Comments

yet another BruceMay 30, 2018 7:46 AM

The article refers to "false addition" in the use of one time pads. Anyone know what this is?

TatütataMay 30, 2018 8:21 AM

As a kid back in the 70's I used to listen to a lot of shortwave radio.

A numbers station came on frequently booming on the 49m band. I must have jotted down several pages of numbers groups in the vain hope of making sense of them. The signal was solid with no fading whatsoever. I always assumed that it was radiated from the state broadcaster's HF facility across town, which has long since been dismantled. Might be worthwhile to FOIA, but the request would have to be rather indirect.

It's something of a pity that shortwave broadcasting mostly went out of fashion. It died perhaps with the last illusions of western and eastern moral superiority... With the present availability of dirt cheap signal processing power, and standards such as DRM (Digital Radio Mondiale), the possibility of a channel mostly impervious to state censorship would surely make the cold war propagandists of yesteryear drool.

Can there really be that many deep implanted agents ready to accomplish their dastardly deeds at any moment on instructions radioed by foreign spy master?

Just owning a good shortwave receiver in 2018 might be considered suspicious in Beijing or Teheran.

If one wanted to implement from scratch the equivalent of a numbers station today, what would one use? Satellite radio and TV? But connecting a computer to such receivers might be too conspicuous.

Steganography in a video stream? But youtube/dailymotion/etc. can be censored wholesale. I believe I heard of low power radios used along the iron curtain, but never saw details about them.

SpookyMay 30, 2018 8:25 AM

@ yet another Bruce,

It is a sketchy reference to modular arithmetic; I've never before heard it referred to as 'false' addition/subtraction. In the article, they are probably imagining that the letters of the alphabet can be numbered 1-26 and then modularly incremented against the random numbers of a one-time pad (each number in the pad is a random value from 1-26). For instance, if you have the letter 'Y' or 25 and your one-time pad value is '3' you would move forward three positions in a circular fashion to arrive at the letter 'B' and so forth. The person decoding the message has the same pad, so when they encounter 'B' at that position they will know to roll back three positions to 'Y', etc.

Normally, when you are processing digital data against the modern equivalent of a 'one-time pad' (e.g. a randomized stream), the 1's and 0's of your data are XOR'd (Exclusive OR'd) against the random 1's and 0's of your pad to produce the ciphertext. The person receiving your enciphered message then XOR's the ciphertext against the same binary digits of their copy of the 'one-time pad' to recover the original plaintext. You'll see the term and concept referred to in these forums as a OTP, as it gets used quite a lot... :-)

Cheers,
Spooky

David RudlingMay 30, 2018 9:02 AM

Numbers stations are inextricably linked to short wave radio. In the days when short wave radio was widespread for public broadcasting, possession of such a set was innocent enough. As has been pointed out possession of a short wave radio these days is sufficient in itself to be suspicious. The universal communications medium today is the internet. My own view of image steganography is that it is too easy to detect and fatally suspicious because it is not widely used by a mainstream app. Hiding in plain view has to be the preferred means of hidden delivery. One time pad numbers embedded within e.g. a spreadsheet of otherwise innocent data should be easy in a world of international e-commerce. Others on this forum can doubtless offer much better suggestions. That encrypted data needs to be effectively invisible should be a fundamental tenet of overcoming universal surveillance, not just for the former users of numbers stations.

Brad JonesMay 30, 2018 9:41 AM

I'd think the easiest way to disguise a transmission to an agent these days would be to encode it in email spam. Everybody gets it, and nobody pays close attention to what's in it. Even if an agency knows what the source is, there's no good way to figure out who the intended recipient is.

CallMeLateForSupperMay 30, 2018 10:13 AM

"Too often, [numbers stations] are described as 'spooky,' 'creepy,' or 'mysterious,' and the discussion stops there."

I became enamored with DXing(1) shortwave on a wobbly Telefunken when I was six years old. The weaker the signal - and the stronger the QRM(2) - the better. If I was lucky, eventually "the skip" would pull the weak station "out of the weeds", rewarding my slow knob-twiddling with stunningly clear music or voice ... for 5-10 seconds. Then it would descend into the noise again. And again rise above it. It was magic! Also "like a box of chocolates": you never knew what you would get or how long it would last.

One kind of broadcast intrigued me above all others. It was continuous and sounded like a bunch of propeller-driven bombers. Just droned and droned. Sometimes I listened for a while, imagining a wave of B-25s(3) inbound to Nazi industry, but most often I scanned on in search of voice or music. Some years later I thought to ask my father, a ham radio operator, what the mysterious bombers were. "Teletype." What a downer.


(1) Distance listening. Endeavoring to "pull in" the most distant signals.
(2) Noise!
(3) Dad had been a B-25 bombardier, so naturally this youngster held that the B-25 alone won the war. Yeah, dad's unit was in the Pacific and in the southern hemisphere, but that was a mere technicality. :-)

wumpusMay 30, 2018 10:18 AM

Missing in the article is that using a one time pad has plenty of problems, and using a numbers station causes even more.

First, the only benefit is the ability to give up to date orders to your spies/intelligence officers. They need the incriminating codebooks first. Second, you tied down the spy to a radio in ways that are familiar to any counter intelligence agent. In today's world of communication that often waits for you, this becomes more and more odd.

On the other hand, turning *off* a numbers station certainly tells the opposing side plenty, so they are unlikely to *ever* be turned off (I'm sure some went off during post-velvet revolution turbulence, but that was a one time thing). You could easily have "ghost transmitters" maintained by techs who have no idea that no codebooks had existed for the station for decades, but the facade needs to be maintained.

I'd expect that the above turned out to be an advantage more than once, when cryptographers learned that it is fairly easy to remotely spy on a PC decoding spam into intelligence orders, but it is much harder to bug a shortwave receiver. If the numbers station never turned off, it is harder to tell when you go back to using it.

That said, I'd also be more than a little concerned about TEMPEST attacks with short wave. Superhet receivers are right-out, they are a giveaway you are listening to short wave. I'd also be worried about amplifying any signal, and using "off the shelf" shortwave units. I'd expect counter intelligence to overlay number station signals with sideband frequencies that might be detectable once amplified, then listen for such amplified signals.

Of course this might be a complete non-option for the FBI (regardless of how good their "Q" department is in designing TEMPEST attacks). I strongly suspect that you really can't take ham radios from NSA employees without an outright revolt. By the time the hams all retire, number stations may be a thing of the past.

AJWMMay 30, 2018 10:26 AM

I keep getting this one signal with just the number sequence 4, 8, 15, 16, 23, 42 repeated over and over. Whatever the significance is, if any, is lost on me.

vas pupMay 30, 2018 10:34 AM

Q: I got station could be triangulated, but how you can caught somebody (as article stated) when they are in process of receiving transmission?
Tempest?

David RudlingMay 30, 2018 11:43 AM

@Brad Jones
SPAM email. Yes, I like it. The same broadcasting-to-all basis as a numbers station with really only one intended recipient. It has the same limitation as a numbers station of course where a completely separate method is required for any reply to an ostensibly completely different recipient but perhaps enough to defeat metadata analysis of a "conversation".

Who?May 30, 2018 12:01 PM

Good strategy. Two obvious advantages of numbers stations: (1) without the OTP the message should be indecipherable, and (2) listeners are difficult to geolocate.

Who?May 30, 2018 12:08 PM

From the article:

In his book Shadows of the State, Bush warned that if we don’t monitor the work of the intelligence and military —those of our own countries, as well as those of foreign nations — we risk allowing these institutions to overtake our governments.

Same is true for big corporations and lobbies.

joeMay 30, 2018 12:27 PM

There is a movie about Numbers Stations appropriately named, "The Numbers Station". Though not near a satisfying film, it was definitely a worthwhile view.
https://www.imdb.com/title/tt1659338/

Though I have a 40 year old portable shortwave radio, these days I am more likely to watch Youtube videos of peculiar signals (not often, once every 7+ years). Youtube offers a cornucopia of peculiar, unexplained, and exotic signals; along with theories of their origin.

TatütataMay 30, 2018 12:37 PM

Spam is usually served from a large number of different IP adresses, which are extremely often recorded on black lists, e.g., SpamHaus.

A credible spam simulation would require a lot of effort. And then there is the possibility that some server actually marks the "spam" as spam. And why did you have to save or even print out that curious message peddling transylvanian potions for manhood extension anyway?

Back to the drawing board...

A "smart phone" is far less conspicuous these days as an HF receiver. Communication between an agent and his handlers could happen through a simulated base station in the neighborhood.

Another approach: transceiver designs are supposed to become increasingly frequency agile and software defined, in order to handle white space transmission among other things, so you might be able to make use of that. How about meteor burst or sporadic E-layer transmission? A TLA might find the justification to maintain a megawatt-class VHF transmitter to send short messages on schedules to agents on the "other" side.

echoMay 30, 2018 12:49 PM

All these facts are very interesting. The problem is they don't half evaporate the mystery.

MikeAMay 30, 2018 1:13 PM

@CallMeLateForSUpper

I also heard those "bomber squadron warming up" stations, albeit in the 1960s, so I know exactly whereof you speak. Also, my dad was a navigator on B24 and B25, so yes, that might have influenced how I heard them. (Yes, in the Pacific :-)

The short answer "Teletype(tm)" is not quite complete. They don't actually sound like "normal" radio teletype (RTTY). What I later learned was that they consisted of multiple distinct channels of frequency-shift keyed RTTY, with different sets of Mark and Space tones. These were presumably separated by filters on the receiving end, so sort of FSK over FDM. Or the funny uncle of Telebit's PEP modems, although without the whole "combining all the resulting low-bitrate channels into one stream" bit.

Not the weirdest thing the Military did with Teletype signals. There was a twin-headed TD (Transmitting distributor, tape-reader feeding a parallel->serial convertor), which sent two independent streams in the same bandwidth as one, by using half a bit-time for each. They were received by printers (or reperforators) that had their "Range Selectors" (phase-shift of sampling clock) set differently. Could only be used with very clean transmission channels, of course.

@wumpus: The "incriminating codebooks" are discussed the the (very good, IMHO) book "Between Silk and Cyanide"

AdrianMay 30, 2018 1:14 PM

I always assumed that the numbers stations were transmitting one-time pads, and that the encoded messages themselves were received via other methods. To decode, you'd have to have the message and know which broadcast (frequency and time) was the appropriate pad.

echoMay 30, 2018 1:22 PM

@MikeA

I was going to say I will wear the silk and you can take the cyanide after I take the paper bag off my head and it wasn't about this at all.

The failure to comprehend duress codes is facepalm of horrifying proportions. I know the movies are all wonderful but the gruesome fate of many compromised agents during the war doesn't bear thinking about. It's also interesting reading how fiction (and with others none fiction and biographical stories) have inspired people to become involved with cryptology.

Jesse ThompsonMay 30, 2018 1:46 PM

@Brad Jones @Tatütata

I agree with Tat that keeping your spam from simply being filtered before it gets to the real recipient would be a challenge.

I completely disagree about "A credible spam simulation would require a lot of effort", however. Numbers stations don't do a lot to hide the transmitting source (nor can they since triangulation has been a thing for as long as radio receivers have been ;P), so ignoring the "you'll get filtered" problem they can send virtually anything they'd like in the message, they don't have to "look like" spam they only have to broadcast their messages far and wide.

That also means that they are not limited by Spam's requirement to hook an unknown viewer, they can use far harder to detect methods to hook pre-arranged viewers instead. They are also not limited by spam's 5XX problem, they are actually free to receive bounce messages and unsubscribe requests and honor those because they have the budget for it, and because they don't profit from volume of email output the way that ordinary spammers do, and because they care little enough about transmitter being identified that they can maintain a complaint-receiving presence which few ordinary spammers can get away with without being caught and punished.

The only real challenge I see is avoiding being blacklisted. And maybe the recipient getting the email in a way that's not suspicious.. POP downloading all messages and then processing at secure user endpoint would be ideal, but oppressive regimes may just ban POP and require IMAP or other MUA protocols that telegraph to server which specific messages are meriting user attention.

----

So here's my counter-offer:

Numbers stations through web advertisements! :D

Zephyr4May 30, 2018 2:07 PM

Of course, today’s covert channel is message exchange via blog commenting.

MikeAMay 30, 2018 2:07 PM

Apologies for following up to myself, but I realized that the FDM explanation was "hearsay" (although from an ex-navy radio operator), while it may have just been a matter of one of those half-bit-time (hence, ~91bps rather than 45.45) baseband transmissions modulating a "normal" (but presumably wide-shift) FSK signal. It's not like I remember the exact spectrum of those bomber engines, especially 50+ years later.

RealFakeNewsMay 30, 2018 2:18 PM

SW radio is still very much alive, and I doubt it will disappear for as long as we have electricity (thinking about the transmitters rather than the receivers). It is also very useful, not only for numbers stations, but propaganda, and other radio broadcasts. When the internet has been shutdown by war, radio will still be broadcasting.

Even if the main transmitting sites go down suddenly, or are taken off the air, smaller ground stations would still be useful for communication in times of conflict. The only thing to be careful of in such situations is triangulation by the enemy.

There are groups out there that deal with triangulation of the more unusual SW broadcasts, and they have been very accurate at determining the location of some transmitters at long range. Some of the sites they have trouble locating are perhaps mobile, as they can never get a good fix.

Numbers stations are spooky, not because they exist, but by the very deliberate way the transmissions are produced (The Conet Project has some great examples). When you consider these stations are used by spies, it makes it very creepy indeed.

BillWMay 30, 2018 7:15 PM

British counter-intell had good success detecting SW receivers during the Cold War by direction-finding the receiver's IF oscillator signal, which typically leaks out of the radio chassis and could be picked up with sensitive equipment with directional antennae. Supposedly the DF'ers would tune in to a suspected station being transmitted and then listen for nearby IF signals with the same modulation, indicating the receiver was tuned to the same station.

PatriotMay 31, 2018 1:47 AM

If you like to spin and grin, it is easy to catch this traffic, especially around 6.000 MhZ to 8.000 MhZ at night. You can also sometimes hear it being denied (jammed), which is interesting. If you like, you can attempt your own cryptanalysis on it. At home, on my amateur radio, I used to try and determine (prove) the ethnicity of the speaker given the accent, which sometimes seems to work, but not always.

There is a lot more to amateur collection than meets the eye. Signals do strange things, and you can sometimes grab something you did not expect to ever encounter. It is a really interesting hobby to get into. I remember setting up an HF fax system for myself around 2004 and later one for collecting SSTV--when the latter caught a black-and-white photo I almost fell out of my chair. Some people actually use this stuff. So you might be surprised what you run into. Make sure to find out the laws that govern your locality before you start putting your know-how to work.

HF works and it's cheap. If the world sees another global conflict and (1) the internet shuts down (2) satellites get shot down--both of which are expected to happen in such a scenario--you will be very glad for having that HF radio because that is exactly where many communications will go back to.

PatriotMay 31, 2018 4:42 AM

False addition can also be used in the secret transmission of
0 1 2 3 4 5 6 7 8 9 0
ciphertext in written messages, white noise, photos, etc.
1 2 3 4 5 6 7 8

As you can see, the sentence above could resolve to "8". The stream
(ie. 836502256597106284973119) would then be matched against a table of letters/commands. That alphabetic ciphertext would then have a OTP applied to it. This sort of STASI-esque system often uses a code book. One imagines that this is very seldom used today.

Mr. Schneier has gone into detail (somewhat vehemently) about the weaknesses of the OTP in practical application, and he is absolutely right about that, of course. He even went so far as to call it a meme.

Opinions may differ. The NSA has a name for the day when the Russians started using one-time pads across most of their military and diplomatic channels--October 29, 1948: "Black Friday" (See the sanitized version of The National Cryptologic School's "On Watch", 9-86).

echoMay 31, 2018 8:03 AM

This is far too nerdy and going over my head.

I find it interesting why every disaster is named like BLACK FRIDAY or like the UK ERM debacle BLACK TUESDAY. It's like a marketing hook everyone can rally around and tub thump over. I find this kind of thing just feeds the gung ho attitude usually because somebody wants a promotion or more money. It's like "OMG we're going dark" survellience rhetoric.

It's interesting to note the signals intelligience (and meta data aspects even if they are minimal) of numbers stations. Most of the substantial discuss seems to float around who got busted and the state of internal national politics than anything. I'm really interested in what lies behind these stories which seem drowned out by technical discussion.

Clive RobinsonMay 31, 2018 9:31 AM

@ vas pup,

Q: I got station could be triangulated, but how you can caught somebody (as article stated) when they are in process of receiving transmission? Tempest?

The simple answer is all receivers are transmitters as well.

In the main a receiver uses a mixing process that acts in the same way as the mathmatical Discrete Fourier Transform. The normal way --still-- is to have a local oscilator (LO) that the radio user tunes to a specific frequency (RF) shown on the dial or digital display with an addition or subtraction of a fixed amount that is the "Intermediate frequency" (IF).

The result is that the users desired station (RF) gets mixed with the local oscillator frequency (LO) and two other frequemcies are generated the desired IF (often RF-LO in consumer single or double IF radios, but LO-RF can be found in "communications reciveres as the first IF).

The dirty secret of most radios is that they are not well screened thus not just the LO and it's harmonics escape the receiver but often the first IF as well.

This used to be quite an issue with valve/tube equipment and even into the 1980's you could tune an FM radio into the third harmonic of the first IF frequency and hear the sound track of the channel they were watching (it's how I used to still keep up with Thunderbirds when I was a youngster, which as my parents did not "approve" I was only occasionaly alowed to watch).

This listining in process was used by the Nazi German Military Radio Service to track down SOE and other radio operators, some of whom met very very grissely ends.

It was also used by MI5 "counter-counter surveillance" in the 1950's to track down Russian "counter surveillance" operatives. What the Russian's were doing was tracking MI5 surveillance operatives mobile radio signals by standard DF on transmissions. Thus the Russian's knew if one of their "resident" agent handlers was being followed or not. If they were a series of "cut out signals" would be made to warn the resident they were being tailed, and to not carry out any compromising activities. What Peter Wright and Tony Sale did was to put listining stations in close to where the Russian DF operatives were assumed to be working and listen for the CW LO signal and the detectable first IF signal. Simply hearing the first IF signal (which was fixed frequency) would tell the MI5 CCS operatives that the Russian CS operatives had turned their receiver on. A scan for the LO would tell the MIF CCS operators what frequency the Russian CS operatives were listening to. Which enabled MI5 not to "bust the Russian's" but to play them at their own game.

Those old enough in the UK to remember Post Office Detector vans (comma vans) with the odd shapped conical antennas on the roof. These used the same principles, however this information was kept "classified" for years and to some extent still is...

In the US for a very long time it was almost impossible to get certain types of screening materials for similar reasons. In the case of some materials used in the construction of SCIFs this still applies.

Clive RobinsonMay 31, 2018 10:05 AM

@ All,

Not all numbers stations were run by "secret government agencies", there were others "faking it" for other reasons in the 6MHz band for instance.

I guess a few readers here know about "Pirate Radio" but only think of the old AM and later FM broadcast bands. Well it also happened in the HF or Short Wave Broadcast bands, 6Mhz being one band of choice.

The fact is the HF broadcast spectrum used to be badly over used, so if you found a clear channel the best thing to do was "occupy it" pronto before somebody else did. The issue for most pirates was not putting out a signal but actually generating program content at times other than the weekends.

Therefor some of us turned our transmitters into faux number stations sending out random morse code to do "station keeping" on the frequency.

With regards the supposed waning popularity of the HF/SW bands, there is a problem with the ionosphere currently and we have absolutly no idea how long it is going to last for.

The ionosphere is in the upper layers of the earths atmosphere where preasure is as low as it is in the likes of fluorescent tube lights. The result is it is vere eaay for the gasses up their to become ionised. The ionised gas being able to conduct acts as a conductor the stronger the ionisation the higher the frequencies it will reflect. The level of ionisation is based on "space weather" and the solar winds/streams, much of which is related to solar activity we see with sun spots

If you transmit a pulse of radio frequency directly upwards, you can find the "critical frequency" at which a signal stops being reflected at 90degrees. From this the "Maximum usable frequency"(MUF) can be calculated for any long distance (DX) paths via "skip",

Therefor if the critical frequency drops as it has done to recorded history lows, the MUF also dropps, this in effect not just limits usage down to the 80meter band it also reduces range over which signals can be discerned. Thus makes all upper band activities appear to be dead... Worse the size of the antenna required to efficiently work the low HF bands means most have to use highly inefficient antennas, which also make the low HF SW and high MF bands appear dead as well...

albertMay 31, 2018 12:10 PM

@Clive,

I recall the 455kHz IF circuits back in the day. As I recall, the the concept was to get the carrier to that frequency, so you could have a cascade of highly efficient tuned circuits of one freq only, as opposed to dealing with each carrier freq individually. It's very clever.

That was then. Now I'm wondering what the situation is today, with SDR being so popular. What are the specs for SDR radiation? Obviously, they need to meet FCC/EU/etc. specs for -interference-, but those levels must be orders of magnitude higher than those needed for surveillance.

. .. . .. --- ....

Clive RobinsonMay 31, 2018 9:40 PM

@ echo,

I'm really interested in what lies behind these stories which seem drowned out by technical discussion.

The reason the "technical discussion" is to the fore, is that it is the only part that can be rationaly tested and reasoned about.

For instance if you know where to look it up you will find that the BBC Over Seas servics as was, was a British Government front. Most of the technicians that operated the overseas transmitters and some home ones knew that in reality they worked for the "Diplomatoc Wirless Service" or DWS that was funded by the UK Foreign and Commonwealth Office or F&CO that also payed for a couple of British Army "Special Communications" regiments and squadrons that aligned with the DWS. The thing is that the DWS actually started life via Brigadier Sir Richard Gambier-Parry, who worked for SIS (later MI6) during WWII.

You will have to look up the various definitions of "propaganda" that range from black to white, that went on during WWII which included "aspiditra" and ex Daily Mirror journalist Sefton Delmer and his mad but wildly successfull plans. But the asspects that remained of radio propaganda after the war became part of the F&CO's thus DWS/BBC bailiwick and thus included the use of "BBC" transmitters all over the world carrying "Diplomatic traffic" which in turn carried MI6 traffic and similar which included One Time Tape "super enciphered" Typex encrypted traffic. The OTT was in practice an automated One Time Pad system primarily used for Radio teletype and telex traffic, but also could be "read over the air" by other methods. Primarily DWS traffic eneded up on Piccolo orthagonal multi-tone signaling modems that were still usable at signal to noise levels better than the best humans could receive morse code.

Those military units that were aligned with the DWS prior to it being fully absorbed by MIC at Hanslope Park led interesting lives as they were responsible for not just "stay behind" traffic but also putting in place radio circuits for use by special forces of the "Saturday And Sunday" club variety. Thus it was the "awkward squads" of these SC regiments and Squadrons that actually "went first" into hot spots not the Special Forces. As such there is quite a few stories that should be told, but probably won't, some very funny, some sad, some salutary with a few more "lone poppies" appearing each year with dark blue (Sigs) maroon (Para) or sand (SAS) berets atop.

RealFakeNewsJune 1, 2018 12:01 AM

@echo:

The BBC World Service is to this day funded by the Foreign Office, and not via the BBC license fee as the rest of the domestic BBC output is.

BBC in name only, it is intended to spread propaganda of the British Government, much as the "Voice Of..." radio broadcasters do, and other high-profile foreign radio stations (Radio Romania International, Turkie Radio International, and Chinese Radio, among others).

There are other radio stations that appear occasionally, with such names as "European Voices" etc.. which may or may not have a schedule, and just "appear".

There are other less well-known stations out there, too, that carry some interesting "listener messages". They are interesting to listen to, especially as they sometimes don't make sense and appear to be a coded message.

I keep meaning to research WW2 broadcasts from the BBC - the news bulletins often carried coded messages for the Resistance, as well as other messages for SOE, etc...

RealFakeNewsJune 1, 2018 12:04 AM

The music play lists themselves were a form of code, too. Very elaborate.

echoJune 1, 2018 2:47 AM

@Clive

Well, um, I understand what you mean about measurability. The problems with this kind of discussion is that the spectrum of reasoning tends to be squeezed out and things like intution and the form of narrative tend not to have say when they have validity. By validity I mean the whole discussion being within sound boundaries to avoid the book-end extremes of dogma and the purely personal subjective.

Sometimes the story and intution come first and the measuring comes last although it can appear the measuring comes first. Then it becomes all about measuring and the hows and whys become lost.

Clive RobinsonJune 1, 2018 3:56 AM

@ echo,

By validity I mean the whole discussion being within sound boundaries to avoid the book-end extremes of dogma and the purely personal subjective.

But in turn how do you put boundaries around something that is not measurable, it would as some one I know likes saying "Be like trying to catch mist in a butterfly net". And some will take exception to something said which happens so often we have two trite saws, of "One mans meat, is..." and "Never talk about Religion or Politics with a drunken ...man".

Apparently the jury is still out on the origin of the idea of "conspiracy theories". We have good reason to believe that black-grey propaganda from the CIA gave us "the term of art" but not "the method of art". Is it realy just a version of "Chinese whispers" "in an echo chamber" in effect a process of turning gossip to tribe knowledge, that happens in all societies much more than a family in size?

The simple facts are we know number stations exist, we also know that secret broadcasts are made by governments to entities outside of more normal communication methods. But what we do not have much if any evidence for, is to say that number stations are secret broadcasts, we just link the two facts in our minds with an assumption, that may or may not be valid in some but not all cases.

As I indicated above some numbers stations are compleat fakes set up in atleast one case to hold a frequency.

As I also noted there are various types of propaganda carried out with numbers station. For instance North Korea had some numbers stations during the cold war era, but slowly the numbers decreased. Then back in 2016 they started up numbers stations as part of regular programing.

Now you have to decide on the reason why?

Well you could argue that they had increased the number of active entities in South Korea or China or even Russia, many people would quite easily believe that for many reaaons.

But... you could also argue it was "black propagander" designed to sow FUD in various nations citizens, including those of the US and similar even though the signals could not be recieved there. Again many people would quite easily believe that as an explanation.

Likewise it could be both or neither of those explanations. Such arguments are not even hypothesies as without measurment or solid HumInt you have no way to test. Oh and is "solid HumInt" real or a false flag operation designed as part of a greater deception?

Have a look at how the alies not only fooled the Germans about the actual invasion points untill 48hours or more after the beach heads were established but also convinced them there was a second much larger army in SE England waiting to invade.

The methods involved violating the corpse of Glyndwr Michael a very sad and lonely individual (The Man Who Never Was / Operation Mincemeat) through driving vehicals around SE England with different military markings etc driving vehicles around in fields to leave tyre tracks etc, inflatable tanks and aircraft, fake radio traffic actually based on real radio traffic from an earlier military opperation to give traffic that would be expected by even the harshest of cryprographic and traffic analysis attacks. Even taking measures to avoid the radio mistakes German General Watchel made when moving the secret V weapon development northwards.

It's the fun of Intelligence Analysis of trying to spot the real, the fake, the fake fake and even deeper levels of deception.

Who?June 1, 2018 4:03 AM

@ Clive

I really appreciate the information you gave us about triangulation of radio receivers. A very clever trick. Until now I supposed that only radio transmitters were spottable. I thought receivers were just passive devices that were not leaking identifiable energy.

echoJune 1, 2018 5:25 AM

@Clive

Yes, this is what the puzzle is. We can all go via different routes to the same end. Ish. Sort of. I think what I'm trying to say is the analytical and linear routeisn't necessarily the best and only route and thatthe schem being used can tend to generate its own results. Sometimes you have to start from the endpoint and work backwards or circle around which can itself feed into the dialogue on analytical methods and the data you are looking for.

There's also a suspicion that a lot of authoritative sounding statements and data can hide nobody actually having the first feintest clue.

Sometiems you need to pout and flash an ankle to get something of people. Drama. Stuff like this. Nobodyis going to ruin their career over a set of numbers. Occasionally if you act dense enough and loud enough for long enough one easy mark has to step up and correct you. Gotcha!

echoJune 1, 2018 5:27 AM

@Who?

Yes that receiver thing got me the first time I read about it. That was a wow moment.

JG4June 1, 2018 8:57 AM


@Who and echo

I think that local oscillator leakage can be defeated, not that it would be easy to get it right. You can be sure that someone smarter than I am, who not entirely coincidentally has a lot more money and resources at their disposal, is sitting with a coven of sniveling bureaucrats inside that shiny new Federal Office complex down the street, poring over volumes of forgotten laws, looking for some metal-legal reason to vaporize your privacy in a government blast furnace. And did twenty years ago what I suggested last year.

https://www.schneier.com/blog/archives/2017/09/friday_squid_bl_594.html#c6761822
...
@Nick P - I see some hope that a suitable RF-front end could be built from simple components and isolated from the environment. from the small business point of view, you'd like to be able to group that into a series of minimum viable products, so that revenue and survival didn't hinge on providing a complete solution. the maker movement is creating a novel marketing opportunity where small numbers of customers can be reached very directly, e.g., the regulars here. I stopped short of saying that unmixed RF up to 40 GHz bandwidth can be taken off an antenna, amplified linearly and fed into a single-mode VCSEL to produce an optical signal in a single-mode fiber. that can be the feedthrough to a very tight Faraday enclosure with >120 dB of isolation for whatever stages follow. the resulting laser signal could be directly detected and passed into an ADC, or converted back to RF and mixed, with essentially no leakage of local oscillator signal.
...

Clive RobinsonJune 1, 2018 9:26 AM

@ so much for good reasons,

That was a nice read, and debunks the CIA named the method of art as well as demonstrating the method art was around long before they were.

So "one less claim to fame" for the CIA.

To be honest reading the first half of Peter Wright's book "Spy Catcher", indictes very strongly that the CIA were far from technically competent. More interestingly when you collect "agent radios" / "spy sets" you discover that for more than two decades after WWII the UK was still running a "cottage industry" production line for their agents. Whilst the CIA almost always "outsourced" the manufacture of their agents radio systems from day zero, if not before.

Whilst you can not take a hypothesis forward on only two data points, it can be indicative for further investigative routes to take.

Clive RobinsonJune 1, 2018 9:37 AM

@ JG4,

I see some hope that a suitable RF-front end could be built from simple components and isolated from the environment.

You might want to have a think about MIMO techniques not at the start of the "far field" --two wave lengths and above out-- but very much in the near field.

Whilst EZNEC is not so good at modeling this, other NEC4 antenna analysis programes are better.

The simple fact is you can use quadrature oscilators that are suitably phase offest such that the actuall frequency used as the LO is only present in the close in near field.

I've not tried making one, however other "off the wall" ideas I've had and built NEC models for have worked in practice when built as prototypes.

The idea is not original to me but a poster @RobertT who has not been around for some time.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.