Looking back at a hacking success that might have been a little tainted

With all the current interest in hacks and penetrations of private communications (e.g. emails), it might be of interest to look back on a overlooked vignette of a major piece of cryptographic history.

It is well known that America broke (hacked, in the modern parlance) the Japanese diplomatic code (the "Purple Code") prior to Pearl Harbor and, as a result, was able to intercept and decipher messages. 

Popular history maintains that the US went to great lengths to protect the secret and successfully concealed this penetration from the Japanese so well that they never detected it. The 1970 movie, “Tora Tora Tora,” dramatically portrayed the elaborate security measures employed to protect this secret (even to the point of removing President Roosevelt from the list of those cleared to see the intercepts when a message is found carelessly discarded in the White House).

In truth, the US was not at all successful in protecting this particular secret – as the “Purple/Magic” messages themselves attest.

In the collection of the "Magic" decrypts of the message traffic, there is evidence that the Japanese were aware at least seven months prior to Pearl Harbor (through their Nazi allies - no less) that the US had indeed penetrated Tokyo’s secure diplomatic communications.

There is a thread of messages at the start of May 1941 with the item below:

FROM: Tokyo (Japanese Foreign Minister)

TO: Washington (Koshi)

5 May 1941

According to a fairly reliable source of information it appears almost certain that the United States government is reading your code messages.

Please let me know whether you have any suspicion of the above.

The above message was received and translated by the US government on 5 May 1941.

Other messages (transmitted both prior to and after the message above) indicate that the original tip-off to Tokyo came from Berlin (the "fairly reliable source of information"). Apparently, the Germans informed the Japanese embassy in Berlin that their intelligence services had determined that the US had broken the Japanese codes. 

In truth, the US was not only intercepting direct message traffic between Washington and Tokyo but also between Tokyo and its diplomatic missions all over the world as well as the communications among those missions.

Had the US been keeping up with the traffic, Washington could have known days before the 5 May 1941 message from Tokyo to its Washington embassy. There was an intercept of an earlier message to Tokyo originating from the Japanese ambassador in Berlin that carried the first indication of a leak:

FROM: Berlin (Oshima)

TO: Tokyo (Matsuoka)

3 May1941

#482.

STAAMAA called on me this day (evening?) and stating that this request was to be kept strictly secret, he said that Germany maintains a fairly reliable intelligence organization abroad (or-"in the U.S."?), and according to information obtained from the above-mentioned organization it is quite (or-"fairly"?) reliably established that the U.S. government is reading Ambassador Nomura's code messages, and then asked that drastic steps should be taken regarding this matter.

There are at least two circumstances substantiating the above (suspicion). One circumstance is that Germany is reading our code messages. Regarding this, during my previous residency here, they were known to have a large scale cryptanalytic organization (unfinished-last two-thirds not available)

This message, which was transmitted from Berlin to Tokyo on 3 May, was not translated by the Americans until a month later, on 5 June 1941 - well after the subsequent message from the Tokyo Foreign Ministry to their Washington embassy.

“Oshima” was General Oshima Hiroshi, Japan’s ambassador in Berlin (and a confidant of sorts of Adolf Hitler) and “Matsuoka” was Foreign Minister Matsuoka Yōsuke in Tokyo. STAAMAA is most likely be an identifier for a specific source used as a security measure and to compartmentalize highly sensitive information. Given the sensitivity of this information, it is likely that STAAMAA was a highly placed source within Germany’s foreign ministry or intelligence apparatus. (Use of such identifiers was common practice. For instance, “ALES” was the code name for US State Department official and Soviet spy, Alger Hiss, which was used in encrypted Soviet Military Intelligence (GRU) messages).

This information, which revealed a valuable German intelligence capability, could probably not have been shared with the Japanese without the express permission of Adolf Hitler, himself. 

It is likely that Hitler, German Foreign Minister von Ribbentrop and Admiral Wilhelm Canaris, head of German Military Intelligence – the Abwehr (or possibly even Canaris’ counterpart and rival at the SS intelligence service, the Sicherheitsdienst – SS-Obergruppenf?hrer Reinhard Heydrich) were all party to permitting the revelation. 

The Germans would have been loath to share their capabilities with foreign (even friendly) powers for fear the recipient would “spill the beans.” In transmitting the warning from Berlin to Tokyo and then from Tokyo to Washington using a compromised code, the Japanese did just that.

There is also related message traffic indicating that Ambassador Nomura Kichisaburo, Japan's senior envoy in Washington, took his own local steps and was able to successfully confirm the fact that the US was reading his messages.

These revelations should have really set off alarm bells at the US State, War and Navy Departments as well as inside the White House itself.

So, as of May 1941, it was the classic - (1) we were reading their messages, (2) they knew we were reading their messages and (3) we knew, they knew, we were reading their messages.

It seems that Tokyo (in a na?ve COMSEC blunder?) possibly assumed that the US access was limited only to traffic between Washington and Tokyo? But still, they alerted Nomura using the same code which they should have assumed had been compromised – or did they want the US to know...