Ultra and the Walkers

This html article is produced from an uncorrected text file through optical character recognition. Prior to 1940 articles all text has been corrected, but from 1940 to the present most still remain uncorrected.  Artifacts of the scans are misspellings, out-of-context footnotes and sidebars, and other inconsistencies.  Adjacent to each text file is a PDF of the article, which accurately and fully conveys the content as it appeared in the issue.  The uncorrected text files have been included to enhance the searchability of our content, on our site and in search engines, for our membership, the research community and media organizations. We are working now to provide clean text files for the entire collection.

 

key

works, messages were double-enciphered using two

Although a complete naval Enigma machine was taken from the captured U-110 in May 1941, German Admiral Karl Doenitz was assured that his U-boats’ secret cables were secure throughout the war. Similarly, 20 years of military “failures” should have tipped U. S. military and intelligence ser­vices to the Walker spy ring’s activities. Why didn’t they?

Modern military services, particularly navies, de­pend heavily on secure radio communications in all aspects of their operations. To ensure that these communications are secure from foreign intelligence organizations, messages are enciphered using crypto­graphic systems so that only those persons with the system can decipher the messages. The enciphered messages are then transmitted openly over various radio frequencies. Foreign radio receivers can copy these transmissions, but cannot decipher them into plain language without the cor­rect cryptographic system. If, however, a potential adver­sary develops the ability to decipher these communica­tions and the users are unaware of this capability, the adversary has acquired an intelligence source of unparal­leled accuracy and utility, which, in the event of war, could mean the difference between victory and defeat.

These types of intelligence sources have borne signifi­cant fruit during the 20th century. British and U. S. cryp­tologic successes before and during World War I and U. S. successes against Japanese naval codes in World War II are two examples. British exploitation of German naval communications in the Atlantic during World War II illus­trates the war-winning utility of such sources.

Unfortunately, the interest in these and other examples are not merely historic. Through the activities of the John Walker spy ring, the Soviet Union acquired the ability to decipher “secure” U. S. naval communications during the 17-year period 1967-1983.

One common element in the success of the British in deciphering German naval communications during World War II and the Soviets’ success in deciphering more recent

U. S. naval communications was that in both cases th^e users of these communications remained unaware that their messages were being compromised. If we exarm^ne both cases for useful parallels, we may not be doomed to repeat history.

Ultra and the Atlantic War                                        ^

During World War II, British cryptanalytic efforts, conjunction with other forms of intelligence, allowed th^e Allies to read German naval and other military messag^e traffic, providing the Royal Navy and, subsequently, *h^e U. S. Navy with accurate and reliable intelligence on Ge^f' man Navy operations, plans, and capabilities. The Get' mans were having similar successes against British con¹' munications, but the British deduced that their na^v11 communications had been compromised and were able ¹⁰ defeat the German cryptologic effort by introducing ³ new, improved cipher system. The Germans, on the oth^ef hand, remained generally unaware that their naval con¹' munications were being exploited by the Allies through⁰¹¹ the war.

“Ultra” was the code word for special intelligence d^£ rived from successful British efforts to break the cod²’ used to transmit German military radio traffic. These m¹'¹ tary messages were machine-encrypted by a cryptograph¹¹ device called the “Enigma” machine. All three Gem¹¹"¹ service branches used Enigma, though each used its °^ivl1 type of “key”—rotor order, ring settings, plugboard c°^ nections, and ground settings, all of which were change frequently. In addition, each service used different kw settings for each communications network. In some n^et settings, making them extremely difficult to break usiⁿ- cryptanalytic methods. The German Navy also strove even greater security by using four-letter code group’] keyed to code books, that were placed in the text of so'¹¹¹ messages before encryption.¹ Thus, the German mih^tar^ particularly the navy, had good cause to believe its coU’ munications were secure from foreign exploitation.

Fortunately for the Allies, the British code-breaking ^eS tablishment at Bletchley Park had obtained an Enigⁿ¹‘ machine from the Poles in August 1939, along with ^lfl structions on breaking the German Army and Air Fo^fl>

i

j

i

1

1

t

T

e

a_c . At various times throughout the war, the British CO(i_c'^ret* ^additional pieces of Enigma equipment such as subrn- ^an^ ^settings from captured German ships and a_nai . ^nes- This material greatly assisted the crypt- 194^e^^ort at Bletchley Park, so that by the spring of fi.— - . ^erman naval operational message traffic began to

fin

^rnish

„^At the

'nvaluable intelligence to the Allies.

s_afe ~ ,^outseL the British admiralty was concerned about ^COUld

,S^Uarding the security of Ultra, recognizing that it

su_Sd- ^easi>y be denied to them if the Germans became and n ^{l0US t}*^le'^r communications security. Key settings Etiig °^Ceh^Ures could be changed more frequently and the Se_CUr- ^{a mac}hine itself could be enhanced to provide more rec_ent ^’ ^events that actually did occur late in the war. A ^acc°unt of the use of Ultra in the war at sea states:

“ . . . operational gain had to be balanced against the future prospect of losing what Mr. Churchill called ‘the precious secret of ULTRA’. Too much success could be disastrous. Too many U-boats sunk, for in­stance, at their remote refuelling rendezvous might arouse the enemy’s suspicions and cause him to change cyphers which had been only broken after much labor over a long period of time. Worse, it might even cause him to doubt the inviolability of the ENIGMA coding machine.”³

As a result of this concern, knowledge of Ultra was limited to a handful of senior naval officers, and any oper­ations undertaken as a result of Ultra information had to have a plausible cover story to provide a logical reason for the operation. Ultra messages were themselves enciphered using a one-time pad, and special storage and accounting procedures for Ultra material were rigidly enforced.⁴

Despite these security precautions, operational use of Ultra over time gave the Germans cause for concern. As the volume and timeliness of Ultra material improved in late 1941, it became possible to use the information tacti­cally. This was particularly important in the war at sea in the Atlantic, where Ultra information on the location of

with

man tanker U-boats at their rendezvous positions

w**^s

security concerns—the Naval Intelligence Service-

German U-boats was used to reroute Allied convoys away from the submarine threat.

These operational uses inevitably raised German suspi­cions but the Germans generally focused on Allied espio­nage networks rather than on the security of their commu­nications. Admiral Karl Doenitz, commander of the U-boat fleet, was repeatedly assured that German message ciphers were secure and unbreakable.⁵ Even so, during the war Doenitz changed communications procedures to pro­tect important parts of his messages. These changes in­cluded the use of an enciphered grid system and coded reference points to indicate locations within the messages and various ways to cover the identity of individual sub­marines, which at one point during the war included the use of the U-boat commanders’ given names as a message address. These measures periodically made it more diffi­cult for the British to provide Ultra intelligence on some U-boat patrol locations, but failed to stop the British from deriving useful information from German naval communi­cations.

While the British were exploiting operational U-boat messages, the German Navy cryptologic service, the B-Dienst, was beginning to read the Royal Navy’s main cipher. Doenitz was able to use this special intelligence material to position his U-boats along the paths of Allied Atlantic convoys beginning in late October 1941.⁶ Using Ultra material to vector the convoys away from U-boat positions, the British admiralty was able to limit U-boat encounters. When the anticipated U-boat successes against these convoys failed to materialize despite the ex­cellent intelligence on which U-boat deployments were based, Admiral Doenitz became concerned.

“[Doenitz| was once again made suspicious by the comparatively high failure rate in the latter half of 1941, against convoys which had been accurately lo­cated by the B-Dienst Service. It was indeed mathemat­ically unlikely that so many U-boats should sight noth­ing, no matter how accurately they were directed, and so many convoys should randomly change course at what was always the most opportune moment for them.”⁷

Something was wrong and the Germans knew it. The possibility that German message traffic was being ex­ploited was raised again by Doenitz to the chief of the German Naval Intelligence Service, but he was repeatedly assured that his communications were secure. Doenitz states in his memoirs: “Our ciphers were checked and rechecked, to make sure they were unbreakable; and on each occasion the head of the Naval Intelligence Service at Naval High Command adhered to his opinion that it would be impossible for the enemy to decipher them.”⁸ The Ger­mans believed that only human spy networks in occupied France could have provided intelligence to the British on U-boat orders of battle and their departures from and re­turns to the various operational ports. They also believed that Allied spies could have had sources in the German Navy providing information on U-boat movements, patrol areas, and other operations.

Doenitz’s response was to increase security around

U-boat installations and cut back on the distribution of operational U-boat information.⁹ Early in 1942, the Ger­mans changed the Enigma machines and issued a ne" Enigma key for U-boats. This change appears to have been the result of routine evolution rather than a response to security concerns. References to an upcoming change¹¹¹ Enigma had been made in the spring of 1941, before Bn¹' ish convoy operations made the Germans suspicious- This action was particularly damaging to the British cryp' tologic effort, however, effectively denying access to Ger­man U-boat message traffic for ten months. Not until De­cember 1942 did Bletchley Park break the new U-boa¹ key.¹¹

During this period, the B-Dienst had begun readier Royal Navy operational message traffic with increasing success. This included communications that were used to direct Atlantic convoy traffic. Information from lt*^lS source was used operationally by Doenitz to direct U-b°^at attacks on the convoys, increasing Allied losses. Briti^stl Naval Intelligence correctly deduced that the Germ^anij were exploiting Royal Navy communications and change*¹ their cipher system in June 1943, effectively stopping B*e hemorrhage of information from this source for the rest o the war.¹²

In early 1943, after Bletchley Park had begun to decryP¹ the new U-boat ciphers, British and U. S. attacks on Get-

other U-boats again forced Doenitz to question his see¹¹ rity. This resulted, as before, in a search for Allied esp*° nage agents in the German Navy.¹³ U-boat community tions were assumed to be secure. Indeed, even after th^ war Doenitz did not know that the British had expl°'^te his message traffic.¹⁴                             ^

Why, in the face of considerable evidence of All*^e foreknowledge about German U-boat operations, was th^e security of German naval communications never serious) questioned? There appear to be several related ansv/e* ‘

► The difficulties that the German cryptologic service* had with British codes early in the war made them con*¹ dent that the Allies would have similar problems. j

► There were often other possible explanations for All*® actions, i.e., air reconnaissance, the use of radar and hi Sr frequency direction finding, and Allied espionage. Tl*¹ was generally supported by the care with which the Bri^tlS attempted to use Ultra information operationally. j

► There was an implicit understanding of the logistics a** other difficulties in developing and fielding an entirp i new cipher system to all German military users dufl**» wartime.

► The German organization that investigated Doeni*²'

also responsible for the cipher systems used in naval co*¹* munications. Thus, there was likely an institutional h* against considering that the ciphers were being broket ► There was a psychological tendency to discourage picions of Enigma. “They believed it was absolutely^ cure because they wanted to believe, it was secure- ^ These postulated reasons are mutually reinforcing **ⁿ tend to support the last, which may be the most importa*¹ ’ as we shall see in the Walker case.

Was

in 19₈₃

recruited by Walker in 1971 until his own retirement

lion

and

.We believe that

are on the downside of the problem . . . .’ ”¹⁶ ,. nir ^hlgh-_r

We

This sanguine view did not last long. In August 1985,

I^Walker Spy Ring

The John Walker espionage case is in many ways com­P etely different from the British cryptologic effort during °rld War II, but both resulted in the compromise and ^exPloitation of an adversary’s secure communications.

In May 1985, after a long, convoluted espionage inves- '§ation, the FBI arrested John Walker and the other mem- srs of his spy ring: son Michael Walker, brother Arthur ^alker, and friend Jerry Whitworth. The latter two were Prosecuted for espionage and related charges, and all are Irving sentences in federal prisons.

I he two principal members were John Walker and Jerry _£ j¹'!^worth, both of whom had served in the U. S. Navy as • ^lsted communications specialists and had access to mil- ^ry cryptographic material and information. John Walker ' o this material—the cryptographic key—to the Soviets ^o/n at least 1967 until his retirement from the Navy in o- Whitworth participated possibly from the time he

mmediately after the Walker ring members’ arrests, the _Si ^Vernment began to investigate the damage to national urity interests. The compromises were initially consid- the A^^arna§*ⁿ§’ but manageable. “Assessing the impact of Walker-Whitworth betrayal a month after their arrest, ^'ral James D. Watkins, the Chief of Naval Opera­^s> declared that the Navy has the problem ‘bounded ^Can leave it in the dust behind us . .

his _p^ranhiⁿg Soviet KGB defector Vitaly Yurchenko told “I debriefers that “the information delivered by _me^a..^er enabled the K.G.B. to decipher over a million perd^s ¹⁷ "hhis amounts to more than 160 messages k_n y during a 17-year period. While there is no way of Ihe rv^ ^W^^{at s}P^ecifi^c messages were read by the Soviets, _St n-Di^rect°^r of Naval Intelligence Rear Admiral William files ,^eiTlan ^^{as test}ified that they likely included classified t_ech^Sa§^es regarding naval ship locations and operations— c,_u ⁿtefil and operational information that would have in- fiav i ^naval intelligence data and activities, as well as ^al Plans and procedures.¹⁸

the m ^a^^tershock of these revelations is still being felt in pro ^3V^' ^^ven though new cryptographic material and _cJ^eJ^Ures have been introduced, can we ever again be there ^{Cnt t}*^{lat our} communications are truly secure? Are Pfirts ^0t^^er Walkers still at work within the Navy or other the   government? And why did we not suspect that

tion ■ f^VlCt Union was exploiting our naval communica- Oc °^{r Suc}^ ^a I°ⁿS period?

fled ^Casionally there were reasons to believe that classi- s_Usn^{0Perations were} being compromised, but even if such rfii_Se ^Cl0ns were investigated, the source of the compro­mise! ^{WaS 8cneralI}y attributed to poor operational security— he_ar(j^SSl0ns in public places that could have been over- viet ’ ^an(T logistics or other operational patterns that So- rath_e^ana*^^{sts cou}ld have pieced together, for example— ti_0ns,^r fb^an to insecure communications. These explana- 'Q not satisfy everyone, however, and the suspicion mounted as: Soviet intelligence collection ships began to show up routinely in exactly the right places and times to monitor our exercises or weapon tests; the Soviets reacted in unexpectedly low-key ways to our naval operations near their coasts; the quality of Soviet ships, submarines, and aircraft began to improve much faster than our estimates. Richard Haver, the Deputy Director of Naval Intelligence and one of the Navy’s most experienced Soviet Navy ana­lysts, periodically voiced his concern. “Beginning in the early 1970’s, Haver periodically saw signs that ‘some­thing was wrong,’ that the Soviets knew things they should not have known. Privately, he sometimes won­dered about the security of U. S. communications. But ... he had no proof. Discovery of the Walker-Whitworth

Before high-ranking KGB agent Vitaly Yurchenko ended his strange, three-month “defection” in 1985 by returning to the Soviet Union (above), he gave the FBI a clearer picture of the damage John Walker’s espionage did to U. S. security. Although Yurchenko was only “briefed” about the Walker case by the KGB, he was told that Walker enabled the Soviets to decipher more than a mil­lion messages in 17 years.

espionage suddenly made everything clear.”¹⁹

Now that we know our communications were being exploited by the Soviets since at least 1967, U. S. military “failures” in Vietnam, Iran, and elsewhere—the abortive 1969 raid on the Son Tay prisoner of war camp in North Vietnam, for example—should be reassessed. The Son Tay camp was suddenly evacuated by the Vietnamese sev­eral weeks before the raid for no apparent reason. The would-be rescuers arrived to find the camp deserted. Had the Soviets learned about the raid from our communica­tions and told their Vietnamese allies about it in advance?

J^dlin

ade ^erSally ^and uniformly followed, would have provided l_n .?^Uate security of this material from theft or espionage, inve ^{6 Same wa}y> established procedures for background Uai_s ^Stl§^at>ons should have ensured the integrity of individ- n_eith^{W,lh ac}cess to cryptographic materials. Obviously, W_an^er °f these procedures worked in the case of the ► s'*' ring.

It!t_en!ⁿ§ responsible for ComSec, NSA, like the German it>stit,!?-^ence Service in World War II, may have had an

Si ■

•jular questions can now be asked about many of our the°P^erat*^ons from Vietnam through Grenada. When tied ^Cta*'^{s t}^^lc British use of Ultra in World War II were lari ^aSS'^^etl ^and released in 1974, the entire war, particu- war at sea in the Atlantic, had to be reexamined. Walt*^{1 3nc}* ^ specific compromises resulting from the hav ^{£r Case are} P^ublic|y released, recent history will also that ^l° ^rewr*^tten- Meanwhile, it is worthwhile to spee­ch ⁰ⁿ some of the reasons that the security of our naval ^ Tk^1Un'^Cat'^{ons was never} seriously questioned. ag_e ⁶ Atonal Security Agency (NSA), the government S_e ^cy responsible for communications security (Corn- fleet ^C°^ns’dered that most of the cryptographic systems in _att ^3se were adequately secure from foreign cryptologic ^ Th ^^3nC* likely were).

■ ^e Procedures established by NSA for controlling and vi_nj ^lng cryptographic equipment and keying materials, if pr₀ ^utl°ual bias against considering that the systems and Inv? ^Ures ^^ey ^baci implemented were being exploited, cu^gations into suspected security leaks would be fo- °ⁿ exhausting all other possible sources of the leak

before the security of crypto-covered communications was questioned.

► In many cases, there were other possible sources of these leaks, ranging from discussions on insecure tele­phones to operational security indicators. These could have been used by foreign intelligence analysts to gain foreknowledge of U. S. naval operations.

► The Soviets, like the British in World War II, likely used the intelligence gained from U. S. communications carefully, to avoid arousing our suspicions. Information about the actual source of cryptographic material itself— the Walker spy ring—was likely kept tightly compart- mented within the very highest levels of the Soviet intelli­gence establishment. (Vitaly Yurchenko was only “briefed in” to the Walker case by the KGB to conduct an investigation of why Walker was caught.)

►  The cost and logistics difficulties involved in changing U. S. naval communications cryptographic systems worldwide would be staggering. Such a move could not be done without hard evidence that these communications systems were being exploited, which the Soviets would have likely gone to great lengths to avoid providing. With

Prised of members from the various government intel-

ljk^ence agencies to investigate and appraise the security of

liable

sources of intelligence and other information.

alker and Whitworth operating inside the naval commu­tations organization, such changes would have been immediately passed on to the Soviets anyway, but the '^■nense costs of such a change would tend to reinforce a ^ oof that our communications were secure.

Like the Germans in World War II, we simply wanted to ^eneve that our communications were secure. The other ^reas°ns mentioned supported this desired belief, it appears that we shared many of the reasons that the ^ermans had for believing in the security of their naval oonunications. That our communications were not se­nate was too damaging to contemplate. As Admiral ademan said, “ . . . virtually all the information re- i ^lred to plan, operate, command, maintain, modernize, Patr, replenish, warn, inform and control the military ^rces of all the services and our allies is exchanged elec- ^cally via communications systems, most of which are nsidered secure by virtue of their cryptographic _t ver.”²⁰ The _very importance of secure communications ^naval operations makes it difficult to question how se­^re these communications really are.

Unlearned?

► Expand security awareness programs to educate our personnel about the foreign espionage threat and possible indicators of espionage activity.

►  Consider the use of a “security minimize” that would warn commanders not to use regular secure communica­tions in areas or during periods of known foreign elec­tronic collection activities, for example when a Soviet ship or aircraft is known to be in the area.

► Investigate the use of nonelectrical means of communi­cations for particularly sensitive message traffic, to in­clude the use of officer couriers, fiber-optic landlines, and other high-technology systems.

None of these suggestions will ensure the security of our communications, because all of them depend on the weakest link—humans—to implement them. The easiest way to exploit secure communications is by having an agent in the system who either copies the messages or, worse, provides our adversaries with the ability to copy them themselves.

The central lesson from the Ultra and Walker cases is that communications security cannot be taken for granted. As Admiral Studeman said, “History is replete with ex­amples of the benefits and risks associated with ComSec made vulnerable by espionage or otherwise penetrated for the benefit of one side or another. Such vulnerabilities sustained over time have altered the course of history and can do so again in the future.”²¹ ‘Ralph Erskine, “Naval Enigma: The Breaking of Heimisch and Triton,” Intelli­gence and National Security, Spring 1988, pp. 162-163.

²Ibid., p. 163.

³John Winton, Ultra at Sea (London: Cooper, 1988), p. 1.

⁴Ibid., p. 4.

⁵Patrick Beesly, Very Special Intelligence (Garden City, New York: Doubleday, 1978), p. 169.

⁶Winton, p. 103.

⁷Ibid., p. 104.

⁸Admiral Karl Doenitz, quoted in Beesly, p. 169.

⁹Beesly, p. 169. ^l0Winton, pp. 104-105.

“Wladyslaw Kozaczuk, ENIGMA, edited and translated by Christopher Kasparek (University Publications of America, 1984), p. 197. ^l2Ibid., pp. 197-200.

¹³Ibid., p. 198.

¹⁴Beesly, p. 169.

¹⁵Winton, p. 104.

^I6Thomas B. Allen and Norman Polmar, Merchants of Treason (New York: Delacorte Press, 1988), pp. 262-263.

¹⁷U. S. Congress, Senate Committee on Governmental Affairs, Permanent Sub­committee on Investigations, Foreign Missions Act and Espionage Activities in the United States, Hearings (Washington, DC: Government Printing Office, 1986), p. 103.

¹⁸Ibid., pp. 99-100.

^l9John Barron, Breaking the Ring (Boston: Houghton Mifflin, 1987), pp. 209-210. ²⁰Congress, p. 97.

²¹Ibid., p. 99.

Captain Smith holds the Edwin T. Layton Chair of Military Intelligence at the Naval War College and serves as the War College’s staff intelli­gence advisor, head of the intelligence division of the operations depart­ment, and as Special Security Officer. A qualified surface warfare officer and Chinese linguist, he has served: on the staffs of CinCUSNavEur, ComFirstFlt, and CinCLantFlt; on attache duty in Taiwan; as executive assistant to the Director of Naval Intelligence; and as commanding offi­cer of the Fleet Ocean Surveillance Information Facility Western Pacific in Japan. A graduate of the University of Connecticut, he has a master’s degree in international relations from the University of Southern Califor­nia, is a graduate of the Naval War College’s College of Naval Warfare, and served as officer in charge of the Naval Operational Intelligence Center detachment at the Center for War Gaming.