Schneier on Security
A blog covering security and security technology.
« Is Software Security a Waste of Money? |
| "The Logic of Surveillance" »
March 11, 2013
Dead Drop from the 1870s
De Blowitz was staying at the Kaiserhof. Each day his confederate went there for lunch and dinner. The two never acknowledged one another, but they hung their hats on neighboring pegs. At the end of the meal the confederate departed with de Blowitz's hat, and de Blowitz innocently took the confederate's. The communications were hidden in the hat's lining.
Posted on March 11, 2013 at 12:58 PM
• 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Finally de Blowitz noticed that they wore hats of the same type and color
Note to self... We're not the only ones in 1870 who wear a black stove pipe hat.
Good thing the hat was too big for the other guy who mistakenly picked it up.
I note the feature of “childish simplicity.”
I was wondering why people keep stealing my hat....
The art of the deaddrop seems, to me, similar to languages. Its been argued that a language, taken out of context, appears to be nothing more than noise. The deaddrop is designed to behave in the same way.
They both, likely, paid with cash, thus requiring a tail for each individual to monitor. Today, both would pay electronically making it simple to see where their paths were common.
I don't see cash going away, at least not in Europe. All the electronic payment stuff is slow, non-transparent to the average user and tipping is a problem with electronic currency, as quite a bit of tip money goes past the tax authorities...
As to the hats, similar things are still being done today. The assumption is that it basically serves to fool untrained observers and avoid raising suspicion. Trained observers would notice it immediately, but they are expensive aned available only in limited numbers.
The confederate, of course, was one H. P. Flashman (see "Flashman and the Tiger").
Connect this to the post on ubiquitous surveillance. Suddenly you don't need trained observers there in the moment, you just need them at some point to review a day's worth of footage.
And in another generation of image-analysis tech, a program will be able to tell you that person A took an item put on the rack by person B.
Is this a true dead drop?
The two men saw and knew each other. So there is no break in the chain. Catch one and "convince" him to talk; then you can follow the chain.
@Andy: Not necessarily: As long as Blowitz comes early and leaves late, the messenger is not required to know who's hat he has been taken by confusion all those days.
I have often though that the hobby of Geocaching could be used as a cover for dead drops. Just agree which cache location to leave some particular item in, and what that item is. The cover is just that both people are Geocachers, but so are over two million other people. That's pretty good plausible deniability.
Geocaching plus steganography (or the equivalent, say a trinket or logbook with embedded bluetooth or rfid) would be pretty much perfect, especially if you had multiple agents.
If you were willing to live with the latency, you could probably implement TCP over geocache.
story (probably apocryphal) of a DOD courier who didn't want to keep the classified document he was carrying on his person (which he was required to do) when he went out for the evening. He supposedly pulled the mirror in his overnight room away from the wall... and another classified document, placed there by a previous courier, fell out. evidently the mirror storage system was routine, and the previous courier forgot his document when leaving. no doubt, a *lot* of explaining to do.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.