Saturday, May 27, 2017

The compromise of Greek partisan radio communications in WWII

A history lesson

At the start of WWII the Kingdom of Greece, ruled by Ioannis Metaxas  (head of the 4th of August Regime) followed a neutral foreign policy and tried to avoid taking part in the conflict. However constant Italian harassment and provocations (such as the sinking of the cruiser Elli) and the transfer of Italian army units to Albania made it clear that war could not be avoided for long.

In October 1940 Italian forces invaded Greece, in the area of Epirus, and the Greek-Italian war started. The Greek forces were able to contain the assault and the Greek counterattack forced the Italians back into Albanian territory. After the defeat of a major Italian offensive in spring 1941 the front stabilized inside Albania.

At the time Britain was overextended with obligations in Europe, Middle East and Asia. However the British armed forces made a small contribution with an RAF expeditionary corps. When more British forces started to arrive in March 1941, their involvement gave Germany an excuse to become involved in the conflict.

German forces invaded Greece in April 1941 and made rapid progress due to the fact that almost the entire Greek Army was fighting in the Epirus area. The remaining units and the small British forces transferred to Greece in March-April 1941 were unable to stop them. Then in May 1941 the Germans were also able to defeat the Greek and British forces that had retreated to the strategic island of Crete.

In the period 1941-44 Greece was split into three occupation zones, controlled by Italy, Germany and Bulgaria.  This measure fractured the Greek economy and together with hyperinflation and loss of value of the paper currency led to the collapse of the economy.
Greece was a poor agricultural country prior to WWII. The war of 1940-41, the splitting of the country into three occupation zones and the confiscation of goods by the occupying powers led to the impoverishment of an already poor population.

Greek resistance groups

Under these circumstances several resistance groups were formed by Greek patriots in order to oppose the Axis powers.

Small groups operated in urban centers but the bigger ones could only survive in the countryside where the presence of Axis troops was limited.

The main ones were the military wing of the Greek Communist Party - ELAS (Greek People's Liberation Army) and the liberal EDES (National Republican Greek League).

The resistance forces organized by the Communist Party were ostensibly created in order to oppose the Axis rule and liberate Greece but in reality their main goal was to eliminate their liberal rivals, unify all resistance groups under communist control and gain power in postwar Greece (1).

During the period 1943-44 the Communist forces showed more interest in attacking and destroying other resistance groups than in attacking the occupiers. One of their most infamous acts was the destruction of the EKKA (National and Social Liberation) resistance group and the execution of its commander Dimitrios Psarros.

The ΕΑΜ ELAS movement grew in power during the occupation for several reasons. Compared to the other resistance groups it had an advantage in that it was tightly controlled by the Communist Party, an organization that knew how to operate in adverse conditions. The main achievement of the communists was that they managed to get British backing for their operations. British liaison officers were transported to Greece and British money and arms supported the ΕΑΜ ELAS movement.

In addition to British support, with the collapse of Italy in September 1943, several Italian military units in the Balkans surrendered to the partisans and the capture of their heavy weapons (mortars, artillery, machine guns) gave ΕΑΜ ELAS the ability to conduct regular military operations.

Radio communications and ciphers of the ELAS movement

According to German sources ELAS radio communications began to be intercepted by the units of KONA 4 (Kommandeur der Nachrichtenaufklärung - Signals Intelligence Regiment) in early 1944.

KONA 4 was a German Army signal intelligence unit assigned to cover radio traffic from the Balkans and the Middle East. In the period 1943-44 the unit was able to decode a large volume of Yugoslav partisan traffic.

The quarterly reports of the unit for 1944 (2) show that Greek communist radio traffic was worked on by NAZ G (Nachrichten Nahaufklärungszug - Close Range Signal Intelligence Platoon).



The report Ez Bericht 1944/II says that in April 1944 radio traffic of the Greek communist groups from the areas Volos, Lamia and Olympus was intercepted. The messages were sent in 4-figure and 5-letter groups. The first procedure was a letter to figure Caesar cipher and it was discontinued by the end of April. The second procedure was double transposition with the same key used for both cages. Both were solved and 240 messages read.


Elas-Funkverkehr

Mitte April wurde erstmalig ein griechischer kommunistischer Bandenfunkverkehr mit Funkstellen im Raum Volos - Lamia und im Olymp-Gebiet festgestellt. Seither sind hauptsächlich zwei Arten von Chisprüchen der Elas (Griechisches Volksbefreiungsheer)- Verkehre angefallen: 4Z- und 5B-Sprüche.

a) 4Z-Sprüche.
Statistische Untersuchungen des Spruchmaterials ergaben eindeutige Hinweise auf ein mehrfach belegtes 2Z-Cäsar-Verfahren, das in seinen verschiedenen Schlüsselformen durch 4Z-Kenngruppen bezeichnet wird. Es wurden schliesslich fünf derartige 2Z-Buchstaben-Silben-Cäsaren gelöst. Bereits Ende April wurde dieses Verfahren ausser Kraft gesetzt.

b) 5B-Sprüche. 
Die in grösserem Umfange zwischen dem Obkdo. der Elas und der Gruppe der Divisionen Makedoniens mit ihren unterstellten Einheiten abgesetzten 5B-Sprüche wurden als Klartext-Verwürfelungen erkannt. Untersuchungen auf einfache Verwürfelungen waren erfolglos. Erst als zwei nahezu textgleiche Sprüche mit gleicher 4Z-Kenngruppe auftraten, von denen der eine die mit einer Spalten-vertauschung versehene Wiederholung des anderen war, konnte die Losung erstellt und der Spruch als Doppelwürfelverschlüsselung gelöst werden. Die folgende Entschlüsselung aller mit dieser Losung verzifferten Sprüche ergab, dass der Verschlüssler beim Obkdo der Elas besonders für volle Würfel eine Vorliebe hat. Diese Annahme bestätigte sich, als festgestellt wurde, dass darüber hinaus sogar qruadratische Würfel vorlagen, für die eine einfache Lösungsmöglichkeit besteht. In arderen Fällen lagen der Verschlüsselung halbquadratische Würfel zugrunde. Solche können gleichfalls gelöst werden, da in zwei Halbzeilen des waagerecht eingetragenen Chitextes oft eine bekannte Unterschrift gefunden werden kann. Unter Ausnutzung dieser Verschlüsselungsschwächen des Gegners wurden bisher 20 Doppelwürfelosungen erstellt.
In der Berichtszeit wurden insgesamt ca 240 Sprüche mitgelesen die wertvolle Aufschlüsse über den organisatorischen Aufbau, die militärische Gliederung und die militärischen Aktionen der kommunistischqp Banden im griechischen Raume gaben.

ELAS radio-traffic

Mid-April radio communications of a Greek Communist gang , with radio stations in the area of Volos - Lamia and Olympus, was detected for the first time. Since then, mainly two kinds of cipher messages in the ELAS traffic (Greek people's Liberation Army) have turned: 4-figure and 5-letter messages.

a) 4-figure messages.
Statistical investigations of the intercepted material gave clear indications of a multiply occupied 2-figure Caesar system, which in its various cipher forms is identified by 4-figure indicator. Finally five such 2-figure letter-syllable Caesars were solved. Already at the end of April this procedure was cancelled.

b) 5-letter messages.
The 5-letter messages, which in larger extent were sent between the ELAS headquarter and the group of divisions in Macedonia with its subordinate units, were recognized as plaintext transpositions. Studies based on simple transpositions were unsuccessful. It was not until two nearly textually equal messages with the same 4-figure indicator group occurred, of which one could be seen as a column swapped repetition of the other, that an answer was found and the message solved as a double transposition. The following decryption of all the enciphered messages with this solution revealed that the cipher clerk at ELAS headquarter had a special preference for complete transposition rectangles. This assumption was confirmed when it was found that it even square transposition templates was used, for which there exist a simple solution. In other cases, the enciphering was based on using half-square transposition templates. Those can equally be solved because in two half-lines of the vertically entered ciphertext one often will find a well-known signature. So far 20 double transposition solutions have been created using these encryption weaknesses of the enemy.
During the period under review a total of about 240 messages were read which gave valuable insights into the organizational structure, the military plans and the military action of the Communist rings in the Greek area.

The report Ez Bericht 1944/III says that double transposition continued to be used in ELAS radio communications. Due to poor cipher practices this system could be solved. In the reporting period about 120 keys were solved and 2.200 messages read.


Elas bewegung

Sämtliche Funkverkehre der Elas-Bewegung im griechischen Raume verwenden nach wie vor die Dopelwürfelverschlüsselung. Aus der bereits im letzten Bericht erwähnten Vorliebe der gegnerischen Schlüssler für volle Würfel hat sich ein gangbarer Weg zur Lösung dieser Doppelwürfel finden lassen. Unter Verwendung bereite bekannter Unterschriften wurden die Würfellosungen gefunden an quadratischen, doppelquadratischen, halb- und viertel-quadratischen Würfeln, ferner an längen- und lösungsgleichen Würfeln und Würfeln mit Spaltenvertauschung, Dass in einer Anzahl von bereits entzifferten Sprüchen auch Hinweise auf neue Losungen gegeben wurden, erleichterte die Entzifferungsarbeit beträchtlich.

Mit ca. 120 Losungen konnten in der Berichtszeit nahezu 2.200 Sprüche mitgelesen werden,

ELAS movement:

All radio traffic of the ELAs movement in the Greek area still uses the double transposition system. From the preference of the enemy cipher clerks for complete transposition squares, as mentioned in the last report, a practical method of solving this double transposition has been found. By using well-known signatures solutions were found for square, double square, half - and quarter square transposition templates, as well as solutions to same length and solution-equal transposition templates and templates with column swapping.
The decipherment work was eased considerably by the fact that a number of already decrypted messages also gave hints about new solutions. With about 120 solutions nearly 2,200 messages could be read during the reporting period.

The last report Ez Bericht 1944/IV says that approximately 50% of the messages were read:


Elas Bewegung

Der griechische Bandenfunk wurde ausschliesslich von NNA Zg G bearbeitet, der sich in der Berichtszeit 2 Monate auf dem Rückzug befand. Im letzten Vierteljahr 1944 wurde als einziges Verfahren der Doppelwürfel verwendet . Ungefähr 50% der angefallenen Sprüche wurden mitgelesen. Für ca. 30 Kenngruppen wurden die Losungen  erstellt.

ELAS movement

The Greek agent radio traffic was processed exclusively by NNA Zg G who, during the reporting period, had already been on the retreat for 2 months. In the last quarter of 1944 the only method used was double transposition. Approximately 50% of the attacked messages were read. Solutions were found for about 30 characteristic groups (indicators).

Dr. Otto Karl Winkler and TICOM report I-170

Additional information on the exploitation of ELAS communications is available from the TICOM report I-170 ‘Report on French and Greek Systems by Oberwachtmeister Dr. Otto Karl Winkler of OKH/FNAST 4’ (dated January 1946).

The report was written by Dr. Otto Karl Winkler, a member of KONA 4. Dr Winkler was in charge of decoding and translating the Greek messages and in pages 4-6 he stated about his work:


The unit moved to BELGRADE in Autumn 1943, thence, in August 1944 to PERNITZ near WIENER NEUSTADT, However, I received a new task in Spring 1944 with the appearance of Greek messages sent by ELAS. In the course of our two year stay in Athens I had been able to learn modern Greek almost perfectly, on the basis of a knowledge of classical Greek and spurred on by love for and interest in Greece. In addition my duties had provided me with a certain experience of cryptography and a good translation technique. Thus I was put in charge of Greek cryptography and was assisted in the actual cryptographic work by Uffz. Diether STROBL from BERLIN, an English interpreter and technical student. I had held the rank of Wachtmeister since Christmas 1943.

Regarding the cipher systems used he also mentions the 2-figure Caesar system and the double transposition cipher. Solution of the latter depended on the poor practices of the ELAS cipher clerks:


Double transpositions are regarded as a secure type of cipher and are therefore used by many British agents. To the best of my knowledge the unit never succeeded in breaking one and only occasional captured material has rendered it possible to read some traffic retrospectively. For the sake of security it is essential to avoid using complete or even square boxes, typical beginnings or endings of messages and constantly recurring addresses and signatures, to use each key as little as possible and as far as possible to have different keys for each box of the pairs The Greeks overlooked all these rules right up to the end, with the result that messages in the same setting and with the same number of groups (Elementeanzahl) cropped up.

The solution of these messages provided valuable information about the organization, personalities and operations of the ELAS partisan forces:


In any case we succeeded in breaking 50 – 60% of the traffic tackled and as important messages were always retransmitted on several links with different keys, we were able to build up an almost complete picture of the build-up, organization and composition of EAM and ELAS, to compile lists of their leading personalities and officers and to inform the competent German political and military authorities in good time about many planned military and political actions, acts of sabotage, ambushes, dynamitings, etc. I can only remember a few details and cannot reproduce examples systematically as the evaluation of the material wan not my job, which consisted only of deciphering, decoding and translating the available material.

Radio traffic of British liaison officers in Greece

Apart from ELAS communications the Germans were also able to read some of the messages sent by British liaison officers assigned to the Greek partisans. The German Army’s codebreaking agency OKH/Inspectorate 7/VI was able to decode some of these messages in the period 1943-44 (3).

The British authorities kept in contact with partisan groups in the Balkans through liaison officers sent by the intelligence services SIS and SOE. These small teams transmitted traffic by radio to their controlling stations in Cairo, Egypt and Bari, Italy. The cryptosystems used were double transposition and the War Office Cypher, enciphered with one time pads.
Some of the encoded radio traffic of British officers in the Balkans was exploited by the Germans. They were able to read messages both through captured material and by cryptanalysis. 

The reports of KONA 4 show that some cipher material was captured in the field and messages read. For example in 1943:


Field units had to rely on captured material in order to read British agents transmissions but this was not necessarily true of the central department. The reports of Inspectorate 7/VI show that this traffic (special traffic to Cairo with indicator GESH) was first solved in June 1943 by Referats 6 and 12:



Traffic continued to be read till November 1944 but it seems this was mostly from the team assigned to the headquarters of General Mihailović and from the liaison officers in Greece. 

For example:

September ’43:


April ’44:


July ’44:


Conclusion

In the period 1941-44 the Greek population suffered under a triple occupation by Italian, German and Bulgarian forces. The collapse of the Greek State, of the economy and the falling living standards led many Greeks to take up arms against the occupiers.

This situation gave the Greek Communist Party an opportunity to build up a large partisan movement in the countryside and use it to monopolize the anti Axis resistance in Greece. With support from the British and after capturing Italian heavy weapons in 1944 the Communists were one step away from gaining power in the country.

During this period the German authorities were aware of the growing strength of the partisan movements in the Balkans but they did not have the military forces needed to permanently destroy them. Instead their forces garrisoned strategic areas and urban centers.

Both in Yugoslavia and in Greece they were able to monitor the military operations and political maneuvers of the partisan movements through signals intelligence.

In 1944 the German Army’s signal intelligence agency was able to solve a large part of the ELAS radio traffic. Their success was possible mainly due to the many mistakes made by the ELAS cipher clerks. This traffic provided valuable intelligence on the ELAS organization, personalities and planned military and political actions.

Notes:

(1). A good summary of the main issues surrounding the goals of the Communist party and EAM ELAS can be found in ‘Εμφύλια πάθη: 23+2 νέες ερωτήσεις και απαντήσεις για τον Εμφύλιο’ - Στάθης Ν. Καλύβας, Νίκος Μαραντζίδης (2016)

(2). KONA 4 - Ez Bericht 1944/II, Ez Bericht 1944/III, Ez Bericht 1944/IV (NARA - RG 457 - Entry 9032 - box 22 - ‘German deciphering reports’)



Additional information:

1). In TICOM report I-170, p9 an example is given of the ELAS double transposition cipher. 

The sample message reads:


OMADA MERARchIWN MAKEDONIAS ch ch ch IMERA ch  STOP SAS PARAKALOYME NA ANAFERATE AMESWS EAN OI PENTE AXIWMATIKOI THS BRETTANIKHS APOSTOLHS AFIchHSAN STOP STEFANOS SARAFHS YF

My translation: ‘For Macedonian group of divisions – Day – STOP we request that you report immediately if the five officers of the British mission have arrived STOP Stefanos Sarafis’.

Stefanos Sarafis was the military commander of the ELAS forces.

2). It seems that the Greek communist military forces continued to use insecure cipher systems even in the late 1940’s. An FBI report dated August 1950 (4) says the AFSA (Armed Forces Security Agency) was working on the following Greek communist crypto systems:


These were monome-dinome substitution (enciphered with additive) and single and double transposition, similar in concept to the systems used in 1944.

It is reasonable to assume that the use of insecure ciphers by the communists was exploited by the Greek Army and US agencies during the Greek Civil War.

Acknowledgments: I have to thank Frode Weierud for translating the KONA 4 summaries and Randy Rezabek for sharing his copies. 

Thursday, May 25, 2017

Interesting information in TICOM report I-170

The NSA has declassified the TICOM report I-170 ‘Report on French and Greek Systems by Oberwachtmeister Dr. Otto Karl Winkler of OKH/FNAST 4’ (dated January 1946).


I’ll probably write a more detailed essay on the compromise of Greek military, diplomatic and partisan codes in WWII.

Some interesting excerpts from the report:

My first employment was on the breaking and translating of Greek Air Force messages in Spring 1941. The unit was in BUCHAREST at that time and later it was at BANJA KOSTENIC in Bulgaria. C.O. was Hptm. SCHMIDT, head of the cryptography and translation department from then until Autumn 1944 was Prof. Alfred KNESCHKE, a Professor of Mathematics from Saxony.

……………………………………………………………

Greek Army and Navy messages were not broken until after the conquest of Greece, when captured ‘Codes’ were read during the attack on Crete.

……………………………………………………………

In May 1941 the unit moved to ATHENS. In the autumn of that year the De Gaulle troops in Syria began to send cipher messages. ………………………………………………… Practically the whole Syrian WT traffic was read and a complete picture obtained of the build-up, strength, composition and Organization of the French armed forces, of the political administration and the names of all important personalities, as well as all changes and troops movements. In charge of evaluation of French material at this time was Wm. KÜHNAPFEL (from KONIGSBERG).

As the French used also to refer to British troop movements and officer personalities from time to time, such pointers were of considerable use to our English evaluation section, as the British ciphers could not as a rule be broken by German Sigint.

……………………………………………………………

The unit moved to BELGRADE in Autumn 1943, thence, in August 1944 to PERNITZ near WIENER NEUSTADT, However, I received a new task in Spring 1944 with the appearance of Greek messages sent by ELAS. In the course of our two year stay in Athens I had been able to learn modern Greek almost perfectly, on the basis of a knowledge of classical Greek and spurred on by love for and interest in Greece. In addition my duties had provided me with a certain experience of cryptography and a good translation technique. Thus I was put in charge of Greek cryptography and was assisted in the actual cryptographic work by Uffz. Diether STROBL from BERLIN, an English interpreter and technical student. I had held the rank of Wachtmeister since Christmas 1943.

……………………………………………………………

Double transpositions are regarded as a secure type of cipher and are therefore used by many British agents. To the best of my knowledge the unit never succeeded in breaking one and only occasional captured material has rendered it possible to read some traffic retrospectively. For the sake of security it is essential to avoid using complete or even square boxes, typical beginnings or endings of messages and constantly recurring addresses and signatures, to use each key as little as possible and as far as possible to have different keys for each box of the pairs The Greeks overlooked all these rules right up to the end, with the result that messages in the same setting and with the same number of groups (Elementeanzahl) cropped up.

……………………………………………………………

In any case we succeeded in breaking 50 – 60% of the traffic tackled and as important messages were always retransmitted on several links with different keys, we were able to build up an almost complete picture of the build-up, organization and composition of EAM and ELAS, to compile lists of their leading personalities and officers and to inform the competent German political and military authorities in good time about many planned military and political actions, acts of sabotage, ambushes, dynamitings, etc. I can only remember a few details and cannot reproduce examples systematically as the evaluation of the material wan not my job, which consisted only of deciphering, decoding and translating the available material.

Thursday, May 18, 2017

The progress of my old NSA freedom of information act cases or alternatively ήμουν νιος και γέρασα…

So far my remaining cases with the NSA FOIA office can be broken into two groups. One concerns requests I made in 2015 and these seem to be progressing slowly but I expect I will get responses this year.

The problem is that my old cases from 2012 seem to be stuck in time. Back then I requested several TICOM reports and even agreed to pay for two large files (~500 pages).

Since then I’ve been told that these cases are being processed, then they were in the review queue, then final review etc.

Picture of NSA foia requester waiting for the declassification of TICOM reports:


Saturday, May 6, 2017

Update

I’ve added information from TICOM report I-26 ‘Interrogation of Oblt. Schubert (OKH/Chef HNW/Gen.d.NA) on Russian Military and Agents’ systems at OKM Signals School, Flensburg on 17 June 1945’ in the essay Soviet partisan codes and KONA 6.

Monday, May 1, 2017

Cipher machines of WWII

In the period 1939-45 most countries enciphered their communications using hand methods (codebooks, transposition etc). Only a few countries used cipher machines.

The following list covers these countries and the specific models they used.

United States



SIGTOT T/P (one time tape system)

CCM - Combined Cipher Machine

M-209 (US version of the Hagelin C-38)


Hebern cipher machine (5 rotor version)

SIGFOY/M-325 (Enigma type)

Britain

Typex (Enigma type)

Rockex T/P (one time tape system)

CCM - Combined Cipher Machine

Poland


Soviet Union

K-37 (Hagelin B-211 copy)

Pogoda or Pagoda (copy of US AT&T double tape machine)

M-100/101 T/P

France


Hagelin B-211 modified

Hagelin C-38 (US M-209 version)


Sweden

Hagelin B-211

Hagelin C-38

Norway

Hagelin C-38

Holland

Hagelin C-38

Enigma G

Portugal

Hagelin C-38

Switzerland

Enigma K

Germany




Enigma I (plugboard machine)

Enigma M4 (4 rotor naval version)

SG (Schlüsselgerät) 41 (Hagelin type)


T-52 T/P

T-43 T/P (one time tape system)

Italy

Enigma K

Enigma G

Enigma I


Hagelin C-38

Olivetti T/P

Japan






Finland

Hagelin C-36

Romania

Enigma G

Enigma I

Hungary

Enigma I

Slovakia

Enigma I

Bulgaria

Enigma I

Croatia

Enigma K

Spain

Enigma K