Clive Robinson • October 7, 2018 8:06 PM

@ little lamb,

One lead bullet to the brain does cause intelligence to cease forever.

Only if you can get it there, which something tells me you are unlikely to be able to do.

In Vietnam the estimate was 10,000 rounds expended for each enemy combatant killed, that’s 118Kg, enough lead to encase a body many times over

At one time when I was still shooting I was 995 at 400yards on an 8 inch target. And back when I was wearing the green I was Signals (SC), so I had a certain degree of familiarity with the situation.

Something I actually don’t think you have ever had, because it’s only the Walter Mitty types that talk the way you do.

Clive Robinson • October 7, 2018 9:37 PM

@ Tom S,

The equipment appears to be consumer grade, several external antennas, various amplifiers, and a grab bag of phones. It doesn’t look any more sophisticated then a 1990’s war driver had.

You forgot the word “old” before “consumer”.

Whilst you get the feeling this is not the “A” team but backup to a team some what further down the alphabet, that may not be the case.

If you start with thinking about OpSec, I would expect “second hand” equipment purchased in some western country rather than factory fresh top of the line easily tracable back to point of purchase equipment. After all as long as it does the job it’s sufficient.

The problem is we don’t know what the “job” was, nor from what has been released publically do I think the authorities know either. The fact they had a Russian taxi recipt in a pocket suggests they were “fresh in”.

If I was doing “red team” activities I would want to have a number of cut out nodes between me and the target with “eyes on” atleast one of the nodes. I’ve mentioned how to do this sort of thing in the past using “unconventional” frequencies etc which makes the use of quite a bit of standard “blue team” equipment fail, thus only specialised frequently quite expensive equipment would be of use[1]. I might also make one of the nodes a “Tee” just to make the game more interesting.

I’ve some nice custom LPI DSSS comms extenders I designed and built a few years ago, which will throw a spanner in most DF kit even the high end Rhode and Schwarz DDF007. The problem is the break the first rule of OpSec of “Do not have anything non standard, otherwise deniability is lost”.

Looking at the photos, not only was the equipment a bit creaky age wise, the inverter made my eyebrow go up. I’ve no idea where they got that “boat anchor” from, I think they were smaller than that back in the 1980’s. To give you an idea on my bench I’ve a couple of 1KW switchers that are about 1x1x8 inches and there are others you can get these days that are upwards of 2KW in a similar volume.

I must admit though, that having “Diplomatic Cover” might well have made them not care very much about OpSec as the worst that can happen to them is that the get sent back home.

Which appears to jib with some of the kit they had. Which makes me wonder if they were doing a “setup job” for others to operate with. Possibly the others being what the US call “NOC” operatives.

[1] The much easier availability of 0-6GHz SDR equipment at moderate price is going to make a big difference in this area, but I’ve yet to see any “blue team” commercial equipment based on it yet.

Clive Robinson • October 8, 2018 11:36 AM

@ echo, Tom S.,

Oe thought which has crossed my mind among all this US-UK-Russian stuff grabbing the headlines is what is everyone else on the planet up to. We rarely read anything about this.

You are not alone in this thought.

If you look back I’ve made several comments about the US only ever having “one existential threat nation” at a time, and perm them out of China, Iran, North Korea, and Russia.

When you see this pattern, only an idiot would think there was not Orwellian Stage Managment going on via the US Gov and US MSM.

As @Tom S. has pointed out above and I have in the past there are a few places that you need to keep an eye on and they all involve the US throwing it’s weight around.

There is a theory which recent history backs up that every decade the US finds a reason to bomb another nation back to the stone ages in order to,

1, Keep the MIC “welfare momers fed”.
2, Keep other nations in line.

It was fairly clear that the current favourit for this treatment was Iran. The US basically set a bunch of what they thought would be impossible demands for Iran, to use refusal as a pretex for war in the ME in support of hoise of Saud and Israeli interests. Iran pulled their teath by saying yes to everything in an international conference. The US foiled in it’s plan threw the toys out the pram and went home to sulk big time. Anyone who had known what was going on just laughed at the US which included all the other nations around the conferance table. Thus thwarted at killing another thoudand or so US troops and uncountable thousands of civilians as the US had with Iraq, the US started in with threatening other nations with sanctions.

But if you only read and listen to US MSM you would not realise this, unless of course you remember what Pres Obama did over Istaeli pawns in both houses over the psychopath Netanyahu back in march 2015.

Clive Robinson • October 8, 2018 7:05 PM

@ echo,

Hereis one such example and another to add to your list of mysterious deaths.

Sadly Viktoria Marinova is the second woman journalist murdered in Europe and the third journalist this year so far.

I would tend to think that it was an execution with warning for others in it’s method of violation prior to a slow death by strangulation.

As the article notes,

an investigation into alleged fraud involving EU funds linked to big businessmen and politicians.

The EU has not produced a certified set of accounts for so long now it will probably never happen. Basically the EU is financially corrupt and it starts with the unelected council of ministers and spreads downwards through out many nations. Even many of the elected Members of the European Parliment and their parties have been found to be corrupt or upto significant financial irregularities.

Not least of which was the face of Brexit Nigel Farage and his UKIP that have been so blatent about it that the EU could not do as it usually does and turn a blind eye to find obscure excuses…

Going anywhere near trying to bring accountability of EU funds has killed quite a number of careers, had phoney arrest and search warrents police intimidation and other quite nasty forms of intimidation.

As for Bulgaria, there is an old joke,

In Bulgarian in a game of “odd man out” how do you know who it is? Easy he’s the one not in the mafia.

Even Top Gear made jokes about it when reviewing certain luxuray cars, about how easy it was or was not to get a body in the boot and do a “get away” car chase.

It’s a shame realy because it’s actually quite a nice place with breath taking mountains, beaches, and countryside scenery where nature can spring out on you literally in woodlands and forests[1]. Also with realy nice historic buildings a number of which have UNESCO World Heritage status, oh and for those not as creaky as me good nightlife at quite low cost.

[1] Yup it happened to me, I used to be able to walk with ghost like “hunters footsteps” and I was trying to get close enough to a deer with a fine spread of antlers I had spotted to get a good photo when I spooked a wild boar sow and her young pigglets/squeakers by nearly stepping on one. Trust me when I say you do not want to be so close you can smell them as the adults are fearsome beasts that weigh in at 80-100Kg and a 40Kph speed. Like their close relative the domestic pig they are omnivours and can be carnivorous and have few preditors and have little trouble moving 50Kg rocks when after choice morsels. Getting that close is the sort of thing that can make you rapidly levitate into arboreal behaviours at least as well as the most agile of primates…

Clive Robinson • October 8, 2018 8:10 PM

@ echo,

Breathtaking

Mr Alexander Nix, sounds like a good candidate to be a funder for the current encumbrants. To be perfect however he would have to add a couple of four letter words and an anti-feminist slur…

Why these people get caught out so often realy supprises me. You would have thought they would have learned the inadvisability of not just saying but writting such things by now… But obviously not.

Clive Robinson • October 9, 2018 5:35 AM

@ Apokrif,

This post makes the point that on average open-source crypto is not safer than closed-source crypto, based on the author’s experience. YMMV.”

What does not immediately spring out is that the “author’s experience” includes a significant proportion of “blockchain”…

Which as all the early or “trail breaking” work was OS and the “Johnny come latelies” are the CS that are following the now “well beaten path” might give an indication as to why the “author’s experience” is what it is.

That is “the leading edge is the bleeding edge” rule of thumb of R&D indicates that early implementations are full of untested often costly assumptions. Whilst those a step or two back have the advantage of having a large number of the original assumptions tested and thus do not make those mistakes thus save great cost.

We see similar with messaging apps, the Crypto has seen the benifit of having being tested. The insecurities are now those in the areas around the crypto not in it. Thus you have the likes of “endrun attacks” because the communications stack is to promiscuous, the OS to complex, often using insecure closed source drivers and the User Interface (UI) is not just to complex but has to many levels, resulting in “shims” being put in the driver level or UI negating any security the app offers.

Security is not just “weak links” it’s also about “bubbles under wallpaper” that is you push one insecurity down and it just comes up somewhere else, often in mote than one place.

To get real security you have to understand about segregation, seperation, and genuine “end points” caused by strictly controled non bypassable channels. None of which exists in consumer and commercial equipment and systems.

Only when people get to understand this will we start to see more secure products. But as there is apparently no profit in offering even a modicum of real increased security “don’t hold your breath” with Closed Source as the Sinclair maxim applies[1]. In Open Source the maxim is generally not an issue as “ego food” is generally the reward. However both CS and OS unfortunatly leave open other issues such as the Dunning-Kruger and other cognative effects.

One of the reasons I don’t write “general issue” software be it OS or CS any more is I realy do not trust what would suround it. Nor for that matter the highlevel languages, toolchains, and libraries currently in favour by many. I find there is a lot to be said for minimalist systems with at most a CLI over a strictly mandated communications channel. Fancy UI’s and such like I can (un)safely leave to others to do at the other end of the mandated communications channel.

[1] From Upton Sinclair’s famous quote of “It is difficult to get a man to understand something, when his salary depends upon his not understanding it!”

Clive Robinson • October 10, 2018 5:33 AM

@ echo,

Did anyone read that link I posted on encryption and quantum computing?

Yes a couple of times and I’m still thinking about “other possabilities” for it.

I suspect there are three or four horror stories waiting at the bottom of that particular valley, that we can only guess at from the spring that starts the head waters….

Clive Robinson • October 10, 2018 6:33 PM

@ echo,

Findings from the inquiry have been passed to the FBI for “appropriate action”, according to the inspector general’s office.

Much misdemeanor, but no guilty party as of yet…

Plus the FBI were just one of numerous US agencies to receive the images…

Thus plenty of oportunity to spend time to find nothing if actual findings start going in the “wrong direction”. There is experience tells us plenty of long grass around the hill for very good reason…

Based on past leaks in the US of British and other nations clasified intelligence, it is more likely than not, that the disclosure was political in nature. The question is which politician or hopeful is to blaim?

If the usual level of US investigation is carried out, I suspect that all that will happen is some low level person will be crucified, and if a high level person is to blaim, a quick tut tut and don’t do it again but no real punishment…

As in the UK one law for the elite and one for everyone else…

Clive Robinson • October 11, 2018 3:58 PM

@ Rach El,

How to Find a Hidden Camera in Your Air BnB Rental

The problem is all their advice is at best second or third hand, I realy don’t think they have tried any of it…

For instance,

Also, turn off all the lights in the space and the shine a flashlight around the area to search for a camera lens. The lens should reflect the light, which should make it easier to spot.

The principle they are trying to explain is “180degrees internal reflection” that you might more commonly know as “Red Eye” in photographs.

As any semi-pro or above photographer will tell you red eye is caused by having the flash unit to close to the line or boresight of the camera lens.

Which means in a small area like a room “shine a flashlight around the area” is probably not going to work. What you actually need to do is hold the flashlight up close to the side of your head as close to your eye –but pointing forward– as you can to minimise the angle as much as possible.

Also it won’t work with more savvy surveillance artists… Most modern chip based cameras are most sensitive in the “near IR” which the human eye is not. Many modern flash lights of the “clearwater” LED type don’t produce light in the near IR either. Thus putting a near IR filter across the front of the camera lens will stop the 180 degree internal reflection in the visable light spectrum. Many digital cameras have a near IR blocking filter as do quite a few of the slightly more expensive digital compacts etc.

However not all mobile phone cameras have a near IR blocking filter fitted. You can usually check this quite easily with an IR TV remote control. Simply turn out the lights in the room with the mobile in camera mode with the TV remote pointed at the lens. If your arms are not long enough get a friend to press a button on the remote control, if you see sparkly bright spots on the mobiles screen where the tip of the TV remote control is your mobile does not have a near IR blocking filter.

Your next problem is finding a near IR source of light well the easiest for most is to use a TV remote control, also most “filiment bulb” flash lights (ie not LED) emit lots of near IR, but sadly they are becoming quite scarce these days. For those with a little ingenuity getting a near IR LED out of a “DigiKey” or similar electronics catalogue and putting it in a “key fob” or similar keyring flashlight is fairly easy to do.

Thus with that and the mobile phone you can scan in near IR as well.

You can also spend between $20-250 buying a device from surveillance shops that more or less does the same thing.

As for using an RF Scanner, they are not that easy to use and can give off a lot of false positives, even experts get fooled from time to time. Modern digital systems don’t work the way many slightly older bug detectors work. Which was to emit clicks or flashes of light and look for corelation in the RF signal, that is they were working in the analog domain.

I’ve designed and had built (in China[1]) both Low Probability of Intetcept (LPI) Direct Sequence and Frequency Hopping Spread Spectrum (DSSS/FHSS) systems and more recently “burst mode” systems. Even the more expensive — $7000+ — RF Source location equipment has problems telling the opetator there is a signal there. Even Spectrum Analysers which you can buy slightly more modestly from the likes of Rigol (DSA875) which will cover both 2&5GHz WiFi bands need a very carefull setup and operator eye to find LPI bugs.

What has come down in price a lot of recent times is Software Defined Radio (SDR) kit and no Pen-Tester/Defender (Red/Blue team) without one or the correct software to use it “is worth their salt” these days. You can actually buy a TV SDR USB dongle for as little ad $10 but you need the software to use it. If you have a high endish laptop you can “cut your own” with the likes of the GNU radio software running on BSD/Linux/Win. Currently you can get the “Great Scott Gadgets” “HackRF One” that covers a similar frequency range to a Spectrum analyser for around $350 but you will need to add a few things to it. From a pen-testers point of view it does TX as well as RX, and is cheap enough to be expendable. There are other SDR devices such as the LimeSDR mini which is crowd sourced developed but backed by the European Space Agency which actually has the signal processing on board thus getting rid of the USB bottle neck.

[1] The reason to build them in China is they don’t have arcane “crypto is munitions” laws. In the West if you build LPI Spread Spectrum systems –even though that is what WiFi uses– somebody in an official capacity can and will like the famed cammel stick it’s nose in under the tent flap of your business…

Clive Robinson • October 11, 2018 4:48 PM

@ MarkH,

With regards the Scirntific America post and it’s intro that tells us that Microsoft is sinking a shipping container of 864 of “their standard data-center servers to the ocean floor. There is quite a bit more to the story than “cold water” for doing it near the Orkney Islands in Scotland.

The flip side of the “cooling” is “energy inrfficiency” which implies “lost profit” via greater expense. There are two ways to solve this, the first is to make things considerably more efficient, which is not that easy these days. The second is to reduce the cost of your energy significantly…

Scotland has the most dependable wind and wave power in the “accessable” northern hemisphere. Plus the people doing leading edge research into it.

We’ve all heard about “off shore wind farms” but less have heard about the problems of energy loss in the cables getting that energy “on shore” which can be 25%. Thus putting your server farm on the sea floor at the foot of your wind generator masts gets you a very nice cost saving.

Further what is not being talked about very much at all is the use of certain types of wave energy systems. They actually serve two purposes, firstly they generate power, but secondly they take the energy out of waves. This second point is quite important because the destructive force of wave power is immense and a significant engineering problem in the design of off shore wind farms. Even taking a small petcentage of the energy out of the waves can virtually pay for the engineering of the wave power generation. Thus extra electricity for a very much lesser price. But it has a third advantage, whilst wind power is variable on a “short cycle” wave power which comes from wind power has a much longer cycle so acts as a form of energy storage mechanism. It thus “fills in” where you might otherwise use battery storage to provide a more consistant “base power output”.

As for the non base power or excess power over the needs to run the “aquatic server farm” Microsoft could sell that into the UK national grod for a little extra on the side, or more likely to offset the times when even the base power drops below needs for the submerged servers and it has to draw from the national grid.

Oh and finally there are certain political advantages comming along via Brexit. The chances are a number of “data tech” companies will be not just looking for but getting considerable “sweetheart deals” shortly before or after Brexit in a way they used to get from Southern Ireland prior to the EU putting the boot in…

Clive Robinson • October 11, 2018 9:37 PM

@ echo,

+1

Oh this might amuse,

http://www.mit.edu/people/mjbauer/Purity/hackpure.html

Don’t worry about keeping score, there os many a geeky laugh in there, and some that make me feel realy realy old such as rebuilding a deck of cards…

Clive Robinson • October 12, 2018 4:10 PM

@ Bob Paddock,

Clive, with a fully loaded price of $1,300,000 USD, or $170,000 USD for the starter model, would this Scope/Analyzer find anything?

No more than it’s much cheaper brethren, the laws of physics dictate what is and is not possible.

If you have an LPI transmitter at 0.2GHz that is 10MHz wide for a 15KHz information bandwidth, you can sit down with a piece of paper a calculater and any one of a number of graduate level text books and work out your signal profile and how it decreases with range. Then if you include the monitoring equipment bandwidths and gains you can work out much of the rest.

You will find that the SDR receivers will give as good if not better probability of detecting the signal as the eye wateringly expensive test instrument (test instruments are generally designed for high dynamic range and linearity which penalizes sensitivity).

What you will find makes some difference to the range is what is sometimes –but incorrectly called– “noise free antenna amplification”. Put simply a high gain antenna is like a tuned circuit it has bandwidth and with correct impedence matching gain because it “sees less of the sphere” than an isotropic antenna. Thus the greater the gain the greater the directivity and the more time you have to spend finding what direction to point it in. Thus you trade time for antenna gain, but you also trade RF bandwidth, thus you are fairly quickly back to square one…

But even assuming your test equipment does pick up the LPI signal, it picks up a lot of other signals that are all causing issues in the broadband front end amplifiers of the test equipment and SDR equipment. The result is the signals smear each other and the result is usually “noise on noise”. If I tuck the actuall transmit frequence of the LPI transmitter “close in” to another broadband signal such ad an analog AM TV transmitter or FM stereo broadcast your eyes will not see it on the display.

The advantage that some of the LimeSDR receivers have is that you can in software actually turn them into Spread Spectrum receivers with very precise control. If and only if you know the spreading code you can deconvolve the signal thus cancelling out broad band noise and getting the signal back.

For low cost bugging equipment that uses linear code generation there are known ways to work out the code little by little. However those that generate the code by cryptographic algorithm no. But the ability to work out the code quickly disapears with hybrid spread spectrum systems that also use burst mode aligned with coherant band switching.

That is all before you start looking at Multiple Input and Multiple Output (MIMO) systems.

If you look at Radio Navigation Systems you will find those that use both Phase Modulation and Amplitude Modulation. Due to the fact they combine the two signals at the antenna the phase diference between the PM and AM varies with where you are around that antenna, thus the phase difference gives a compass reading. As it is done at the antenna, what works for transmit also works for receive. Thus you can transmit two spread spectrum signals that interfere with each other except at a given angle to the antenna. There are other tricks with multiple antennas and multiple signals you can do such that you might have to use two or more antennas in space diversity to be able to pick the signal up.

Unless the test equipment alows multiple inputs and the running of front end control software with almost atomic clock precision to be run then it will be inferior to much less expensive SDR equipment that easily does by using a GPS receiver to get precise frequency controll and the 1PPS signal to get precice time control.

This sort of well below the noise threshold communications is actually proving of interest to Radio Amatures that are into the technical experimental side of the hobby. Although not LPI systems the do quite nicely demonstraye the “Signal to noise” in a given bandwidth issue, with some offering high reliability with -36dB S/N (ie the signal is one four thousandths of the noise).

If you know such an Amature/HAM get them to show you PSK31 telex like communication and the fact you can not here the 31Hz bandwidth signal with even a good quality receiver in CW or SSB mode whilst still getting 100% copy. Or better still the likes of WSPR.

Such systems could then be further reduced another 30-60dB by applying LPI techniques to be -95dB down… Such that your test equipment would need to be physically connected to the transmit antenna and still not have much chance of “seeing the signal” even though the receiver several hundred meters or more away is getting “full copy”.

Clive Robinson • October 14, 2018 3:50 PM

@ Bob Paddock,

Microsemi SA.45s is usually a better option for Atomic based reference that is portable and low power, relatively speaking for Atomic References.

I’ve had a look at it it costs around $1000 but it has a major issue for RF MIMO work which is synchronizing two units together reliably. The most important output the 1PPS that gives you time sync is effectively random on power up. Thus you need a GPS or other distance synced 1PPS signal to sync it up.

Thus it’s main use is not instead of GPS but to cover for GPS drop out but you have to accept a potential 3cm/Sec effective drift rate which even at VHF can be quickly noticable.

With regards,

It is usually the clock-recovery/sync that is the challenge, any insights there outside of the usual textbook stuff, that I’ve read?

Not sure what you have read, but the usual trick is to have a very narrow filter that once synched uses phase or frequency locking to keep things on track. This of course only works so far depending on relative velocities of TX and RX which should be minimal if you are static. In the past a three loop system would be used to synchronize the system.

Modern software systems however would just use “a thousand receivers” of an FFT or DFT system running on a computer and use a predictive tracking algorithm. It’s the sort of thing that comes in highG boxes for high V and delta V vehicles.