels, so it is very
>probable that the NSA had a steady stream of Iranian intelligence
>messages to read.
>
>Whatever the methodology, this would be an enormous intelligence coup
>for the NSA.  It was also a secret in itself.  If the Iranians ever
>learned that the NSA was reading their messages, they would stop using
>the broken encryption machines, and the NSA's source of Iranian secrets
>would dry up.  The secret that the NSA could read the Iranian secrets
>was more important than any specific Iranian secrets that the NSA could
>read.
>
>The result was that the U.S. would often learn secrets they couldn't
>act upon, as action would give away their secret.  During World War II,
>the Allies would go to great lengths to make sure the Germans never
>realized that their codes were broken.  The Allies would learn about
>U-boat positions, but wouldn't bomb the U-boats until they spotted the
>U-boat by some other means...otherwise the Nazis might get suspicious.
>
>There's a story about Winston Churchill and the bombing of Coventry:
>supposedly he knew the city would be bombed but could not warn its
>citizens.  The story is apocryphal, but is a good indication of the
>extreme measures countries take to protect the secret that they can
>read an enemy's secrets.
>
>And there are many stories of slip-ups.  In 1986, after the bombing of
>a Berlin disco, then-President Reagan said that he had irrefutable
>evidence that Qadaffi was behind the attack.  Libyan intelligence
>realized that their diplomatic codes were broken, and changed
>them.  The result was an enormous setback for U.S. intelligence, all
>for just a slip of the tongue.
>
>Iranian intelligence supposedly tried to test Chalabi's claim by
>sending a message about an Iranian weapons cache.  If the U.S. acted on
>this information, then the Iranians would know that its codes were
>broken.  The U.S. didn't, which showed they're very smart about
>this.  Maybe they knew the Iranians suspected, or maybe they were
>waiting to manufacture a plausible fictitious reason for knowing about
>the weapons cache.
>
>So now the NSA's secret is out.  The Iranians have undoubtedly changed
>their encryption machines, and the NSA has lost its source of Iranian
>secrets.  But little else is known.  Who told Chalabi?  Only a few
>people would know this important U.S. secret, and the snitch is
>certainly guilty of treason.  Maybe Chalabi never knew, and never told
>the Iranians.  Maybe the Iranians figured it out some other way, and
>they are pretending that Chalabi told them in order to protect some
>other intelligence source of theirs.
>
>During the 1950s, the Americans dug under East Berlin in order to
>eavesdrop on a communications cable.  They received all sorts of
>intelligence until the East Germans discovered the tunnel.  However,
>the Soviets knew about the operation from the beginning, because they
>had a spy in the British intelligence organization.  But they couldn't
>stop the digging, because that would expose George Blake as their spy.
>
>If the Iranians knew that the U.S. knew, why didn't they pretend not to
>know and feed the U.S. false information?  Or maybe they've been doing
>that for years, and the U.S. finally figured out that the Iranians
>knew.  Maybe the U.S. knew that the Iranians knew, and are using the
>fact to discredit Chalabi.
>
>The really weird twist to this story is that the U.S. has already been
>accused of doing that to Iran.  In 1992, Iran arrested Hans Buehler, a
>Crypto AG employee, on suspicion that Crypto AG had installed back
>doors in the encryption machines it sold to Iran -- at the request of
>the NSA.  He proclaimed his innocence through repeated interrogations,
>and was finally released nine months later in 1993 when Crypto AG paid
>a million dollars for his freedom -- then promptly fired him and billed
>him for the release money.  At this point Buehler started asking
>inconvenient questions about the relationship between Crypto AG and the
>NSA.
>
>So maybe Chalabi's information is from 1992, and the Iranians changed
>their encryption machines a decade ago.
>
>Or maybe the NSA never broke the Iranian intelligence code, and this is
>all one huge bluff.
>
>In this shadowy world of cat-and-mouse, it's hard to be sure of anything.
>
>
>Hans Buehler's story:
><http://www.aci.net/kalliste/speccoll.htm>

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'