It is 59 years since David Irving's The Mare's Nest was published, and it is surprising that the massive release of records from the Second World War hasn't prompted a new look at the German development of cruise and ballistic missiles. My particular interest is, of course, the intelligence story: the way in which Sigint, Humint, Imint and Techint were fused to develop an understanding of what these weapons were and how – whether – they could be countered.
Perhaps it is the way in which the release of new records has added to the complexity which has led to its not being retold. Just one part of the Sigint story might serve to illustrate this. It is a story of gross German Air Force irresponsibility on the one hand, and of an almost wilful prejudice on the part of the authorities at Bletchley Park, and concerns the Traffic Analysis (TA) effort against the LN Versuchs Regiment, the Luftwaffe unit which carried out trials of new communications equipment. (This is a much abridged version of Section K of HW 43/82: The Sixta History, which was written by Mrs W E A Evans in April – May 1945.)
"The W/T picture of LN Versuchs Rgt was one of the first to be recognised as of the highest importance. As far back as 1940, when the number of Enigma keys was small, this network used its own key, E/Brown. Brown was broken in September 1940 and the decodes gave evidence of the Regt's unique position in the German Air Force (GAF) as the unit responsible for every kind of radio research and experiment. The devices developed were handed over to the different units of the GAF to use operationally, but generally there was a period when the staff of LN Versuchs Rgt were themselves concerned with operational working while they were training personnel of the regiments destined eventually to take over from them. Thus, not only did the activities of LN Versuchs Rgt provide an accurate forecast of the trend of radio development, so that what the Brown groups were playing with today would be a practicable device in serious use some six months later, but there were frequently times when the Regiment's networks were themselves used for operational traffic of the highest importance, during the earlier (and therefore more significant) periods of the employment of some new device.
Never was there a network with more need to be secure and with such a completely irresponsible attitude to security. Even the end-of-the-month report from each station saying that the prescribed security lectures had been attended by all personnel, gave such a reliable crib that it was a sure method of breaking the traffic of the last day of the month and at the beginning of the next mouth also, for some stations would certainly be late with their reports.
The trouble really came from the fact that this was the signals organisation of what was itself a signals regiment. Stations were small and Enigma traffic light so that frequently the man who sent the message had himself composed the text and encoded it. He therefore knew all about it and when the receiving operator was in difficulties would help him by giving him the internal indicator used, details of the key setting (including any mistakes which he might afterwards realise that he had made) and often the clear text of difficult parts, like the signature or outlandish placenames. More than that, if the accuracy of the text itself were queried he would come back in clear with an amplification of it or reasons why it must be right. The introduction of female operators in 1943 unexpectedly tightened security, as they didn't know the contents of the messages (though they were chatty on other topics). The exasperated male operator at the other end might then ask for one of his old buddies by name and if available the male operator would come to the set and chat usefully as usual.
One of the earliest examples of the value of these discussions of the contents of traffic was the case, on 26 May 1942, of the French outstation which took the Enigma message giving the early afternoon warning of what the target for his 'Ruffian' beams that night would be and came back to ask his control “3020 ODER 97?” It happened that this was the moment when control was introducing a new series of numbers for the British target-towns and has used “3020” instead of the usual “97” to indicate Southampton. (Unfortunately this was before Y stations were punctilious about submitting all plain language immediately by telephone or teleprinter and the logs were not seen till next morning, by which time Southampton had suffered. It was from this time that the organisation for reading Brown logs urgently was set up.
Usually, however, it was from operators' casual chat that odd bits of information of varying importance were obtained. Much, of course, merely had entertainment value, but a surprisingly high proportion of the gleanings were significant. One of the most straightforward of these was station identity established by operators 'signatures', usually three letters of the operator's name. At times it was the custom for operators to exchange signatures when they first came on duty and to take leave of their opposite numbers before going off. In this way a duty-roster could be compiled by the log reader with sufficient accuracy sometimes to predict days off. This may seem merely frivolous but it had definite uses, as another of the Brown habits was for the cipher clerk to use his own three-letter signature as an internal indicator. The usual practice was for two operators to be on duty together one sending and the other encoding. Hence, if on a particular morning two different signatures were recorded, the one sent less often would be that of the relief operator who was the cipher clerk and the indicator of traffic sent during the morning could be guessed. Similarly, if only one signature was intercepted, a study of the roster for the past few days would establish who was likely to be the other man on duty. Another use of station identity thus established was to suggest what officer's signature would be likely to be found in its traffic and provide a crib.
One of the more satisfactory episodes, when a significant development could be predicted by watching log signatures alone, occurred in the winter of 1941-2, when, after a period of inactivity on the French Group (concerned earlier with beam-bombing), the senior NCO at Control and at each of the outstations was noticeably absent during the early part of December. After 15 December, when the experimental group in NE Germany became active, each of these four men appeared at a different station on the new group, suggesting that they were there to try out refinements of their previous system rather than to learn something new, when they would surely all have appeared at control first. The tests continued until the beginning of March. A few days later the signature of the Chartres operator reappeared there, followed quickly by those of the other three at their old stations, the presumption being that the tests were satisfactory and the device perfected. A fortnight later the 'Baedecker' raids began, using an improved beam technique.
As time went on stations were recognisable from the subject matter or style of their chat, even if neither callsign nor signature were sent. This is where the importance of continuity of the log reading party became apparent. Often (especially after the arrival of female operators) there would be several pages of log consisting of nothing but an interchange of badinage, badly sent and corruptly intercepted, in a mixture of Q-code (often home-made), international 'amateur' procedure and abbreviated German, including of course slang terms. Occasionally a simple cipher would be included.
A story of useful gleanings from frivolous chat occurred on the Baltic Group in December 1943, when V1 plotting had been going on for three months with apparently good results. People were feeling a little edgy about when the flying bombs would be used operationally as the construction of sites in the Pas de Calais had been observed for some time but there was no indication of their being manned. For some days there had been odd scraps of chat between Control and an outstation about another man at control who came from the same home-town as the man at the outstation. They were hoping to meet when on leave, a sum of money being owed from one to the other. On 5 December the operator at Control said that the other man there proposed to give him the money under discussion, presumably because he would not now be meeting the outstation operator. The man at the outstation exclaimed: "What! Is he not coming to France?" (note “coming”). Not at first, said Control, as he has to go on with the tests here till Christmas. Allowing for “embarkation” leave and a fortnight to install themselves (on the analogy of the earlier transfer to France, in 1943), Bomber Command began on the Pas de Calais on Christmas Eve, apparently, we are told, at the right moment.
These instances of insecurity were unauthorised – if operators had obeyed regulations nothing of the kind could have occurred. There were, however, several points at which the German organisation was itself insecure. Apart from the routine message mentioned at the beginning of this section, there was an involved routine of operational instructions when the French beam stations were to work, and a correspondingly simple routine message when they were not to work: “HEUTE KEIN EINSATZ” (No Deployment Today) followed by a signature.
There were few other routine messages, tuning messages being always nonsense. Cryptographic help was provided, however, by the fact that there was nearly always some station (sometimes several) without the current key and obliged to use an old one, so that messages would be re-encoded to suit. The detachment marooned on Bornholm and a party cut off by snow in the Tyrol (the courier killed by an avalanche) are obvious examples but there were many others, unaccountable sometimes but equally convenient.
The callsign system itself was insecure, in that, however involved the plan, there always was some kind of system and it never took very long to work it out, thereby giving away station identity. A habit of the comparatively inactive French stations in the late summer and autumn of 1942 gave information of a different kind. There was in existence then all along the Channel and Atlantic coasts, a system of warnings or signals indicating states of preparedness to meet invasion, either by sea or by air landings. These were indicated by “AX1“, “AX2” and “XS”, showing three degrees of intensity, and were repeated by wireless by French Brown outstations as an indication that they might have to go off the air and were therefore unwilling to get involved in traffic for the moment. They were sent with the time of the alarm and provided the British authorities with information as to whether a coast raid was expected or not, by checking the time given against the time when an alarm could have been given from normal observations. This was judged to be of such value that a system of telephoning the signal from the intercept station through GC&CS to the necessary British authority was instituted. The lines were not very straightforward, having to go through the Broadway exchange, but the record time achieved was nineteen minutes from the intercept set to the final destination.
Brown low-grade traffic was dealt with in its intimate relation to high-grade traffic and plain language, each illuminating the others. This gave the best possible results and no Section was heard to complain of the unorthodox arrangement. All agreed that it was the desirable plan to adopt for other groups with mixed traffic and lamented that it had not been found possible to reorganise Sections to that end. It must be emphasised, however, that the Brown plan only worked because the low-grade traffic was straight-forward enough to be dealt with by amateurs (though with enough intelligence background to know what to expect to find in the traffic). Whether this would have been the case in any circumstances, or whether small cipher experts would have been needed if more obscure codes had been used, cannot now be established.
Another point which contributed to the smooth working of the arrangement was that the codes were, in general, peculiar to this network, so that once their general working was understood it was not necessary to break every bit of the code in detail if sufficient intelligence was being gained in other ways. If the code had been useful in elucidating another, more obscure, network, more detailed work would have been essential and extra personnel with cryptographic experience needed. As it was, it would be truer to say that in most cases the Brown Party interpreted the low-grade traffic, rather than decoded it.
In fact, nothing substantial was added to intelligence by the breaking of Brown Enigma traffic after June 1942. Everything that was derived from source merely confirmed what had been established by low grade traffic and TA. This brings up a question of principle. It was only due to the accommodating practice of the Brown network in always passing a little Enigma traffic that the network was kept on priority cover. The messages about marriage leave for an Obergefreiter or a unit distribution of Christmas presents to married families providentially gave just enough Enigma traffic to provide a backing for the white lie that it was highly significant and needed the best possible cover. Of course, it was always potentially significant but in actual fact it never was (after 1942). For the last three years of the war it traded on the memory of the glorious Brown breaks of the Battle of Britain. Occasionally the Hut 3 intercept control section became restive and looked at the Brown material themselves but on the whole the bluff worked. When it failed, recourse had to be made to Black Market methods of obtaining sets, either at intercept stations not under Hut 3's control or by “under the counter” sets at the stations deputed to give Brown groups a limited amount of cover. Intelligence Control was always most sympathetic over this problem and did wonders while keeping within the strict letter of the law. The intercept stations themselves hated having to step down the priority of a Brown Group and did what they could. There were at least two moments of crisis when the Officers in charge of intercept stations themselves spent an afternoon logging Brown on their private sets, at their own suggestion. If it had not been for this co-operation the rules relating to cover would have resulted in the priority on Brown Groups being downgraded and the task given to less experienced operators and less suitable intercept stations. If the trivial Enigma traffic had been dispensed with altogether (as it well might have been, by the use of landline and courier) the Brown logs, if worth reading at all, would not have been read by a first-class log-reading party with access to technical and other sources of information. This brings up the whole question of the separation of intelligence derived from high and low-grade traffic.
It should be realised that to take only one example, all the information on the performance of V1 which was possessed by the Cabinet Committee on Flying Bombs before the operational launchings was derived from low-grade cipher and TA on the Baltic Group. The significant cover on this group was at intercept stations not controlled by Hut 3 and was obtained elsewhere through the Old Boy network. This is a disquieting thought."
The problem was that operational control of the tasking of intercept stations was dominated by cryptanalysts, and they suffered from the belief that material encrypted on high-grade systems was necessarily more sensitive (and therefore valuable) than material encrypted on low-grade systems, and that plain language material was equally necessarily less sensitive and less valuable. In another part of the forest, part of the success of Double Cross was due to amount of effort the Abwehr had to put in to derive intelligence from the reports of their "agents", and its consequent belief in its value. This is a perennial lesson for intelligence services: the ease or difficulty with which intelligence is acquired is not an indicator of its value.
The problem could be circumvented, because in a large and technologically complex organisation, senior staff tended to believe that their instructions would be carried out. The fact that OICs of interception station kept a bit of resource spare, or that an analytical team, having learned that the system could not intercept the material it needed might contact those OICs to ask for some of that resource, would not occur to the senior staff managing the system. It also demonstrates that the "need to know" principle was managed rather more pragmatically than those at the top of the GC&CS structure might have believed: the OICs gave up resource because they understood what it might produce. (I don't imagine for a minute that this happens only in intelligence services.)
One final comment on German security, and one of the best Sigint insider jokes of the Second World War. The Q-codes used universally by radio operators were enlarged unofficially by Brown operators to meet their own needs. The most notorious instance of this was the introduction, after a security drive, of Q-signatures. Instead of the usual “OP?” enquiry for the name of the operator at the other end, the signal “QWA?” would be sent and the reply would be the letter Q followed by the first two letters of the operator's name, e.g. QHO for Hoffman, so that anyone monitoring would think he had misread a genuine Q-signal. The height of the fun was reached when the brothers Sauer were at different stations and would contact each other thus: -
“QSA ?”
“QSA 1 QSA ?”
“R.QSA 1. QSA 2”.
(Normally QSA means "what is the strength of my signals?" so the exchange looks completely authentic as an exchange of signal strength reports.)
No comments:
Post a Comment