Sunday, April 26, 2015

The unscrupulous Italian official and the code of colonel Fellers

One of the most damaging compromises of Allied communications security, during WWII, was the case of Colonel Bonner Fellers, US military attaché in Cairo during 1940-2. Fellers sent back to Washington detailed reports concerning the conflict in North Africa and in them he mentioned morale, the transfer of British forces, evaluation of equipment and tactics, location of specific units and often gave accurate statistical data on the number of British tanks and planes by type and working order. In some cases his messages betrayed upcoming operations.

Fellers used the Military Intelligence Code No11, together with substitution tables. The Italian codebreakers had a unit called Sezione Prelevamento (Extraction Section). This unit entered embassies and consulates and copied cipher material. In 1941 they were able to enter the US embassy in Rome and they copied the MI Code No11. A copy was sent to their German Allies, specifically the German High Command's deciphering department – OKW/Chi. The Germans got a copy of the substitution tables from their Hungarian allies and from December 1941 they were able to solve messages. Once the substitution tables changed they could solve the new ones since they had the codebook and they could take advantage of the standardized form of the reports. Messages were solved till 29 June 1942 and they provided Rommel with so much valuable information that he referred to Fellers as his ‘good source’.
The British realized that a US code was being read by the Germans when they, in turn, decoded German messages containing information that could only have come from the US officials in Egypt. The Americans however were not easily convinced that their representative’s codes had been ‘broken’ and it took them months before they changed Colonel Fellers code.

The Germans didn’t know that the Brits had solved messages enciphered on their Enigma machine and thus had different ideas about who betrayed their codebreaking success. Wilhelm Flicke, who worked in the intercept department of OKW/Chi wrote in TICOM report DF-116-Z about this case:
During the war there was stationed at the Vatican a diplomatic representative of the U.S.A. who stood in radio communications with Washington like any other ambassador or minister. In a radiogram sent to Washington in June 1942, enciphered by means of a diplomatic code book, one could read of a conversation which representative of the Vatican had had with an Italian of high position. During this conversation the Italian had mentioned that the Germans could read the most important cryptographic system of the American Military Attaché. The American representative had learned this at the Vatican through a Vatican official and was therefore warning the American War Department against any further use of this cryptographic system.


Weisser (a cryptanalyst of OKW/Chi) also said that it was the Italians who betrayed the German success in his report TICOM I-201:


Did the Germans have a reason to mistrust their Italian allies?
It seems that the answer is yes. On July 24 1942 Leland B. Harrison, US ambassador to Switzerland, sent a telegram to assistant secretary Gardiner Howland Shaw (who was in charge of the State Departments cipher unit) warning him that an Italian official had met with Harold Tittmann (US representative to the Vatican) and had told him that the US diplomatic code used by the embassy in Egypt was compromised.

The Germans clearly solved this message and thus attributed the end of the Fellers telegrams to Italian treachery. However looking at the dates it’s clear that this was not true. Fellers changed his cryptosystem in June 1942, while this telegram was sent in July.

Sunday, April 19, 2015

NAAS 5 reports retrieved from France - 1945

During WWII the German Army’s signal intelligence agency OKH/In 7/VI had signal intelligence regiments assigned to Army Groups in order to supply them with radio intelligence on Allied formations. Western Europe was covered by KONA 5 (Signals Intelligence Regiment 5), whose cryptanalytic centre NAAS 5 (Nachrichten Aufklärung Auswertestelle - Signal Intelligence Evaluation Center) was based in Saint-Germain-en-Laye, a suburb of Paris.

In summer 1944 the Germans had to evacuate France and it seems that this unit tried to destroy some of its reports but they didn’t have time to properly dispose of them. Instead many reports were buried.
The US authorities were able to locate the site and they recovered many of these documents. A US report, dated 25 January 1945, says that about 2.000 sheets of paper were recovered and were 30% readable. They included intercepts and decrypts of the M-209 cipher machine, the War Department Telegraph Code, possibly Combined Cipher Machine traffic, as well as the British Aircraft movement’s Code and Syko system.

There was even a message from Washington to the US Military Mission in China from 1942 sent via the gunboat TUTUILA.

Sunday, April 12, 2015

The US Division Field Code

When the United States entered WWII, in December 1941, US military and civilian agencies were using several cryptologic systems in order to protect their sensitive communications. The Army and Navy only had a small number of SIGABA cipher machines so they had to rely on older systems such as the M-94/M-138 strip ciphers and on codebooks such the War Department Telegraph Code, the Military Intelligence Code and the War Department Confidential Code.

Another system prepared for the Army was the Division Field Code. This was a 4-letter codebook of approximately 10.000 groups and in the 1930’s several editions were printed by the Signal Intelligence Service (1). However the introduction of the SIGABA and especially the M-209 cipher machine made this system obsolete. Still it seems that the DFC was used on a limited scale, during 1942-44, by the USAAF and by US troops stationed in Iceland and the UK.
Examples of DFC training edition No 2:

Solution of DFC by German codebreakers
The German Army and AF signal intelligence agencies were able to exploit this outdated system and they read US military messages from Iceland, Central America, the Caribbean and Britain. Most of the work was done by field units, specifically the Army’s fixed intercept stations (Feste Nachrichten Aufklärungsstelle) Feste 9 at Bergen, Norway and Feste 3 at Euskirchen, Germany.

According to Army cryptanalyst Thomas Barthel several editions of the Division Field Code were read, some through physical compromise (2):

The DFCs (Divisional Field Codes).
(a). DFC 15

In use in autumn 42, broken in Jan 43. Traffic was intercepted on a frequency of 4080 Kos from US Army links in ICELAND (stas at REYKJAVIK, AKUREYRI and BUDAREYRI). Stas used fixed call-signs till autumn 43, and thereafter daily call -signs. This field code was current for one month only. It was a 4-letter code, non-alphabetical, with variants and use of "duds" (BLENDERN). It was broken by assuming clear routine messages were the basis of the encoded text, such as Daily Shipping Report, Weather Forecast etc.
(b) DFC 16

This was current for one month, probably in Nov 42. It was similar to  the DFC 15 above.
(c) DFC 17

This was current from Dec 42 to Feb 43. About the latter date one or two copies of the table were captured. Very good material was intercepted from ICELAND, also from 6 (?) USAAF links in Central America, Caribbean Sea etc. Traffic was broken and read nearly up to 100%.
(d) DFC 21

This succeeded the DFC 17. Results were the same.
(e) DFC 25

Current only in CARIBBEAN SEA area, and read in part.
(f) DFC 28 

This succeeded the DFC 21 in summer 43. It was used by the ICELAND links and the 28 (or 29) US Div in the South of ENGLAND. The code was read, Now and again it was reciphered by means of alphabet substitution tables ("eine Art von Buchstabentauschtafel") changing daily. This method was broken because the systematic construction of the field code was known.
(g) DFC 29

A copy of this table was captured in autumn 43. It was never used, PW did not know why.

The War Diary of the German Army’s signal intelligence agency OKH/In 7/VI shows that the DFC was called AC 6 (American Code 6) and several editions were solved in the period 1943-44. Most of the processing was left to field units, with only a few messages solved by Referat 1 (USA section) of Inspectorate 7/VI. The report of March 1943 says that the captured specimen DFC 17 could be used to solve the preceding and following versions (since they were constructed in the same way) and it showed that the code values retrieved by field units and the central department through cryptanalysis were mostly correct (3).
The Luftwaffe’s Chi Stelle was also interested in the DFC and according to Dr. Ferdinand Voegele, the Luftwaffe's chief cryptanalyst in the West, USAAF messages from the Mediterranean area were read (4).

The 29th Infantry Division and the invasion of Normandy
In 1943 the M-209 cipher machine replaced the M-94 strip cipher as the standard crypto system used at division level by the US Army, however older systems like the DFC continued to be used for training purposes. The US military forces in Britain took part in many exercises during the latter part of 1943 and early 1944, since they were preparing for the invasion of Western Europe and some of their training messages were sent on the 28th edition of the Division Field Code.

These messages were intercepted and decoded by the German Army’s KONA 5 (Signals Intelligence Regiment 5), covering Western Europe.  NAAS 5 was the cryptanalytic centre of KONA 5 and its quarterly reports (5) show that training messages from the US V Expeditionary Corps and the 29th Infantry Division were solved.

The solution of these messages allowed the Germans to identify the 29th Infantry Division and considering the unit’s rule during operation Overlord it is possible that they gave the Germans vital clues about the upcoming invasion of France.

(1). Rowlett-1974 and Kullback-1982 NSA oral history interviews

(2). CSDIC/CMF/Y 40 – ‘First Detailed Interrogation on Report on Barthel Thomas
(3).War diary Inspectorate 7/VI - March 1943

(4). TICOM IF-175 Seabourne Report, Vol XIII, p9 and 16.
(5). E-Bericht der NAASt 5 Nr 1/44 and Nr 2/44.

Sources: Frank Rowlett NSA oral history interview - 1974, Solomon Kullback NSA oral history interview - 1982, CSDIC/CMF/Y 40 – ‘First Detailed Interrogation on Report on Barthel Thomas’, War diary Inspectorate 7/VI, War diary NAAS 5, TICOM IF-175 Seabourne Report, Vol XIII ‘Cryptanalysis within the Luftwaffe SIS’, DFC training edition No 2, Division Field Code No 4
Acknowledgments: I have to thank Rene Stein of the National Cryptologic Museum for the Rowlett and Kullback interviews and Mike Andrews for the DFC pics.

Sunday, April 5, 2015

Who was source 206?

During WWII the US Office of Strategic Services station in Bern, Switzerland (headed by Allen Dulles) recruited agents in occupied Europe and transmitted intelligence reports back to Washington. Dulles collaborated in intelligence gathering activities with Gerald Mayer, local representative of the Office of War Information and General Barnwell Legge, US military attaché to Switzerland.

Some of these reports were decoded by the Germans and the Finns and we can see that they mention specific agents.
For example message No. 73 Bern-London of 4/4/1943, by General Legge lists several German divisions stationed in France and says that the information came from Source 206. Who was this mysterious agent?

Wednesday, April 1, 2015

The codes of the Polish Intelligence network in occupied France 1943-44

In WWII Poland fought on the side of the Allies and suffered for it since it was the first country occupied by Nazi Germany. In the period 1940-45 the Polish Government in Exile and its military forces contributed to the Allied cause by taking part in multiple campaigns of war. Polish pilots fought for the RAF during the Battle of Britain, Polish troops fought in N.Africa, Italy and Western Europe and the Polish intelligence service operated in occupied Europe and even had agents inside the German High Command.

Although it is not widely known the Polish intelligence service had spy networks operating throughout Europe and the Middle East. The Poles established their own spy networks and also cooperated with foreign agencies such as Britain’s Secret Intelligence Service and Special Operations Executive, the American Office of Strategic Services and even the Japanese intelligence service. During the war the Poles supplied roughly 80.000 reports to the British intelligence services (1), including information on the German V-weapons (V-1 cruise missile and V-2 rocket) and reports from the German High Command (though the agent ‘Knopf) (2).
In occupied France the intelligence department of the Polish Army’s General Staff organized several resistance/intelligence groups tasked not only with obtaining information on the German units but also  with evacuating Polish men so they could serve in the Armed Forces. These networks obviously attracted the attention of the German security services and in 1941 the large INTERALLIE network, controlled by Roman Czerniawski, was dismantled.

Another large network was controlled by Zdzislaw Piatkiewicz aka Lubicz'. The book ‘Secret History of MI6: 1909-1949’, p529 says about this group: ‘Some of the Polish networks were very productive. One based in the south of France run by ‘Lubicz' (Zdzislaw Piatkiewicz) had 159 agents, helpers and couriers, who in August and September 1943 provided 481 reports, of which P.5 circulated 346. Dunderdale's other organizations were rather smaller’.
From German and British reports it seems that the radio communications of the Polish spy groups in France (including the ‘Lubicz' net) were compromised in the period 1943-44. Wilhelm Flicke who worked in the intercept department of OKW/Chi (decryption department of the High Command of the Armed Forces) says in ‘War Secrets in the Ether’ (3):

The Polish intelligence service in France had the following tasks:
1. Spotting concentrations of the Germany army, air force and navy.

2. Transport by land and sea and naval movements.
3. Ammunition dumps; coastal fortifications, especially on the French coast after the occupation of Northern France.

4. Selection of targets for air attack.
5. Ascertaining and reporting everything which demanded immediate action by the military command.

6. Details regarding the French armament industry working for Germany, with reports on new weapons and planes.
The Poles carried on their work from southern France which had not been occupied by the Germans. Beginning in September 1942 it was certain that Polish agent stations were located in the immediate vicinity of the higher staffs of the French armistice army.

In March 1943 German counterintelligence was able to deal the Polish organization a serious blow but after a few weeks it revived, following a reorganization. Beginning the summer of 1943 messages could be read. They contained military and economic information. The Poles in southern France worked as an independent group and received instructions from England, partly by courier, and partly by radio. They collaborated closely with the staff of General Giraud in North Africa and with American intelligence service in Lisbon. Official French couriers traveling between Vichy and Lisbon were used, with or without their knowledge, to carry reports (in the form of microfilm concealed in the covers of books).
The Poles had a special organization to check on German rail traffic to France. It watched traffic at the following frontier points: Trier, Aachen, Saarbrucken, München-Gladbach, Strassburg-Mülhausen and Belfort. They also watched the Rhine crossings at Duisburg, Coblenz, Düsseldorf, Küln, Mannheim, Mainz, Ludwigshafen, and Wiesbaden. Ten transmitters were used for the purpose.

All the Polish organizations in France were directed by General Julius Kleeberg. They worked primarily against Germany and in three fields:
1. Espionage and intelligence;

2. Smuggling (personnel);
3. Courier service.

Head of the "smuggling service" until 1.6.1944 was the celebrated Colonel Jaklicz, followed later by Lt. Colonel Goralski. Jaklicz tried to penetrate all Polish organizations and send all available man power via Spain to England for service in the Polish Army.  The "courier net" in France served the "Civil Delegation", the smuggling net, and the espionage service by forwarding reports. The function of the Civil Sector of the "Civil Delegation" in France was to prepare the Poles in France to fight for an independent Poland by setting up action groups, to combat Communism among the Poles, and to fight against the occupying Germans. The tasks of the military sector of the Delegation were to organize groups with military training to carry on sabotage, to take part in the invasion, and to recruit Poles for military service on "D-Day". The "Civil Delegation" was particularly concerned with Poles in the German O.T. (Organisation Todt) or in the armed forces. It sought to set up cells which would encourage desertion and to supply information.
Early in 1944 this spy net shifted to Northern France and the Channel Coast. The Poles sought to camouflage this development by sending their messages from the Grenoble area and permitting transmitters in Northern France to send only occasional operational chatter. The center asked primarily for reports and figures on German troops, tanks and planes, the production of parts in France, strength at airfields, fuel deliveries from Germany, French police, constabulary, concentration camps and control offices, as well as rocket aircraft, rocket bombs and unmanned aircraft.

In February 1944 the Germans found that Polish agents were getting very important information by tapping the army telephone cable in Avignon.
In March 1944, the Germans made a successful raid and obtained important radio and cryptographic material. Quite a few agents were arrested and the structure of the organization was fully revealed.

Beginning early in June, increased activity of Polish radio agents in France became noticeable. They covered German control points and tried to report currently all troop movements. German counterintelligence was able to clarify the organization, its members, and its activity, by reading some 3,000 intercepted messages in connection with traffic analysis. With the aid of the Security Police preparations were made for the action "Fichte" which was carried out on 13 July 1944 and netted over 300 prisoners in all parts of France.
This, together with preliminary and simultaneous actions, affected:

1. The intelligence service of the Polish II Section,
2. The smuggling service,

3. The courier service with its wide ramifications.
The importance of the work of the Poles in France is indicated by the fact that in May 1944 Lubicz and two agents were commended by persons very high in the Allied command "because their work was beginning to surpass first class French sources." These agents had supplied the plans of all German defense installations in French territory and valuable details regarding weapons and special devices.

Flicke’s statements on the solution of Polish intelligence codes in 1943 can be confirmed, in part, by the postwar interrogation of Oscar Reile, head of Abwehr counterintelligence in occupied France. In his report 'Notes on Leitstelle III West Fur Frontaufklarung' (4) he said about the Polish intelligence communications:

107. Leitstelle III West also benefited from the work done by the code and cipher department of Funkabwehr, which studied all captured documents connected with codes and ciphers, with the object of decoding and deciphering the WT traffic of agents who were regarded as important and could not be captured. 
108. Valuable results were often obtained by Funkabwehr. During the winter of 43/44, the above-mentioned code and cipher department succeeded in breaking codes used by one of the most important transmitters of the Polish Intelligence Service in FRANCE. For months thereafter WT reports from Polish agents to ENGLAND were intercepted and understood; the same applied to orders they received from ENGLAND. The Germans also learnt that important military plants were known to the Allies, and a considerable number of names and cover names of members of the Polish Intelligence Service were discovered.

Flicke also said ‘Early in 1944 this spy net shifted to Northern France and the Channel Coast. The Poles sought to camouflage this development by sending their messages from the Grenoble area and permitting transmitters in Northern France to send only occasional operational chatter’. This statement can also be confirmed by other German and British reports.
The monthly reports of Referat 12 (Agents section) of the German Army’s signal intelligence agency OKH/In 7/VI (5) mention spy messages from Grenoble in May and July 1943 as links top and 71c (9559, Grenoble), so it is possible that these are the Polish intelligence messages that Flicke says were solved in summer 1943. Unfortunately these reports are difficult to interpret since they use codewords for each spy case.

More information is available from messages found in the captured archives of OKW/Chi (since Chi also worked on Polish military intelligence codes). The British report DS/24/1556 of October 1945 (6) shows that messages on the link London-Grenoble were solved and these were enciphered with the military attaché cipher POLDI 4.

The same report mentions that in August 1944 the British authorities became aware that decoded Polish military intelligence messages from Grenoble were sent from Berlin to the Abwehr station in Madrid, Spain:
In August 1944, a series of decoded Polish ‘Deuxieme Bureau’ messages between London and Grenoble were seen by us in ISK traffic being forwarded by Berlin to Abwehr authorities at Madrid. The time lags varied between 5 and 43 days. S.L.C. Section at headquarters informed us that this was a properly controlled leakage, and that no cypher security action was necessary or desirable.’

Some of these messages can be found in the British national archives (7):

It is interesting to note that the response of the higher authorities was ‘this was a properly controlled leakage, and that no cypher security action was necessary or desirable’, without however giving more details.

During WWII the Polish intelligence service operated throughout Europe and was able to gather information of great value for the Western Allies. These activities were opposed by the security services of Nazi Germany and in this shadow war many Allied spy networks were destroyed and their operatives imprisoned or killed. In their operations against Allied agents the Germans relied not only on their own counterintelligence personnel but also signals intelligence and codebreaking. Fixed and mobile stations of the Radio Defense Corps (Funkabwehr) monitored unauthorized radio transmissions and through direction finding located their exact whereabouts.

The Agents section of Inspectorate 7/VI and OKW/Chi analyzed and decoded enciphered agents messages, with the results passed to the security services Abwehr and Sicherheitsdienst. Both agencies solved Polish intelligence communications including traffic from Switzerland, France, Poland, the Middle East and other areas. The Polish intelligence networks in France were an important target for the Germans not only because they were a security risk but also because they would undoubtedly assist the Allied troops in their invasion of Western Europe in 1944. In that sense the compromise of the communications of the Polish military intelligence network was an important success since it allowed the Germans to dismantle parts of this group and also learn of what the Allied authorities wanted to know about German strengths and dispositions in France.
According to Flicke the success started in summer 1943 and from the British reports we can see that they continued to solve the traffic till summer ’44 (when France was liberated). It is not clear of when the Brits first learned that the Polish communications had been compromised and what measures they took to prevent the leakage of sensitive information. It is also not clear of whether they chose to inform the Poles about all this…

(1). Journal of U.S. Intelligence Studies article: ‘England's Poles in the Game: WWII Intelligence Cooperation’

(2). War in History article: ‘Penetrating Hitler's High Command: Anglo-Polish HUMINT, 1939-1945’
(3). ‘War Secrets in the Ether’, p230-1

(4). CSDIC SIR 1719 - 'Notes on Leitstelle III West Fur Frontaufklarung', p15
(5). War Diary of OKH/In 7/VI - May and July 1943

(6). British national archives HW 40/222
(7). British national archives HW 40/221

Sources: ‘Secret History of MI6: 1909-1949’, Journal of U.S. Intelligence Studies article: ‘England's Poles in the Game: WWII Intelligence Cooperation’, ‘War Secrets in the Ether’, CSDIC SIR 1719 - 'Notes on Leitstelle III West Fur Frontaufklarung', HW 40/221 ‘Poland: reports and correspondence relating to the security of Polish communications’, HW 40/222 ‘Poland: reports and correspondence relating to the security of Polish communications’, War in History article: ‘Penetrating Hitler's High Command: Anglo-Polish HUMINT, 1939-1945’, War Diary of OKH/In 7/VI

Update: German decodes of the London-Grenoble traffic can be found in pages 793-877 of ‘KODY WOJNY. Niemiecki wywiad elektroniczny w latach 1907–1945’. They date from July 1943 to October 1944 and are signed ‘Szef II Oddzialu Sztabu’, ‘Marian’, ‘Alfred’, ‘Szef Ekspozytury II Oddzialu Sztabu’, ‘Lubicz’, ‘Vox’, ‘Los’, ‘Rawa’, ‘Klemens’, ‘Major Zychon’, ‘Mikolaj’, ‘Bernard’, ‘Biz’, ‘Zenon’.