At 4:03 AM -0500 6/15/04, Bruce Schneier wrote: > Breaking Iranian Codes > > > >Ahmed Chalabi is accused of informing the Iranians that the U.S. had >broken its intelligence codes. What exactly did the U.S. break? How >could the Iranians verify Chalabi's claim, and what might they do about it? > >This is an attempt to answer some of those questions. > >Every country has secrets. In the U.S., the National Security Agency >has the job of protecting our secrets while trying to learn the secrets >of other countries. (Actually, the CIA has the job of learning other >countries' secrets in general, while the NSA has the job of >eavesdropping on other countries' electronic communications.) > >To protect their secrets, Iranian intelligence -- like the leaders of >all countries -- communicate in code. These aren't pencil-and-paper >codes, but software-based encryption machines. The Iranians probably >didn't build their own, but bought them from a company like the >Swiss-owned Crypto AG. Some encryption machines protect telephone >calls, others protect fax and Telex messages, and still others protect >computer communications. > >As ordinary citizens without serious security clearances, we don't know >which machines' codes the NSA compromised, nor do we know how. It's >possible that the U.S. broke the mathematical encryption algorithms >that the Iranians used, as the British and Poles did with the German >codes during World War II. It's also possible that the NSA installed a >"back door" into the Iranian machines. This is basically a >deliberately placed flaw in the encryption that allows someone who >knows about it to read the messages. > >There are other possibilities: the NSA might have had someone inside >Iranian intelligence who gave them the encryption settings required to >read the messages. John Walker sold the Soviets this kind of >information about U.S. naval codes for years during the 1980s. Or the >Iranians could have had sloppy procedures that allowed the NSA to break >the encryption. > >Of course, the NSA has to intercept the coded messages in order to >decrypt them, but they have a worldwide array of listening posts that >can do just that. Most communications are in the air-radio, microwave, >etc. -- and can be easily intercepted. Communications via buried cable >are much harder to intercept, and require someone inside Iran to tap >into. But the point of using an encryption machine is to allow sending >messages over insecure and imperceptible channels, so it is very >probable that the NSA had a steady stream of Iranian intelligence >messages to read. > >Whatever the methodology, this would be an enormous intelligence coup >for the NSA. It was also a secret in itself. If the Iranians ever >learned that the NSA was reading their messages, they would stop using >the broken encryption machines, and the NSA's source of Iranian secrets >would dry up. The secret that the NSA could read the Iranian secrets >was more important than any specific Iranian secrets that the NSA could >read. > >The result was that the U.S. would often learn secrets they couldn't >act upon, as action would give away their secret. During World War II, >the Allies would go to great lengths to make sure the Germans never >realized that their codes were broken. The Allies would learn about >U-boat positions, but wouldn't bomb the U-boats until they spotted the >U-boat by some other means...otherwise the Nazis might get suspicious. > >There's a story about Winston Churchill and the bombing of Coventry: >supposedly he knew the city would be bombed but could not warn its >citizens. The story is apocryphal, but is a good indication of the >extreme measures countries take to protect the secret that they can >read an enemy's secrets. > >And there are many stories of slip-ups. In 1986, after the bombing of >a Berlin disco, then-President Reagan said that he had irrefutable >evidence that Qadaffi was behind the attack. Libyan intelligence >realized that their diplomatic codes were broken, and changed >them. The result was an enormous setback for U.S. intelligence, all >for just a slip of the tongue. > >Iranian intelligence supposedly tried to test Chalabi's claim by >sending a message about an Iranian weapons cache. If the U.S. acted on >this information, then the Iranians would know that its codes were >broken. The U.S. didn't, which showed they're very smart about >this. Maybe they knew the Iranians suspected, or maybe they were >waiting to manufacture a plausible fictitious reason for knowing about >the weapons cache. > >So now the NSA's secret is out. The Iranians have undoubtedly changed >their encryption machines, and the NSA has lost its source of Iranian >secrets. But little else is known. Who told Chalabi? Only a few >people would know this important U.S. secret, and the snitch is >certainly guilty of treason. Maybe Chalabi never knew, and never told >the Iranians. Maybe the Iranians figured it out some other way, and >they are pretending that Chalabi told them in order to protect some >other intelligence source of theirs. > >During the 1950s, the Americans dug under East Berlin in order to >eavesdrop on a communications cable. They received all sorts of >intelligence until the East Germans discovered the tunnel. However, >the Soviets knew about the operation from the beginning, because they >had a spy in the British intelligence organization. But they couldn't >stop the digging, because that would expose George Blake as their spy. > >If the Iranians knew that the U.S. knew, why didn't they pretend not to >know and feed the U.S. false information? Or maybe they've been doing >that for years, and the U.S. finally figured out that the Iranians >knew. Maybe the U.S. knew that the Iranians knew, and are using the >fact to discredit Chalabi. > >The really weird twist to this story is that the U.S. has already been >accused of doing that to Iran. In 1992, Iran arrested Hans Buehler, a >Crypto AG employee, on suspicion that Crypto AG had installed back >doors in the encryption machines it sold to Iran -- at the request of >the NSA. He proclaimed his innocence through repeated interrogations, >and was finally released nine months later in 1993 when Crypto AG paid >a million dollars for his freedom -- then promptly fired him and billed >him for the release money. At this point Buehler started asking >inconvenient questions about the relationship between Crypto AG and the >NSA. > >So maybe Chalabi's information is from 1992, and the Iranians changed >their encryption machines a decade ago. > >Or maybe the NSA never broke the Iranian intelligence code, and this is >all one huge bluff. > >In this shadowy world of cat-and-mouse, it's hard to be sure of anything. > > >Hans Buehler's story: ><http://www.aci.net/kalliste/speccoll.htm>
-- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
