Decoding the IRA (5 page)

Read Decoding the IRA Online

Authors: Tom Mahon,James J. Gillogly

Tags: #Ireland, #General, #Politics: General & Reference, #Terrorism, #Cryptography - Ireland - History, #Political violence, #Europe, #Cryptography, #Ireland - History - 1922, #Europe - Ireland, #Guerrilla warfare - Ireland - History - 20th century, #History - General History, #Irish Republican Army - History, #Internal security, #Political violence - Ireland - History - 20th century, #Diaries; letters & journals, #History, #Ireland - History; Military, #20th century, #Ireland - History - 1922-, #History: World, #Northern Ireland, #Guerrilla warfare, #Revolutionary groups & movements

The meaning of the two columns of vowels is now clear: they were added to obfuscate the message. The sender and receiver would have arranged in advance on two columns of ‘duds' (letters to be ignored), the sender could fill them in at random with vowels, and the receiver would know to ignore them. This also explains why the initial frequency count during the diagnosis showed more vowels than usual for English: the excess vowels were in the columns of duds. Removing these duds we see the result:

Key:
1
2
3
4
5
6
7
8
9
10
11
12
13

The programme has made an error in recovering the key: columns
l
and
h
have been switched. The result so far:

The address to which you will send stuff for QMG is Mrs Sweeney, Frudterer and Greengrocer, Five Harold's Cross, Dublin. Try to make it ue to appear llke frhit.

The text is now clear, and there are four obvious errors: in
Fruiterer, up, like
and
fruit
. Referring back to the original document, we see the first error resulted from the sender overstriking the original
D
with an
I
on their typewriter, and the transcriber (me) reading the
D
instead. The second error is a result of the poor quality of the copy: the
P
in the typescript copy has a smudge on the bottom that I read as the bottom of an
E
. The next letter is clear on the typescript as an
I
, and was simply a transcription error. The final error, in
frhit
, results from another overstrike on the typescript – the correct
U
can be seen in retrospect, but is not obvious when transcribing it.

I solved the remaining five ciphers from this initial set the same way. The second in the set was from the same document and used the same key, again with two columns of duds. The next three used a different twelve-letter key,
AHCKEDJLBFGI
, but were simpler than the first two in that they did not use the columns of duds.
9
The final cipher was relatively short – only fifty-eight letters:
10

Figure 4. Short message from Twomey, 5 April 1927.

 

Although short messages can be difficult to decrypt, my programme had no trouble with this one, producing key LIAHKFDJBCGE (again with no duds) and plain text:

continued to take action against the undesirable Sunday newspapers.

I returned these solutions the same day by e-mail to Tom Mahon, who offered to send the rest of his papers for decryption.

The game was on!

Decrypting the Columnar Transposition Ciphers

When the ciphers began arriving, it became clear that the project was to be very extensive. In all, the corpus consists of about 1,300 individual cryptograms. Most of them are typed and clearly legible, but in many cases the quality of the copies – either too faint
11
or too dark
12
– led to challenges in transcription. In some cases the typewriter used had misaligned
13
or dirty
14
typebars, so that certain letters were obscured or ambiguous. Some of the messages are torn or stained in ways that obliterate a group of adjacent letters.
15
The copying process itself led to other
problems: in some cases the flimsy copy was folded or crumpled as it was photographed for the microfilm, making separation of the lines of text quite challenging,
16
and in other cases the reproduction process cut cipher letters off one side or the other.
17
Some of the messages are hand-written in various writing styles, and without the cues of connected English text it can be difficult even to identify the different letters of random-looking connected cursive text.
18

Figure 5. Penmanship challenge, 4 October 1926.

Figure 6. Creases through cipher text, 25 October 1926.

 

Columnar transposition resists mutilation rather well – even adjacent missing letters in the cipher text come from different places in the plain text,
so there is still a good chance to read through the garbles. For example, consider the final cryptogram shown in Figure 6, which appears to be a photostat of a crushed and creased onion-skin copy. Replacing the damaged letters with a hyphen, the cipher to be solved is:

-NOLT T-VNL IOXPT OULES AFTWO –S-RE GASAA IEOIS AAMEA OLGSO ERFLN MO-AU TE-ET EPHUM CTHOD NEIFO NT-—R ONOVO HIIIY MYSYL ONPAE EVRHI NIP—-TERO- RHMHP EXT

Decrypting and adding word divisions, we see:

I may have –o go to californ-a next month for st-phen I will ha-e to appoint ma- to do a- -imthire unle-s yo- people get – m-ve on he is very anxious for results

We can read this quite easily from the context, since the gaps did not happen to fall in places that would make the decryption ambiguous.

In some cases we were able to read messages that could not be deciphered by the recipient. In some cases the senders had used incorrect keys: either the wrong day's key, or an obsolete key. In some cases they used the correct key, but used it incorrectly, not quite taking the columns in alphabetical order. They occasionally botched the encryption by leaving out a letter or by combining two letters in a single cell of the cipher frame, either of which would make the decipherment much more difficult. We see several testy exchanges in the message traffic, exhorting one correspondent or another to take more care with their key protocol and encryption process, or criticising the length or volume of encrypted messages.

Since my decryption methods do not require me to know the intended key, I was more or less immune to the problem of senders using the wrong key. But for some of the botched encryption attempts I needed to resort to the same procedures that the original recipients would have needed to try, laying it out carefully on quadrille paper and sliding the columns up and down until the text came into alignment.

We eventually worked through the complete set of transposition ciphers, producing good decryptions of all but one:

Figure 7. The unsolved transposition cipher, 16 November 1926.

This message is identified as having fifty-two letters but only fifty-one appear in the cryptogram itself.
19
I tried a number of approaches, including assuming the missing letter was in each of the fifty-two possible positions in turn (or in none of them, leaving fifty-one letters as shown), but none of my attacks succeeded. If you crack this one please let us know.

Recovering Transposition Keys

The process I used to break the transposition ciphers was very effective: a message of sixty or more letters typically falls in a matter of seconds to a completely automated programme with no human intervention required beyond supplying word breaks. Shorter messages presented more challenges: I sometimes needed to inspect the best results and intervene in various ways, such as telling the programme to keep a particular phrase and continue making changes with that phrase held constant. Several factors worked in my favour. A document frequently consists of a number of encrypted messages, and each message within the document was encrypted with the same key. This means I needed to break only one of these messages, and this would give me a key that would break the rest. Many of the keys were re-used across documents: the IRA used standard transposition keys for different brigades and battalions and even individuals, and these were used whenever a transmission was sent to or from these recipients. Particularly for foreign agents the IRA implemented a system for producing different daily keys based on a book and once even on a list of phrases sent in the clear. These frequent key changes improved the security but still allowed me to try recovered keys against other traffic sent on the same day to different recipients.

My procedure for breaking each cipher gave me a key that would allow me to read that cipher and others that used the same key, but it did not tell me the key that had actually been used to encrypt the message. The recovered ‘equivalent key' simply gives the order for reading off the columns. If the keyword were MONARCHY, for example, an equivalent key showing the column order could be
DFEAGBCH
:

MONARCHY

DFEAGBCH

That is, column four (‘A' in both cases) would be the first column to
be read out of the message array, then column six (‘C' in
MONARCHY
, ‘B' in
DFEAGBCH
) and so on, retaining the order of the original word. Either of these keys will allow us to read the cipher, but if we deduce that
MONARCHY
was used, it can give us more insight into the way keys were chosen, and perhaps allow us to guess other keys to try on messages that continue to elude us. In this case several other words would match the alphabetical pattern, including
MONARCHS, INLANDER
and
OUTBULLY
, and the key that was actually intended might become obvious once we had a list of other recovered keys to compare with it.

Other books

Hex and the Single Witch by Saranna Dewylde
Embers by Helen Kirkman
The Love Letter by Matthews, Erica
Cemetery of Swallows by Mallock; , Steven Rendall
Reclaim Me (The Jaded Series Book 2) by Alex Grayson, Karen McAndrews, Toj Publishing
Skull Moon by Curran, Tim