Technique of Cipher Examination
In time of active operations it is important that captured or intercepted cipher messages reach the examining office with the least possible delay. The text of messages, captured at a distance from the examining office, should be sent to the office by telegraph or telephone, the original messages being forwarded to the office as soon thereafter as possible.
The preamble, “place from,” date, address and signature, give most important clues as to the language of the cipher, the cipher method probably used, and even the subject matter of the message. If the whole of a telegraphic or radio message is in cipher, it is highly probable that the preamble, “place from,” etc., are in an operators’ cipher and are distinct from the body of the message. As these operators’ ciphers are necessarily simple, an attempt should always be made to discover, by methods of analysis to be set forth later, the exact extent of the operator’s cipher and then to decipher the parts of the messages enciphered with it.
In military messages, we almost invariably find the language of the text to be that of the nation to which the military force belongs. The language of the text of the message of secret agents is, however, another matter and, in dealing with such messages, we should use all available evidence, both external and internal, before deciding finally on the language used. Whenever a frequency table can be prepared, such a table will give the best evidence for this purpose.
All work in enciphering and deciphering messages and in copying ciphers should be done with capital letters. There is much less chance of error when working with capitals and, with little practice, it is just about as fast. An additional safeguard is to use black ink or pencil for the plain text and colored ink or pencil for the cipher. A separate color may be used for the key when necessary.
The following blank form is suggested as convenient for keeping a record of a cipher under examination. It should accompany the cipher through the examining process and should be filled in as the facts are determined. This record, the original cipher and all notes of work done during the examination, should be filed together when the examination is completed, whether the cipher has been solved or not. It may be that other ciphers solved later will give clues to the solution of such unsolved ciphers.
The first column of this blank should be filled out from data furnished by the officer obtaining the cipher from the enemy. A general order, emphasizing the importance of promptly forwarding captured or intercepted ciphers to an examining office, could specify that a brief report embodying this data should be forwarded with each cipher.
The second column of the blank should be filled out progressively as the work proceeds. The office number should be a serial one, the first cipher examined being No. 1. The date and hour of receipt at examining office will be a check as to the time required to transmit it from place of capture. The spaces “From,” “At,” “To,” “At,” “Date,” are for the information concerning sender and addressee of the cipher and are to be obtained from the message. In case an operators’ cipher has been used, these parts of the message will have to be deciphered before the blanks can be filled in.
| Intelligence Section, General Staff | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 1st FieldArmy | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Record ofCipher Examination | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
How being transmitted when obtained. (Underscore meansused and enter data on sending and receiving stations).
How obtained. (Underscore means used). Captured beforedelivery to addressee. Captured after delivery to addressee.Intercepted, not received by addressee. Copied, but received byaddressee. Remarks: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The probable language of the text is assumed from the preceding data and, if necessary, from internal evidence. Thus a cipher from a Mexican source and not containing K or W is probably in Spanish.