Report on a James Bamford Talk at Berkeley

[Arnold G. Reinhold]

At 4:42 PM -0500 2/17/02, R. A. Hettinga wrote:
>http://www.lewrockwell.com/orig2/bamfordreport.html
>
>
>Report on a
>James Bamford Talk at Berkeley
>
>James Bamford is the author of The Puzzle Palace and Body of Secrets, books
>about the National Security Agency. He is visiting Berkeley in the School
>of Public Policy, and gave a talk entitled "Intelligence Failures that Led
>to the September 11th Attacks."
>
...
>NSA was created after WWII from the code breaking activity that had
>proceeded during the war. At the time it was created, no one but a couple
>of people even knew it had been created. NSA stands for no such agency, or
>never say anything, or after Puzzle Palace, not secret anymore. To
>illustrate how secret NSA is, after Puzzle Palace was published, Bamford
>went on a book tour. At one point he was scheduled onto a PBS show where
>the other guest was Sen. Bill Bradley. Prior to the show, the Senator asked
>Bamford why he was on the show, and he explained that he had written a book
>on the NSA. Bradley asked him what that was, and Bamford explained. Then
>Bradley went on the show to explain his ideas for the economy, or whatever,
>and then the interview switched to Bamford. Bamford explained that the NSA
>was a secret agency. The interviewer said "How secret?" And, naturally,
>Bamford did not pass on the opportunity to say that it was so secret that
>not even Sen. Bradley knew about it. Bradley was not pleased.

Nonsense! The NSA's existence and purpose hasn't been much of a 
secret since the early 60's, long before The Puzzle Palace was 
published in 1982.  Kahn has a chapter on NSA in The Codebreakers, 
which came out in 1967, and that chapter wasn't much of a revelation 
even back then. No wonder Bradley was not pleased. He'd been 
sandbagged.

>...
>
>About NSA: it is 38,000 people, 50 buildings, on a campus in Maryland, in
>suburban Washington DC. The have the most powerful computers in the world,
>1.6 million tapes in their tape library [tapes?].

The helical scan system, later commercialized as the video tape 
recorder, was invented for NSA so they could record whole swaths of 
the radio spectrum for later analysis. Instead of monitoring each 
station, they could go back and replay the tapes once they knew what 
to look for. I believe they attempted to record the entire HF 
spectrum continuously from multiple locations. 1.6 million tapes 
sounds low if anything.

>Basically they do signals
>intelligence, listening to phone calls, faxes, email, and any sort of
>communication.

Other signals as well, such as missile telemetry, satellite control, 
unintended emissions and all types of radar. (I believe one of the 
arms control treaties prohibits the U.S. and Russian from encrypting 
missile test telemetry.)

>To do this they have extensive facilities all around the
>world. One technique that Bamford mentioned was how they capture microwave
>signals. Microwave, unlike high frequency signals [HF are actually lower
>frequency than microwave, in case you care], do not bounce off the
>ionosphere and travel in a straight line. Towers must be line of sight from
>each other. So how's the NSA going to listen to this? Answer is that some
>of the radiation goes past the receiving station, and continues in its
>straight line out into space. The NSA has satellites out there to grab the
>signals. [Bamford described the satellites as geosynchronous, but that
>wouldn't work.]

I think Bamford got it close to right on this one.  Aviation Week has 
reported on NSA geosynchronous satellite launches from time to time. 
See also 
http://users.ox.ac.uk/~daveh/Space/Military/milspace_sigint.html and 
http://www.fas.org/spp/military/program/sigint/androart.htm

There are several problems with low earth orbit satellites as 
listening systems. First, they only able to monitor any given spot 
for a short time. Target countries can shut off systems of interest 
while the satellite is overhead.  The second is that low earth orbit 
satellites can be attacked more easily and quickly in time of war. 
The U.S. at one time had an air launched missile that could do this. 
Geosynchronous orbit takes more energy and a longer time to get to.

Finally, a directional antenna on a low earth orbit satellite has to 
be steered very rapidly as the satellite moves over its target. That 
is very hard to do mechanically, and electronically steered antennae 
have narrow bandwidths, not what NSA wants for monitoring.  A 
geosynchronous monitoring satellite can have a huge, light weight 
parabolic mesh pointed at Earth. It only needs to steer very slowly, 
if at all. Remember that while signal strength drops as the square of 
the distance, a parabolic antenna's gain grows as the square of its 
diameter.  Geosynchronous orbit is about 50 times higher than typical 
low earth orbits used by NSA, so a 50 times wider antenna gets you to 
beak-even on signal strength.

NSA also uses satellites in 12-hour semi-synchronous elliptical 
orbits for the same reason that the Soviets put their "Molniya" 
communications satellites in similar orbits: the northern portions of 
Russia are not visible from synchronous orbit.

>NSA also makes and breaks codes. The big nasty secret
>within NSA is that in the forty years or more that NSA spent billions of
>dollars on breaking the Soviet codes, they made no progress. No important
>Soviet code was ever broken by the NSA, or by anyone.

Umm, what about Venona? The NSA has lots of info on that break on its 
home page. http://www.nsa.gov/docs/venona/index.html  In that case, 
the Soviets were sloppy in manufacturing onetime pads. Soviets 
undoubtedly used mechanical crypto systems in the 50's and maybe 60's 
whose key length is short by modern standards.  Some of these must 
have been broken by now. The lack of any reports about such breaks 
suggests that the NSA is able to keep such info secret.

This raises an interesting question. How far back does NSA go in 
recovering communications that are only of historic interest? Would 
they release ciphertext of 1950's messages so amateurs could try?

>
>NSA has a whole bunch of listening posts around the world. There's one in
>England. Each post captures about two million messages per hour. They cull
>out the interesting ones in many ways - limiting prefixes, etc. The Soviets
>had a listening post in Cuba for forty years (they are only just now
>dismantling it) and they knew how to filter out the interesting stuff. For
>example, any phone call to prefix 456 in the DC area code was a call to the
>White House, any call to 688 is a call to NSA.

There is no way anyone is going to intercept DC phone calls from a 
station in Cuba. On the other hand, a PC with a UHF receiver card can 
do a great job of monitoring cell phones from the Russian embassy in 
DC. NSA was very upset when the State Department let the USSR build 
its new embassy on a hilltop. Thanks to the none-to-poor encryption 
used by cell phones, any foreign government can afford to monitor 
these calls from their embassies, consular offices or even staff 
apartments.

>
>So what about NSA's involvement in Sept. 11. Some have compared the failure
>to the "failure" at Pearl Harbor. Actually, Pearl Harbor was quite a
>success for the predecessor agencies to NSA. The US had managed to
>completely break the key Japanese codes (Purple), and the German codes
>(Enigma) were also broken. In the case of Pearl Harbor, the US signals
>people picked up the key message to the Japanese embassy in Washington,
>decoded it (it said something like break off relations and destroy all your
>crypto equipment) well in advance of the attack.

About 12 hours.

>The message did not say
>where an attack would come, so the US sent the message to everyone saying
>"Japanese attack expected."

The message (sent in 12 parts) instructed the Japanese Ambassador to 
deliver a note breaking off negotiations at exactly 1 pm  Washington 
time. That was just after dawn in Hawaii. The Emperor wanted a 
legally colorable declaration of war to be delivered just before the 
attack. The Navy got the significance of the timing and specifically 
wanted to warn Pearl Harbor. An earlier message (Nov. 27, 1941) 
warned all bases that war could break out at any time.

>The weather was wrong over the Pacific so the
>usual HF path did not work. Instead the message was sent to Honolulu via
>Western Union, where it arrived a few hours after the attack.

The Navy wouldn't use an Army circuit that was up.  The message 
arrived at Western Union Honolulu in time but was sent to the base by 
bicycle. A teletype link between Pearl and the Honolulu WU office was 
being installed but wasn't up yet. Note that even an hour or two's 
warning would have been enough to get planes and anti-aircraft 
batteries on the ready to put up enough resistance to reduce the 
attacks effectiveness.  Here's a photo showing the clear field the 
Japanese enjoyed that morning: 
http://www.history.navy.mil/photos/images/h50000/h50930.jpg

>
>In contrast, NSA did nothing to help prior to Sept. 11. No monitoring of
>Osama Bin Laden (OBL) was done. The hijackers of the plane that would up
>hitting the Pentagon lived in Laurel, MD, the same town that NSA was in.
>When the hijackers drove from Laurel down US 1 toward Dulles, the traffic
>in the other direction was mostly NSA employees on their way to work.
>Rather embarrassing to the NSA, in fact a disaster of major proportions.
>Realize that the primary goal of NSA, the justification for the billions of
>dollars per year of our citizens money spent by the NSA, is simply to
>prevent a surprise attack. Yet the US and NSA was caught totally
>unprepared. Bush was reading to first graders in Sarasota, the head of NSA
>was having breakfast in downtown Washington.


The parallels between September 11, 2001 and December 7, 1945 are striking:

    o  Both attacks were extremely well planned to preserve surprise.

    o  We had general knowledge that an attack was likely but no 
specific details.

    o  There were bits and pieces of intelligence that were overlooked.

    o  Low tech protection measures were available that could have 
reduced the damage, but were not deployed (torpedo nets in 1941, 
strong cockpit doors in 2001).

    o  There was no command follow up to the general warning to verify 
that preparations were being made.

    o  In both attacks our enemy maintained radio silence. (Admiral 
Yamamoto's orders were delivered by courier to the fleet in Edo 
harbor. Bin Laden team leader in the U.S.  apparently traveled to 
Europe for briefings).

    o  The attacks were far more audacious than anything we expected.

    o  Inter-organizational barriers and communication failures 
diminished our effectiveness.

After both attacks, attempts were made to put the blame on 
intelligence. The failure of military leaders to act on the general 
warnings that intelligence did provide was down played. Admiral 
Kimmel, in charge of Pearl harbor,  explained the presence of nearly 
the entire fleet in port by claiming he wanted the troops to have as 
much rest as possible prior to war. We have yet to hear the excuses 
for 9/11, but there are lots of questions:

    o  What preparations had the Air Force made for dealing with 
suicide aircraft hijackers? (We had been attacked by car bombs, truck 
bombs and a boat bomb.  A small plane had already crashed into the 
White House during the Clinton years. How hard was this to foresee?

    oo  The FAA was initially uncertain as to whether the first flight 
was diverting because it was hijacked or had merely suffered a radio 
failure. Why didn't the FAA have better procedures for dealing with 
loss of radio communication? All it takes is publishing a phone 
number for pilots to call on their cell phones. Do they have one now?

    oo  Why didn't the FAA contact the Air Force immediately when the 
first flight diverted from its flight plan? We were on alert for a 
possible major terrorist action and having a fighter jet along side 
could be helpful to a pilot in an ordinary emergency.

    oo  Why wasn't the first flight of F-15's, scrambled to NYC from 
Otis AFB in Massachusetts, ordered to fly supersonic? They knew at 
that point an attack was in progress. There was enough time to 
intercept the second jet to hit the WTC if they had.

    oo  Why didn't the Air Force scramble fighters to cover Washington 
after the second plane hit the World Trade Center (or sooner). There 
would have been enough time stop the Pentagon attack at least if they 
had. Instead they waited until they a report came in that a third jet 
was missing. By then it was too late.


>
>OBL moved his operations from the Sudan to Afghanistan. The infrastructure
>there was insufficient for OBL's needs, so he contacted an intermediary in
>London who in turn arranged for a student in the US to buy a satellite
>phone. The phone was mailed to London, the service activated there, and the
>phone mailed to OBL. It was an Inmarsat phone. So NSA has a billion
>dollars, they figured this out and got good eavesdropping on OBL. NSA was
>very proud of this, and would show off their abilities to distinguished
>guests at NSA. They would laugh as he called his mother and talked to her.
>Unfortunately, OBL seemed to sense something, because he never used the
>satphone for operational material. Just used it for calls home. But this is
>still useful: at least we know where he is, because the phone radiates, and
>that radiation can be tracked. And we took advantage of that: Clinton
>called for reprisals against OBL after the embassy bombings in E. Africa,
>and we sent missiles to a training base in Afghanistan that we knew about
>because of the satphone. Unfortunately, two bad things resulted: one, OBL
>was not there when the missiles arrived, and two, OBL, no dummy, stopped
>using the satphone when he realized it was being used to track him. The NSA
>never heard from him again. Never. NSA went deaf.

A big issue in WW II cryptanalysis was haw much the fruits of the 
intercepts could be used in battle, with the attendant risk of the 
enemy realizing their codes were broken. According to Kahn, the then 
rule was that results could be used to win a major battle. One 
exception was the assassination of Adm. Yamamoto. His skills were so 
respected that his death was considered as important as winning a 
major battle. The same considerations apply here. The U.S. military 
thought they could use the signals intelligence to deliver a 
devastating blow against Bin Laden. They didn't.

>
>NSA had other problems: only one or two (at the most) NSA people can speak
>an Afghan language. And there were lots of other structural problems at
>NSA. To understand this, understand that until ten years ago, NSA had
>essentially a single mission: track the Soviets. NSA knew about Russian
>missiles and submarines. They looked for the missiles, and set up very
>advanced equipment that could provide early warning if a Soviet missile
>were launched. To illustrate this capability, recall that a few months ago
>an Israeli plane was shot down on its way from Israel to Russia. The US
>immediately announced that a missile had shot down the plane. The guys who
>did the deed denied it initially, but soon it came out that the US was
>right. These are your NSA tax dollars at work. That's what we do, but
>that's the wrong thing if you are worried about terrorists. Ten years after
>the end of the cold war, the NSA still has the wrong technology in the
>wrong places.
...

There are many steps in using signal intelligence to thwart a surprise attack:

1. The attacker must send messages that reveal his intentions is some way.
2. Those communications must be intercepted and deemed important 
enough for further processing.
3. The message must be decrypted and translated, if necessary.
4. The message must be interpreted correctly in the context of other 
intelligence.
6. A effective action plan must be formulated and ordered. This 
includes weighing the risk of not acting with the risk of revealing 
sources.
7. The actions must be communicated to the field.
8. The actions must be executed in time.

Note that cryptography only plays a role in steps 3 and 2 (stego). 
Yamamoto and Bin Laden short circuited this process at step 1. 
Relying on signals intelligence, or any intelligence, as the sole 
defence against terrorism is folly. A layered approach is needed.

The failures at Pearl harbor were thoroughly investigated and the 
U.S. learned a lot. I hope the failures on and before September 11 
will be looked at unblinkingly, and not covered over to spare the 
feelings and careers of those who missed opportunities.

Arnold Reinhold


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com