The iconic ENIGMA machine was widely used during World War 2 by the German military and thought to be uncrackable. But the incredible story of how the ENIGMA cipher code was hacked involved brute forcing, an insider threat, and human error, and even just plain luck.
The Insider Threat that Compromised the ENIGMA Machine
Brilliant cryptologist and mathematicians, Marian Adam Rejewski
, Henryk Zygalski, and Jerzy Rózycki, and their team at Poland’s Cipher Bureau were the first to crack the ENIGMA cipher. They had a little help from an “insider threat” that made the completion of the hacking possible. Remember how 2FA makes it so that you need two “factors” to gain access? Well, in the same way, the codebreakers at Cipher Bureau needed a few factors to reconstruct the military version of the ENIGMA machine.
One of those factors handily came from taking advantage of an opportunistic insider – a German spy named Hans-Thilo Schmidt. He sold the ENIGMA operating manual and settings to French Intelligence. This intel was passed on to the Polish Cipher Bureau. Using this knowledge, Rejewski and his team were able to finally begin reading a majority of German military messages. Another factor that was needed was the order of the keys. The Cipher Bureau only had a commercial version of the ENIGMA cipher machine for reference. The keys were set differently on the new military version. However, the brilliant and intuitive Rejewski made the stunningly guess that the Germans, obsessed with efficiency and order, would place the keys alphabetically. Rejewski’s guess turned out to be correct.
After Hitler invaded Poland, Cipher Bureau passed on their successful codebreaking work and cipher technology to Britain. This is where Alan Turing and 10,000 codebreakers at Bletchley Park (2/3 of which were female) picked up where Marian Rejewski and his team left off. Right before Poland was overrun by the German blitzkrieg, their cryptologists led the way to hacking the Nazis.
Brute-Forcing the ENIGMA Cipher with Automation
Codebreakers were racing to decrypt thousands of messages a day. It quickly became apparent that for such tasks to be ultimately successful, some form of automation would have to come into play.
At some point, the Rajewski knew how the ENIGMA machine worked and could reverse-engineer it. But that still doesn’t mean you could just read messages. The problem is that the ENIGMA had too many different key setting combinations. Also, the Germans changed the settings often so finally decrypted messages came too late to be of use.
Now comes the computing power needed to try to decrypt a message against as many combinations as possible – brute-forcing the issue. It’s like if the hacker knew how a password-username system worked, all they need to do is try as many password combinations as possible. Obviously, the Germans weren’t going to make it easy. So, Rajewski’s team built an electromechanical machine (basically a quantum computer for the times) to automate the combination-trying process. They said the machine could do the work of 100 people. This machine was called a “bomba”.
Human Error will Always Mess Things Up
Allied codebreakers were trying to crack the ENIGMA cipher, but they were missing a few pieces of the puzzle. One of the vital clues that led the Allies being able to finally decrypt ENIGMA code was human error German’s part. Every message ended with the phrase “Heil Hitler”, which gave the Allies a baseline to infer how the cipher worked.
Even before that, Rajewski was able to use German communications (human) error to determine how to break the ENIGMA cipher. People are indeed the weakest link.