Read on Twitter
Forward secrecy and metadata privacy are two of my favorite crypto topics. A KGB training manual contains a good story of why:
1) The GRU detects a new CIA radio transmitter in Frankfurt
2) The KGB sees activity at CIA's Moscow station
It's all encrypted, so thats all they know.
1) The GRU detects a new CIA radio transmitter in Frankfurt
2) The KGB sees activity at CIA's Moscow station
It's all encrypted, so thats all they know.
From this metadata, the KGB infers the CIA will soon have an asset in Moscow. So:
3) The KGB monitors all international mail
4) They intercept a message from an "english tourist" with hidden writing on it. It's encrypted of course, but clearly a spy.
Now the game is a-foot.
3) The KGB monitors all international mail
4) They intercept a message from an "english tourist" with hidden writing on it. It's encrypted of course, but clearly a spy.
Now the game is a-foot.
What follows (and the KGB of course will over state all of this) a massive investigation where KGB compares the handwriting of the letter to
1) anyone who went abroad
2) anyone with a new car (because what else do you spend CIA money on in Moscow, vodka?)
1) anyone who went abroad
2) anyone with a new car (because what else do you spend CIA money on in Moscow, vodka?)
This investigation narrows in on Anatoly Filatov a GRU Colonel who they notice is always using his radio when then CIA transmits. So after months of preparation, including moving his friendly upstairs neighbors to a new apartment, the KGB searches his apartment ....
The KGB find his cryptographic keys and notes. They can decrypt all his radio instructions AND the letters he sent. (I'm assuming these were one time pads, which is what the Brits and the KGB used, but not sure). The KGB has his orders and some responses and can arrest him.
So because CIA coms didn't protect metadata, the KGB learned there was a CIA spy in Moscow, an investigation implicated GRU Col. Filatov. A search of his flat recovered his encryption keys and allowed decryption of all his messages. He was arrested. C/o https://www.numbers-stations.com/how-to-catch-a-spy-who-uses-numbers-stations-the-kgb-experience/
Note: one should take this story with some caveats. First, the the source is iffy and I don't read Russian . Second, it's entirely possible this story is a cover for: he got sold out by a Russian spy at the CIA or FBI. (as happened to the next few assets the CIA lost).
