Category Archives: NSA

WASHINGTON: On September 8 the National Security Agency (NSA), the US signals-intelligence organization, intercepted its first communications indicating a possible imminent terrorist attack, of what later turned out to be passenger jets blowing into the WTC, but they clearly failed to prevent that from happening, revealed Newsweek.

William M Arkin who authored the book On That Day: The Definitive Timeline of 9/11, contributed his investigations for the Newsweek. Writing for the news magazine, Arkin says between September 8th and 11th, the NSA intercepted telephone calls and other transmissions, but neither were translated into English nor disseminated. Going back as early as August 27, allied signals agencies had also intercepted other communications indicating the gathering storm.

On that day, an al Qaeda member in Madrid said over the telephone: In our lessons we have entered the field of aviation. Weve even cut the throat of the bird. The NSA would later determine that a more accurate translation of the last sentence is probably: We are even going to cut the eagles throat, which they take to be a reference to the impending attacks on America.

On September 10, the NSA reportedly intercepted two more communications between individuals monitored for terrorist connections. One says: The match is about to begin, and the other that Tomorrow is zero hour.

Referring to this intercept, former Senator Bob Graham later wrote in his book Intelligence Matters that the communication from Afghanistan had said that the big match was scheduled for the next day. The other referred to the next day as zero hour.

The NSA historian James Bamford writes, ... NSAs vacuum cleaner swept in two more messages culled from the days electronic haystack. The first contained the phrase The match begins tomorrow, and the second said Tomorrow is zero hour. But even though they came from suspected al Qaeda locations in Afghanistan, no one would translate them until September 12.

The intelligence community will later argue that the warnings did not provide any indication of where, when, or what activities might occur.

The lack of attention to known al Qaeda communications from Afghanistan is startling given that, between May and July, the NSA reported at least 33 separate communications suggesting a possibly imminent terrorist attack.

None of these intercepts provided specific information on the attack, but they were widely (and quickly) disseminated within the intelligence communications and drove the highest alerts of 2001, particularly around July 4.

In fact, on June 22, CIA director George Tenet is said to be nearly frantic over imminent threats based upon a recent intercept. All of which makes NSAs lackadaisical approach around September even more puzzling.

Read more from the original source:
WTC attacks: Tale of how NSA failed to act on intel communications - The News International

Published 10 September 2021

The National Security Adviser to the President, Retired Maj.-Gen. Babagana Monguno, says intelligence remains the most effective instrument in fighting insurgency and banditry.

Monguno stated this on Friday, in Abuja while speaking at the public presentation of a research report titled Terrorism and Banditry: The Nexus, conducted by the Goodluck Jonathan Foundation.

The NSA, who is one of the panellists at the event, said that evolvement witnessed globally in the 21st century had made tackling insecurity more difficult, hence the need for intelligence.

He said that while intelligence came in various ways including human intelligence, technical intelligence, cyber intelligence and others, human intelligence derived from the local community remained the most important.

For as long as an agent of government decides to franchise or eliminate the agent of community, then you are depriving yourself of the most important oxygen, which is intelligence from the local community, he said.

Monguno said that what Nigeria needed to do in tackling its current security challenge was to learn from the experience of developed countries.

Intelligence is the driver of operation.

No matter how much you spend on defence forces land, air, maritime or police, if you lack the relevant intelligence, you will just be like three blind men operating in a dark environment.

Read Also

You can imagine what that will amount to, he said.

According to him, while intelligence comes in various layers it must be fused together and acted upon timely, saying intelligence in itself has a very short shelf life.

From the moment you get intelligence if the operational elements do not respond with the speed required that intelligence becomes stale and it compounds the problems that will come later, he said.

Another member of the panellist, Crisis Groups Nigeria Senior Adviser, Nnamdi Obasi, stressed the need to scale up security presence in the country, especially the ungoverned areas.

Obasi also stressed the need to improve on humanitarian assistance to those affected by insecurity.

On his part, a former Director of the Department of State Services, Mike Ejiofor, stressed the need to improve the capacity of security agencies and deal with the issue of bad eggs among security agencies.

(NAN)

Read the original:
Intelligence remains effective instrument in fighting insurgency NSA - Punch Newspapers

Within the last year, Congress and the Departments of Treasury, Labor, and Health and Human Services have issued a bevy of new rules that aim to improve health care cost transparency and encourage consumer engagement. In October 2020, the Departments released final rules on the Transparency in Coverage requirements that apply to group health plans. Subsequently, in December 2020, Congress passed a variety of additional plan transparency requirements under the Consolidated Appropriations Act of 2021 (CAA), some of which overlap with the Department's rules.

Many of these new requirements have already taken effect or will soon go into effect for the 2022 plan year. With the rollout of the No Surprises Act (NSA), new requirements for member ID cards and Advanced Explanation of Benefits (AEOB) communications have also been introduced.

For plan years beginning January 2022 or later, NSA now requires that member ID cards (both electronic and print) include the following:

To summarize: An ID card (paper or electronic) must be provided to plan participants with any deductible and out-of-pocket maximums applicable to their plan, as well as a phone number and website where they can seek consumer assistance information.

NSA has also introduced a requirement for AEOBs (applicable to all services, in- and out-of-network, by providers and facilities). AEOBs must be provided whenever an appointment is made for services and also whenever requested by the member, even without an appointment.

For every scheduled service and upon member request, the payer must provide the member with an AEOB that includes:

To summarize: Providers must ask patients whether they are enrolled in a group health plan and if so, provide an estimate of the expected charges to the patient's insurer. After receiving the estimate, plans must provide an advanced EOB to the plan participant that informs them whether the provider/facility is in-network, what the plan will pay, and any cost-sharing requirements.

Here at Zelis, we're adapting our ID card communications to deliver NSA-ready cards on behalf of clients by designing templates to each payer's compliance specifications and the required fields as detailed above.

Using client-provided data, we work with payers to create NSA-ready templates for AEOBs (in both print and digital format), while supporting increased EOB/AEOB volume and distinguishing between pre-service estimates and claims for received care.

Moreover, Zelis helps clients leverage AEOBs for strategic pre-service communication to members through:

The No Surprises Act impacts all healthcare organizations, from large health plans and systems to small medical offices and individual providers. As such, leaders across the healthcare industry must directly understand the details of the legislation prior to implementation or have a trusted advisor with legislative expertise who can guide them to appropriate solutions.

From the patient-facing Advanced Explanation of Benefits through to adjudication, arbitration, and settlement, alignment with the NSA requirements will require organizations to adapt internal capabilities or outsource solutions or find some combination of the two. Companies may have to alter their infrastructure and processes to administer all aspects of the law.

And according to proprietary research, providing accurate Advanced Explanation of Benefits (AEOBs) to member-patients and meeting the tight post-service timeline in which providers and insurers must complete adjudication, remediation, and arbitration will be the most challenging areas for organizations to tackle, particularly for substantial claims.

To further explore getting started with NSA compliance, reach out to your Zelis representative or contact us here.

For access to additional information, visit Zelis'No Surprises Act Information Hub.

Continued here:
The low-down on the latest NSA Member ID and Advanced EOB Requirements - Healthcare Dive

The Kanpur district administration has invoked the stringent National Security Act (NSA) against two aides of gangster Vikas Dubey who are facing conspiracy charges in connection with the ambush in Bikru village on July 3, 2020, officials said on Sunday. Eight policemen were gunned down by Dubey and his henchmen in the attack.

The two charged with the NSA are Jai Bajpai and Prashant Shukla, who are currently in the Kanpur Dehat jail. Bajpai was the financer of Vikas Dubey who was killed in an alleged police encounter a week after the ambush. Five of his associates were also gunned down in separate encounters. The police alleged Bajpai handled the logistics for the ambush. Shukla was a close associate of Dubey, and allegedly provided him logistical help.

The DM invoked NSA against Jai Bajpai and Prashant Shukla on the basis of the police report, said ADG (Kanpur zone) Bhanu Bhaskar. He added that the NSA had been invoked against seven accused in the case so far.

Bajpai was arrested on July 20 last year. According to the police, on July 4, a day after the attack, he was supposed to take Dubey and his associates to a safe place but could not.

Visit link:
Bikru ambush: NSA invoked against two aides of gangster Vikas Dubey - The Indian Express

The twentieth anniversary of the attacks of September 11, 2021 are a good time to reflect on the world weve built since then. Those attacks caused incalculable heartbreak, anger and fear. But by now it is clear that far too many things that were put into place in the immediate aftermath of the attacks, especially in the areas of surveillance and government secrecy, are deeply problematic for our democracy, privacy and fairness. Its time to set things right.

The public centerpiece of our effort to increase government surveillance in response to the attacks was the passage of the Patriot Act, which will have its own 20th anniversary on October 26. But much more happened, and far too much of it was not revealed until years later. Our government developed a huge and expensive set of secret spying operations that eviscerated the line between domestic and foreign surveillance and swept up millions of non-suspect Americans' communications and records. With some small but critical exceptions, Congress almost completely abdicated its responsibility to check the power of the Executive. Later, the secret FISA court shifted from merely approving specific warrants to a quasi-agency charged with reviewing entire huge secret programs without either the knowledge or the authority to provide meaningful oversight. All of these are a critical part of the legacy of September 11.

Yet even after all of these years, theres no clear evidence that you can surveil yourself to safety.

Of course, we did not invent national security or domestic surveillance overreach 20 years ago. Since the creation of the Federal Bureau of Investigation in the early twentieth century, and the creation of the National Security Agency in 1952, the federal government has been reprimanded and reformed for overreaching and violating constitutionally protected rights. Even before 9/11, the NSAs program FAIRVIEW forged agreements between the government agency and telecom companies in order to monitor phone calls going in and out of the country. But 9/11 gave the NSA the inciting incident it needed to take what it has long wanted: a shift to a collect-it-all strategy inside the U.S. to match, in many ways, the one it had already developed outside the U.S., and the secret governmental support to try to make it happen. As for those of us in the general public, we were told in the abstract that giving up our privacy would make us more secure even as we were kept in the dark about what that actually meant, especially for the Muslims and other Americans unfairly targeted.

The surveillance infrastructure forged or augmented in the post-war-on-terror world is largely still with us. In the case of the United States, in addition to the computer servers, giant analysis buildings, weak or wrong legal justifications, and the secret price tag, one of the lasting and more harmful effects has been on the public. Specifically, we are still too often beholden to the mentality that collecting and analyzing enough information can keep a nation safe. Yet even after all of these years, theres no clear evidence that you can surveil yourself to safety. This is true in general but its especially true for international terrorism threats, which have never been numerous or alike enough to be used to train machine learning models, much less make trustworthy predictions.

But there are copious amounts of evidence of ongoing surveillance metastasis: the intelligence fusion centers, the national security apparatus, the Department of Homeland Security, enhanced border and customs surveillance have been deputized to do things far afield from their original purpose of preventing another foreign terrorist attack. Even without serious transparency, we know that those powers and tools have been used for political policing, surveilling activists and immigrants, denying entry to people because of their political stances on social media, and putting entire border communities under surveillance.

The news in the past 20 years isnt all bad, though. We have seen the government end many of the specific methods developed and deployed by the NSA immediately after 9/11. This includes the infamous bulk call details record program (albeit replaced with an only slightly less problematic program). It also includes the NSAs metadata collection and the about searching done under the UPSTREAM program off of the Internet backbone. We also have cut back on the unlimited gag orders accompanying National Security Letters. Each of these was accomplished through different paths, but none of them exist today as they did immediately after 9/11. We even pushed through some modest reforms of the FISA court.

But the biggest good news is the growth of encryption across the digital world, from the encrypting of links between the servers of giants like Google, to the Lets Encrypt project encrypting web traffic, to the rise of end-to-end encrypted tools like Signal and WhatsApp that have given people around the world greater protections against surveillance even as the governments have become more voracious in their appetites for our data. Of course, the fights over encryption continue, but we should note and celebrate our victories when we can.

Other nefarious programs continue, including the Internet backbone surveillance that EFF has long sought to bring to the public courts in Jewel v. NSA. And in addition to federal surveillance, weve seen the filtering of the collect it all mentality manifest in our local police departments both through massive surveillance technology injections and in the slow enmeshing of local with federal surveillance. We still do not have a full public account of the types and scope of surveillance that has been deployed domestically, much less internationally, although EFF is trying to piece some of it together with our Atlas of Surveillance.

Twenty years is a good long time. We now know more of what our government did in the aftermath and we know how little safety most of these programs produced, along with the disproportionate impact it had on some of our most vulnerable communities. Its time to start applying the clear lessons from that time and continue to uncover, question, and dismantle both the mass surveillance and the unfettered secrecy that were ushered in when we were all afraid.

More here:
The Other 20-Year Anniversary: Freedom and Surveillance Post-9/11 - EFF

India's first research vessel and missile tracking ship, Dhruv, is planned to be commissioned by NSA Ajit Doval at Andhra Pradesh's Visakhapatnam on 10 September 2021.

The launch ceremony will be attended by Chief of Naval Staff Admiral Karambir Singh and NTRO Chairman Anil Dasmana, along with other DRDO and Navy officials.

1- INS Dhruv is built by Hindustan Shipyard in collaboration with Defence Research and Development Organisation (DRDO) and National Technical Research Organisation (NTRO). It is designed by Vik Sandvik Design India.

2- The ship will map ocean beds for research and detect enemy submarines, track incoming nuclear-tipped ballistic missiles and aircraft at long ranges. It will be jointly manned by the Indian Navy, NTRO and DRDO.

3- The ship that costs around 1500 crores has a displacement of more than 10,000 tonnes, length of 175 metres, a beam of 22 metres, and a draught of 6 metres.

4- It can attain a speed of 21 knots and is powered by two imported 9,000 kilowatts combined diesel and diesel (CODAD) configuration engines and three 1200 kilowatt auxiliary generators.

5- The 10,000-tonne ship is housed with long-range radars, dome-shaped tracking antennae and advanced electronics.

6-With the induction of INS Dhruv, India joins a select group of countries like the US, the UK, Russia, China and France to have such specialized vessels.

The ship will not only help in creating maritime domain awareness for India in the Indian Ocean but will also act as an early warning system for hostiles missiles headed towards the country.

Once an incoming missile is detected by the radars on board the ship, Ballistic Missile Defence (BMD) systems can take over to track and shoot them down.

INS Dhruv will also help in monitoring the flight trajectories and telemetry data of the Agni land-based missiles and 'K' series of submarine-launched ballistic missiles launched by India during trials.

The development comes at a time when the era of underwater armed and surveillance drones has dawned. China regularly sends such ships and survey vessels to the Indian Ocean Region (IOR) to map oceanographic and other data useful for navigation and submarine operations, among other purposes.

As India has land disputes with China and Pakistan and both nations have nuclear ballistic missile capabilities, INS Dhruv will enhance India's maritime security architecture as it will be able to project threats to India in real-time.

Read: INS Viraat: Important and Interesting Facts

Read this article:
INS Dhruv to be commissioned on September 10 by NSA Doval: All you need to know about the N-missile tracking ship - Jagran Josh

America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.

In the document, titled Quantum Computing and Post-Quantum Cryptography, the NSA said it "has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.

Is the NSA worried about the threat posed by a "cryptographically relevant quantum computer" (CRQC)? Apparently not too much.

"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist," it stated, which sounds fairly conclusive though in 2014 the agency splurged $80m looking for a quantum computer that could smash current encryption in a program titled Owning the Net, so the candor of the paper's statements is perhaps open to debate.

What the super-surveillance agency seems to be saying is that it's not a given that a CRQC capable of breaking today's public-key algorithms will ever emerge, though it wouldn't be a bad idea to consider coming up with and using new techniques that could defeat a future CRQC, should one be built.

It's almost like the NSA is dropping a not-so-subtle hint, though why it would is debatable. If it has a CRQC, or is on the path to one, it might want to warn allies, vendors, and citizens to think about using quantum-resistant technologies in case bad people develop a CRQC too. But why would the spies tip their hand so? It's all very curious.

Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems

Eric Trexler, VP of global governments at security shop Forcepoint, told The Register: "Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems. This includes public-key asymmetric cryptography, one of the two different types of cryptosystems in use today."

Public-key cryptography is what the world relies on for strong encryption, such as TLS and SSL that underpin the HTTPS standard used to help protect your browser data from third-party snooping.

In the NSA's summary, a CRQC should one ever exist "would be capable of undermining the widely deployed public key algorithms used for asymmetric key exchanges and digital signatures" and what a relief it is that no one has one of these machines yet. The post-quantum encryption industry has long sought to portray itself as an immediate threat to today's encryption, as El Reg detailed in 2019.

"The current widely used cryptography and hashing algorithms are based on certain mathematical calculations taking an impractical amount of time to solve," explained Martin Lee, a technical lead at Cisco's Talos infosec arm. "With the advent of quantum computers, we risk that these calculations will become easy to perform, and that our cryptographic software will no longer protect systems."

Given that nations and labs are working toward building crypto-busting quantum computers, the NSA said it was working on "quantum-resistant public key" algorithms for private suppliers to the US government to use, having had its Post-Quantum Standardization Effort running since 2016. However, the agency said there are no such algos that commercial vendors should adopt right now, "with the exception of stateful hash signatures for firmware."

Smart cookies will be glad to hear that the NSA considers AES-256 and SHA-384 "safe against attack by a large quantum computer."

Jason Soroko, CTO of Sectigo, a vendor that advertises "quantum safe cryptography" said the NSA report wasn't conclusive proof that current encryption algos were safe from innovation.

"Quantum computers alone do not crack public key cryptography," he said, adding that such a beast would need to execute an implementation of Shors algorithm. That algo was first described in 1994 by an MIT maths professor and allows for the calculation of prime factors of very large numbers; a vital step towards speeding up the decryption of the product of current encryption algorithms.

"Work on quantum resistant cryptographic algorithms is pushing forward based on the risk that Universal quantum computers will eventually have enough stable qubits to eventually implement Shors algorithm," continued Soroko. "I think its important to assume that innovation in both math and engineering will potentially surprise us."

While advances in cryptography are of more than merely academic interest to the infosec world, there is always the point that security (and data) breaches occur because of primarily human factors. Ransomware, currently the largest threat to enterprises, typically spreads because someone's forgotten to patch or decommission a machine on a corporate network or because somebody opens an attachment from a malicious email.

Or there's the old joke about rubber hose cryptanalysis, referring to beating the passwords out of a captured sysadmin.

Talos' Lee concluded: In a world where users will divulge their passwords in return for chocolate or in response to an enticing phishing email, the risk of quantum computers might not be our biggest threat.

Read the original:
NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption - The Register

MOSCOW, September 2. /TASS/. Violations of user rights by IT giants who are now directly checking information and data contained in peoples personal gadgets entails a risk that governments will later monopolize this function, former US NSA staffer Edward Snowden said on Thursday.

"Its no longer a company question, its a government question. So, you have to ask yourself can Apple say no to the US government, the Russian government, the Chinese government, the German government, the French government, the British government? Of course, the answer is no. Not if they want to keep selling their products in these countries. Thats dangerous," he said.

He recalled that Apple earlier announced plans to look for illegal content on their phones even before this information is saved on their servers. "Instead of private companies scanning their files in the cloud on their system, now they are doing it on your phone. This has caused a lot of concern for people around the world even though they say that the system for now is only rolling out in the United States." Snowden noted. "The reasons for it are once Apple proves that it is possible for them to scan for some kind of forbidden content <> they cant decide in the future what kind of files would be searched for."

According to him, this function will give Apple opportunity to look through and search for any personal information stored on phones. "Now they are telling your device what to look for. And if they find something thats forbidden, thats against the law <> but tomorrow it can be something else, some new category. You dont know what they are scanning for," he said. "Once Apple breaks down this barrier between their servers and your phone and now they start scanning on your phone, they can scan for anything, they scan for political criticism, they can scan for financial records," he concluded.

In early August, Apple revealed that the company would start checking messages and iCloud content for child pornography. Apple said on Thursday that the necessary means to technically do that would be introduced in the new software for all its devices.

The rest is here:
Actions of IT giants pave the way for states to monopolize data Snowden - TASS

Growing up in New York City, I always wanted to be a spy. But when I graduated from college in January 1968, the Cold War and Vietnam War were raging, and spying seemed like a risky career choice. So I became an electrical engineer, working on real-time spectrum analyzers for a U.S. defense contractor.

In 1976, during a visit to the Polish Army Museum in Warsaw, I saw an Enigma, the famous German World War II cipher machine. I was fascinated. Some years later, I had the good fortune of visiting the huge headquarters of the cipher machine company Crypto AG (CAG), in Steinhausen, Switzerland, and befriending a high-level cryptographer there. My friend gave me an internal history of the company written by its founder, Boris Hagelin. It mentioned a 1963 cipher machine, the HX-63.

Like the Enigma, the HX-63 was an electromechanical cipher system known as a rotor machine. It was the only electromechanical rotor machine ever built by CAG, and it was much more advanced and secure than even the famous Enigmas. In fact, it was arguably the most secure rotor machine ever built. I longed to get my hands on one, but I doubted I ever would.

Fast forward to 2010. I'm in a dingy third subbasement at a French military communications base. Accompanied by two-star generals and communications officers, I enter a secured room filled with ancient military radios and cipher machines. Voil! I am amazed to see a Crypto AG HX-63, unrecognized for decades and consigned to a dusty, dimly lit shelf.

I carefully extract the 16-kilogram (35-pound) machine. There's a hand crank on the right side, enabling the machine to operate away from mains power. As I cautiously turn it, while typing on the mechanical keyboard, the nine rotors advance, and embossed printing wheels feebly strike a paper tape. I decided on the spot to do everything in my power to find an HX-63 that I could restore to working order.

If you've never heard of the HX-63 until just now, don't feel bad. Most professional cryptographers have never heard of it. Yet it was so secure that its invention alarmed William Friedman, one of the greatest cryptanalysts ever and, in the early 1950s, the first chief cryptologist of the U.S. National Security Agency (NSA). After reading a 1957 Hagelin patent (more on that later), Friedman realized that the HX-63, then under development, was, if anything, more secure than the NSA's own KL-7, then considered unbreakable. During the Cold War, the NSA built thousands of KL-7s, which were used by every U.S. military, diplomatic, and intelligence agency from 1952 to 1968.

The reasons for Friedman's anxiety are easy enough to understand. The HX-63 had about 10600 possible key combinations; in modern terms, that's equivalent to a 2,000-bit binary key. For comparison, the Advanced Encryption Standard, which is used today to protect sensitive information in government, banking, and many other sectors, typically uses a 128- or a 256-bit key.

In the center of the cast-aluminum base of the HX-63 cipher machine is a precision Swiss-made direct-current gear motor. Also visible is the power supply [lower right] and the function switch [left], which is used to select the operating modefor example, encryption or decryption.Peter Adams

A total of 12 different rotors are available for the HX-63, of which nine are used at any one time. Current flows into one of 41 gold-plated contacts on the smaller-diameter side of the rotor, through a conductor inside the rotor, out through a gold-plated contact on the other side, and then into the next rotor. The incrementing of each rotor is programmed by setting pins, which are just visible in the horizontal rotor.Peter Adams

Just as worrisome was that CAG was a privately owned Swiss company, selling to any government, business, or individual. At the NSA, Friedman's job was to ensure that the U.S. government had access to the sensitive, encrypted communications of all governments and threats worldwide. But traffic encrypted by the HX-63 would be unbreakable.

Friedman and Hagelin were good friends. During World War II, Friedman had helped make Hagelin a very wealthy man by suggesting changes to one of Hagelin's cipher machines, which paved the way for the U.S. Army to license Hagelin's patents. The resulting machine, the M-209-B, became a workhorse during the war, with some 140,000 units fielded. During the 1950s, Friedman and Hagelin's close relationship led to a series of understandings collectively known as a gentleman's agreement" between U.S. intelligence and the Swiss company. Hagelin agreed not to sell his most secure machines to countries specified by U.S. intelligence, which also got secret access to Crypto's machines, plans, sales records, and other data.

But in 1963, CAG started to market the HX-63, and Friedman became even more alarmed. He convinced Hagelin not to manufacture the new device, even though the machine had taken more than a decade to design and only about 15 had been built, most of them for the French army. However, 1963 was an interesting year in cryptography. Machine encryption was approaching a crossroads; it was starting to become clear that the future belonged to electronic encipherment. Even a great rotor machine like the HX-63 would soon be obsolete.

That was a challenge for CAG, which had never built an electronic cipher machine. Perhaps partly because of this, in 1966, the relationship among CAG, the NSA, and the CIA went to the next level. That year, the NSA delivered to its Swiss partner an electronic enciphering system that became the basis of a CAG machine called the H-460. Introduced in 1970, the machine was a failure. However, there were bigger changes afoot at CAG: That same year, the CIA and the German Federal Intelligence Service secretly acquired CAG for US $5.75 million. (Also in 1970, Hagelin's son Bo, who was the company's sales manager for the Americas and who had opposed the transaction, died in a car crash near Washington, D.C.)

Although the H-460 was a failure, it was succeeded by a machine called the H-4605, of which thousands were sold. The H-4605 was designed with NSA assistance. To generate random numbers, it used multiple shift registers based on the then-emerging technology of CMOS electronics. These numbers were not true random numbers, which never repeat, but rather pseudorandom numbers, which are generated by a mathematical algorithm from an initial seed."

This mathematical algorithm was created by the NSA, which could therefore decrypt any messages enciphered by the machine. In common parlance, the machines were backdoored." This was the start of a new era for CAG. From then on, its electronic machines, such as the HC-500 series, were secretly designed by the NSA, sometimes with the help of corporate partners such as Motorola. This U.S.-Swiss operation was code-named Rubicon. The backdooring of all CAG machines continued until 2018, when the company was liquidated.

Parts of this story emerged in leaks by CAG employees before 2018 and, especially, in a subsequent investigation by the Washington Post and a pair of European broadcasters, Zweites Deutsches Fernsehen, in Germany, and Schweizer Radio und Fernsehen, in Switzerland. The Post's article, published on 11 February 2020, touched off firestorms in the fields of cryptology, information security, and intelligence.

The revelations badly damaged the Swiss reputation for discretion and dependability. They triggered civil and criminal litigation and an investigation by the Swiss government and, just this past May, led to the resignation of the Swiss intelligence chief Jean-Philippe Gaudin, who had fallen out with the defense minister over how the revelations had been handled. In fact, there's an interesting parallel to our modern era, in which backdoors are increasingly common and the FBI and other U.S. intelligence and law-enforcement agencies sporadically tussle with smartphone manufacturers over access to encrypted data on the phones.

Even before these revelations, I was deeply fascinated by the HX-63, the last of the great rotor machines. So I could scarcely believe my good fortune in 2020 when, after years of negotiations, I took possession of an HX-63 for my research for the Association des Rservistes du Chiffre et de la Scurit de l'Information, a Paris-based professional organization of cryptographers and information-security specialists. This particular unit, different from the one I had seen a decade before, had been untouched since 1963. I immediately began to plan the restoration of this historically resonant machine.

People have been using codes and ciphers to protect sensitive information for a couple of thousand years. The first ciphers were based on hand calculations and tables. In 1467, a mechanical device that became known as the Alberti cipher wheel was introduced. Then, just after World War I, an enormous breakthrough occurred, one of the greatest in cryptographic history: Edward Hebern in the United States, Hugo Koch in the Netherlands, and Arthur Scherbius in Germany, within months of one another, patented electromechanical machines that used rotors to encipher messages. Thus began the era of the rotor machine. Scherbius's machine became the basis for the famous Enigma used by the German military from the 1930s until the end of WW II.

To understand how a rotor machine works, first recall the basic goal of cryptography: substituting each of the letters in a message, called plaintext, with other letters in order to produce an unreadable message, called ciphertext. It's not enough to make the same substitution every timereplacing every F with a Q, for example, and every K with an H. Such a monoalphabetic cipher would be easily solved.

A rotor machine gets around that problem usingyou guessed itrotors. Start with a round disk that's roughly the diameter of a hockey puck, but thinner. On both sides of the disk, spaced evenly around the edge, are 26 metal contacts, each corresponding to a letter of the English alphabet. Inside the disk are wires connecting a contact on one side of the disk to a different one on the other side. The disk is connected electrically to a typewriter-like keyboard. When a user hits a key on the keyboard, say W, electric current flows to the W position on one side of the rotor. The current goes through a wire in the rotor and comes out at another position, say L. However, after that keystroke, the rotor rotates one or more positions. So the next time the user hits the W key, the letter will be encrypted not as L but rather as some other letter.

Though more challenging than simple substitution, such a basic, one-rotor machine would be child's play for a trained cryptanalyst to solve. So rotor machines used multiple rotors. Versions of the Enigma, for example, had either three rotors or four. In operation, each rotor moved at varying intervals with respect to the others: A keystroke could move one rotor or two, or all of them. Operators further complicated the encryption scheme by choosing from an assortment of rotors, each wired differently, to insert in their machine. Military Enigma machines also had a plugboard, which swapped specific pairs of letters both at the keyboard input and at the output lamps.

The rotor-machine era finally ended around 1970, with the advent of electronic and software encryption, although a Soviet rotor machine called Fialka was deployed well into the 1980s.

The HX-63 pushed the envelope of cryptography. For starters it has a bank of nine removable rotors. There's also a modificator," an array of 41 rotary switches, each with 41 positions, that, like the plugboard on the Enigma, add another layer, an unchanging scramble, to the encryption. The unit I acquired has a cast-aluminum base, a power supply, a motor drive, a mechanical keyboard, and a paper-tape printer designed to display both the input text and either the enciphered or deciphered text. A function-control switch on the base switches among four modes: off, clear" (test), encryption, and decryption.

In encryption mode, the operator types in the plaintext, and the encrypted message is printed out on the paper tape. Each plaintext letter typed into the keyboard is scrambled according to the many permutations of the rotor bank and modificator to yield the ciphertext letter. In decryption mode, the process is reversed. The user types in the encrypted message, and both the original and decrypted message are printed, character by character and side by side, on the paper tape.

While encrypting or decrypting a message, the HX-63 prints both the original and the encrypted message on paper tape. The blue wheels are made of an absorbent foam that soaks up ink and applies it to the embossed print wheels.Peter Adams

Beneath the nine rotors on the HX-63 are nine keys that unlock each rotor to set the initial rotor position before starting a message. That initial position is an important component of the cryptographic key.Peter Adams

To begin encrypting a message, you select nine rotors (out of 12) and set up the rotor pins that determine the stepping motion of the rotors relative to one another. Then you place the rotors in the machine in a specific order from right to left, and set each rotor in a specific starting position. Finally, you set each of the 41 modificator switches to a previously determined position. To decrypt the message, those same rotors and settings, along with those of the modificator, must be re-created in the receiver's identical machine. All of these positions, wirings, and settings of the rotors and of the modificator are collectively known as the key.

The HX-63 includes, in addition to the hand crank, a nickel-cadmium battery to run the rotor circuit and printer if no mains power is available. A 12-volt DC linear power supply runs the motor and printer and charges the battery. The precision 12-volt motor runs continuously, driving the rotors and the printer shaft through a reduction gear and a clutch. Pressing a key on the keyboard releases a mechanical stop, so the gear drive propels the machine through a single cycle, turning the shaft, which advances the rotors and prints a character.

The printer has two embossed alphabet wheels, which rotate on each keystroke and are stopped at the desired letter by four solenoids and ratchet mechanisms. Fed by output from the rotor bank and keyboard, mechanical shaft encoders sense the position of the alphabet printing wheels and stop the rotation at the required letter. Each alphabet wheel has its own encoder. One set prints the input on the left half of the paper tape; the other prints the output on the right side of the tape. After an alphabet wheel is stopped, a cam releases a print hammer, which strikes the paper tape against the embossed letter. At the last step the motor advances the paper tape, completing the cycle, and the machine is ready for the next letter.

As I began restoring the HX-63, I quickly realized the scope of the challenge. The plastic gears and rubber parts had deteriorated, to the point where the mechanical stress of motor-driven operation could easily destroy them. Replacement parts don't exist, so I had to build such parts myself.

After cleaning and lubricating the machine, I struck a few keys on the keyboard. I was delighted to see that all nine cipher rotors turned and the machine printed a few characters on the paper tape. But the printout was intermittently blank and distorted. I replaced the corroded nickel-cadmium battery and rewired the power transformer, then gradually applied AC power. To my amazement, the motor, rotors, and the printer worked for a few keystrokes. But suddenly there was a crash of gnashing gears, and broken plastic bits flew out of the machine. Printing stopped altogether, and my heartbeat nearly did too.

I decided to disassemble the HX-63 into modules: The rotor bank lifted off, then the printer. The base contains the keyboard, power supply, and controls. Deep inside the printer were four plastic snubbers," which cushion and position the levers that stop the ratchet wheels at the indicated letter. These snubbers had disintegrated. Also, the foam disks that ink the alphabet wheels were decomposing, and gooey bits were clogging the alphabet wheels.

I made some happy, serendipitous finds. To rebuild the broken printer parts, I needed a dense rubber tube. I discovered that a widely available neoprene vacuum hose worked perfectly. Using a drill press and a steel rod as a mandrel, I cut the hose into precise, 10-millimeter sections. But the space deep within the printer, where the plastic snubbers are supposed to be, was blocked by many shafts and levers, which seemed too risky to remove and replace. So I used right-angle long-nosed pliers and dental tools to maneuver the new snubbers under the mechanism. After hours of deft surgery, I managed to install the snubbers.

The ink wheels were made of an unusual porous foam. I tested many replacement materials, settling finally on a dense blue foam cylinder. Alas, it had a smooth, closed-cell surface that would not absorb ink, so I abraded the surface with rough sandpaper.

After a few more such fixes, I faced just one more snafu: a bad paper-tape jam. I had loaded a new roll of paper tape, but I did not realize that this roll had a slightly smaller core. The tape seized, tore, and jammed under the alphabet wheels, deeply buried and inaccessible. I was stymiedbut then made a wonderful discovery. The HX-63 came with thin stainless-steel strips with serrated edges designed specifically to extract jammed paper tape. I finally cleared the jam, and the restoration was complete.

One of the reasons why the HX-63 was so fiendishly secure was a technique called reinjection, which increased its security exponentially. Rotors typically have a position for each letter of the alphabet they're designed to encrypt. So a typical rotor for English would have 26 positions. But the HX-63's rotors have 41 positions. That's because reinjection (also called reentry) uses extra circuit paths beyond those for the letters of the alphabet. In the HX-63, there are 15 additional paths.

Here's how reinjection worked in the HX-63. In encryption mode, current travels in one direction through all the rotors, each introducing a unique permutation. After exiting the last rotor, the current loops back through that same rotor to travel back through all the rotors in the opposite direction. However, as the current travels back through the rotors, it follows a different route, through the 15 additional circuit paths set aside for this purpose. The exact path depends not only on the wiring of the rotors but also on the positions of the 41 modificators. So the total number of possible circuit configurations is 26! x 15!, which equals about 5.2 x 1038. And each of the nine rotors' internal connections can be rewired in 26! different ways. In addition, the incrementing of the rotors is controlled by a series of 41 mechanical pins. Put it all together and the total number of different key combinations is around 10600.

Such a complex cipher was not only unbreakable in the 1960s, it would be extremely difficult to crack even today. Reinjection was first used on the NSA's KL-7 rotor machine. The technique was invented during WW II by Albert W. Small, at the U.S. Army's Signal Intelligence Service. It was the subject of a secret patent that Small filed in 1944 and that was finally granted in 1961 (No. 2,984,700).

Meanwhile, in 1953, Hagelin applied for a U.S. patent for the technique, which he intended to use in what became the HX-63. Perhaps surprisingly, given that the technique was already the subject of a patent application by Small, Hagelin was granted his patent in 1957 (No. 2,802,047). Friedman, for his part, had been alarmed all along by Hagelin's use of reinjection, because the technique had been used in a whole series of vitally important U.S. cipher machines, and because it was a great threat to the NSA's ability to listen to government and military message traffic at will.

The series of meetings between Friedman and Hagelin that resulted in the cancellation of the HX-63 was mentioned in a 1977 biography of Friedman, The Man Who Broke Purple, by Ronald Clark, and it was further detailed in 2014 through a disclosure by the NSA's William F. Friedman Collection.

After a career as an electrical engineer and inventor, author Jon D. Paul now researches, writes, and lectures on the history of digital technology, especially encryption. In the 1970s he began collecting vintage electronic instruments, such as the Tektronix oscilloscopes and Hewlett-Packard spectrum analyzers seen here. Peter Adams

The revelation of Crypto AG's secret deals with U.S. intelligence may have caused a bitter scandal, but viewed from another angle, Rubicon was also one of the most successful espionage operations in historyand a forerunner of modern backdoors. Nowadays, it's not just intelligence agencies that are exploiting backdoors and eavesdropping on secure" messages and transactions. Windows 10's telemetry" function continuously monitors a user's activity and data. Nor are Apple Macs safe. Malware that allowed attackers to take control of a Mac has circulated from time to time; a notable example was Backdoor.MAC.Eleanor, around 2016. And in late 2020, the cybersecurity company FireEye disclosed that malware had opened up a backdoor in the SolarWinds Orion platform, used in supply-chain and government servers. The malware, called SUNBURST, was the first of a series of malware attacks on Orion. The full extent of the damage is still unknown.

The HX-63 machine I restored now works about as well as it did in 1963. I have yet to tire of the teletype-like motor sound and the clack-clack of the keyboard. Although I never realized my adolescent dream of being a secret agent, I am delighted by this little glimmer of that long-ago, glamorous world.

And there's even a postscript. I recently discovered that my contact at Crypto AG, whom I'll call C," was also a security officer at the Swiss intelligence agencies. And so for decades, while working at the top levels of Crypto AG, C" was a back channel to the CIA and Swiss intelligence agencies, and even had a CIA code name. My wry old Swiss friend had known everything all along!

This article appears in the September 2021 print issue as The Last Rotor Machine."

The Crypto AG affair was described in a pair of Swedish books. One of them was Borisprojektet : rhundradets strsta spionkupp : NSA och ett svensk snille lurade en hel vrld [translation: The Boris Project: The Biggest Spy Coup of the Century: NSA and a Swedish genius cheated an entire world], 2016, Sixten Svensson, Vaktelfrlag, ISBN 978-91-982180-8-4.

Also, in 2020, Swiss editor and author Res Strehle published Verschlsselt: Der Fall Hans Bhler [translation: Encrypted: The Hans Bhler Case], and later Operation Crypto. Die Schweiz im Dienst von CIA und BND [Operation Crypto: Switzerland in the Service of the CIA and BND].

Read the original post:
The Scandalous History of the Last Rotor Cipher Machine - IEEE Spectrum

Written by Naz Haider | Published : January 27, 2017 10:17 AM IST

Call me a noob, but I don't usually get modern chatting jargons. Years ago, it took me a while to decode ROFL and TIA (thanks in advance), and then later I had to break my head over lingo modern parents used. DD, DS, DH are all darling daughter, darling son and darling husband respectively, and there are loads like these! It wasn't surprising, therefore, when I learnt of a few abbreviations people use on chats and dating platforms now and was totally clueless about what those meant. If you do not want to feel like an ancient caveman, you need to be up to date about the language people speak nowadays, and that includes knowing the terms people use. So to help you not feel lost, here is a list of terms that you need to know before you start swiping on tinder.

Have you come across any terms that you would like to share? Please post it in the comments below.

Image: Shutterstock

Join us on

See the article here:
What does NSA, FWB, MBA mean? Modern dating lingo ...