Fwd: the effects of a spy

Wed Nov 16 01:55:01 PST 2005

 > From: "Steven M. Bellovin" <smb at cs.columbia.edu>
 > To: cryptography at metzdowd.com
 > Subject: the effects of a spy
 > Date: Tue, 15 Nov 2005 16:08:50 -0500

 > Bruce Schneier's newsletter Cryptogram has the following fascinating
 > link: http://www.fas.org/irp/eprint/heath.pdf
 > It's the story of effects of a single spy who betrayed keys and
 > encryptor designs.

Steve posted Bruce's reference to an astounding paper.
It's a master's thesis in military history by a US army major,
looking at the John Walker spy case's effects
and the absolutely badly broken US Military systems he was part of -
- the security clearance process was systematically unreliable,
pretty much guaranteeing that there'd be enough bad guys hired
and given access to highly classified information that
you'd expect some of it to get sold to the Soviets,
and they were much more worried that sailors might be gay
than that they might have serious drinking and financial problems
- the radio crypto system he was stealing keys for was used by
the entire US Navy in ways that one person could compromise
the communications for the entire fleet for months, undetected,
- tens of thousands of people had access to the keying material,
- the NSA mostly designed crypto systems with the goal of having them
not be compromised, but the Navy mostly designed operations systems
with the goal of being able to communicate reliably,
- the NSA didn't realize how different the Navy's operations
environment was from how the NSA would run things,
and the Navy didn't realize how critical the handling requirements were,
- Navy classified information storage rooms used to have photocopiers (:-)
- Navy personnel files were accessible to the people they were about,
and one way to renew your security clearance was to create your own paperwork,
- theoretically the Fleet Broadcasting System keying material
was split into four regions of the world to reduce risk of compromise,
but in practice every ship had every set of keys in case they needed them,
- the military in the mid-70s still used some even older NSA systems that
were based on rotor machines, in spite of the fact that
some rotor machines had been cracked as early as the 1930s
(but the Enigma cracking was still secret until 1979,
so security-by-obscurity said this was still ok for most uses),
and the main reason they were phased out was they were too slow,
- hauling keying material around by courier might be ok for an airforce,
but Navy ships move slowly and independently enough that they
tend to haul around huge chunks of keying material,
as well as couriering material for other services.

The author speculates that the Pueblo may have been seized
specifically because the Soviets knew they'd be able to get
keying material from Walker and wanted to get the crypto machine,
and that they later cracked the machine so they no longer needed new keys.
Walker's access to couriered keying material appears to have
exposed much of the Vietnam War B-52 bombing plans to the Soviets,
so the North Vietnamese and Vietcong could avoid being in the
places that the US was bombing for several years.
"Breaking the Ring" was a book about the Walker spy ring
and its effects, and Heath discusses a few items from it that
she thinks were probably deception by various players.

There's a little bit of technical detail, mostly not that deep,
but enough to let the reader understand the impacts of various
technologies and decisions, like the risks of having
tens of thousands of sailors having access to material
that can compromise the communications of the entire fleet.

The NSA used to not only pretend not to exist, but also pretended
to have the best crypto people in the world,
and while they may have had the best codebreakers,
it clearly wasn't having much effect on their codemaking side
as late as the mid-70s - and while public-key crypto wasn't
very practical in 1976 when Diffie-Hellman was first published,
it was apparently desperately needed, and the Navy would
probably have better off with DES than with much of what they
were using back then.

Were the mid-70s really that long ago?
Was the security clearance system that incompetent
back when I had mine (:-)?