US military technician Brian Regan was sentenced to life in prison, after he had tried to sell secret information to foreign governments. He used a few interesting ciphers.

Brian Regan (not to be confused with the comedian of the same name), a former master sergeant in the United States Air Force, tried to deliver secret information to foreign governments in exchange for money. Before he had any success, he  was arrested and convicted to life in prison. He has been imprisoned for over 16 years now.

Brian-Regan

 

Secrets for money

Regan’s dramatic story is told in a great book titled The Spy Who Couldn’t Spell written by Yudhijit Bhattacharjee, whom I met last year at the NSA Symposium on Cryptologic History. It’s an exciting book – a must-read for everybody interested in espionage.

Spy-Who-Couldnt-Spell

The subtitle A Dyslexic Traitor, an Unbreakable Code, and the FBI’s Hunt for America’s Stolen Secrets indicates that encryption plays a role in this book. In fact, Regan, who had been trained in cryptography, used several encryption methods to conceal information like banking codes, hiding place locations, and addresses.

The following picture was made by an FBI surveillance camera. It shows Brian Regan stealing secrets at his working place.

Brian-Regan-Surveillance

Regan stole 20,000 pages of highly classified documents, and a variety of videotapes and computer compact disks. He buried all these items underground in Maryland and Virginia’s state parks. His plan was to reveal the hiding places to foreign governments in exchange for money.

More information about Brian Regan is available on the FBI website. Here’s a German article I wrote about his story.

 

Regan’s ciphers

The codebreaking unit of the FBI (the so-called CRRU) with its master codebreaker Dan Olson was able to break most of Regan’s ciphertexts. I had the pleasure to share a session with Olson at the NSA Symposium on Cryptologic History 2015. The following picture of me (with FBI historian John Fox, Dan Olson and David Oranchak) was taken during my presentation:

NSA-Symposium

The following encrypted note shown in Yudhijit’s book is especially interesting (Regan carried it with him, when he was arrested at the airport before boarding a plain to Zurich, Switzerland):

Brian-Regan-Cryptogram-Caesar

The first line is easy to decipher (except for the first two letters). It’s a simple Caesar cipher with key 1:

Ciphertext:  ??-56NVOAIPG CBIOIPG-TUS
Plaintext:   xx-45MUNZHOF BAHNHOF-STR

Here’s the second line

Ciphertext: VCT-AV-533341011943418
Plaintext:  UBS-ZU-422230900832307

These two lines refer to the Union Bank of Switzerland (UBS), which is located in a building named Münzhof in the Bahnhofstrasse 45 in Zurich. I don’t know what the numbers 4222… stand for. Here’s the next line (encrypted the same way):

Ciphertext: SS-CVOEFTQMBUA3CFSO
Plaintext:  RR-BUNDESPLATZ2BERN

Bundesplatz 2 in Bern, Switzerland, is the address of another major Swiss bank, Credit Suisse. I don’t know, what RR means. The meaning of the last line is unknown to me, too. Can a reader find it out?

The unsolved code mentioned in the subtitle of The Spy Who Couldn’t Spell looks like this:

Brian-Regan-Cryptogram-Bookcode-2

Brian Olson suspected that these numbers reffered to words in a book (this method is known as book cipher). In fact, after his conviction, Regan revealed that Olson was right and that the book he had used was his junior highschool yearbook. However, neither he himself nor Olson could decipher this message. This was a serious problem, as this note described the locations of the places where Regan had dug the secret material. In the end, breaking the cipher proved unnecessary – Regan could remember all the hiding places without reading his encrypted note. The FBI even took him – hand-cuffed and strictly guarded – to a forrest where a part of the material was hidden. As planned, Regan directed the FBI agents to his stashes.

On their way back, the FBI men and Regan stopped at a McDonald’s restaurant. For Regan it might have been the last visit at a McDonald’s in his life.


Further reading: How a crypto mystery from the Cold War was solved – or was it?

Linkedin: https://www.linkedin.com/groups/13501820
Facebook: https://www.facebook.com/groups/763282653806483/

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (7)

  1. #1 Klaus Schmeh
    18. Januar 2018

    Bart Wenmeckers via Facebook:
    Kind of silly he never could find his “code” book.

  2. #2 Peter
    18. Januar 2018

    Die Ziffern in den jeweils zweiten Zeilen sind wahrscheinlich die Nummern der Konti bei der jeweiligen Bank. Damals gab es noch keine “IBAN” und jede Bank verwendete ein eigenes Schema für Kontonummern und Prüfziffern.

    Die drei ersten Ziffern beim UBS-Konto gaben damals die “Agentur” an, also diejenige Bankfiliale, die das Konto führte und bei der Geschäfte (z.B. Bargeldbezug) problemlos und rasch möglich waren. Es genügte ein Ausweis, der mit den Personendaten im betreffenden Konto übereinstimmte.. Für Konti, die anonym geführt wurden (sogenannte Nummernknonti) genügte die Kontonummer und ein Passwort.

  3. #3 Thomas
    18. Januar 2018

    Further information on the solution of the three-digits-code is provided by Bhattacharjee: https://www.wired.com/2010/01/ff_hideandseek/
    Without his dyslexia Regan probably wouldn’t have been convicted by the FBI. Thus efforts to fight dyslexia (https://www.whitehouse.gov/briefings-statements/statement-president-donald-j-trump-national-dyslexia-awareness-month/) should be thought over in regard to National Security.

  4. #4 Klaus Schmeh
    18. Januar 2018

    David Heath via Facebook:
    The repeating 032 032, 042 042 and 151 151 makes me suspect it may not have even been from a code book… unless maybe those referenced numbers, how many times do you see repeated words in text?

  5. #5 Klaus Schmeh
    18. Januar 2018

    Bart Wenmeckers via Facebook:
    >The repeating 032 032, 042 042 and 151 151
    >makes me suspect it may not have even been
    >from a code book
    Well spotted! That does bring doubt over the use of a code book

  6. #6 Thomas
    19. Januar 2018

    See the link #3:
    Only the numbers followed by an “a” (which are not in the image above) are part of a code based on his junior highschool yearbook. The three-digit numbers represent the coordinates (only the digits after the decimal point) of trees in a park in Maryland and distances in feet.

  7. #7 John
    21. Januar 2018

    Could the 15 digit numbers just be account numbers?