Lessons of Underground Crypto: Operation Vula

Here’s a really fascinating article on encryption in pre-Apartheid South Africa. It was totally homebrew — used by the (freedom fighter or terrorist, take your pick) ANC to organize their insurgency. They’d used very cumbersome manual communications methods early on, but poor training and procedures meant the links were more or less not used.

Combined with an internal structure that saw field operatives as “soldiers” and the out-of-country management as “generals,” this meant they didn’t get much done. The “soldiers” weren’t taught to think and act autonomously, but instead were expected to implement orders from people who didn’t know much about what was going on, on the ground.

The solution proved to be the introduction of computers to encrypt messages using a one time pad cipher. Key material was kept on floppies and relevant sections destroyed upon encryption, to provide forward secrecy. The encrypted messages were recorded to tape (encoded as DTMF tones) and transmitted from public phones to answering machines in London and Lusaka.

Since the Apartheid regime wasn’t expecting anything nearly this sophisticated, it appears they didn’t even know of its existence until mid-1990, when the regime was almost over. Even once the system design was compromised, it was well-designed enough to survive a round of arrests that revealed its architecture to the authorities. (Their surprise at its sophistication may have contributed to the authorities’ capitulation.)

Not that it mattered. Going by mentions from within the NSA’s FOIA’ed documents and the like, this architecture is quite secure — the NSA still uses “key tapes” internally, which suggests they more or less use exactly this architecture for their most secret communications.

One thing to pay attention to — note all the encryption and decryption, at least initially, was handled “offline.” With the tones being first sent from and picked up by ordinary tape recorders, there’s no chance of side channel attacks or the like. The Apartheid authorities also didn’t know where the computers were (they could be very far from the phones used for transmission) making compromising emissions not an issue.

The system was probably not secure against British internal security mounting compromising-emissions attacks, but that wasn’t much of an issue. Although the Thatcher government was pro-Apartheid, evidently whatever intercept technology (if any) that the GCHQ was using against the ANC was secret enough they weren’t willing to pass on the results. After all, if the ANC detected a compromise, their close links also with the Soviets meant that the Russkies would probably hear of it in short order.

Greenwald’s Chaos Communications Congress keynote. Contrary to the opinions of many detractors, he draws a line back from Snowden through Manning and Assange to Ellsberg. He also notes that the NSA is trying hard to crack the last (?) electronic communication system they haven’t been able to tap — airline in-flight WiFi. https://www.youtube.com/watch?v=xEJIR0-KJu0


(too much to quote)

%d bloggers like this: