by Tom Mahon
For the longer ciphers I used my Shotgun Hillclimbing programme to recover the keyword, modifying it to deal directly with the IRA Vigenère style of Atbash-encrypted keywords. For shorter ciphers I prepared a new programme which would try a list of keywords on the cipher, then compare the results on how English-like the decryption looked by assigning a weighted score based on how common words and fragments of words are in English. I used this method to solve the list of keywords in a message from the director of intelligence to the chief of staff, shown in Figure 12.40
Figure 12. Keywords encrypted with Vigenère-style substitution cipher, 6 February 1925.
None of the recovered keywords solved these encrypted words, so I used this programme to try everything in a list of 14,611 common words of eight or fewer letters, and then sorted them according to the ‘English-like’ criterion. The best few results for the longest cipher, FGKQ&GCYD, were:
360 beadle hllullede
360 potash vversosnx
360 reptile xlakishqi
360 volcano bvwtaurus
360 wardrobe chcurveda
360 wattage chekanhve
360 where copiedkdv
450 maxwell shinesole
450 upstair awdkaputt
490 bedlam hlocatedh
490 flange lsleglike
Of these choices, ‘bedlam’ looked most promising, with the word ‘located’ embedded between nulls. I tried ‘bedlam’ on the other two encrypted words with complete success, getting ‘z label x’ for LIVERPOOL and ‘y scot x’ for Scotland – the latter a rather uninspired choice of keyword.
Communication security practices
Any organisation with important secrets must pay serious and continual attention to its methods of protecting those secrets. The IRA from 1925 to 1928 monitored and modified their procedures in an attempt to maintain and improve their communication security. They maintained separate networks with distinct cipher keys, and used several different methods of secret communication, including at least two main types of ciphers, a code system for cables, and invisible ink. They gradually changed their cipher systems and key distribution methods over this period, apparently expecting that the newer system offered more security. Leaders transmitted messages in several different ways: by courier, by post, by cable, and even by writing them on silk and dropping them in a predetermined spot on the prison grounds.
In principle, this diversity of methods and networks and their attention to communication security should have provided strong protection against the compromise of part of the network, resulting in unravelling the whole system. However, in practice their ciphers provided much less security than some other ciphers of the day – armies in the First World War used much stronger versions of both of the IRA’s basic cipher types, and their enemies broke them readily at the time. If the British had access to the IRA’s cipher communications, they probably read them. Our attacks on these messages capitalised on weaknesses in the cipher systems themselves.
In addition, in many cases the IRA correspondents used poor practices, including sending the same message in more than one system; sending messages in clear asking about another specific message that they could not read; mixing encrypted messages with clear text giving hints about the subject matter; sending messages that were too long or too short for the security of the system being used; sending many messages in the same key that could be ‘stacked’ to simplify the solution; sending cipher keys in clear; and using a weak cipher and key to encrypt pages of keys for the (assumed) stronger system. Each of these ‘cipher clerk weaknesses’ occurs regularly in military organisations, especially where those in charge of communications have other responsibilities. However, each of these errors offers a crack in the cipher system’s armour that a cryptanalyst can enter and expand, and I took advantage of all of them in cracking these IRA ciphers.
Working with Tom on this cipher set turned out to be a massive and exciting project for me. I was able to draw on experience from having solved the Zendian Problem,41 a large training exercise developed in the 1950s by Lambros D. Callimahos for the National Security Agency, the American code-breaking service. Both the IRA ciphers and the Zendian ciphers allowed the cryptanalyst to develop an understanding of the communication network and hierarchy while breaking the individual ciphers. I modified several of my existing programmes and wrote dozens more to deal with the eccentricities of these ciphers, and to crunch the data I used to attack the ciphers and their keys.
IN THE END WE were very successful. We broke nearly all of the transposition and substitution ciphers, and were able to read more of them than the original correspondents had been able to manage because of mistakes in key selection or encryption. A few messages remain undeciphered, including a transatlantic cable using a code system that cannot be solved without much more material and a munitions’ list using a substitution system for the digits that we have been unable to break from the context. However, we can now read the vast majority of the encrypted material, and it has given us a rare look into the inner workings of the IRA.
Definitions
Cryptogram or cipher: An encrypted message.
Plain text: The letters of an original clear message that are to be encrypted for transmission.
Cipher text: The encrypted letters comprising the concealed parts of a cipher.
Clear or clear text: A message or part of a message sent without using encryption.
Encrypt: To convert plain text into cipher text using processes and keys agreed on by the sender and recipient.
Cipher system: A method for concealing plain text using individual letters of the clear message.
Key: A piece of information shared between sender and recipient and used as part of the encryption process.
Decipher: To convert cipher text to plain text with full knowledge of the cipher system and key.
Cryptanalysis: The process of converting cipher text to plain text without knowing the key in advance.
Substitution: A cipher system that replaces each letter with another.
Transposition: A cipher system that shuffles letters without changing their values.
Hat: A key used in a transposition cipher to shuffle the order of columns.
Caesar cipher: A substitution cipher system that replaces each letter with the one three positions further along the alphabet, wrapping at the end so that W goes to Z, X goes to A, Y goes to B and so on. By extension, a cipher system that replaces each letter with one any fixed number of letters further along in the alphabet.
Vigenère cipher: A substitution cipher system that uses a keyword or key phrase to encrypt each letter of plain text in turn using a Caesar cipher whose distance along the alphabet depends on the corresponding letter of the key. The key restarts repeatedly until all the plain text has been encrypted.
Atbash: Substitution that reverses the alphabet: A for Z, B for Y and so on. Used in IRA keyword substitution for Vigenère-style cipher.
Null: An extra letter added to the plain text in an attempt to improve the security.
Dud: In the IRA columnar transposition cipher system, a column of nulls used to improve the security.
Code: A cryptographic system for concealing plain text using complete words, phrases or sentences of the clear message.
CHAPTER 2
The IRA’s system of communications
Send gelignite and detonators at once to … Mrs Coady, 5 Glegg Street, off Great Howard Street, Liverpool. Messenger will say stuff is for Mr Kucas.
IRA chief of staff to the IRA in Scotland
Mr Cowan, Catholic Young Men’s Society, 9 and 10 Harrington Street, Dublin.
Covering address for the delivery of IRA despatches
The IRA had a sophisticated communications system enabling it to safely send messages and orders, not only throughout Ireland, but also to Britain, the continent and America. In addition, it was able to keep in contact with IRA volunteers in prison. In each circumstance, the mode of communication depended on an
appropriate balance between security, and speed and ease of communication. The most highly confidential despatches were encrypted.
There were three key components to the communications network: the message itself, the method or courier used to transmit the information, and the recipient or the address designated to accept the information. The director of communications at GHQ had overall responsibility for the system.
IRA despatches
The organisation took great care to guard its communications and adhered to Earl Long’s famous dictum: don’t write anything you can talk, don’t talk anything you can whisper, and don’t whisper anything you can wink.1 The result is that the decryption of these documents is of significance – they are one of the few sources of contemporaneous uncensored and secret IRA communications.
The most secure way to send a message was verbally. And in the majority of situations Moss Twomey and his officers would have passed on their orders in this way. As the IRA’s director of intelligence reminded the intelligence officer in Waterford: ‘Highly confidential reports must be sent verbally, not even in cipher.’2 Connie Neenan in New York wrote to Moss Twomey in cipher saying he would send him a report by way of Art O’Connor, the leader of Sinn Féin, who was on his way back to Ireland: ‘[I] have such a large report to make on [our] position [that I] will give all to Art O’Connor verbally for transmittance [to you]. He will be able to describe more explicitly.’3 The drawback in using O’Connor was that he wasn’t a member of the IRA and couldn’t have been trusted with the most confidential information.
Right from its inception the IRA created a vast amount of documentation – covering topics ranging from meeting minutes to reports on attacks, along with myriad administrative issues. During the Anglo-Irish War and the Civil War there were several large seizures of papers, resulting in numerous arrests of IRA men named in the documents. Indeed in the Anglo-Irish War the British forces’ two best sources of information on the IRA were captured documents and the interrogation of prisoners.4
Over time, the IRA became more cautious. They stopped using their members’ real names in despatches, referring to them only by rank or by using initials or a pseudonym, while sensitive matters were discussed in an indirect or cryptic manner. On occasion this could be so successful that even the intended recipient didn’t know what the message meant. In 1927 the IRA’s commander in Britain, George, wrote to Moss Twomey: ‘K. clothes has arrived safely in Dublin’ and Twomey replied ‘re. K. clothes: I do not understand the note’.5 Later George sent another cryptic note to Twomey, this time also in cipher: ‘[the] printer [is] not available at present. [His] assistant printed and gave me 1,000 copies today’.6 Luckily for us (or we would never have come to know what it meant), Twomey sought clarifcation: ‘[I] presume “copies” stand for pounds and “printer” is James’. To which George replied: ‘sorry for not making [the] message clearer in my last letter. Cash is correct’.7 By corroborating and referencing with other documents, I was able to deduct that ‘James’ was a Soviet intelligence officer in Britain. And therefore George was giving Twomey news that the Soviets had just handed him £1,000 for the IRA.
Of the thousands of IRA papers that I’ve looked at, only a small percentage were in secret cipher or code. And these are predominately from 1926 and 1927, with a small number from 1925 and 1928. In the papers dated 1925 the IRA used a less sophisticated form of cipher and tended to only encrypt a few critical words in the document, whereas by 1926 they regularly wrote all the text in cipher. Why are the documents mainly from these years?
Figure 13. The IRA’s commander in Britain, ‘HS’, wrote to Moss Twomey informing him that a Soviet officer in London had given him £1,000 for the IRA. This is an example of a highly cryptic communication.
[The] printer [is] not available at present. [His] assistant printed and gave me 1,000 copies today. Will you call, or send for these? Write and let me know, when you are calling and I will see you at your hotel.
The printer was the Soviet agent ‘James’, while copies stood for pounds.
There are a number of possible explanations. Firstly, in July 1925 the gardaí in Dublin captured the IRA’s director of intelligence, Michael Carolan, along with a large haul of intelligence files.8 This debacle may have spurred his successor Frank Kerlin to improve security procedures and to place greater reliance on cipher. Secondly, also in the summer of 1925, the IRA reached an agreement with the Soviet Union to carry out espionage in Britain and America in return for payment. This work was one of the most highly classified of all IRA operations and necessitated the use of cipher. Furthermore, Soviet intelligence officers may have trained IRA officers in cryptography, as the Soviets had more to lose than the IRA from public exposure of the connection. It’s likely that the alliance with the Soviets was terminated or downgraded after a few years and this would in turn have decreased the IRA’s need to rely on cipher. Thirdly, the IRA elected a new leadership in November 1925 and, being anxious to revive the organisation, they may have seen a greater need for secrecy. Finally, there is evidence that there are other IRA documents in cipher in private hands, but that the papers James Gillogly and I worked on just happen to be those that made it into a collection open to researchers.
The IRA is known to have had experience with cipher and code before 1925. This originated with its forerunner, the Irish Republican Brotherhood (IRB), which together with its sister organisation in America, Clan na Gael, revelled in cloak and dagger work. In 1893 when Joseph McGarrity was inducted into Clan na Gael in Philadelphia he swore that he would ‘defend a Republican form of government in Jsfmboe’. ‘Jsfmboe’ is a simple form of substitution cipher, which can be deciphered by replacing each letter with the letter that comes before it in the alphabet – giving the word ‘Ireland’.9 During the Anglo-Irish War the IRA in Cork and Kerry was familiar with the use of cipher by the police.10 And in 1920, after the IRA in Cork city obtained the keywords for the police’s ciphers, it decrypted a police despatch, leading to the capture of a British spy by the name of Quinlisk, who was shot and his body dumped in a ditch.
By 1926, the IRA had trained officers throughout Ireland and Britain, as well as key agents abroad in the use of cipher. IRA units were assigned a secret keyword which they used to both encrypt messages they sent and to decrypt those they received. So as to maintain security, the director of intelligence in Dublin could change the keyword as needed. Examples of keywords include: ‘teapot’ for GHQ, ‘dry-the-teapot’ for the IRA unit in Manchester, and the unfortunate ‘insignificant’ for the Armagh battalion.11 On the other hand, the IRA’s agents in America used keywords selected from a copy of the novel The Scarlet Letter they carried with them, while another copy was kept back at GHQ (see Chapter 1).
Considering that most of the IRA’s officers lacked formal military training and hadn’t gone beyond a secondary education, their ability to develop a communications system based on cipher was quite an achievement. However, by conventional military standards of the time these ciphers were relatively unsophisticated, and the British government’s cipher division undoubtedly would have been able to break them. In Ireland the intelligence section of the Free State army had some experience of cryptanalysis, though I’m uncertain as to whether it had the capability to decrypt these messages without having the keywords.12 On several occasions the Free State authorities allowed the Irish newspapers to print the contents of seized despatches to discredit the IRA. But I’ve no evidence to suggest that the Free State government ever learned the contents of these encrypted documents; if they had, there would have been a major propaganda value in publicising them. Alternatively, it may be argued, that if the gardaí were intercepting and decrypting IRA communications, it was in their interest to hide this from the IRA.
The use of cipher alone did not make IRA despatches secure, and the sender was expected to adhere to a whole set of precautions. Twomey reminded Connie Neenan in New York to ‘be very careful even in sending cipher messages, things which you may
assume I will know, can be referred to in an obscure way’.13 There are very few direct references to Moscow in cipher; rather it was referred to as ‘Stephen’s headquarters’, etc., ‘Stephen’ being a Soviet intelligence officer.14
However, there are many instances in these papers where the IRA operatives made serious security blunders. The OC in Britain wrote to Twomey that he was concerned that the IRA’s agents in America were careless with their communications regarding the Soviet connection: ‘Is there [too] much writing regarding this affair? I am sure you have no idea, what kind of precautions, are being taken by your people at the US end’.15 Twomey replied: ‘In my last communication to America, I strongly urged the necessity for secrecy and caution, and to avoid any unnecessary reference to the matter on paper’.16
In January 1925 the then director of intelligence, Michael Carolan, made a major mistake when he issued a memo listing the keywords for several units in plain text rather than in cipher.17 Had the Special Branch seized this document they could have gone on to decrypt subsequent despatches they intercepted from these units.
In particular the IRA encrypted the names and addresses of members and supporters. And Moss Twomey wrote: ‘never mention an address, even when coming by hand [i.e. carried by a courier] except in cipher’.18 In October 1926 Twomey sent a message in cipher to the OC of the Scotland battalion ordering him to send ‘gelignite and detonators … to Mrs Coady, 5 Glegg Street, off Great Howard Street, Liverpool’.19 However, two weeks later the adjutant of the Liverpool unit tripped up by listing her name and address in plain text in a despatch sent to GHQ.20