January 24, 1989
Code Name Catastrophe
By William Scott Malone and William Cran
THE COLD WAR between the United States and the Soviet Union may be winding down, but the spy war between them continues. And there's new evidence that America may have suffered greater damage in this secret war than is generally recognized. The Soviets appear to have obtained access to the most deeply held U.S. secret of all -- the codes used to protect our sensitive government messages. U.S. intelligence and law-enforcement officials say they base this analysis on a careful review of the 1985 John Walker spy case, which leads them to two disturbing conclusions:
" The United States hasn't caught all the Soviet code spies. More Walker are probably out there, still undetected. Investigators reached this judgment because of indications that Moscow had other, and perhaps better, sources of U.S. "crypto" secrets than the Walker spy ring.
" The Soviets have broken some supposedly "unbreakable" cipher systems.
Investigators believe that by piecing together technical information provided by Walker and his associates, the Soviets have been able to replicate U.S. hardware and read at least some of our secret message traffic -- a feat that U.S. officials once believed was impossible. " A sign of America's continuing espionage problem came during the past month, with the arrest of U.S. Army Warrant Officer James W. Hall III in Georgia and former Navy chief petty officer Craig D. Kunkle in Virginia. Kunkle, who was arrested during an FBI sting operation two weeks ago, didn't actually pass secrets to the KGB, so he isn't believed to have caused any real damage. But Hall's alleged espionage, if true, was of a far more damaging nature. As an Army signals-intelligence specialist, Hall had access to super-secret U.S. cryptographic machines and keylists, more commonly known as codes and ciphers.
The Walker case showed just how vulnerable these code systems are. John A. Walker Jr., a onetime Navy warrant officer, spied for the KGB for almost 20 years before he was arrested in May 1985, after his ex-wife turned him in to the FBI. Walker had recruited his brother, his 20-year-old son and his best friend into his spy ring.
"It was the greatest case in KGB history," former KGB defector Vitaly Yurchenko told his American debriefers in 1985. "We deciphered millions of your messages. If there had been a war, we would have won it."
"K-Mart has better security than the U.S. Navy," Walker told us during a series of interviews last August for a PBS "Frontline" documentary on the Soviet espionage threat. He noted that he used to tell his partner, Jerry Whitworth, that selling U.S. secrets "was a buyers' market."
What worries Phillip Parker, the former FBI deputy assistant director for
counterintelligence who supervised the Walker case, is that the KGB's handling of Walker demonstrated that he was not their most important agent. "He was just another messenger boy," says Parker. "There are no doubt other John Walkers still out there," agrees a National Security Agency (NSA) official.
From Walker's very first visit to the Soviet Embassy in Washington in December 1967, it was obvious the Soviets were intimately familiar with America's top-secret codes. When Walker, at that first meeting, presented a copy of a Navy keylist stamped "Top Secret Specat [Special Category]," the KGB security officer immediately wanted to know why there was no "Letter of Promulgation" signature on the back of the keylist. It took the
startled spy a few moments to realize that the NSA had recently discontinued the signature practice.
As with the famous Sherlock Holmes case in which the crucial clue was a dog that didn't bark, the most important thing about the Walker case may be the questions the KGB didn't ask him. "I can only deduce that they were getting their information from somewhere else," Walker eventually concluded.
"The NSA boys went pale when I told them about the Russians not wanting anything on the [then most advanced machines]. It meant that it had already been compromised," says Walker. Such a conclusion offers perhaps the most disturbing implication for U.S. security, since a new generationof U.S. code machines had begun to go into service by the early 1980s with the Air Force, Army, Navy and NATO.
To assess the damage done by Walker and the other spies, it's necessary to understand a bit about the arcane science of cryptology. Experts say there are two basic elements to a modern code system: the logic and the key. The humming, Navy-gray code machines contain what is in essence an electronic formula (or algorithm) called the logic. The key is a list of numbers and letters that set the machine and tell the logic formula when to commence. To maximize security, U.S. keylists are changed every 24 hours.
The machines themselves, along with their associated "technical manuals," while closely guarded, are usually not top-secret, because they are distributed around the world and their designers assume they will eventually be lost or stolen. The NSA has long presumed that no machine by itself could be used to read a coded message -- without that day's
keylist. Keylists thus become the object of intense classification and protection.
"In the context of communications information, the keylist is considered the ultimate," recalled Walker's convicted cohort Jerry Whitworth in an interview for the "Frontline" documentary. "The only other thing that's better would be the keylist, tech manual and the equipment. Then you've got the whole shebang."
"Obviously you can't steal the equipment," explains Walker, "so the next best thing would be to give them the technical manual. From the technical manual, you can build the equipment by a process of [reverse] engineering."
Walker did just that. Using a Minox camera, he supplied the Soviets with all the technical manuals he could lay his hands on. "They got the original technical manuals from me and I provided them with amendments [and] modifications to that equipment as they occurred over the years," says Walker. "When Mr. Whitworth took over, he continued to provide those changes basically to the [KWR-]37 and to the [KW-]7" code machines.
The Soviets still needed the daily keylists, but Walker, and later Whitworth, kept them amply supplied. Whitworth let his pride show when discussing a $ 10,000 bonus Walker paid him for providing "months" of continuous keylists. "The bonus thing came up over a period of having years of consistency -- not months, but years," he says.
The NSA had thought that even if this sort of breach occurred, the damage would be limited. Earl David Clark, the former chief of NSA's Office of Communications Security, testified during Whitworth's trial in 1986: "We design our systems [so] that without a key, we are highly confident that no one can read these communications . . . . You would only be able to exploit those communications for which you have that logic [tech manual]
and keying material in which those communications were encrypted. [You] could not read tomorrow's traffic if [you] didn't have tomorrow's key . . . ."
Clark's confidence may have been misplaced. According to Navy officials, the internal design logic of some machines was indeed compromised by the Walker spy ring, and the Soviets were able to read secret U.S. messages without the keylists. Adm. James D. Watkins, then chief of naval operations, obliquely acknowledged the compromise during a June 1985 press briefing. According to Watkins, loss of the cryptographic logic designs was "the most serious area of compromise. Some technical design communications information has probably been lost."
Four months later, after Walker began cooperating with damage-assessment officials, then Navy secretary John Lehman was more specific: "We assume that the Soviets were able to compromise the design logic of some of the cryptographic machines, which would enable them in some cases to crack the code without key cards. And we assume they have."
One of the compromised systems was the most widely used code machine of all, the KW-7, a fact recently confirmed to us by four past or present NSA officials. Although the KW-7 has been replaced, it was once the mainstay of crypto-communications for the entire government. It was also used to communicate with many of our NATO allies. In addition to the KW-7, two NSA officials said that the reliability of the Navy's older KWR-37, used for
one-way, shore-to-ship "Fleet Broadcast" messages, has also been completely written off.
These two code machines were not compromised by the so-called "brute-force" method, which entails having supercomputers run through every possible keylist combination. Rather, the Soviets apparently had so much material -- including the KW-7 hardware, keylists and plain-text versions of messages sent on the system -- that they were able to exploit "design flaws" in the KW-7's logic that allowed them to do what the NSA
had once believed impossible -- "break" the machine's code formula without use of the daily keylist.
"The Soviets have always been reputed to be rather good in code breaking," says David Kahn, author of "The Codebreakers." "It's known that three things seem to be associated with success in code-breaking: musicianship, chess and mathematics. What are the three things the Russians are best at?"
Collectively, Walker and Whitworth supplied some six virtually continuous years of keylists for the KW-7 and KWR-37. Walker says he also provided the Soviets the technical manuals, complete with the precise schematics of the design logic, for the KW-7 and the KWR-37 systems. All subsequent KW-7 and KWR-37 equipment modifications were provided by Whitworth, both spies now confirm.
The Soviets had also obtained actual working versions of these machines. The United States lost both KW-7 and KWR-37 machines in January 1968, when North Korean gunboats seized the U.S. spy ship USS Pueblo for allegedly violating their territorial waters, and at least one other KW-7 was lost in Vietnam in the early 1970s, according to court testimony and Navy documents. So the "design logic" was unquestionably compromised, even when later modified.
The NSA's position at the time, according to former communications security chief Clark, was that even with one of the seized KW-7s, the Soviets "wouldn't be able to decrypt it unless they had a correct key." But within weeks after the Pueblo was seized, the KGB's codebreaking Department 16 had the KW-7's worldwide keylists, courtesy of their newly
recruited spy, Warrant Officer John Walker.
While the Soviets never told Walker how successful their U.S. codebreaking efforts had been, they did once tell him when their KWR-37 replica machine had stopped reading secret U.S. messages in early 1980. Walker and Whitworth subsequently decided the problem stemmed from a new security device called a "Card Reader Insert Board," into which a keylist was placed and then reattached to the machine. Whitworth then sketched this new board and sent it on to Walker.
"I provided a diagram, a tracing . . . of the card reader," Whitworth admits when pressed. "That's true." The Soviets had no further complaints about reading the KWR-37 Fleet Broadcast messages.
By early 1984, the KGB's wish-list for Walker was narrowing. During a chilly meeting outside a Vienna mens' shop, Walker's KGB handler told him they still wanted "7 subsystems" (KW-7 hardware modifications), as well as naval operational orders and plans.
And, in a request that once again seemed to demonstrate the Soviets still had better access to U.S. secrets than either Walker or Whitworth, the KGB agent asked for copies of something called an "NCM," which Walker says stood for some sort of "crypto-related 'National Command Memorandum.'" Neither Walker nor Whitworth had ever heard of this item before.
Fortunately, Walker and Whitworth did not have NSA "crypto clearances," and therefore never had access to the so-called "Blue Channel," used for super-sensitive "special intelligence" information. The Navy employs an entirely separate communications system on ships and bases for such messages, although the systems did use some of the same equipment, including the KW-7 and the KWR-37.
The severe damage done by the Walker ring probably ended several years before they were caught. In the early 1980s, the NSA introduced various safeguards, including canister-type keylist dispensers, that prevented someone from removing a keylist and later returning it; "limited" technical manuals, which contained no logic diagrams; and unphotographable types of keylists for the Navy's new, advanced code machines.
Walker now says the creators of those inovations "should be awarded medals." High praise indeed.
But the demise of the Walker ring didn't stop the KGB. At about the same time Walker's crypto supply to the Soviets ended, Army Warrant Officer James Hall had just come on line in Berlin. As a signals-intelligence specialist for the NSA's military subsidiary, the Army Security Agency, Hall had access to a broad array of U.S. crypto systems, including the
KW-7, according to sources. U.S. sources say that Hall has apparently admitted supplying "important signal-intelligence information" to the KGB's proxies in East Germany from late 1982 to early 1988. Hall is now said to be cooperating with authorities.
What's ominous is that early last year, Hall apparently was told by his Soviet controllers "to cool off his activities." "Hall was flushed," concludes one intelligence source. "There's still someone else out there."
The likelihood that the codebreakers of the KGB's Department 16 were "not only able to copy, but were able to solve" U.S. codes, deeply worries Kean College mathematics professor Cipher Deavours, long close to the secret world of codes and the editor of Cryptologia. "The main assumptions under which the National Security Agency [operates] is that even if the enemy has possession of the machine, he won't be able to read any traffic without the key. That assumption was wrong. And our entire crypto-design
philosophy is built on that."
"You have to assume they're certainly not arresting everybody," says Walker, from his cell in the isolation block of the most secure federal prison at Marion, Ill. "There are obviously other spy rings out there and other players. The fact that there were cryptographic systems and other types of systems that they didn't want is clearly evidence that they had
other sources."
William Scott Malone and William Cran are Emmy-award-winning producers for PBS' "Frontline." They spent almost a year investigating the Walker case for the upcoming "The Spy Who Broke The Code," which will air next Tuesday on PBS.
http://www.navyseals.com/code-name-catastrophe