The so-called book cipher has always been in favor with authors of spy novels and detective stories, who usually try to mimic reality but are not ready to feed hardcore tech concepts to readers. It is quite easy to refer to the book code, as it’s the easiest encryption method comprehensible enough for the reader. As such, it does not seem to be a fictional ciphering system, like the one where you substitute letters with their corresponding sequential numbers.
Book ciphers are based on the predisposition that both correspondents have the same book. The ciphering mechanics are based on a simple principle of a letter being substituted by the number of a page/line/character in the line. More sophisticated methods are based on the use of the piece of text as a ‘gamma’, or a sequence of characters used to code the message.
Any book cipher allows procurement of an encrypted text not prone to being cracked. But, more importantly, it solves the issue of passing the key to the counterpart – the parties may agree on using a specific book beforehand.
One of the most renowned intelligence officers to use a book code was Richard Sorge, a legendary Soviet spy who operated in Japan. He is famous for two achievements: conveying the exact date of the German invasion of the Soviet Union and for letting the command know Japan had no plans of attacking USSR in the Far East.
During WW2 modern cryptography principles were often coupled with ‘amateur’ but equally reliable ciphering methods https://t.co/4282BWOXyx
— Kaspersky Lab (@kaspersky) May 6, 2015
Although the first message was ignored (we have to note here the German counterintelligence was carrying out a massive disinformation campaign by constantly relaying numerous messages about the German invasion with different dates and controversial details), the second message was, indeed, a useful insight. It was due solely to Sorge’s efforts that the Soviet command decided to concentrate the troops on the Western borders without considering a possibility of war in the Pacific.
Sorge used the German Statistics Almanac, which was an ideal match for his purpose: different numbers in the tables’ columns were united into the chains which, in turn, served the gamma to decipher messages. It was random enough for Sorge’s messages to evade the Japanese counterintelligence’s interception until they questioned Sorge’s radio operator, Max Clausen.
Richard Sorge and book #cipher – World War II information #security:Tweet
It was Sorge’s forced error, as he had to use only one person as a radio operator and a coder, due to massive volumes of data transmitted, and the difficulty of engaging more people into the intelligence operations in Japan.
The cryptography historians noted that the Soviet intelligence service succeeded in creation and use of the so-called ‘manual ciphers’ which did not require any machinery.
Similar ciphers were used by Soviet intelligence officers who operated in the “Red Capella” in Europe and by other agents, both during WWII and in the times following the end of the war. It’s curious that the code of the sophisticated Enigma machine was cracked by the Allies thanks to the analytics and another machine, whereas Sorge’s messages coded by pencil and paper were read thanks to fieldwork and human factor.
Five lessons from the story of the Enigma cryptographic: https://t.co/Xl6w43qpOS
— Kaspersky Lab (@kaspersky) May 7, 2015
Yet, this story proves the resilience of the code, as well as the readiness of the Allies and Japanese command to employ resources, in both intelligence and material effort, to achieve the goals they set.
An important lesson, and takeaway of this story, proves that the human factor cannot be underestimated in the infosec domain. We can say that the most productive cyber spying method used in APT campaigns nowadays is spear fishing, targeting certain employees of the attacked organization.