SECREt- GJUlUVLDUJUll1 15I l l EVU Ul B15UJI 00l5 iJlDl5 f OO£D 1i I1GJWlD r 1iV l5m 1il l5 __ 1st Issue 1990 BRAVE NEW WORLD • CRYSCOM '89 RECOMMENDATIONS THE COLUMBUS DAY VIRUS • THE CRYPTOLOGIC LINGUIST PROGRAM TO NEW AUTHORS • A NOTE ON THE LINGUIST PROBLEM THE ROLE OF OPSEC • • • • DEPUTY DAWG • • KRYPTOS ESSAY COMPETITION • DAVID HARRIS IN MEMORIAM BULLETIN BOARD • THE MYSTERIES OF GAMMA • SORTING ORDERING AND HEAPING ON CRAY TECHNICAL LITERATURE REPORT • BOOK REVIEWS THE CUCKOO'S EGG • • • REFLECTIONS ON INTELLIGENCE SOFTWARE REVIEW MATHEMATICA • LETTERS HANDLE VIA GOMIN' CHANNELS ONLY -sEGRH- Gerald R You g 1 3 C3l3 5 9 • •• 10 If·· If L • • 1 I f 1' I 11 13 15 • • 17 • • • 18 • 20 Richard Sylvester 21 22 David Harris 24 I 25 Vera Filby 29 Robert Ward 31 32 I CLASSIFIED BY NSAlCSSM 123 2 DECLASSIFY ON Ofi iFlatiR Age l § Deterl'T'li 8tio Required NOT RELEASABLE TO CONTRACTORS Declassified and Approved for Release by NSA on 10-17-2012 pursuant to E O 13526 MDR Case # 54779 DocrD 4019716 f'P L Published by Pl Techniques and Standards VOL XvII No 1 PUBLISHER ' ' A 1st Issue 1990 At L $ AN 86-36 ARCHEOLOGIST ll r E t' e n f archeologists a foremost me n rot lj lttri¥made some pronouncements that 1 I 8sf9 ii d fri Je'il w prof essionals BOARD OF E D I T O R S ' H ' w ld 06 appoint anyone to head a dig who ' I ----- 1963 ' ·-1 1 03 ••• 60ul ci rio rite and communicate with the public An8rch ologist who fails to publish and in good ·· ti e - is a destructive treasure hunter not a Computer Systems I 963 J103» 1 ' 9 6 3 ' 52' cil ' ' sch o · lar · t I ' ' Cryp ana ystS Editor Cryptolinguistics J 9li3 43S5 1'Ile one-man-one site philosophy is obsolete Index 1 96H 14 ' Information Science r 9637 3 456 Language 963-3 57 Then he announced that he was stepping down as the Mathematics I 963-5566 head of his dig to devote himself to writing up earlier Puzzles r 963-643 excavations 963-4958 Science and Technology I Special Research Vera R Filby 968-S043 Now this is bound to have a stunning impact on the Traffic Analysis Robert J Hanyok 963 4j51 conduct of all archeology for this man directed the excavation of one of the most glamorous finds of I __---k963-62341 recent Illustrators times As well as being one of the most I 1963 6423 respected archeologists ever and the author of seven books and over 100 articles -- all eminently readable - he has appeared on ·television and is al ost a To submit articles or letters by mail send to household name He could have stayed on as most Editor CRYPTOLOG Pl NORTH 2N018 others have done to bask in glory as monarch of a If you used a word processor please include the mag' prestigious site card floppy or diskette along with your hard copy with a notation as to what equipment operating system Instead he is using his standing to set an 'example for and software you used others to write up what he had done as a junior when he was not in control of his endeavors via PLATFORM mail send to cryptlg@bar1cOS bar-one-c-zero five note no '0' via ALLIANCE send to PLBROWN note all caps attn CRYPTOLOG Always include your full name organization and secure phone also building and room numbers For Change of Address mail name and old and new organizations to Editor CRYPTOLOG p NORTH 2N018 Please do not phone He emphasized that the head of a dig must be able to communicate 'both orally and in writing with the pUblic as well as fellow archeologists for it is the public who supports archeology And it does not do to hoard your findings to write up upon retirement -- you might die before then this has happened -- and In any case the Information you are withholding until perfection is reached may be just what's needed elsewhere and right now And you certainly shouldn't spend 40 years refining references and footnotes As for one-man one-site-- teamwork is what is needed by a number of specialists-botanists anthropologists epigraphists geologists pathologists and so on No one person knows it all Contents of CRYPTOLOG may not be reproduced or disseminated outside the National Security Agency without A good example for us all ' the permission of the Publisher Inquiries regarding reproduction a'nd dissemination'should be directed to the Editor All opinions expressed in CRYPTOLOG are those of the authors They do not represent the official views of the National Security Agency Central Security Service POR OFPIGfAh fFSB OHb¥ DOCID 4019716 CO fI9E 1'ffAL This article is classified Se JFIQi I rUU In its entirety l3f1f1lJE IlEW W f'lllJ ---------------- I This article is based on the keynote I I address delivered at the CRYSCO '89 I LConference 19 June 1989 CRYSCO-89 is the sixth annual Cryptanalytic Software Conference Its theme is Brave New World This represents one of our more important efforts to exploit the potential of a new computer environment for cryptanalytic work But before I speak about computing let me first say a few words about the importance of cryptanalysis to this Agency Since becoming Deputy Director I have spent a considerable amount of time working with the cryptanalytic community as Chairman ofthe Cryptanalysis Council I echo and applaud Vice Admiral Studeman's characterizations of the disciplines of cryptanalysis and cryptomathematics along with their primary support Historically the need for computers to do cryptanalysis has been well recognized and as a consequence the cryptanalytic community has continually encouraged the computer industry to produce ever faster machines with more computational power We have also asked for increasingly user-friendly systems with ease of access and data transfer In fact for some previous generations of computing machines NSA needs have been the primary driving force for development Very early on we used punched cards and paper tape for both program code and data media This was followed by the use of dumb terminals for programming and magnetic tape for data and now we have progressed to smart terminals and electronic links for moving data from machine to machine Each change brought an improvement in some aspect 'of our computer resources - sometimes in the form of better response time sometimes in the form of a more flexible input output scenario In the pas t WI'th te chn0 l Ireta'Ive1y SImp ' 1e ogy d to t d ' t d d d I d compare 0 ay s s an ar s we eve ope way we in the CA community meet the challenge of 1 I our own operat'mg syst em spec'fica11y in this Brave New World is critical to L-- - --th alyt · Ch a 11 enge 1L -_ _ 1 working to mee t e crypwin ' IC thIS mISSIOn h as proVl'ded ou t st and'Ing e d't' d lIng an discipline of computer science as the bedrock of this Agency's mission I further believe that the 1st Issue 1990· CRYPTOLOG· page 1 CONFtBEf 'f'fAL P L 86-36 P L 86-36 EO 1 4 c DOCID 4019716 C8P1FHUiNU b computational capabilities since its inception in 970 L sources are currently diverted temporarily from traditional cryptanalysis to learning the C programming language and the UNIX operating system and to converting applications programs I realize that this is a cumbersome process But I encourage you to look to the advantages that the new environment offers and to devise ways to exploit its potential I The differences caused great difficulties in software exchange and maintenance and for years we had an environment in which this exchange was very complicated and sometimes impossible to implement So with the arrival of Cray machines a conscious decision was made to keep the NSA an systems compatible The formal accord stated that the two Agencies should jointly develop the operating system and utility software I I believe that the success of the ffort is a prime example of skilled people working together operatively toward a common goal P L 86-36 ---' ' ' ''''''---T''' - ''''''' The introduction of stand-alone personal computers removed the need to access mainframes for word processing tasks but cryptanalytic work on the PCs was less successful owing to an inability to load data easily and to access data bases However PCs did point the way forward demonstrating facilities such as graphics displays color displays and local quality printing Now let me move to on the present challenge We can no longer afford the manpower resources to modify and maintain our own operating system for each individual computer type There has been an explosion in computer technology Today we can and do - network a variety of machines linking PCs High Performance Workstations MINIs and supercomputers with all types of peripheral equipment and each component with a different architecture But all of the new computers - the High Performance Workstations the MINIs the· SUPERMINIs and the supercomputers - run a UNIXbased operating system In view of this from a management perspective at least it seems reasonable to mov Jto the UNIX operating system You are already beginning to do some CA work on the High Performance Workstations and special boards are being deployed to do even more complex tasks on the SUNs As you gain UNIX experience if you see inefficiencies or deficiencies point them out to your management and work with the T organization to correct them Together we should be able to meet this challenge and refine the system to do an even hetter job than we have in the past With the variety of computer resources available to you I challenge you to find appropriate uses for ea h of the capabilities to identify the right machines for a particular task and to maximize the use of this vital versatHc wealth of computer po er To that end I fully support the goals of the Cryptanalytic Software Conference together with the year-round work ofits sponsoring org ization the Cryptanalytic Software Committee I also see that the conference agenda includes a session where each of the major crypt organizations describes its progress in meeting the challenge of adapting to the new computing environment I encourage as many of you as possible to go and hear what others have tried what they have deYeloped and what they have learned Share your ideas and your software Maximize your resources By doing so we can meet the challenge presented by the growing number of cryptanalytic problems we see today If we do this right we can insur future cryptanalytic success for years to com 0 We realize that this is not going to be an easy transition especially for those of you who are so familiar with and who have grown up with We in management are al oaware that re'--_ I 15t Issue 1990 CRYPTOLOG page 2 P L 86-36 C8NFIBENUAb EO 1 4 c P L 86-36 DocrD 4019716 -- 1804 P L 86-36 RECOMMENDATIONS This article is classified CfY fF BB rp J in This paper serves as a record of CRYSCO-89 It lists the recommendations and also some observations and comments made during the conference While the latter are not recommendations they should be recorded Note that observations are provable statements while comments are the opinion of one or more speakers which you may or may not agree with its entirety Comments Get on with the move it's not as daunting as it first appears People who have used UNIX heavily have come to like it 2 SOITWARE PORTABILITY Recommendation Maintain a list of what to do to keep code portable Establish guidelines on C and FORTRAN inter-callability Priorities are included for the recommendations Priority Medium which will be actioned by CRYSCOM in a timely fashion during the next 12 months A separate Recommendation Status list will be created - and updated - giving current status on each recommendation CRYSCOM is a volunteer organization and each organization is requested to share in the work load Organizations are requested to review the Recommendation Status list periodically for recommendations of interest or concern 3 SOITWARE MANAGEMENT AND EXwhich they would like to pursue CHANGE 1 MOVE TO UNIX Recommendation Establish a mechanism for Recommendation Encourage the move to UNIX UNIX to UNIX software exchange Agree on common conventions on how to send exchanged softby promoting its advantages sharing findings ware aim at software easy to install by receiving providing examples of how to get the best from UNIX etc Discuss advantages and disadvantages organization Promote the use of variables internal and environment in make files of using pipes Priority High Priority Very high Observations UNIX has increased productivity for some Should do things differently under UNIX Comment Get on with UNIX software exchange Try it and see I I 1st Issue 1990 CRYPTOLOG page 3 C6UFfflErfftAL P L 86-36 DOCID 4019716 C9NFIBEN'f'fhl i 4 LANGUAGES 9 CRYSCOM DISTRffiUTION Recommendations Promote explain how etc to get autotasking to several CPUs Encourage discussion on the advantages of FORTRAN and C Priority Medium Recommendation Distribute relevant papers info etc through CRYSCOM channels Action required Each organization should inform CRYSCOM Executive Officer of changes additions deletions etc required for their organization Observations Modern FORTRAN and C compilers produce code which usually runs twit 'e as fast as IMP compiler code C compilers are getting better approaching current FORTRAN compiler Priority High Comment IMP is being phased out 10 WORKING GROUPS 5 WINDOW SYSTEMS Recommendation Create working groups to study topics of interest Provide terms of reference timetable 2 to 3 months and monthly reporting mechanism Recommendations Teach the terminology of window systems Encourage use of window systems preferably a common one Potential subjects Crypt techniques - what is available where Sorts - what do we need under UNIX System accounting under UNIX Priority Medium 6 NETWORKING Recommendations Promote goal of networks being transparent to users Check that response remains good with various terminal configurations notably SUN workstations at peak loading As appropriate keep users informed of security issues Priority High 11 TOPICS FOR UNIX BROWN BAG SEMINAR UBBS Recommendations NFS NQS lex and yacc UNICOS 5 0 facilities Other system upgrades Priority Low Action required Present seminars once a month or as needed Organizations to volunteer speak - - - - - - - - - - - - - - - - - - - - - - - - ers for topics they can cover 7 HARDWARE Priority High 12 SUPERCOMPUTER SYSTEM SOFTWARE SUPPORT Recommendation Provide priorities to T335 8 COMMERCIAL SOFTWARE Priority High Recommendations Complete and maintain catalog of who has what Expand above to include use and evaluation of the software Include list of people able and willing to help others use the product Expand subject to include public domain software Encourage progression to standard products Comments Recognize that T335 has a lot to do and cannot do it all at once Appreciate T335 contribution to the crypt community lJ Priority Very high P L 86-36 1st Issue 1990 CRYPTOLOO page4 €Ql'tFIf Ef' b L 4019716 THE COLUMBUS DAY VIRUS C313 There has been public and governmental apprehension about a possible computer virus attack designed to be launched Columbus Day October 12 Therefore the National Institute of Standards and Technology compiled information from public sources about the Columbus Day virus and computer viruses in general and issued a statement to the press The statement was prepared in conjunction with the National Computer Security Center and coordinated with the Software Engineering Institute In summary it found no evidence that the virus has spread widely in the US question is a member of a virus family known as DATACRIME Since attention has first been drawn to this virus there has been a lot of analysis as well as public discussion on its characteristics The results of disassemblies along with descriptions have been posted on electronic digests such as VmUS-L Most everyone participating in these discussions has come to the same conclusions in which C313 researchers concur on the basis of their own work Then C313 conducted an independent analysis of the Columbus Day virus more properly known as the DATACRIME virus It verified that the characteristics of the virus do indeed match those reported publicly and will upon execution between October 13 and December 31 inclusive make hard disks unusable While the virus has been referred to as the Columbus Day Virus it is more correctly referred to as the DATACRIME virus It was reportedly released on March 1 1989 somewhere in Europe This virus is currently reported to have two versions of which one version also has two strains Concern has focused on the possibility of widespread damage on IBM personal computers and clones running the PC-DOS or MS-DOS operating systems Most researchers on computer viruses believe that the virus in PUBLICLY REPORTED ACCOUNTS Editor's note This article is based on a report released prior to Columbus Day 1989 for internal NSA use 1st Issue 1990 • CRYPTOLOG • page 5 FOR OFFICIAL USE OPiVI DocrD 4019716 C31S ANALYSIS Reported Size Version One version of the DATACRIME virus has two strains which are named by the number of bytes by which the virus increases the size of infected files One of the strains has a size of 1 168 bytes and the other has a size of 1 280 bytes There is still another version of this virus most often referred to as DATACRIME IT about which little information has been reported It is believed that its size is still larger than that of the other version Reported Propagation The 1 168 -and 1 280·byte strains of the DATACRIME version propagate to files with COM name extensions with the exception of COMMAND COM The DATACRIME IT version infects files with either 'COM or EXE name extensions Reported Mission Both versions of the virus perform a low-level format of cylinder zero on the C hard disk drive This action will destroy disk directory information thereby making the hard disk unusable Upon activation the DATACRIME version displays the following message DATACRIME VIRUS RELEASED 1 MARCH 1989 The DATACRIME II version displays this message upon activation In most cases we confirmed the reports by both static and empirical methods Static methods included reviewing hard copy of disassembled virus code while empirical methods included observation of the actions of the virus on isolated systems and analyzing actual code with utilities such as debuggers The empirical methods were performed on three different systems an mM PC with two floppy drives an IBM PC-AT with one high-density floppy and one 30-MB fixed hard disk drive and an IBM PC-AT with one high-density floppy and two 10MB removable cartridge disk drives In several cases we were able to glean additional information that was not mentioned in the public reports Size Version Static and empirical methods confirmed that the two strains of the DATACRIME version increase the size of infected files by 1 168 and 1 280 bytes respectively In addition we determined that the DATACRIME IT version increases the size of infected COM files by 1 514 bytes The DATACRIME IT version increases the size of EXE files by a non-constant number of bytes usually between 1 500 and 1 800 bytes Additionally a large portion of the DATACRIME II version is stored on disk in a simple encoded format and is decoded prior to execution Propagation Static and empirical methods confirmed that both the DATACRIME and DATACRIME II DATACRIME II VIRUS versions of the virus propagate to files with COM name extensions while only the Reported Date of Activation DATACRIME IT version infects files with EXE name extensions We were also able to For both versions the mission of the virus is triggered upon execution of an infected file after clarify the report that the virus would not infect the COMMAND COM file Actually October 12 i e October 13 or later neither version will infect any file where the seventh character is a ''D'' Additionally both Reported Characteristic Strings versions will infect only one file per execution For the DATACRIME version the 1 168-byte and both will infect files as long as the system strain contains the hexadecimal string date is between January 1 and October 12 'EBOOB40ECD21B4' and the 1 280 byte strain inclusive contains the string 'OOS68DB4300SCD21' A Mission characteristic string for the DATACRIME II version has not been reported Static and empirical methods confirmed that both versions of the virus perform a low-level format INT 13 function 05 of the BOH 1st Issue 1990 • CRYPTOLOG page PaR 6PPICIAL l fSI J 6NLY 6 aCID 4019716 drive usually a hard disk drive most often named C Additionally this operation will format up to 10 surfaces of a disk Both methods also determined that the text strings printed by the versions of the virus match those reported in public sources The text strings in both strains of the DATACRIME version are stored in an encoded manner instead of plain ASCII As previously mentioned the DATACRIME II version is almost completely encoded Date of Activation Detection There are several ways this virus may be detected One is that there is an increased file size upon infection Another one of the easiest ways is to search for the characteristic string s of the virus is using a tool such as The Norton Utilities l or the DOS DEBUG utility Finally the virus may access other floppy or hard disks in its attempts to propagate It may be detected by such unexpected accesses Recovery Static and empirical methods confirmed that both versions of the virus will activate their mission when the system date is between October 13 and December 31 inclusive ' Our analysis has shown that the average DOS user will find it difficult to recover from this virus Both versions of the virus do a low-level format of the hard disk upon activation which standard DOS utilities cannot overcome The Characteristic Strings best advice for average DOS users who need to Static and empirical methods confirmed that the recover from the malicious actions of this virus publicly reported characteristic strings in the is to seek help from a local expert on DOS DATACRIME version do actually exist in the For individuals who believe themselves capable code The 1 168-byte strain contains the of restoring a system there are really two cases hexadecimal string 'EBOOB40ECD21B4' and the to consider The first preferred case is where 1 280 byte strain contains the string backups of critical data have been kept The '00568DB43005CD21' Additionally we have second case is where no backups have been determined an acceptable characteristic string kept but critical data must be recovered from for the DATACRIME II version which is the disk Note that the procedures below do not 'F8C288BF26CF8F81D9' address the possibility of non-DOS partitions and systems present on the hard disk Specific OBSERVATIONS knowledge of those systems will probably be Based on our analysis of the virus and a review necessary to restore non-DOS partitions We of related information we have some comments will only address DOS partitions here on various issues that are not necessarily • If backups have been kept the following covered by the items of interest we have identified so far procedure should be used by a knowledgeable user to restore the DOS disk partition Development of the Virus 1 Boot from manufacturer's DOS floppy We believe the DATACRIME version was the 2 Restore disk partition table using a tool such first version released because of its relative as The Norton Utilities simplicity in comparison to the DATACRIME II version In addition we believe that the 1 280- 3 Format DOS partition may require an initial byte strain was the first of the two strains of low-level disk format to make the disk boatable the DATACRIME version While the 1 280- and 4 Restore all files from backup EXCEPT 1 168-byte strains both contain duplicate code in executables those with COM and EXE many places the 1 168 has improved efficiency name extensions in some places most notably in the smaller size 5 Reload all executables from manufacturers' The DATACRIME II version however has disks or re-compile local source files to produce many improvements over the original executables DATACRIME version in that it infects both • COM and EXE files and makes primitive attempts to hide itself with encoding 1st Issue 1990 CRYPTOLOG page 7 It IeIAL tT r l L i 4019716 If backups have not been kept the procedure is drive when activated on or after October 13 It much more difff Cult In fact the following is important to mention that owing to the procedure may be more difficult than retyping difficulty we had in obtaining a copy of this text and data files by hand from hard copy virus and given the comments in publiclyavailable sources we do not believe that this 1 Boot from manufacturer's DOS floppy virus has spread widely in the US Therefore we do not rate this virus as any more 2 Restore disk partition table using a tool such important than other currently known viruses as The Norton Utilities However the lesson to be learned from this virus and others is that good prevention 3 Attempt to recover critical text or data files techniques need to be applied all of the time from disk using a tool such as The Norton and not just in times of reported outbreaks of Utilities note that this may require searching viruses entire disk for data blocks related to a ACKNOWLEDGMENTS particular file 4 Save recovered data or text files to floppy disk The following C313 researchers participated in the analysis of the virus in and the re aration r ort 5 Format DOS partition may require an initial low-level disk format to make the disk bootable 6 Reload executables from manufacturers' disks 7 Reload saved data or text files THREAT We feel it is important to address the potential threat of this virus To date there have been very few reported cases of this virus in the US Most of the interest we have seen in this country has been from a technical standpoint or from rumors in press accounts and not from victims who have been attacked and seek a remedy As a result we feel that the current versions of this virus pose a small threat to US systems Research material for this report was obtained from the following sources David Chess IBM David Brown Department of Energy Computer Incident Advisory Capability ClAC Ken van Wyk DARPA Computer Emergency Response Team CERT A Note to Subscribers Note that there appears to be no specific year associated with the actions of this virus If an infected file is executed between January 1 and October 12 of any year it will try to infect other files If an infected file is executed between October 13 and December 31 of any year it will attempt to format cylinder 0 of a hard disk drive It would be prudent for people who detect the virus or those whose disks are damaged by the virus to look for other infected files on the floppy disks they use as well CONCLUSIONS The C313 analysis has shown that the DATACRIME virus does indeed match the characteristics that have been reported through public sources Its intent is malicious and it will format cylinder 0 of the C hard disk The distribution for this issue refiects changes received by COB 4 April 1990 lst'Issue 1990 • CRYPTOLOG • page 8 FOR OFFICIAL USE ONLY P L 86-36 SEl6RET THE CRYPTOLOGIC LINGUIST PROGRAM -j j J1 J' f C QHUR SC UPT 1J 1 -1 iff j4 Iji t 4 hfh H1'1 --f j Jf Tho vrifin§ oi the Uighur tribe in emral Asia lOd westo t C ina in the meriicval lgc s S1Jmetimes written onzcntaily PASSEP SOUPT Established by Kublai Khan in the I th centurY as the official international scritlt of the Great Mongolian Empire KOJ' TURKI RUNES ORKHON SCRIPT The ritu g of pre-Islamic Turkic peoples in nonhero Chma acout the 6th century - P L 0-000 The Cryptologic Linguist Program began with the perception that there is a need to have a pool of multilinguists ready for immediate deployment against language problems as they arise rather than to attempt to identify recruit and train linguists to attack a problem that has already grown to critical proportions The concept is deceptively simple All one needs to accomplish that end is the ability to look twelve months or more into the I Failing that one I takes an educated guess and begins recruiting and training people in languages that appear to be the best bet 86-36 L- D As the present tendency is to follow the inclinations and desires of the individual program member in broadening the language base by family or area as long as the languages fit into the perceived needs of the Agency all three paths are being followed FOUO Linguists are brought into the Program through one of two paths direct hire or on-board recruiting Direct hires have either postgraduate degrees in a language orin a discipline that requires a strong language minor such as history or linguistics or a demonstrated proficiency in more than one language with very high aptitude for learning languages Onboard recruiting is done by advertIsement through M36 to all Agency elements Successful candidates for entry into this threeyear Program are already certified in at least one language and have developed reputations as high achievers in their assigned elements 0060 Administration of the Program is modeled on the intern programs in that members are detailed to six-month tours over a three-Ytl ar period more or less with training in language and associated skills as with interns The major difference is that since the members enter the program with widely varied skills and backgrounds individual goals are stressed more than common milestones When 1st Issue 1990 • CRYPTOLOG • page 9 SEeRET HM1BbB Vb' 60MH'1 OIltY'Jl'lBbS ONtsy EO 1 4 c P L 86-36 I DOCID 4019716 S ORET language skills permit the members tour across groups A' G A W G B etc and field sites to broaden their knowledge and perspective Graduation from the Program is contingent upon fulfilling two con litions certification in a target language or a target language in the case If on-board hires and assignment to a billet in an Operations organization ' TO NEW AUTHORS Once you've written your article the hard part begins--editing your own' work A good writer is 'a rewriter improving simplifying clarifying Sometime stop at library tha has the ms collection of a noted author you'll see evidence of many many revisions ier The Program was initiated on July 1974 with a 'memorandum from LtGen Allen DIRNSAJCSS directing that 'a three-year program be initiated designed to develop a corps of cryptologic linguists performing tasks in support of the linguistic effort of the Agency who are capable of operating effectively in several languages and to emphasize in this group the broad application and development of linguistic proficiency across the cryptologic speCtrum The Office of Techniques and Standards PI was directed' to administer the Program and that administration was delegated to the Languages and Linguistics Division PI6 How to start First set the paper aside for a week or two to develop the flavor as the cookbooks say Print it out double-spaced in a monospaced font Review the hard copy A little distance will give you fresh perspective Obvious flaws will shout at you Mark the changes in a bright color Fix the soft copy reprint it and check for wordiness Every word or phrase should be load-bearing 'Reduce during the FY9I time frame to ' inFY9I 'at this point in time can be boiled down to now Readers just will not wade through thickets of dead wood Reprint Once the text' is lean the organization of thought should be clear Check the first paragraph Will your point be evident to readers and invite them to read on If not reword it Does it look like alphabet 'soup An excess of abbreviations and acronyms is poison Fix it Reprint Do a field test Find a reader a good and true friend who will rp ark the text wher ever there is an unclt ar passage wherever something isn't' just right Take the comments in good heart Keep in mind that not every reader is as up on the subject as you are and might need an explanatory phrase now and then When you've honestly done as much as you can send it on to CRYPTOLOG If you prefer you may' call one of the subject editors for aid and comfort EO 1 4 c P L 86-36 1st Issue 1990 CRYPTOLOG page 10 Ql j ' S130RB'I' ' Ji CGll Q Wl' Cg fNgbS e fbY DOCID 4019716 SBCR A Note on the Linguist Problem '-- IG142 P L 86-36 0 GOO There seems to be general agreement on at least two aspects of the linguist problem at collection staffs in order to enhance their careers there seems to be some justification for this approach One can find former linguists at all levels ofNSA's management structure They probably and linguists are leavwould not have gone as far had they remained ing the language career field because they see working linguists The fact that there are breathbetter promotion opportunities in the management or staff career track This has a deleterious takingly incompetent managers who have someeffect on intelligence production because most of how reached relatively senior positions could our targets perversely persist in using languages reinforce the perception that the management track is a relatively easy and foolproof path to other than English thereby forcing us to rely on career advancement Still one wonders which is linguists to make sense of the traffic While management stresses the importance oflinguists easier to replace a mediocre office chief or a mediocre Hungarian linguist it does not seem to be overly concerned by their exodus since it has taken few effective steps to U In spite of the management's protests lincorrect the problem The one substantive step guists will probably continue to leave the language the FLIP program fails to address the problem as long as the current situation persists In because it attempts to substitute token premium field other words the lack or perceivedlack ofIinpay for what employees really want namely guists stems from certain management decisions promotions that can only be corrected by the management Should management bother to do that c I I --------------------- U It is obvious that we are currently witnessing profound upheavals that will shape the world situation for years to come Since our government finds itself more and more frequently in the uncomfortable position of having to make important decisions on increasingly short notice the need for timely relevant and above all plentiful and accurate intelligence is greater now than at any other time in the recent past 0 300 Even though NSA claims to be an analytic and reporting agency a great deal of its budget is spent on machinery and resources needed to operate that machinery and comparatively little9n analysis including language analysis and reporting Even though we collect and 1st Issue 1990 CRYPTOLOG page 11 EO 1 4 c P L 86-36 SBCRBT I bUIf LE bAt COMH'lT CIIA lBoB ma ¥ P L 8 6- 3 6 P L 86-36 DOCID 4019716 -------1 SECRET 1 - 1It seems to me thatihisis malo- gous to building the Hoover Dam in order to operate a single light bulb The benefits denved simply do not justifyth dstoftheinfrastructur 1 ES 000 In addition to an immediate bOost in the quality and quantity of intelligence production an increase intbe size of the operationS workforce would create more promotion opportunities for linguists and other analysts especially to higher grades and retention in those fields would undoubtedly improve Another benefit would be increased decentralization and flexibility which would also have a beneficial effect on efficiency and productivity Because they are more efficient and flexible for example private companies With decentralized operations consistently post highet profits than those with rigid central planmng 1 U A better solution might be to'shift some personnel and related promotion points from staffpositions to operations Even though they were origi- nally intended to help the operational elements many staffs have over time become hindrances to both operations'and operational elements'interaction with customers and collectors Not only is every operational element down to the office and sometimes division level liberally larded with staffs of its own we seem to have developed a number oflarge remarkably well-marined organizations dediCated to staff and protocol functions Over time these staffs have evolved into sequential choke points through which virtually all information coming in and out of the Agency must pass The cun ent situation IS such that many operational elements are successful only to the extent that they ar able to get around the system often with the help of sympathetic staffers in order to get the job done nother words we have invested much of our resources into a system that now forces us to expend additional resources 'to circumvent it One is almost'reminded of Dr Strangelove who kept trying to strangle himself with one hand and using the other to free his throat In addition to streamlining operations a reduction ofstaffs might even enhance security since it would reduce the number of people who are needlessly exposed to sensitive information 8 000 Shifting decision-making customer relations and collection responsibilities and resources to the lowest possible te analytiC levelwould ensure more timely plentiful and accurate reporting grea'ter resp6nsiven ss to customers'needs and more effective coordinatio It would also identify those linguists and analysts who in addition to technical and linguistic expertise have the background target knmvledge mature judgment and dedication to the AgencY's mission thjJtwould'qualify them for promotion to STErariks Better retention in the language 'field and the consequent improvement in intelligence productioIl would go a long way toward making NSA what it claims to be a true intelligence agency and not a mere collector 0 1st Issue 1990·· CRYPTOLOO • page 12 SECRET IM ffiLE EO 1 4 c P L 86-36 II COJtiHff CH1tNNELS ONUi'O 1 4 c P L 86-36 DOCID 4019716 ISI P L 86-36 THE ROLE OF OPSEC in improving the effectiveness of a cryptologic mission Experience in peacetime and wartime civil and military governmental operations has shown that even where good security programs were being implemented in each of the traditional security disciplines an adversary has been able to acquire critical information that impaired our ability to accomplish the mission OPSEC is an analytical discipline for improving mission effectiveness by denying to an adversary critical information that could impair the mission The term adversary in this context refers not only to hostile intelligence services but also to any entity whose acquisition and use of critical information whether or not maliciously intended could impair the mission OPSEC and the traditional security disciplines are complementary in that they are all directed at the protection of national security information In the OPSEC process however all aspects of an operation are examined including support functions THE OPSEC PROCESS J As could be expected ofany analytical discipline OPSEC has a well-defined methodology called the OPSEC Process It is composed of five steps 1 The identification of critical information about the operation that must be protected This is crucial to the process Operations personnel determine what specific information about an operation must be denied to the adversary lest it be used to neutralize or negatively impact on the mission It should be noted that the question asked is not what classified or sensitive information muSt he protected but what information if obtained could impact negatively on the mission Called critical information it may be unclassified even in classified or compartmented operations All cryptologic missions have information about the activities that must be protected if there is to be the best chance of success SOIlJ e examples are the itinerary of INFOSEC inspections the criticality of communications nodes the specific mission and targets ofa facility degree of success 2 Analysis ofthe mission-specific threat The adversary's technical capability and res urces for exploiting vulnerabilities of the operation and thus acquire critical information are assessed in this step Included in such threat assessment must e a realistic appraisal of the adversary's opportunity and intention to underta e such exploitation the risk itelUbjects itself to in the process and its willingness to accept the risk 1st Issue 1990 CRYPTOLOG page 13 F9R9FFlCIhb lISB 9 1' y P L DOCID 4019716 86-36 implementing recommendations resulting from OPSEC analysis have almost uniformly been modest relative to the high value of the critical information to be protected 5 The application ofappropriate countermeasures 3 Identification and analysis of vulnerabilities It is almost axiomatic that no operation or system can be relied upon to be perfect in this imperfect world Almost every one possesses certain inherentlyexploitable conditions that is vulnerabilities that could permit an adversary to acquire critical information Furthermore at times the adversary can use inherent vulnerabilities to induce still other vulnerabilities in the system Prominent among vulnerabilities is human frailty Frequently OPSEC analyses reveal stereotypic procedures or other poor practices that reveal critical information Because of the high value of the information that can be derived from exploitation by adversaries the cryptologic community must be extraordinarily aware ofvulnerabilities For example some variations of activity at a site may give an insight into its mission when an adversary correlates it with a remote event previously unconnected to the site's role 4 Risk assessment In this step an assessment is made of the impact of an adversary's acquisition of critical information and practical countermeasures to be considered are identified An important and difficult aspect of this step is an estimate of the degree to which the additional or changed countermeasures are expected to reduce the risk and the cost associated with their adoption In the case of the cryptologic community the costs of This of course is the payoff In the OPSEC process the final determination of what countermeasures to implement is made by the managers of the operation or activity since mission accomplishment and resource management are their responsibility OPSEC PLANNING AND SURVEYS To be most effective OPSEC planning must be an integral part of operations planning It is essential that personnel involved in operations planning be versed in OPSEC Where feasible it is also very helpful to have operational plans analyzed by an independent multi-disciplinary OPSEC team The team should be composed of people fully knowledgeable of the details of the operation along with'specialists from intelligence security communications logistics ADP support and so on OPSEC surveys using multi-disciplinary teams are an integral part of the overall OPSEC process In almost all cases the teams can identify critical vulnerabilities that are or would be revealed during actual operations and that are frequently overlooked by personnel involved in routine DIRECTIVE 298 In view of the demonstrated value ofOPSEC in January 1988 the President issued National Security Directive 298 This requires all organizations with or supporting national security missions to establish formal OPSEC programs to plan for and implement OPSEC in their agency's activities and to make sure that all personnel are aware of the threats and that they understand the OPSEC process 1st Issue 1990 CRYPTOLOG page14 P L 86-36 FeR 9FFICf J ' 'SE e1'H Y 4019716 IV IEIP IU lr y III AW 1 3 P L II 'H ow many times have you hean an A ency m nager sa that he or she enjoyed bemg the chief of a lower organization more than being the deputy of the next higher level rganization There seems to be more satisfaction to being the Lone Ranger than being Tonto Yet in this Agency the deputy position serves a valuable role in meeting both mission requirements and personal career goals Being a deptlty should provide a good learning and growth opportunity though it is seldom anyone's final career aspiration This paper offers some thoughts about the various roles a deputy chief may play The deputy position is common in both the civilian and military sides of government It is generally absent in the private sector The conventional wisdom is that profit-dependent organizations either cannot afford or chose not to the overhead expense inherent in deputies When the boss is away someone from the next level mayor may not fill in In one person's words When you are the boss you are always the boss whether you are on a business trip or a vacation If there is someone else in your organization who can do your job while you are away he or she will-and you win be looking for another job 86-36 There is very little in the academic and professionalliterature on the role of deputies Perhaps most authors assume that no self-respecting hard-charging and upwardly-mobile professional is interested inpla ring second fiddle Perhaps it·only reflects the general absence of deputies·in the private sector Or perhaps this absence reflects a beliefthat there is no real need to write specifically about deputies the literature addresses management concepts techniques and ideas that apply to anyexecutive or manager whether chief or deputy rofit-dependent organizations tend not to be as concerned about long-term career paths for their employees If no one in the organization has the skills required for a particular management or executive position the company goes out and hires someone who does Indeed managers and executives in the private sector often progress along their career paths by moving through a number of companies Our unique business demands that we have a stable experienced and highly trained workforce Our policy of promoting from within not only helps us keep a high employee retention rate but also ensures a pool of qualified people 1st Issue 1990 CRYPfOLOO page 15 fQR Q fl' ICllib lJSFl Q lb¥ DOCID 4019716 capable of stepping into higher management positions when needed The deputy position enhances the ability of our system to provide qualified people to move up The primary justification for a deputy is work load When the work load is so great that a chief cannot handle his or her responsibilities without excessive stress the health of the organization and the individual may suffer nother gnificant re 'ason w ich sho 1d be related to the first IS to proVIde a trammg opportunity The deputy role permits someone who previously was concerned only with a more narrow perspective to see a larger one It allows the person to learn how to manage the larger organization and to work in the bigger picture- and do so with less risk to the mission and health of the organization than would otherwise be the case In meeting these two goals the position also serves as a testing ground for potential chiefs 11 The role any deputy must play depends on the chiefs style and wishes Generally speaking deputies have to repress their own egos in favor of their chiefs' Loyalty and patience are required traits Secure chiefs will not want a mirror image of themselves The prime responsibility ofsubordinates is to give the bosses their best professional judgement This is especially true for a deputy The value ofa deputies may be measured by the work load they can absorb from the chiefs and by the manner in which they complement the skills of the chief Some of the roles a deputy may play they are not mutually exclusive include • Advisor All subordinates especially deputies owe their supervisors their best professional judgments This means telling the chief what the deputies believe is right not just what they thinks the chief wants to hear This requires a chiefs who are willing to listen to ideas and judgments that may be contrary to their own The advisors also haveo be mature enough not to sulk or feel threatened when the chiefx do not accept the advice offered • Assistant Deputies as assistants help the chiefs in all or most organizational matters The two truly share the organizational work load with the chief making the final decisions and signing off on fuiished products Sometimes the chief delegates certain functional areas to the deputy who then acts as the final authority for the organization • Team member The deputy works as an equal partner with the chief although the chief as in all cases retains ultimate responsibility This may require a chief who is more interested in achieving organizational objectivesthan'worrying about whose idea something was It also requires a deputy who does not try to upstage the chief and who is more interested in successfully reaching org za­ tional goals than gaining personal credit • Back Up The deputy as back up is one who stays fully informed on the chiefs policies concepts wishes etc but steps in only when the chief is absent • Project Manager In the project or task manager mode the deputy handles only spe cific projects assigned by the chief This allows a deputy's special interests or talents to be concentrated on special problems or issues vital to the organization • Intermediary In this role the deputy serves as the communications link between the chief and subordinate supervisors and or the non-managerial ranks The deputy may serve as the people-oriented member of the management team while the chief fills the task manager role • Inside Person In this role the deputy manages the internal operations of the organization while the chief does the outside political or public relations work • Student The deputy position permits the incumbents to improve management skills and increase their expertise in the organization's technical areas of responsibility The effectiveness of a deputy may not be easy to measure except in contrast with periods of prolonged absence The standard of measure- 1st Issue 1990 CRYPTOLOG page 16 FeR eFFI6f d USE m LY - DOCID 4019716 ment in the absence of a deputy would include the chiefs work load growth the increase of stress and the organization's efficiency eputies may be most effective when they absorb work load the chiefs do not covet when they provide skills in which the chief is either lacking or simply does not excel and when they are able to facilitate communications within the organization Deputies are also effective when they serve as peer-level sounding boards for management policy or personnel matters From a chiefs point of view the effectiveness of a deputy may be measured in the sense of comfort the deputy provides to the chief Serving as a deputy does offer a number of positives It offers a chance to contribute to the organization's mission while learning more about the big picture And it allows the deputy to study the chiefs managerial style up close and personal A deputy can attack organizational problems that otherwise might not come to the attention of the chief or on which the chief would not have time to focus And a deputy may be able to propose ideas and· solutions to issues that might be overlooked because of operational pressures on subordinates II 1 II here are maw books too ofco The primary one is that a deputy's effectiveness and utility is directly dependent on the style of the chief It is easy for hard-harging deputies to become frustrated Depending on the style of the chief authority to act may not be there and perspectives and ideas may be filtered Exposure to Agency executives may be diluted and the ability to directly influence actions may be less than expected Deputies serve a valuable role in meeting the challenges this Agency faces and the position can serve as an important rung up the career ladder The success of any particular deputy depends as it does in most things in life on the incumbent's professional and personal skills and a degree of good luck 0 KRYPTOS Cryptanalytic Literature Competition open to all NSA employees closes COB 30 June 1990 Papers may treat any topic in the broad category of professional cryptanalytic literature including dl attacks and techniques relating to cryptanalytic problems cryptanalytic research cs history of cryptanalysis other subjects relating directly to cryptanalysis such as target studies cryptologic trends from the point ofview of cryptanalysis computer support of a cryptanalytic problem dl Papers written between 1 July1989 and 30 June 1990 are eligible They may be written specifically for the competition Entries may carry a classification up to TSC Compartmented papers will be considered only in extraordinary cases Criteria cs Is the paper an original discussion of a cryptanalytic subject c i Is the paper well written Is the subject presented well Can the reader with a suitable technical background but unfamiliar with the subject understand the paper and by reading it gain knowledge about the subject dl Does the paper constitute an important addition to the body of cryptanalytic literature To enter send four copies to L - Is Issue 1990 • CRYPTOLOG • page 17 FOR OFFICfAb USE OPib¥ 1A547 Ops 2A P L 86-36 4019716 The following is reprinted with permission from R5 Tech Briefs July 1989 'Literature Reviews and Recommendations Written by some ofDave 's friends · it is a tribute to a model professional CRYPTOWG is proud to have been among the beneficiaries ofDr Harris's many efforts to inform and inSpire ' t David Harris in memoriam lI David Harris passed away at his home on 14 July 1989 after having served o er 10 years with NSA It is appropriate to write of him here as his contributions carried 99% ofthis column since this magazine began publication last year His passing will mark a large change in R5l's activities and reports as others try to take up only some of the many thing thatDave did so well L -_ _---I D To describe what Dave Harris has meant to R51 and to the National Security Agency perhaps it is best to begin with a parallel from a novel of Chaim Potok The conflict in The Chosen revolves around whether the main character will take up the career for which he seems to have been chosen by his brilliant intellect his insight and his com· mand of an immense body of knowledge In the case of Dave Harris we were fortunate that he decided to join our business rather than pursue an academic caree in the field of Algebraic Geometry FOUO Having chosen this alternative career Dave plunged into the world ofcryptomathematics wholeheartedly In February 1979 he began his career with NSA entered the class of 1982 PI Cryptologic Mathematician Program CMP and had very productive tours in G95 RH G42 AM and S61 Upon graduation from the CMP he joined R51 where his great energy organi'zatiott and breadth ofniathematical knowledge made him invaluable R51 'the office ofMathematical Research he played increasingly important roles as researcher teacher and leader In U In conducting research on a variety of problems Dave drew not only on his previous broad academic background but on his great versatility and quick grasp of new fields He soon became expert in several areas of statistics with applications to our problems most notably the interplay between moments problems and Pearson curve fittingwhich is recorded in his article in the Proceedings of the NSA Mathematical Sciences Meetings His intuitive grasp of cryptomathematics is illustrated by the fact that the credit he re'ceived for MA-250 came from his teaching the course despite not having taken it preViously himself ' lI In seminar and informal working discussions Dave could always be counted on for relevant and perceptive comments and suggestions on how best to attack a problem or rethink a process in order to extend its generality and applicability Several of his particularly insightful solutions to statistical consulting problems earned him Letters of Appreciation during his two-year assigrunent in R513 the Statistical Techniques Division He was eager to consult and his interest in statistics was also shown by his membership in the American Statistical Association and the Institute ofMathematical Statistics R513 is deeply appreciate of his work 1st Issue 1990 CRYPrOLOG page 18 FeR OFFIClltb SE OPiJ ¥ DOCID 4019716 and interest in NSA statistics during and after his tour there U Examples of his contacts with outside academia were his survey ofwork on the Mordell Conjecture which appeared as one of the prestigious expository articles in the Notices of the American Mathematical Society for June 1986 and his correspondence with Professor Nicholas Katz ofPrinceton University on some deep conjectures concerning Kloosterman sums over finite fields of characteristic two U As a teacher with an interest in passing on and fostering knowledge in classified and unclassified mathematics Dave Harris kepthis finger on the pulse of developments in an amazing number offields and communicated pertinent summaries through the R51 Seminar these literature reviews his famously comprehensive and incisive trip reports often numbering 5 10 15 and even 20 pages in length as well as individual research papers During his record-breaking term over five years as coordinator of the R51 Seminar Dave molded it into an institution with his own personal stamp The R51 Seminar was carefully planned to continually survey the major new developments in all corners of NSA and was incidentally an area where his skill with words and love of puns were strongly displayed The speakers usually found that the most perceptive questions and observations came from Dave himself as he would do his homework by reviewing the speaker's previous work on the subject before attending a presentation U The literature reviews need only be mentioned to our readers to recall the breadth of coverage personal insight and craftmanship ofcomposition displayed every month Similarly his coverage of a Mathematical or Computer Science conference was unequalled from his advance planning and surveys of talks for coverage through his careful note-taking at as many talks as he could possibly attend at any conference or seminar and his very detailed reports In his individual research papers on classified topics he took up themes ofinterest for their applicability while a natural instinct for teaching led him to keep a supply of problems An excerpt from his contribution to the publication commemorating his 25th Harvard class reunion I have been reasonably happy with my job It allows me to dabble in whatever subject comes to hand I still consider myself a mathematician Recently I have been trying out the hfghprestige career of Defense Department manager I try to serve others and help them do whatever they do well I would like to advertise President Bok's bynow-forgotten speech at the 1988 commencement He dealt in part with the problems of preserVing a government competent to handle the tasks we assign it When people run down government employees they discourage capable people from getting involved If you believe our present system inadequate to handle the problems facing it or that it is going the wrorig way from time to time do not stay safely on the sidelines telling us that we cannot do the job You are right I will probably fail to make any difference The politicians of both parties do not help But I do try my best to move things in what I think is the right direction In the present world of scarce resources for government math and science are competing with housing for the poor How shall we juggle priorities in this situation Whatever you and I think these needs are not likely to be met by cutting the national defense whenever money is needed Math and science cannot afford to be parochial in assuming themselves the highest public good And the pragmatists and humanitarians cannot ignore the need to arrange for the future A proper balance between the long and short term pure and applied pragmatic and humanitarian must be sought It is important that these decisions not be made in the typical way -in accordance with the relative strengths of the lobbies involved each acting in its narrowly conceived self-interest Those willing to try to strike the balance on broader grounds must be discouraged Currently the American system in government and industry acts to encourage managers to consider only payoffs that will become apparent during their own brief tenures in office UNCLASSIFIED 1st Issue 1990 CRYPrOLOG page 19 FQR QFFICll b YSJij 9Nb¥ DOCID 4019716 suitable for those just beginning to study cryptomathematics U During 1988 and 1989 Dave took a turn as Division Chief of R512 the Consulting Division within R51 Here his sense of personal responsibility and integrity contributed to a selfless period of service to his fellow researchers and to the future good of our organization He functioned alternately as cheerleader planner and advocate of his employees He sought to provide a dialogue on organizational goals on technical ideas on what role management played in R51 And in keeping with a typical Dave Harris style he produced toward the end of his term of office a closelyspaced tersely written 4 1 2 -page set ofinformal notes Survey of the Job of an R51 Division Chief He planned thoroughly for his meetings with management tried his level best to advallce the concerns of those beneath him and generally took on the role of a caring and concerned parent I BULLETIN BOARD CQUNDERNEWORG TION U The Cryptologic Quarterly NSA's professional journal is now published under the auspices of a new organization D9 the Center for Cryptologic History The Chief is David Gaddy OPS 2B 9631891 Submissions to CQ should be sent directly to the Managing Edito 1 p91 SAB 2 D or22 972-2235 I I FOR TRAFFIC ANALYSTS U In his building of mathematics within R51 ill his alternative career as researcher teacher and leader oQe fact aboutDave HarrisesPElcia Ily struck those ofus privileged toyvotk yvithhim he was a thoroughlygood man He put the good of others beforehiso thegrowthof knowledge before persoruU dvancement and was truly the rigl1teolls man spoken of in Chapter 18 of Genesis P L 86-3 CASOFTWARE RUNNING ON UNIX Cf tJ CRYSCOM has initiated an exchange program for CA software run ning on UNIX contributed by various CA organizations Available are complete packages individual programs and subroutines For a complete list please get in tol lchWitill 2CRYSCOM Exec P13 963-3045 0 CRYSCOM Chairman PlIA548 963-1464 or one of the following points of contact J I Editor's Note a Just small fraction ofDave's many reviews and reports that appeared inR 51's Monthly Research Summary have'been' republished in CRYPTOLOG There still remains a considerable backlog on which we will continue to draw from time to time A sarry ple appears on page 24 of this issue Dave was most gracious in giving CRYPTOLOG carte blanche on publishing his writing FeR eFFIClAI USE eNI ¥ 1st Issue 1990$ CEYPTOLOG $ page 20 FQR QFFICIAb J iQ I Y I DOClD 4019716 SECRET The Mysteries of JrAMMA r y yCxllllO TO TplToV YPOIlJ 1gTQV AATlV AcpO TOV 5EVTEpOV aVJ 1q WVOV· Ws ap epT T aVJ 1 30AOV y' 3 TplToS Koi y 30QO Richard D Sylvester B -eeo Many people who have been granted GAMMA access have only a vague understanding of what this special access is or they have no idea at all what it constitutes GAMMA is an unclassified coverterm used to flag especially sensitive Category III COMINT product The term signifies that the product requires maxilnum security protection for one or more of the following reasons for assignment of sensitive COMINT to the GAMMA series are made to DIRNSA through the GAMMA Control Officer for DDO approval NSA keeps the National Foreign Intelligence Board· NFm informed ofthe nature of the iruormation placed in this series and justifies each assignment in such detail as to convey the security risk inherent in dissemination of the information POUO The dissemination of GAMMA rep9rtiiit 8 6 - 3 6 tightly controlled To assure properhandiing lP 1 4 c GAMMA information the DD Oriorinates and DIRNSA appoints Control Officer GCO who isresllOnsible for all aspects of the haDdli ganddistrib tionofG material and Irillintainirig records of that SIGINT which· requires GAMMA protection I a 9AMMA -ter Although the term GAMMA used alone IS unclassified the fact that the term is related to COMINT is classified at a minimuni CONFIDENTIAL In addition InformatIon which has been reported in GAMMA product reports may not FOUC For additional classification guidan concerning the GAMMA con rol system ntact be referenced in non-GAMMA product nor rethe the appropriate person at y our DiV Sion Office vealed to personnel not cleared for GAMMA aclor Group level or the GCO in P0522 ir refer 10 cess DDO is the authority responsible for identify- ---- ing that COMINT which is to be handled in GAMMA product reporting channels Proposals 1st Issue 1990· CRYP'I'OLOG· page 21 SBeHBT IhtdHlLE VIA eOMHff CIIMHl£LS nU P L 86-36 DOCID 4019716 _______1a96 P L 86-36 1t Thoughts on fa E1'1 Ill 5 faT • Ill iHUj t1 E f1 r IIlIJ 1 '1 fa f1 years I have kno to be one ofthe best sorting packages available Now however I find that some of the others which I thought to be efficient are not so hot P L 86-36 ·1 Many or the good routines are merely drivers fo No doubt the sort algorithm s used by should and will have a major influence on future sorting ordering and possibly heaping routines Algorithms to save the top-n best answers which I'll group under heaping are related to but should be considered separately from sorting and ordering When heaping we have a large degree of control concerning the format of the heap - that is the heap is already ordered in some way when the next answer is about to be inserted Heaping require that the heap be continually updated as new best answers are produced Sorting and ordering require less interaction with calling programs and the algorithms used can dynamically allocate and release space as needed Heaping requires dedicated space for the duration of the heap 1st Issue 1990· CRYPTOLOG· page 22 FeR eFFICIAb HSE mJbY P L 86-36 4019716 GENERAL COMMENTS What commercial routines are availal lle Or ones from academia p L 8 6 - 3 6 While conversion f r o m l l to UNIX is a tremendous burden it is also an opportunity to review revise and consolidate major processes Ordering sorting heapingis one of the topics which deserves and requires a great 'deal of attention since applications of such routines are so pervasive - ' •·0 •· •• •• • •• •• e' ABet ter Wall •• ••• • • • Share your findings with your fellow analysts • • • •• Write it up for CRYPTOLOGI •• •• •• •••••••••••••••• '• • • • • •• • • • • • • • •• • • • Ask An ad in Bulletin Board will bring results ••••••••••••••••• • • • •• Competitive rates • Satisfaction guaranteed • ••• •• ' • ••••••••• lastIssue 1990· CRYPTOLOG· page 23 P L 86-36 FeR eFPICML tiS 6NLY DOCID 4019716 eeNPfBIilN'fIAL Technical Literature Report u S Radziszowski D Kreher 1988 Solving Subset Sum Problems with the L3 Algorithm Journal Combinatorial Mathematics and Computing 3 April 1988 pp 49-63 This paper proposes a Lanczos-like algorithm consisting of repeated applications of the Rayleigh-Ritz RR procedure to a sequence of subspaces which converges to the desired invariant subspace The RR portion of the algorithm is highly structured din a way that the author hopes will lead to significant computational savings at little cost in memory All the computations lend themselves to parallel implementation The author's goal is an adaptive formulation of Schmidt's MUSIC algorithm or alternatively an adaptive eigenvector beamformer in which the weight vector for an array of antennas or sensors is determined from the eigendecomposition of the received signal covariance matrix The authors are interested in what most people call the knapsack problem and in U Robert M Kuhn 1988 Curves of Genus particular with speeding up attacks on it using 2 with Split Jacobian Trans AMS May 1988 307 1 pp 41-49 the lattice basis reduction algorithm They reduce the number of multiprecision operations i€7- An algebraic curve has a split jacobian if needed The authors also use a direct search its jacobian is isogenous to a product of elliptic for short vectors to complement L3 The curves Given a curve X of genus 2 and a map authors claim the run time is an order of from X to an elliptic curve E then X has a magnitude better than that of Lagarias and split jacobian but the complement to E in the Odlyzko and that as a result higher density jacobian of X is not uniquely determined subset sum problems can be solved While However under certain conditions there is a there is no proof the new algorithm beats its canonical choice of the complementary curve E' competitors there are practical examples that and the map from X to E' Kuhn shows this this is true The authors give some ideas for and gives an algorithm for finding that curve further improvement The construction works in any characteristic other than 2 Applications are given in characteristics 0 and 3 U Daniel Fuhrmann 1988 An Algorithm for Subspace Computation with Application in Signal Processing SIAM J Matrix Anal Appl 9 2 April 1988 pp 213-220 There are many situations that involve using eigenvectors eigenvalues or singular values to recover information hidden in a matrix An algorithm for computing the eigenvectors corresponding to the m algebraically smallest or largest eigenvalues of an nxn symmetric matrix A is given where m is small compared to n In addition to cryptanalytic applications such methods come up in signals processing as in the MUSIC algorithm for bearing estimation When n is large and A is structured the Lanczos method and its variants are best W 660 In theory the analysis of such splittings is relevant to solving the discrete logarithm problem on the jacobian a Harris upgrade of a suggestion of Mike Paul The degree of the isogeny is crucial to any crypto application and turns out to be the size of the kernel of the direct sum of two maps The jacobian of dimension 2 is the next step up from elliptic curve discrete log problems Of course it is not clear this will ever be of practical importance Split jacobians are used in the theory of abelian varieties to construct counterexamples and families of curves with maximal numbers of points in finite fields The study of coverings of curves by curves is at the heart of the paper 0 1st Issue 1990 • CRYPTOLOG • page 24 eS U'IBEN'fIAL IIANBLtJ VIA eeflllIN'f CHANNELS ONLY DOCID 4019716 Review The Cuckoo's Nest by Cliff Stoll Doubleday New York 1989 P L 86 '36 Reviewed···by ··IL - 1P13 U A German computer hacker penetrated a computer at Lawrence Berkeley Laboratories LBL in August 1986 This caused a 75-cent discrepancy in the system accounts Clifford Stoll an astrophysicist who had run out of grant money was given a job at LBL computer center and as the newest programmer was asked to check the discrepancy Thus began a frustrating and fascinating international hunt that lasted for a year finally leading to conclusive evidence of a KGB link to a ring of German Hackers U In The Cuckoo's Egg Stoll has written an intriguing and suspenseful tale of computer sleuthing bureaucratic muddle and indifference and the exploits of a cunning hacker counterpointed by the tenacious struggle by a single concerned scientist determined to find the unknown hacker One of the ironies revealed by the book is that the thicket oflaws and administrative restrictions established to protect the privacy of communications in fact make it almost impossible for computer managers telecommunications operators or Government agencies to detect or pursue hackers who penetrate computers and E-Mail systems Unchecked the penetrators can read or alter anything they want within th computers U When Stoll began to investigate the 75-cent discrepancy he found an unregistered user 1990 CRYPTOLOG page 25 FQR QFFIClhb YSI J QNbY IS1 Issue DOCID 4019716 • ' Kf L I SECKENHE V W ST GERMANY 1 u S ARMY 11I 24TH INFANTRY FORT STEWART GA u s AIR FORCE ' w k • U S NAVY COASTAl SYSTEMS i COMPUTER CAMBRIDGE MAo PANAMA CITY Fl -- lr ARP NET MIT MX COMPUTER ' MilNEr rCSClIfch ana military computer netWorks AIT CKS ON 80UT COMPUTERS 4QO MILNEr Hunter had been using the LBL computer One day later an E-Mail complaint arrived claiming that some LBL Unix user had tried to penetrate a DOCKMASTER computer in Maryland Checking showed that only one LBL Unix user Sventek was logged in but he was in England with no access to the computer There was no clear proof of a hacker just circumstantial evidence Stoll's superior was unimpressed and demanded proof Stoll began to secretly monitor who was using the Unix system and soon saw a log-in by Sventek Stoll traced the port By chance a hardware technician who knew the computer center communications complex had been collecting statistics on who had been using the communications switehyard This showed a 1200-baud connection which meant an outside phone line The discovery narrowed the search to about 50 phone lines So Stoll decided to tap the 50 phone lines and printout the modem traffic - so that the hacker could not detect from inside the computer that the E-Mail was being intercepted Stoll's girlfriend a law student assured him that since he was not the Government he didn't need a warrant p 20 With a clear conscience Stoll borrowed 50 printers teletypes and portable computers on a Friday night in September and printed out all the EMail traffic keystroke by keystroke One of the printers had 80 feet of printout and evidence of how the hacker operated U The transaction sent through Tymnet showed that the hacker had been on the machine for three hours and used a special editing program called Gnu-Emacs which allowed him to bypass the Unix controls to change a Unix program ATRUN The hacker then used the changed Unix operating system to make himself a privileged user The original ATRUN program was replaced and all trace of the transaction erased This was like a cuckoo bird laying its egg in another bird's nest to let the victim hatch the cuckoo's egg Once the hacker became a privileged user he could bypass all the privacy protection in the computer Without the warrantless wiretaps this penetration would have 1st Issue 1990 CRYPTOLOG page 26 FaR aFFICtAL USE O'PlL1 DOCID 4019716 been undetectable for the hacker's penetration program was watching for internal surveillance In time Stoll set up an interception system that not only spotted and recorded the hacker's transactions but signalled him in morse code on his telephone beeper so he would know instantly day or night when the hacker was on the line V Maclean VA Further work showed that the hacker was getting across the ocean into Mitre and making Mitre pay the phone bill for both the incoming transatlantic calls from Germany and numerous outgoing calls around the VS Mitre refused to believe that was possible Stoll set up a sting operation with counterfeited classified documents Government interest V The hacker was not content just to penetrate vacillated Stoll was told repeatedly he had only into the LBL computer but got into university and one more week to catch the hacker The FBI government computers allover the VS and closed the case Stoll discovered the hacker had abroad V sually the system managers had no hint passwords to a number of systems and knowing of any trouble until Stoll reading his intercepts from his intercepts that the hacker had been called them and told them what to check for stealing encrypted passwords deduced that the Without the year-long accumulation of intercepts hacker used the published encryption algorithm to the extent modus operandi and source of the encipher dictionary words until he got matches hacking could never have been determined with the encrypted password files U In due course Stoll and LBL contacted the police the FBI NSA CIA AFOSI Tymnet and the German Bundespost The carriers Tymnet and Bundespost were very interested and energetically traced calls whenever Stoll's pager signalled him Eventually this found the hacker who had started working for the KGB after he was able to copy sensitive un lassified military files But for most of the complex network investigation the FBI was uninterested because there was nothing they could prosecute the National Computer Security Center at NSA considered domestic monitoring as prison term stuff' and stated We're here to make computers more secure not to catch criminals In spite of the caveats CIA NSA FBI DOE and the Pentagon did in fact keep up with the case asked Stoll for copies of his intercepts and invited him to tell his story to very high level audiences The Defense Department sealed up its computers to prevent penetration But what the agencies could not do was intercept trace or pursue the hacker V V Stalled by the C P telephone company who would not tell him where the hacker was getting into Tymnet Stoll finessed the long distance operator into revealing enough information to track the connection back into Mitre corporation in V POUO Then in April 1987 a letter from Pittsburgh p 64 in response to the sting enabled FBI counter intelligence to show a KGB link via the B lgarian secret service This revived official interest and exposed a team of German hackers selling Vnix operating software copied from US military computers and some passwords into military files to the KGB This led to a prosecution in Germany which concluded in 1990 with the hackers convicted and set free because under German law they had not caused serious harm to West Germany Reuters 15 Feb 90 Another point in the German case was that Stoll's intercepts could not prove that it was the same individual who was penetrating into the LBL computer ibid That bizarre legal outcome was typical of the mismatch between the law and the actions and effects of the hacker i'QYQ The book which has become a best seller draws a rather unflattering portrait of interagency buck passing and turf battles Stoll tracked the hacker down despite all of the resistance and indifference because he got involved and because he had enough freedom to pursue the trail where it led by any means he could devise In his quest he pioneered in a number of techniques of network investigation useful tools in computer security 1st Issue 1990 CRYPTOLOG page 27 FQR 9FFICI-Ah l JSE 6l LY DOCID 4019716 F6UO This raises an interesting point about privacy laws Stoll's initial intercept of 50 phone lines was done without a warrant in early September 1986 when there were still no legal restrictions on intercepting data traffic on telephone lines The local phone company would not trace the hacker's calls without a warrant even though a warrant was not required However Stoll continued to monitor all the traffic over four telephone lines connected to Tymnet and sent printouts of the intercepts and logs to various government agencies Without the intercepts and logs the search would never have led back to the hacker and to the KGB U PL-99·508 which changed the interception law went into effect on 21 Oct 1986 The law codified in 18 USC 2510-11 does not authorize computer managers to monitor content of electronic communications New laws concerning computer networks in 18 USC 2701-2 came into effect only at the end of 1988 and they also do not authorize intentional wiretapping nor do they authorize disclosure of deliberate interceptions to a law enforcement agency 18 USC 2702 b 6 depends on whether the system operator is considered a party to the communication 18 USC 2511 2 d Usually the system operator is not a party to the E-Mail communications just as a PBX operator is not a party to voice communications Government agencies are not allowed to obtain or use the contents of intercepts unless they satisfy the interception laws 18 USC 2511 1 d All LBL computer users coming in through the Tymnet lines were intercepted even though they were not engaged in any wrongdoing and had a right to all the privacy the law provided The Hanover hacker was deliberately trying to avoid the system operator because he did not want the system operator to be a party to the transaction U The new laws permitting certain disclosures of information stored in computers apply only to organizations providing remote computing services to the public 18 USC 2702 a 2 Since most computer networks require password access they are not available to the general public in which case the operators apparently have no legal authority to disclose information even ifit was inadvertently obtained There is a private organi U What Stoll's book illustrates in spellbinding zation CERT Computer Emergency Response detail is that purely passive measures of defendTeam at Carnegie-Mellon University chartered ing complex modem networks against skillful by DOE to respond to hacking viruses etc but attack are inadequate Without network investiga- its authority to do anything but advise is very tion techniques Le domestic interception records unclear It is also not clear that US privacy laws keeping and general search over suspect channels or computer crime laws can be applied to a person Stoll searched 50 lines it is impossible to get outside the US - the Germans applied only their enough information to detect even very serious own laws to the German hackers Finally as the threats to security and privacy German courts pointed out no one could prove that it was the same person on every call or that FOUO Law enforcement agencies cannot get he was causing any specific harm warrants for general search and they usually cannot tell who is hacking or which circuit will be U Thus in a beautiful paradox the laws set up used Those specific data are required for interto protect the privacy of citizens against governception warrants 18 USC 2518 4 The carriers ment surveillance ironically shield the activities of can check every voice circuit they operate but not hackers or malicious penetrators from any surveilfor content 18 USC 2511 2 There is no author- lance so they can tamper and exploit the files and ity for carriers to monitor non-voice traffic The communications oflegitimate E-Mail and comauthority of computer center operators to interputer users leaving them as defenseless as an cept the content of all the communications in and unknowing cuckold 0 out oftheir computer complexes is not clear for it 1st Issue 1990· CRYPTOLOG • page 28 FOR OFFIOfM a USB OPHilr DOCID 4019716 the earlier work and in Part Three by the solution to the mystery of the Oslo Report Review Professor Jones began his postwar intelligence career in 1952 when Churchill asked him to leave teaching in Aberdeen and become his Director of Intelligence Less than two years later having observed and evaluated all aspects of the intelligence scene and completed ' a report he resigned and returned to his students Contributing to his decision was his dissatisfaction with the treatment of atomic energy as something apart from other intelligence and his objection· to the assignment of ELINT to GCHQ which he believed to lack the expertise to deal with it Reflections on Intelligence by R V Jones 376 pp Heinemann London 1989 Reviewed by Vera Filby E4 Among the procession of now-it-can-be-told books on the history of World War II published in recent years one has stood apart from the rest for its focus on the scientific and technological aspects of the war and its view of events from the highest levels of science and government In Most Secret War R V Jones now Professor Emeritus of Natural Philosophy of the University of Aberdeen recorded the struggles and achievements of military science and technology in Britain and his role as scientific adviser to Prime Minister Churchill Jones was the man responsible for breaking Germany's new navigational beacon system which could direct Luftwaffe bombers with devastating accuracy His special work with radar was instrumental in the successes of the Allied bomber offensive and the preparation for D-Day The present book is a history and appreciation of scientific intelligence and activities related to intelligence from the prospective of half a century's involvement in the field The main body of the book Part One addresses the philosophy and ethics of intelli gence and the activities of security and deception This is supplemented in Part Two by postscripts to Under the heading of intelligence ethics the author discusses respect for allies diplomatic bags covert action assassination privacy and other facets of intelligence all of which encompass irreconcilable contradictions These short essays in a style characteristic throughout the book combine instruction commentary conclusions reminiscences and lots of anecdotes and good stories Some of the stories are old but they are retold here by a master often with new insights and always with sparkle Official secrecy requires a chapter of its own which begins with the observation that the balance between too much and too little has been pondered at least as far back as Francis Bacon The author relates with undiminished indignation his own run-ins with security in connection with official suppression of information already released to the public On a different note he recognizes the marvel of the silence faithfully maintained for 30 years by thousands of people to protect wartime cryptologic security He attributes this in part to the system of security developed by the British and adopted also by the Americans and in part to the loyalty that all felt to others who had participated in the great effort But the best and most secure system cannot protect against'leaks disclosures and indiscretions by those outside its authority Such violations may be committed because of carelessness indifference to security arrogance or for personal advantage or political motives or for some combination of reasons A classic case of political motivation occurred in the 1930s when Prime Minister Baldwin exposed 1st Issue 1990 • CRYPTOLOG • page 29 FeR eFR€IAL USE O'P'lL¥ DocrD 4019716 the content of Soviet decrypts resulting in the los8 of the SoUTce Politics can also have the opposite effect - the suppression of information that ought to be made known Here again Baldwin provides an example by his withholding of evidence of German rearmament on the grounds that the public might be so upset as to cause the loss of the election In discussing insecurities nearer to the present Professor Jones mentions self-importance as a possible factor and cites damaging comments by politicians during the Falklands crisis Subsequent chapters explore the interrelationships of intelligence and security intelligence and deception and intelligence and command Each could serve as a textbook on the subject The book changes course at this point and turns back to the beginnings of modern military science and technology Here the author presents a history of World War I weaponry and military science and in doing so pays tribute to to the scientists and inventors whose work was so largely responsible for winning both wars Subjects covered include radio sonar chemical warfare air warfare infrared atmospheric research and several others Radio was already well established and had been used in the field during the Boer War but World War I inspired a great expansion in its development Along with it cryptology flourished and brought forth its miracles only to be dismissed and neglected after the war until it was urgently needed for the next one While some scientists were creating the weapons of war others were applying scientific methods and mathematical analysis to military operations both tactical and strategic The author credits the invention of operational science to Benjamin Franklin recounting a story about Franklin's mock estimate of the cost per head of killing Yankees This introduces stories of extraordinary men and their accomplishments Told in Professor Jones' vivid and witty style they make most entertaining reading Not surprisingly the scientists' new and unorthodox ideas were not always welcomed in military circles But iessons were learned and as World War II progressed operational research groups were 1st Issue 1990 established in various commands to provide analysis assessment and advice The rise in the power of scientists and their influence with national leaders brought problems of conflict responsibility and conscience Professor Jones comments on these concerns and the crises' of conscience that the uses of science in war particular ly nuclear energy have caused 'and concludes Neverthe-less I think that in general scientists need to take the risk of brin'ging political leaders into their confidence and that reciprocally scientists have a special claim to be consulted about the exploitation of their ideas If as in the case of nuclear weapons these ideas offer horrifying prospects it is better in the long run that national leaders and populations generally should be soberly aware of them a Part TWo is mixed collection of short pieces which supplement or complete stories left unfinished in Most Secret War Responses to that book brought an abundance of new contacts information and insights Official documents declassified and released after its publication revealed or made usable still more material As his first postscript Professor Jones recalls the Polish cryptanalysts who escaped after the German occupation of Poland and succeeded despite great difficulty and danger in getting their knowledge of the Enigma machine through to the French Stories follow about members of the resistance movements and other wartime friends and colleagues Churchill and other national and military leaders and former German enemies There are episodes of risk and sacrifice missions lost and missions accomplished intelligence efforts - Peenemunde for example revisited Along with these are accounts of the author's adventures and happenings as he followed up the leads generated by his book NSA readers will enjoy the story of his visit to Electronic Security Command Headquarters and a slew of other U S military research and industrial establishments including NSA Professor Jones had a very good time The document called the Oslo Report was sent anonymously by mail to the British Embassy in Oslo in November 1939 and forwarded to London by the Naval Attache It has been a center of controversy ever since It consisted of seven typescript pages and a sealed package The papers contained information on a German glider bomb torpedo fuses radar and other CRYPTOLOG page 30 FeR eFFI€lAl USE m LY DOCID 4019716 weapons and devices in the box was a trigger part This unexplained gift was regarded with suspicion by almost everyone who knew about it except Jones who believed in it and used it to guide him in his assessments of future German developments It proved reliable time after time and on one inspired occasion a reference in it was combined with an ULTRA decrypt to reveal that a distance-measuring beam had been added to the German bomber beam-guidance system Professor Jones describes in considerable detail the strenuous but fruitless efforts of many searchers including investigative journalists to identify the unknown source and in even more detail his own wide-ranging and finally serendipitous efforts In 1954 he learned the identity of the author and knew that he was a noted German scientist and mathematician an MATHEMATICA Wolfram Research expert in electronics At last in 1955 at a P L 86-36 Champaign IL conference in Munich Professor Jones met Professor Hans Ferdinand Mayer of the Reviewed by IR562 electrical firm of Siemens Halske He did not tell this story in Most Secret War for he symbolic mathematics language Mathematica has been used in two roblems reasons of privacy and a continuing ne IS cons rue mg a requirement for security P L 86-36 primitive irreducible polynomial of degree 256 Hans Meyer had been with Siemens for many over GF 2 namely x256 x iO x5 x 2 1 It years and was on a business trip for the firm is known that there are no such polynomials in Oslo in November 1939 By that time he with two three or four terms and this one is had become increasingly disturbed by the evils the lexicographically least with five terms of the Nazi regime but he continued with his he other problem is explicit work in Germany until in 1943 he was reported for listening to the BBC and arrested construction of the Hilbert Class Field of the by theGestapo He survived Dachau and other algebraic number field Q v - 95 This was camps escaping finally as Germany was done by closely approximating a root of the socollapsing He was certified as a victim of called Watson polynomial by means of complex fascism by the Allied military authorities and Fourier series then finding the Watson polynomial of degree 8 by using integer lattice soon went to the United States where during 1946-50 he was a research professor at Cornell basis reduction All eight roots of this working on radioastronomy He then returned polynomial were then found to extremely high to Germany and Siemens accuracy and the roots of the class equation computed from them The class equation itself This book in its variety -- history science was then computed as a product of linear studies in intelligence people and places -- is factors and the resulting coefficients rounded hard to categorize but it is easy to recommend to the nearest integer A positive check was for both enlightenment and entertainment successfully made by factoring both the constant term and the discriminant of the class End Note equation and finding that the prime factors satisfied a famous theorem of Gross and Zagier Most Secret War By R V Jones Hamish This particular class of equation had already Hamilton London 1978 Published in the been computed so we recomputed it with United States as The Wizard War Coward Mathematica as a test and found that it could McCall Geoghegan Inc 1978 do this computation very easily I CRYPTOLOG page 31 6ft 6 ICIAL tTSE 6NLY 1st Issue 1990 DOCID 4019716 seems unlikely in the few years since I finished graduate school a perjorative like bastardized could have gained currency in the rather small group of scholars who concern themselves with the history of Afrikaans P L 8 6- 3 6 I Former member Afrikaans PQE Committee To the Editor I have just seen a bulletin from the National Cryptologic School which is inviting applications for a two-year program designed to train highly motivated Agency personnel to become the skilled technical leaders for tomorrow's Agency workforce As a CY-I00 graduate I feel honorbound to warn potential applicants that this is an empty promise When we entered CY-I00 in 1968 we were told the same thing about our one-year program we To the Editor Further to the exchange betwee concerning the use Lof the term bastardized to describe the development of Afrikaans I would agree wit Icomments on the development of Afrikaans and with his point that the term basta tdized is derogatory and linguistically meaningless I feel I can lay claim to some expertise in this matter as my MA thesis dealt with the various theories about the origin and development of Afrikaans I rgues in her response Ithat bastardization is frequently used in a technical sense to describe the development of Afrikaans We are assured that the term is not perjorative I cannot recall however any serious linguistic work I encountered during two years of research into the question that referred to bastardization in connection with Afrikaans The term used by most scholars to describe the development of Afrikaans is creolization although there is some question as to whether or not Afrikaans is a true creole It tal were to become the technical leaders of tomorrow When my class compared notes at our twenty-year anniversary luncheon we found that no one considered CY-I00 to have enhanced his or her career if we are the technical leaders ofNSA today why isn't anyone following us The bulletin would have you believe that NSA has a need for multi-disciplined analysts I agree that we do have such a need but try to find a job announcement that says that I believed the propaganda 1 took CY-IOO and went to a great deal of effort to diversify I am certified as a professional in five technical fields 1 know of no one in NSA who has any interest in my diversification IfNSA management actually believes there is a need for diversification they should identify some jobs that demand multi-disciplined analysts such analysts are readily available and they should enhance the careers of multi-skilled people to demonstrate that such broadening is actuall valued If NSA management does not believe there is a need for diversification they should stop telling lies to naive young employees 1st Issue 1990 CRYPTOLOG page 32 P L 86-36 FQR QFFICII b IJSI J Qll'lbY P L 86-36 I DOCID 4019716 P L 86-36 SECHFiT To the Editor U I read with some misgiVirigsj'- l praise ofW Group Cogitations of a Contumacious Cabalist CRYPTOLOG 3rd Issue 1989 andfeel that a molifying response may be in order obvious pride in belonging to the I lau W Organization however I found her point to be somewhat obscured and diffused by it If she is dismayed by what she perceives is a lack of appreciation ofW Group by the rest ofDDO then she may be assured that this is by no means the case On the other hand if she is trumpeting the unique qualities ofW Group and its personnel it may be best to remember that we are all team players whose efforts should be put in the larger context of contributing to national intelligence objectives DDO would be truly hampered but certainly would not crumble like a house of cards without WGroup I P L 86-36 problems Op ELINT is a very important part of their lives We in B51 have a deep and unabashed respect for Op ELINT My first introduction to the practical applications of this discipline was in April 1972 and it left a lasting impression on me That Op ELINT could geolocate corroborate and and identify individual Vietnamese surface-to-air missile sites with the result affecting the life expectancy ofD S air crews is a lesson I hope never to forget POUO To close I would like to reemphasize that the operational side of ELINT is well appreciated in at least this comer of DDO in fact through out the organization if the attendance of last year's Op ELINT seminar is any indication that we recognize the fact that analysis of guidance triplets and jitter modes is best left to those who know them best and possibly perpetuating bservation that ELINTers are misunderstood and that in the analytic arena we It may also have served her purposes better if should op¢rate in concert not opposition although ontinued her familial symbolism by I am the nrst to admit that it very often doesn't describing ELINT's split personality - op and that way seem tech Most line analysts should have a passing familiarity with tech ELINT but if they are involved in military the current and antici pated P L 86-36 de-emphasizing notwithstanding civil air telecommunications and tech transfer or many other I I 1 IRylF 1 '0 It '0 '6 liS A ILA S S II IF II IE II IP III lEI 1 11' A 1 11 '0 N It may not lie rea in the cafeteria or ill other illsecure areas 1st Issue 1990 CRYPTOLOG page 33 SElOIll H