BSidesCharm 2023 - Shakespeare, Bacon, and the NSA - Brendan O’Leary

foreign [Music] so I I told Dr Green after his keynote this morning this actually is gonna his talk was not gonna be the only crypto means cryptology talk so Buckle in because we're doing we're going way back to when when Taylor Swift wasn't born for 75 years so I'm going a little further back than than Dr Green went and and the reality is uh that this story the story is really a love story and it's a love story that kind of begins and ends with a pretty powerful concept a concept that what really makes a person powerful isn't anything in the traditional senses of power but not in you know strength or Force but that knowledge uh knowledge itself is power and that's actually a quote from uh Francis Bacon who was an English philosopher uh and Statesman who lived in the 17th century uh the time of Shakespeare the time of the colonization of North America and when the foundations of a lot of really modern science uh was being laid and yes Francis Bacon is the uh bacon in the title of this presentation so I'm sorry to disappoint any bacon lovers that were expecting something a little different but uh hopefully it's okay and while Bacon's quote is kind of the beginning of our story it also ends with that same quote on a tombstone of a man named William Freeman and then again our story isn't really about William but about his better half in many ways Elizabeth Smith Friedman and Elizabeth is the one who decided to place knowledge's power on the tombstone that was her husband's Tombstone and would be hers too the end of her life later and she also put in that quote a secret code uh code that reminded her of how they met how they ended up spending their lives together lives that saw the foundation of a different modern science cryptology spoiler alert and the one that you and I rely on every day right that one that's Central to everything we do and how we secure ourselves like Dr Green talked about this morning how do we secure ourselves our knowledge really from those who would seek to gain its power so before I introduce myself I'd like to introduce Elizabeth Smith it is Elizabeth spelled with two e's and no a uh she was the youngest of nine Smith children and the theory goes that her mother kind of wanted to give her something when your last name Smith you don't really have anything so she got an illusion unusual spelling of Elizabeth to help set her apart she was born in a small town in Indiana uh raised on a Farm by her Quaker Dairy farming father and mother and his her father could actually Trace his lineage all the way back to an English Quaker who sailed to America in 1682 on the same boat as William Penn of state north of us Fame and from a young age she knew she wanted to do something different than the ordinary she didn't want the pre-prescribed life for herself she wanted to break with tradition break the mold kind of plot her own course a letter early to defy her father's wishes and attend college and even after that the prescribed path for her at that point would have been well teaching at the high school level and you know living at home that didn't work out of her out for her so she left and headed to Chicago hoping to find their job there doing something interesting something unusual and boy did she ever and so I'm really excited to talk to you today about that story my name is Brendan and yeah it's also spelled in an interesting way and this is actually the first b-sides that I've ever attended so back in December I was given the opportunity to join a company called project Discovery where the makers of open source security tools like nuclei and SubFinder and httpx and many others and I was really excited to join this community I spent most of my career up until now in developer tooling most recently I was at a company called gitlab for five years and that led me to see the power that open source can bring to bear on problems that real practitioners face not just the ones that look good in a demo or sell really well from one person in a suit to another person in a suit so I hope that you'll indulge me a little bit here with Elizabeth's story I promise if you stick around I'll apply it back to our day-to-day lives and working to secure ourselves and our organizations I just also think there's something special to be learned from the history of what Elizabeth did what part she actually didn't get credit to credit for until very recently and even how she came to do in the first place so how she came to do it in the first place is Elizabeth was always interested in history and language and she learned that in Chicago at an obscure Library a private Library called the Newberry Library there was a rare and unique piece of History called the first folium so you see in Shakespeare's time the spoken word was valued much higher than the written word and so while he was alive actually none of his plays were recorded and printed in any meaningful way and it wasn't until seven years after his death that a group of admirers gathered 36 of his Works into a published book and the act of publishing that first folio was in and of itself a radical act right to suggest that some mere mortal man like Shakespeare deserved the same treatment and preservation that was at that time really only preserved for the Bible so not many copies of this first folio existed and in the early 1900s uh the Newberry Library had one of the few copies available in America and Elizabeth's curiosity and desire for something new drove her to go see it and that would start this chain of events that led to the foundation of a science when Elizabeth got to the library she started talking to a librarian about you know the folio and what Elizabeth wanted to do next in her life and the librarian remembered this eccentric millionaire who was looking for someone just like Elizabeth and within the next hour George Fabian showed up in the limousine absconded with Elizabeth took her to a train station led her all the way to his estate in Geneva Illinois which was called Riverbank and at Riverbank Fabian uh here had assembled uh scientists and inquisitive Minds from all over the country and he was footing the bill as they experimented with a wide-ranging set of activities from uh botany to genetics to Acoustics and most critically to Elizabeth one of fabian's most prized projects was involved the first folio and a theory about the true author of Shakespeare's masterpieces you see a riverbank there was this other woman Mrs Elizabeth Wells Gallup with the traditional Za Elizabeth rather than Elizabeth R Elizabeth Ze she ran a school called the riverbank Cipher School and a cipher of course is a secret or disguised way of writing you know some sort of code and Mrs Gallup had been working for years on a secret code that she believed was embedded in the first folio a secret code that if proven correct would have changed our understanding of not only English literature but of the history of the United Kingdom itself as well so here we're going to take a little detour there's lots of detours on this road today sorry to talk about the cipher method that Mrs Gallup was pressure was was pursuing and looking for in the first folio so in his time Francis Bacon had actually revealed that he invented a new type of Cipher a method to Signal what he called Omnia per Omnia anything by anything so the Insight led him to the discovery that you know you could have this ability to represent all the letters of the alphabet using only two letters if you combine them in permutations of five letter blocks and at the time his time uh I and J and and unw were interchangeable so um the bacon alphabet looked something like this and I was going to make two slides but that was hard but yes this also then is the part of the theory that led Claude Shannon much later to come to refine our modern view of information theory that binary code zeros and ones could be used to represent all of the world's data and in fact interestingly enough 1916 was the year that Shannon was born that's also the year that Elizabeth showed up at Riverbank so history kind of has a lot of those fun little little uh notes but that's another digression so Mrs Gallup believed that uh and had written actually an entire book that in the first folio the printers had intentionally used an A and B form of letters through you know differences in how they printed the letters to embed this bacon Cipher into the document itself and she had produced many pages translating this by literal ciphertext into real text and what she found really Disturbed her and actually made headlines in the day um see she found uh that Francis Bacon himself was actually the author of all of The Works attributed to Shakespeare and other authors and that he was actually the illegitimate son of Queen Elizabeth and thus the rightful heir to the throne of England and Mrs Gallup had been doing this work for 20 years by this point and there were a lot of people that believed this Theory throughout history so Mark Twain Nathaniel Hawthorne they believe that this was possible but proof had always been Elusive and Mrs Gallup thought she had that proof a scientific method of determining this a versus B form of the letters and it was a and that she had done it in a reproducible way but what she needed was someone to reproduce it which is where Elizabeth came in so Mrs Gallup would set her to work trying to reproduce those results with kind of this vague and honestly hard to understand description of what the biformed alphabet was like there's this slight difference in the stem of an H or the tilt of the oval of a g is more or less in this form and so Elizabeth at the time in her diary likened it to trying to sort blueberries by color or beach pebbles by smoothness uh and she needed Mrs gallup's help to even get the first 24 word translation done but from there she was sent out to go on her own and try to reproduce all these results and for weeks she continued in this work right she tried her best to interpret Miss gallup's uh notes and what she had created and while this was tedious work she was enjoying the cool Illinois summer and got to meet all these nice cool people doing the stuff at Ware Riverbank and met a man named William Friedman who was an aspiring geneticist who was Raising fruit flies to try and understand the role of genes in various traits and again this is 40 years before the discovery of the double helix of DNA so you know relatively new and groundbreaking science so Elizabeth and William had this kind of instant friendship one that they cultivated on weekends and in between their work they understood one another they trusted another in one another's intellect in a way that was different than other folks that they were friends with at Riverbank and most of the folks at Riverbank were content to kind of you know be paid to do interesting work and not ask too many questions uh William was aware of this first folio Cipher project as well because he was the resident photographer and so he was the one that had to make the enlargements of the folio that Mrs Gallup was making uh and he was also fascinated with ciphers he put hidden messages in sketches that he made um that would then look like any other Botanical illustration but would have like hidden words like bacon and Shakespeare in them and as summer turned to autumn and winter Elizabeth knew that William and her were growing a lot closer but she was unsure of what to call it but this growing closeness led her to build up the courage to share something that she had been thinking about for months something that had been kind of eating away to her and something that was very sacrilegious to even think at Riverbank much less share out loud and that's the reality that there are no hidden messages in Shakespeare Elizabeth was revealed to find that William shared the same doubt you know they were they talked together but what if everyone involved in the bacon idea was was you know delusional except for them what would that mean for their work and their lives together but before they had time to figure that out a much more pressing matter came to change the course of their lives so at 11 A.M on February 27 1917 the Secretary of State at the time Robert Lanson carried a copy of an intercepted telegram that had made its way up the chain to in Washington after arriving from London to show it to president would President Woodrow Wilson uh Wilson's only response was good Lord so this telegram had been sent from Germany to Mexico a month before and was encoded in numeric blocks kind of like this you can see it here and when it was translated it took about a month for the British code breaking team to translate it they found a conspiracy against the United States of America whoops went too far so sent by the German ambassadors or sorry the German Empire's foreign secretary Arthur Zimmerman to the German ambassador in Mexico the telegram would later be known colloquially as the Zimmerman Telegram and it proposed that if the United States entered the War uh World War One on the side of the Allies that Mexico should join the Central Powers and be Germany's Ally in return Germany would help Mexico with financial support in order to regain the territories that it had lost to the United States so that included Texas New Mexico and Arizona previously the United States had been neutral in the conflict but the proposal of this alliance between Germany and Mexico which introduced the possibility of an attack directly on the United States outraged the American public and led to a big shift in public opinion towards entering the war on the side of the allies and President Wilson used this telegram the Zimmerman Telegram as justification for asking Congress to declare war on Germany in April 1917. and the revelation of the Zimmerman Telegram had a lasting impact on international relations it demonstrated the importance of cryptology and code breaking and warfare and George Fabian at the time in Riverbank Labs had the only code breaking school and team William and the soon to be Mrs Friedman Elizabeth Smith and this is the moment that Elizabeth hadn't known but had been waiting for the moment that defines the rest of her life the fact that she was able to trust herself at 23 years old to trust her instincts about this code doesn't launch a thousand ships but does eventually save thousands of lives on ships it leads to the birth not only of the Freeman's eventual children but the birth of a new science science that we take for granted today you know cryptology touches every aspect of our lives and most humans interact with it unknowingly but at the start of the first World War uh for the United States Elizabeth and William were maybe were two of maybe a handful literally a handful of people who understood enough about cryptology to even start looking at encrypted messages and Fabian is quick to volunteer river river bank in Elizabeth and William to the war effort in previous conflicts code Breakers hadn't mattered that much right because before the days of radio transmission and Telegraph Etc if you wanted to intercept a military message you had to you know capture the messenger on Horseback right or maybe exploit the postal system in a you know simple way but this Great War was different than previous ones because radio allowed Wireless Communications over great distances and then it also enabled anyone with a radio and a receiver to pick up those messages that you were sending so this meant that powers on both sides of the war were also fighting to find the best ciphers and methods to encrypt what they were sending and that's where Elizabeth and William came in they were placed in charge of the riverbank division of ciphers and they would together not only become the main source of decrypting enemy messages for the United States but also create some of the seminal works that serve as the foundation for this type of work which they actually coined the term cryptanalyst to describe it in decoding coded messages the riverbank Publications most of which they worked on together even though only a few mentioned Elizabeth as a co-author codified a lot of the knowledge that they gained through their hard study about the frequencies of letters and letter groupings in languages the index of coincidence and various methods to get around ciphers of the time that were you know all documented in these Publications and these methods are the very foundations of cryptology right take for example one of the simplest ciphers a mono alphabetic substitution Cipher or mask right so this is one where you change one letter for another so in this example for the English alphabet you change a to X B to y c to Z Etc it's one of the most basic ciphers you can think of it's mono alphabetic because the alphabet stays the same for the entire message and these type of software ciphers can be found you know even dating back to the time of Caesar there's even a specific type of monoalphabetic Cipher a name for Caesar but even the simplest method of ciphers there are 403 septillion possible alphabets that you can create with this type of Cipher that's on the order of 10 to the 24th power or roughly on par with the number of stars in the known universe roughly rough enough so a number this large means that a thousand computers testing a million alphabets a second would take more than a billion years to try and solve for every possible alphabet yet this is also the kind of Cipher that you'd find on like the back of a Cracker Jack box or a puzzle in the newspaper so so given the right conditions even an inexperienced person can solve this kind of Cipher so how is that even possible what's possible because we can start to identify the patterns right this is the incidence of code breaking and it's something that humans have evolved to be very very good at doing right taking what appears to be chaotic input and finding patterns in the chaos this is the most important skill of a code breaker at least definitely the most important skill at the time of Elizabeth and William it's not pure math skills it's you know Elizabeth was a poet William was a was a botanist by training but their ability to pay attention to look for and see patterns in what appears to be a chaotic patternless environment and I'm going to return to that idea of patterns but I'm going to keep talking through Elizabeth and William's wartime efforts for for a few minutes more so their efforts in World War One were actually very well documented especially with the publication of that foundational research we were talking about in fact for the first eight months of the war Riverbank did 100 all of the code breaking for every part of the United States government the state department the war department the Navy the Department of Justice and not only that they would go on to then be the main training ground when those various departments decided they wanted to kind of expand their own in-house code breaking capabilities you know code breaking and code making were invading every part of their lives together so even here this is a picture of them at one of those training classes they actually embedded a secret code in this picture in the style of you guessed it Francis Bacon and a b Cypher where the folks with their heads turned at an angle right it looks kind of weird got some folks with their heads turned away are the B form and then this isn't the whole photograph the photographs wider but the entire photograph spells out knowledge is power famous break and phrase so then after the war as the government continued to see you know what code breaking meant in a modern world Elizabeth and William would actually leave Riverbank and find new careers in this field she would go work for the Coast Guard which at the time was part of the Department of the treasury and in 1927 when the government came knocking and