A Case of Mistaken Identity
Jun 23, 2022
I am amazed at the ability of social media to connect people from around the world. Even more incredible is how quickly information can be shared through social media platforms like Twitter. Recently, I was surprised to learn that Datakey products were claimed to have been connected to some Russian communications equipment that was recovered in war-torn Ukraine. This led me to investigate to see why these claims were being made. Here are the findings of my investigation.
Earlier this year, photos of some Russian communications equipment surfaced on Twitter, showing images of an online/offline text encryption device called the M-427, allegedly captured by Ukrainian forces.
The excellent online resource, Netherlands-based Crypto Museum, moved quickly to put the information onto their website. They noted that the M-427 uses a Crypto Ignition Key (CIK). They identified the particular CIK used with the M-427 was the same CIK that is used with another piece of Russian crypto gear, the E-20 phone. That CIK is called the K1634DK4. Surprisingly to me, the site also claimed that the K1634DK4 CIK was “made by the American manufacturer Data Key (sic).”
After digging around the Crypto Museum website and uncovering some other Twitter posts talking about the recovered crypto gear, I learned why the curators of the Crypto Museum came to the conclusion they did.
First, the Russian supplier of security products, Bureau of Scientific and Technical Information (BNTI) calls out the K1634DK4 as a Data Key on their website (with letters “D” and “K” capitalized, though two separate words). Additionally, the words “Data Key” are the only words using Latin characters. So, the similarity between “Data Key” and Datakey are certainly noteworthy.
Secondly, the BTNI site included an image of K1634DK4 “Data Key” (see image above). While the image is small and lacking in detail, it does bear some resemblance to the old Datakey parallel keys, including the KSD-64A that was made by Datakey, Inc. and was used with the STU-III secure telephone that was used by the US government. See this blog post for more information.
Based on these two factors, it is not surprising that the Crypto Museum staff deduced that the K1634DK4 must have been produced by Datakey. Of course, the truth is that the K1634DK4 key was not manufactured by Datakey, and I reached out to Crypto Museum staff to clear the matter up. They responded to my email right away and immediately updated their website, making it clear that Datakey in United States had not manufactured the Russian K1634DK4 Data Key. See updated post below:
If cryptographic devices are of interest to you, I would invite you to check out the Crypto Museum website (www.cryptomuseum.com) or follow them on Twitter (@cryptomuseum). Or, if you are designing a device, crypto or otherwise, that requires a robust secure credential, be sure to check out our Datakey (one word) products.