British cryptographic hacking from WW2 – how well would *you* have done?
Update: The Naked Security editors have agreed to a modest incentive.
There is now a prize for the challenge we set out below!
The best effort posted in the comments by Thursday 2013-05-09T23:59Z will receive a Naked Security T-shirt. The judges’ decision is final, Sophos staff and family may enter but cannot win, and you will need to give us your email address if you want to be considered for the prize.
(Your email address will not appear with your comment, and we will not use it other than to contact you if you win.)
If you were taken prisoner and wanted to send messages home right under your captors’ noses, what would you do?
You don’t have access to a computer or email, not only because you’re a captive, but because they haven’t been invented yet.
You know that your captors will only let your letters out if you write convincingly and fluently about largely inconsequential things, and give a positive impression of how they are treating you.
And you know that if your letters too obviously contain a secret subtext, you might be shot, or worse.
You might think there’s not a lot worse that being shot, but remember that the enemy might let you carry on writing letters for a while, milking you for intelligence about your countrymen and your fellow captives, and then shoot you and your chums.
→ That’s what happened to Mary, Queen of Scots, though she was beheaded, not shot, and her co-conspirator Babington was hanged. Elizabeth’s spymaster Walsingham was able not only to read their traitorous correspondence but also to forge messages of his own to extract more information from the conspirators.
If you were a British captive in a Nazi prison camp during the Second World War, like Sub Lieutenant John Pryor of the Royal Navy, you might well have used a code devised by No. 9 Intelligence School.
Selected officers were trained before leaving Britain in what we would today call steganography, the art of hiding one message inside another.
As a trained steganographer, you had a code number, such as 45, which told the decoding staff to skip four words ahead, then five, then four, and so forth, when extracting the hidden text from your letters.
This gave a competent coded letter writer just enough “noise words” to create a fluent and believable narrative to surround the secret message.
It’s not as easy as it sounds.
Let’s try it out with this fiften-word bulletin:
To make things a little less obvious to the German censors, the words from the hidden message were written out of order.
You imagined a rectangle made up of sufficiently many imaginary tiles to hold your message, say 5×3 for a 15-word message.
You mentally filled the rectangle diagonally, moving upwards from the bottom right, with the numbers 1 to 15.
Then you inserted the secret words into your letter in the numeric order given by reading the rectangle naturally from top to bottom.
If your code number was 45, your codewords would be inserted as the fourth word, then five words further on, then four, and so on.
So, your cover letter would need to cushion and contain the secret message as follows:
. . . DAILY . . . . SEARCHED . . . DOUBLED . . . . AIR . . . HOUR . . . . BUNGALOWS . . . GUARD . . . . AND . . . 24 . . . . MOVEMENTS . . . COVER . . . . ARTILLERY . . . WITH . . . . RAILWAY . . . INCREASED
Give it a go! By adding just 52 words of your own, see if you can write a convincingly innocent-sounding paragraph about your most recent week at work.
→ If you take on the challenge, why not post your paragraph as a comment below? (You can post anonymously if you like.) But be warned: it’s harder than it looks!
What we now call in-band signals were used for four special purposes:
- You signalled the size of your word-order rectangle by the lengths of the first two words in your letter, such as opening with Every day to signify a 5×3 rectangle and thus a 15-word secret message.
- You used the codeword the to switch from codeword mode into “spelling” mode, a special but cumbersome system for spelling out words that could never realistically appear in a letter home.
- You used but as an extra codeword after your secret message as a double-check that the message was complete and thus to reassure the reader he had decoded correctly.
- You included a telltale mark, such as writing the date in a special way or underlining your signature, to signal to MI9 that the letter contained a hidden message. (This avoided wasting time battling to decode messages that were just plain messages.)
Did the system work?
Apparently, it did, because academics at the University of Plymouth have just decoded a message sent by the abovementioned Lt. Pryor from his captivity at the Marlag und Milag Nord prison camp in Northern Germany.
What we don’t know, of course, is whether the secret messages in a cache of letters now kept as a memoir by John Pryor’s son, Stephen, were ever successfully decoded by MI9.
That still really is a secret