(EST PUB DATE) ULTRA AND THE WALKER CASE
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
0001372606
Release Decision:
RIFPUB
Original Classification:
U
Document Page Count:
7
Document Creation Date:
June 23, 2015
Document Release Date:
November 9, 2010
Sequence Number:
Case Number:
F-2006-01618
Publication Date:
January 1, 1997
File:
Attachment | Size |
---|---|
DOC_0001372606.pdf | 373.39 KB |
Body:
ULTRA AND THE WALKER CASE
Captain Esmond D. Smith, Jr., USN
Modern military services, particularly navies, depend heavily on secure
radio communications in all aspects of their operations. To protect these
communications, messages are enciphered using cryptographic systems so that
only holders of the same systems can decipher the messages. If, however, an
adversary develops the capability to decipher these communications and the
users are unaware of this capability, the adversary has acquired an intelligence
source of unparalleled accuracy and utility. In the event of war, such a source
could mean the difference between defeat and victory.
British and American cryptological successes before and during World
War I and the American successes against Japanese naval codes in World War
II are just two examples of the significance of this intelligence source. The
British exploitation of German naval communications during the war in the
Atlantic in World War II provides an even more pointed example of the
war-winning utility of this source. Unfortunately, these and other similar
examples are not merely of historic interest. Through the recent activities of the
John Walker spy ring, the Soviet Union acquired the capability to decipher
secure communications of the US Navy from 1967 to 1984.
One common element in the success of the British in deciphering German
naval communications during World War II and the recent success of the
Soviets in deciphering US Navy communications was that in both cases the
users of these communications remained unaware that their messages were
being compromised.
Ultra and the Atlantic War
During World War II, British cryptanalytic efforts, in conjunction with
other forms of .intelligence, enabled the Allies to read German naval and other
military message traffic. The Germans were scoring similar successes against
British communications. The British, however, deduced that their naval
communications had.been compromised, and they were able to defeat the
German cryptologic effort by introducing a new, improved cipher system. The
Germans, on the other hand, failed to discover that their naval communications
were being exploited by the British through the end of the war.
Ultra was the codeword for special intelligence derived from successful
British efforts to break the codes used to transmit German military radio traffic.
These military messages were machine-encrypted by a cryptographic device
called the Enigma machine. All three German services used the machine,
although each used its own type of "key"-the rotor order, ring settings,
plugboard connections and ground settings, which were changed frequently. In
addition, each service used different key settings for each communications
APPROVED FOR
RELEASEL DATE: 45
14-Oct-2010
network. In some networks, messages were double-enciphered using two key
settings, making them extremely difficult to break using cryptanalytic methods.
The German Navy also strove for even greater security by the use of four-letter
code groups, keyed to code books, that were placed in the text of some messages
before encryption. ' Thus, the German military, and particularly the German
Navy, had good cause to believe that its communications were secure.
The British code-breaking establishment at Bletchley Park, however, had
obtained an Engima machine from the Poles in August 1939, along with
instructions for breaking the Army and Air Force keys. 2 At various times
throughout the war, the British acquired additional pieces of Enigma equip-
ment, codes, and key settings from captured German ships and submarines.
This material greatly assisted the cryptanalytic attack by Bletchley Park, and,
by the spring of 1941, the Allies began to obtain invaluable intelligence from
German naval operational message traffic.
To protect Ultra, knowledge of the source was limited to a handful of
senior naval officers, and any operations based on Ultra information had to have
a plausible cover story. Ultra messages were themselves enciphered using a
one-time pad, providing total security, and special storage and accounting
procedures for Ultra material were rigidly enforced.
As the volume and timeliness of the Ultra material improved in late 1941,
it became possible to make tactical use of the information derived from this
source. This was particularly important in the war in the Atlantic, where Ultra
information on the location and situations of German U-boats was used to
reroute convoys.
This and other operational uses inevitably resulted in raising the Germans'
suspicions about their security. These concerns generally focused on Allied
espionage networks rather than on the security of German communications.
Several times during the war, the Germans did suspect that disastrous changes
in their fortunes might have been due to communications vulnerabilities, and
they made a few checks and minor changes. Even after the war was over,
however, Commander of U-boats Admiral Doenitz did not know that the
British had been exploiting his message traffic.
No Questions Asked
Why, in the face of considerable evidence of Allied foreknowledge about
German U-boat operations, was the security of German naval communications
never seriously questioned? There appear to be several related answers to this
question:
? The difficulties that the German cryptologic services had with British
codes in the early days of the war made them confident that the Allies would
have similar problems with their own ciphers,
? There were often other possible explanations for Allied actions, including
air reconnaissance, the use of radar and high-frequency directionfinding and
Allied espionage activity. This was generally supported by the care with which
the British tried to use Ultra information operationally.
? An implicit understanding of the logistic and other difficulties in
developing and fielding an entirely new cipher system to all German military
users during wartime.
? The German organization that investigated Doenitz's security concerns-
the Naval Intelligence Service-was the same service that was responsible for
the cipher systems used in German naval communications. Thus, there
probably was an institutional bias against the possibility that the ciphers were
being broken.
? A psychological tendency to discourage suspicions of the Engima system.
As one author states, "They believed it was absolutely secure because they
wanted to believe it was secure." a
These postulated reasons are mutually reinforcing, and they tend to
support the last one. In the final account, it may be the most important. It also
may have been the case in a more recent example.
The Walker Spy Ring
In many ways, the John Walker espionage case is completely different
from the British cryptologic effort during World War II. Both, however,
resulted in the compromise and exploitation of an adversary's secure commu-
nications. The well-documented Walker case needs only a brief description
here.
In May 1985, following a long and often convoluted espionage investiga-
tion, the FBI arrested John Walker and the three other members of his spy
ring-his son, Michael Walker; his brother, Arthur Walker; and a friend, Jerry
Whitworth. All are now serving sentences in federal prisons.
John Walker and Whitworth were the ring's key members. Both had
served in the US Navy as communications specialists and had access to US
military cryptographic material and information. John Walker sold the Soviets
this material from at least 1967 until his retirement from the Navy in 1976;
Whitworth's involvement possibly dates from the time he was recruited by
Walker in 1971 until his own retirement from the Navy in 1984.
Immediately following the arrest of these individuals, the government
began an investigation into the damage they had caused to national security
interests. The US Navy initially considered the potential compromise damaging
but manageable. In assessing the impact of the Walker-Whitworth betrayal a
month after their arrest, Admiral James D. Watkins, the Chief of Naval
Operations, declared that the Navy had the problem "bounded and can leave
it in the dust behind us ... We believe that we are on the downside of the
problem ..." s This sanguine view did not last long, however. In July 1985, a
high-ranking Soviet KGB defector, Vitaly Yurchenko, told his FBI debriefers
that "the information delivered by Walker enabled the KGB to decipher over
a million messages." 6 This number probably understates by a wide margin the
actual number available to Soviet interceptors and vulnerable to compromise.
While there is no way of knowing what specific messages were read by the
Soviets, former Director of Naval Intelligence Rear Admiral William Stude-
man has testified that they probably included classified messages regarding
naval ship locations and operations, naval intelligence data and activities, and
naval plans and procedures. ` In most cases, the tactical value of the messages
provided by the spy ring probably was questionable, however, because many of
the messages probably were months old by the time the Soviets deciphered
them. It seems likely that the most serious damage done by the ring's
information lay in what it taught the Soviet Navy about its technological and
doctrinal inferiority and about where the next generation of American weapons
and sensors were going in terms of capabilities.
Occasionally, there were reasons to believe that classified operations were
being compromised in some way. But if these were investigated, the source of
the compromise was usually attributed to poor operational security-discus-
sions in public places that could have been overheard and logistic or other
operational patterns that Soviet analysts could have pieced together-rather
than to insecure communications. These explanations did not satisfy everyone,
however. Suspicions grew as Soviet intelligence collection ships began to show
up routinely in exactly the right places and times to monitor our exercises or
weapons tests, as the Soviets reacted in unexpectedly low-key ways to our naval
operations near their coasts, and as the quality of Soviet ships, submarines and
aircraft began to improve much faster than our estimates had anticipated. Rich
Haver, the deputy director of Naval Intelligence and one of the Navy's most
experienced analysts of the Soviet Navy, periodically voiced his concern. One
source reports that, beginning in the early 1970s, Haver periodically saw signs
that "something was wrong," because the Soviets knew things they should not
have known. Privately, he sometimes wondered about the security of US
communications, but he had no proof. Discovery of the Walker-Whitworth
espionage ring suddenly made everything clear. 8
The fact that our communications were being exploited from at least 1967
onwards by the Soviets may account for certain US military operational
"failures." The abortive raid on the Son Tay prisoner of war camp in 1969 in
North Vietnam provides one such example. The camp was suddenly evacuated
by the Vietnamese several weeks before the raid took place. Had the Soviets
learned about the raid from our communications and told their Vietnamese
allies about it in advance? On the other hand, the Soviets might have been
reluctant to risk such a valuable source just to provide tactical support to the
Vietnamese. Hanoi may have been alerted to the raid by its own intelligence
sources and analysis.
Security Shortcomings
When the details of the British use of Ultra in World War II were
declassified and released in 1974, the entire war, particularly the conflict in the
Atlantic, had to be reexamined. When and if specific compromises resulting
from the Walker case are publicly released, recent history will also have to be
reviewed. Such a review could disclose that the security of our naval
communications was never seriously questioned for the following reasons:
? The National Security Agency (NSA), the government agency responsible
for communications security (comsec), considered that most of the crypto-
graphic systems in fleetwide use were adequately secure from foreign crypto-
logic attack (which they probably were).
? The procedures established by NSA for controlling.and handling cryp-
tographic equipment and keying materials, if universally and uniformly
followed, would have provided adequate security of this material from theft or
espionage. In the same way, established procedures for background investiga-
tions should have ensured the integrity of the individuals with access to
cryptographic materials. Obviously, neither of these procedures were followed
in the case of the Walker spy ring.
? As was the case with the German Intelligence Service in World War II,
NSA may have had an institutional bias against the possibility that the systems
and procedures that it had implemented were being exploited. Investigations
into suspected security leaks would be focused on exhausting all other possible
sources of the leak before the security of crypto-covered communications was
questioned.
? In many cases, there were other possible sources of these leaks, ranging
from discussions on insecure telephones to operational security indicators.
These could have been used by foreign intelligence analysts to gain foreknowl-
edge of US naval operations.
*To avoid arousing suspicion, the Soviets, like the British in World War II,
are likely to have made careful use of the intelligence gained from US
communications. Information about the Walker spy ring probably was tightly
compartmented within the highest levels of the Soviet intelligence establish-
ment. (Yurchkenko was only "briefed in" on the Walker case by the KGB so
that he could conduct an investigation of how Walker was caught.)
? The cost and logistic difficulties involved in changing US naval com-
munications cryptographic systems worldwide would be staggering. Such a
move could not be done without hard evidence that these communications
systems were being exploited, which the Soviets could have gone to great
lengths to avoid providing. With Walker and Whitworth operating inside the
naval communications organization, such changes would have been immedi-
ately passed on to the Soviets, anyway. Nonetheless, the immense costs of such
a change would tend to reinforce a belief that our communications were
secure.
In any case, it appears that we shared many of the reasons that the
Germans had for believing in the security of their naval communications. The
obverse, that our communications were not secure, was too damaging to
contemplate. Quoting Rear Admiral Studeman again, "... virtually all the
information required to plan, operate, command, maintain, modernize, repair,
replenish, warn, inform and control the military forces of all the services and
our allies is exchanged electrically via communications systems, most of which
are considered secure by virtue of their cryptographic cover." 9
More Safeguards Needed
There is no easy solution to this crucial problem. New procedures and
systems are likely to ensure the security of our naval communications over the
short term. The Soviets have proven to be patient and cunning adversaries,
however, and. even now they could be attacking our communications systems
using high-speed computers or recruiting the next generation of spies to provide
key material.
Is there anything that we can learn from these two cases to augment our
technical efforts for safeguarding our secure communications? The comsec
problem involves a number of different disciplines, including physical security,
comsec procedures, cryptographic systems, foreign collection systems, integrity
of personnel, and espionage. Thus, any approach to the problem has to be truly
multidisciplined.
? A permanent Department of Defense committee comprised of mem-
bers from the various government intelligence agencies should be established
on a continuing basis to investigate and appraise the security of US Govern-
merit communications, using all available sources of intelligence and other
information. This joint committee should act as a clearing-house in following
up on anomalous or unexplained foreign activity that might be related to
comsec.
? Existing comsec and personnel procedures should be strictly adhered to
by all government agencies and branches of the armed services. Command
responsibility for violations of these procedures should be an explicit element of
these procedures.
? Current procedures should be reexamined periodically to determine
their feasibility and effectiveness. Where possible, security-related procedures
should be simplified and streamlined to ensure that they are universally
understood and implemented.
? Security awareness programs should be expanded in order to educate our
personnel regarding the foreign espionage threat and possible indicators of
espionage activity.
? Consideration should be given to the use of a "security minimize," which
would caution commanders from using regular secure communications in areas
or during periods of known foreign electronic collection activities.
? For particuarly sensitive message traffic, the use of nonelectrical means
of communications, including the use of officer couriers, fiber-optic landlines
and other high-technology systems, should be investigated.
None of these suggestions will ensure the security of our communications,
because all of them depend on the weakest link, human beings, to implement
them. The easiest way to exploit secure communications is to recruit an agent
within the system who either copies the messages or provides our adversaries
with the ability to copy them themselves. We may not be able to stop such,
espionage activity, but we can certainly make it harder for our enemies to
obtain sensitive information.
The real lesson that these two cases provide is that comsec cannot be taken
for granted. A final quote from Rear Admiral Studeman sums up the problem:
"History is replete with examples of the benefits and risks associated with
comsec made vulnerable by espionage or otherwise penetrated for the benefit
of one side or another. Such vulnerabilities sustained over time have altered the
course of history and can do so again in the future." 1D
NOTES
1. Ralph Erskine, "Naval Enigma: The Breaking of Heimisch and Triton." Intelligence and
National Security Spring, 1988 pps. 162-163.
2. Erskine, 'p. 163.
3. John Winton, Ultra at Sea p. 4.
4. Winton, p. 104.
5. Thomas B. Allen and Norman Polmar, Merchants of Treason, (New York: Delacorte Press,
1988) pps. 262-263.
6. U.S. Congress, Senate Committee on Governmental Affairs, Permanent Subcommittee on
Investigations, Foreign Missions Act and Espionage Activities in the United States,
Hearings, (Washington: U. S. Govt. Print. Off., 1986), p. 103.
7. U. S. Congress, pps. 99-100.
8. John Barron, Breaking the Ring, (Boston: Houghton Mifflin Company, 1987) pps. 209-210.
9. U.S. Congress, p. 97.
10. U.S. Congress, p. 99..