Bruce also does a newsletter on crypto and security more generally. The current issue of the Crypto-Gram has an intriguing item on the mystery of Chalabi and the Iraninan codes. Recall that the US is suppposed to have learned somehow that Chalabi told the Iranians we'd broken their code, possibly because the Iranians themselves mentioned this (disinfo??) in a communication they may have known the US could read:
So now the NSA's secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret, and the snitch is certainly guilty of treason. Maybe Chalabi never knew, and never told the Iranians. Maybe the Iranians figured it out some other way, and they are pretending that Chalabi told them in order to protect some other intelligence source of theirs.
If the Iranians knew that the U.S. knew, why didn't they pretend not to know and feed the U.S. false information? Or maybe they've been doing that for years, and the U.S. finally figured out that the Iranians knew. Maybe the U.S. knew that the Iranians knew, and are using the fact to discredit Chalabi.
The really weird twist to this story is that the U.S. has already been accused of doing that to Iran. In 1992, Iran arrested Hans Buehler, a Crypto AG employee, on suspicion that Crypto AG had installed back doors in the encryption machines it sold to Iran — at the request of the NSA. He proclaimed his innocence through repeated interrogations, and was finally released nine months later in 1993 when Crypto AG paid a million dollars for his freedom — then promptly fired him and billed him for the release money. At this point Buehler started asking inconvenient questions about the relationship between Crypto AG and the NSA.
So maybe Chalabi's information is from 1992, and the Iranians changed their encryption machines a decade ago.
Or maybe the NSA never broke the Iranian intelligence code, and this is all one huge bluff.
In this shadowy world of cat-and-mouse, it's hard to be sure of anything.
Cryptographers are often great people. Counter-intelligence people tend to be professional paranoids, and some are quite mad, because even they can't be sure…