Schneier on Security

Clive Robinson • February 1, 2020 3:14 PM

@ Scott,

“but instead from public panic and panicked government responses”

Also certain comments such as China and the United States “are on top of things”, when clearly they are not in either case…

The thing is so far there have been far less deaths from this virus than the US experiences with the flu virus most years.

However that is going to change. The reasons are firstly there are now something like 10,000 known cases in China and the disease mapping people at Imperial College London sugest it’s probably between 40,000 and 100,000. That is they are either not symptomatic yet or only mildly so and have not yet got on the radar.

Secondly the known number who have recovered is about the same number as have died. So the “known outcome” in patients is around 5% therefor in 95% of medically known infections the outcome is still very much unknown.

Which also suggests that the time from initial infection through to recovery is a month or more. Most “colds” (which are cornavirus varients themselves) are dun and dusted in 6 to 10 days….

Not much more is realy known yet even though it has been genesequenced already and there are now known testing protocols from the likes of the CDC.

Clive Robinson • February 2, 2020 9:57 AM

@ Wesley Parish,

That the person is paranoid due to policy and empolyment and not due to a “chemical imbalance in the brain” is no excuse

Which as, you note is rather conveniant for some. It’s a kind of circular argument you see out of various “authority figures”. If they persecute you and you complain “you are paranoid” if you don’t complain then you must have some other mental illness… Either way “The victim is blaimed”.

The thing about “mental illness” is it’s highly stigmatized and people imagine some danger of someone being an axe or gun wielding “psycho-killer”. The reality is that more than a quater of the Western population and rising, get some form of mental illness at some point in their lives[1]. So once they have you on “Mentally ill” they can use it as an excuse to lock you up indefinitely “for your own safety”, or “the safety of others”.

In Russia for instance a standard tactic is to “bug the house” of a political suspect and “like Alexa” record everything that’s said. They also hide CCTV cameras in the bedroom. Then, when they pull the suspect in, they make them go through every conversation every video from the bedroom over and over in out of time sequence. They scream things at some suspects claim they have said things differently and basically drive the person into a confused or deranged state. The authorities do this just because they have “the lawfull authority” to do so…

As I said earlier you don’t have to believe me, just look at what goes on and examine what you find. And if not convinced there is a real issue, go and have a look at what the Chicargo PD did with their illegal detention center at Homan Square[2]. Then look into what “Special Administrative Measures” realy means, the UN lists many of the techniques as various forms of tourture.

But if you look at the dictionary discription of “paranoia” you usually find the word “unreasonable” or “delusional” in there,

Cambridge :- an extreme and unreasonable feeling that other people do not like you or are going to harm or criticize you.

Merriam-Webster :- characterized by systematized delusions of persecution or grandeur usually without hallucinations.

Thus the problem is who is to say what is “unreasonable” or “delusional”. There are many reasons why someone might have trust issues, having been bullied through school and adolescence is one reason, being involved in a number of abusive or controling relationships is another. After all not everyone has a robust personality, but even so we do all have breaking points…

As a friend who works in the profession pointed out to me, in effect,

We all have worries and fears, some come from early events in our lives or are built in such as fear of spiders or the dark, and we can learn to overcome them. However anyone who knows what they are can do the opposit, and use them to make someone much more fearfull more anxious and thus look like they are unreasonably fearfull or delusional, to the point an untrained observer will believe the person is paranoid.

More interestingly they went on to describe that we realy do not know the mechanisms of actual clinical paranoia and why some people are more susceptable. Also that it may be linked to the mechanisms that give rise to Post Traumatic Stress Disorder and certain avoidance disorders (like fobias etc).

The real point though is that humans are nearly all delusional and take an unreasonable view on life… This is because on mass we dare not face reality, we trust incorrectly, are overly optomistic and just simoly ignore inconveniant reality by victim blaiming and live more or less in the moment to get through life. Thus it does not matter how many facts and figures you present to the average person they will ignore it. In the modern era people are getting money and other things stolen via “Identity Theft” the victimes are almost always blaimed by just about every one. The organisations that gave credit where they should not or banking facilities, the organisations that just hand out things like utility bills without question, the authorities who should investigate and even the courts. They all blaim the victim and look the other way. The only reason there is not more identity theft and online financial crime is the lack of criminals.

But this sort of thing has been going on for centuries. The clasic example that most have heard and even still believe, was the faux news[3] of,

Let them eat cake

The reason it was and still is believable though false is that it demonstrates how,

The “commoners” incorrectly believe that the “aristocracy” are shielded from the “real life” commoners live.

But most people fail to realise it applies to all of us, we are all shielded in some way.

Just yesterday I was walking through London with my son and taking a short cut from Oxford St to Foyles book shop in the Charing Cross road. Due to Cross-Rail extentions, lots of places in that area are closed off. Thus forced into taking a detour down an alley beside a luxuary hotel, we saw a tent a group of people around it we had to walk around. I knew at a glance, at the things that were visable and the piles of vomit, that the people were not just homeless, or drunks but actual hard drug addicts and from eastern Europe. Having passed by unscathed –as is usually the case– I asked my son what he thought. He got homeless and drunk, but did not realise drug addicts or the types of drugs or where they were from. As the little encampment was clearly visable from the hotel entrance, the thought occured to me, “What do the guests think, if they even notice?”

The simple fact is most live in “bubbles of existance” and few ever go outside of their bubble or “tribe”. Thus their view of the world is almost entirely different from someone else less than a hundred feet away. So it’s very easy to manipulate the view points of people who have no idea or appreciation of the world outside their bubble. But be assured of one thing, there are many who chearfully exploit those existance bubbles to their own advantage, enjoyment or both, faux news and Internet “echo chambers” are just the latest ways.

[1] Various arguments have been put forward for the rise. One is, it is related to “anonymous high density environments”, that is living and working in cities where we are effectively alone is bad for us. Another is the stress of not being incontrol in our various lives. Others have suggested the trend towards 24hour living may play a part as there is no clear day/night barriers thus needed regular sleep cycles, which is backed up by medical evidence of stress related illnesses and higher incidence of addiction and suicide (it’s amazing why employeers are still alowed to use shift working “rotation” the way they do).

[2] https://www.theguardian.com/us-news/2015/oct/19/homan-square-chicago-police-disappeared-thousands

[3] https://www.britannica.com/story/did-marie-antoinette-really-say-let-them-eat-cake

Clive Robinson • February 3, 2020 8:07 PM

@ SpaceLifeForm,

… there are probably over one million people that could be infected that are *NOT* in China at this time.

It’s quite a bit higher than a number of estimates, but not impossible. The real question is if the number is that high where are they.

The three most critical countries in that region as far as the world economy is concerned are China, India and Russia. Whilst Russia in that region is fairly low density population wise, China is quite high and India even higher.

Russia is “resource rich” but not a major producer of finished goods or services, whilst China has a near monopoly on some resources it is a major producer of goods and financing. India is a major supplier of services as well as goods.

Which means if China and India loose the wrong people the world economy will get a bath it does bot want.

Clive Robinson • February 5, 2020 1:45 AM

@ Bruce, SpaceLifeForm, ALL,

2016-nCoV bites the tech industry.

Every year in Spain for quite some time now the GSM Association (GSMA) holds it’s “Mobile World Conference” which is where just about every one with an interest in Mobile Phones and connected Smart Devices and even IoT get together to anounce new products and make deals that will effect consumers for the next two to three years if not more.

All the big players are usually there with premium rate stands and all the usual razzmatazz… Only not this year it would appear. LG have already anounced they are going to be a “no show” due to coronovirus and others manufacturers especially those from the Far East are likely to be the same…

https://www.theregister.co.uk/2020/02/05/mwc_coronavirus_fears/

To be honest I can not say I blaim them with reports being made of vigilanty and other abusive behaviour against orientals from around the world[1], they have to think not just of the health issues involved but the potential violence against their staff, even though they may be comming from European HQ’s not the Far East.

But with recent anouncements about flights being cancelled and suspended, with incidents of people put in quarantin on the rise there are other risks. Staff might arive and even if allowed through the airport might find hotels refusing to accommodate them.

Thus the economic damage has already started and is set to get worse and it’s the FMCE and white good markets that are likely to get hit first followed by the Consumer IT and Mobile equipment markets, which will roll backwards into the consumer software and other secondary markets.

[1] Who gets attacked where and in what way is somewhat telling. Reports from China where people can tell what province or even city within a province you are from by your accent, way of speaking or even the way you dress, indicate those from Wuhan are getting attacked and local law enforcment are apparently looking the other way. People are even being attacked for not wearing masks, even though masks are already in short supply. Even doctors and nurses are getting abused. There have been other reports of violence or racial abuse rising in other parts of the world including Europe. But it’s not just violence and abuse it’s also people avoiding businesses and areas. Spring festival / Chinese New Year is usually a time when there are lots of people about shopping and the like. London’s China town would normally be very crowded and pressed full of people. but although busy is only around 10-20% of the numbers you would normally expect, and less than you would see on an ordinary weekend. In my own home town which has many korean owned shops and restaurants they looked almost deserted last weekend and the high St in the early evening felt like a ghost town, at a time it would normally be busy.

Clive Robinson • February 5, 2020 7:15 PM

@ SpaceLifeForm,

So far, the data sucks.

It’s to be expected.

Oh there is other bad news sort of comming through… Usually when you get a coronavirus infection (ie the common cold), you don’t become particularly infectious to just befor the “chills” stage when you are already symptomatic (aches chills fever lethargy etc). Because it’s the chills that –if it were not for the trapings of modern life,– would cause you to seek out other warm bodies to huddle up against. After the chills you are generaly nolonger infectious as the cold runs it’s course…

2019-nCoV novel coronavirus is apparently novel for various reasons… In that it has a different infectious period that is much longer. From what is being said you get infected and a few days later you become infectious without knowing it. Then you might or might not become symptomatic upto a week later, and you remain infectious through what would be the symptomatic period. Possibly still being infectious as your symptoms have effectively subsided… Further if you graph three curves of “notified”, “sucumbed” and “recovered” you can see in this “at risk group” they are ill for quite some time of two to three weeks rather than less than a week.

But as I’ve said befor with both the succumbed figures and recovered figures being in single digit percentages we know we have a long way to go before the data we are getting becomes meaningful.

The figures at 23:59GMT,

Totals,
Confirmed : 27,705
Sucumbed : 563 ~2%
Recovered : 1,128 ~4%

The death rate appears to be holding at ~2% whilst the recovered or survival rate at ~4% is going up. Unfortunately the new confirmed infected number is up by over 7,000 or ~34% since the figures I gave above.

Clive Robinson • February 7, 2020 12:03 PM

@ JonKnowsNothing,

It may seem to the US Trade folks that chlorinated chicken heading towards the NewK is a done deal, but there are other risks involved besides what’s for Sunday Dinner.

Food Security is a very significant part of UK National Security as it is for many Nations where things are a little to the left of Atilla the Hun (ie much of Continental Europe, which the UK is not part of).

But yes from memory the UK has had several major food safety issues of it’s own Government’s making and they were all down to “Big-Aggra” effectively bribing the Minustry of Agriculture and Fisheries and what it morphed into over the years due to revolving door employment etc.

We could start with the root of the problem, which was post war food shortages (the UK nearly starved and it was only thanks to food parcells from individual American donors that stopped it, both my parents were helped by this kindness and they were always grateful).

Science started “strange brew” experiments, some of which involved feeding live animals not just parts of dead animals but their waste products as well. I’ve mentioned before one of the least discusting sounding, the use of chemically altered hair and feathers used in bread making (Chorely Wood Process). Therecwere others such as including egg shells and chicken waste into chicken feed… As for pig urine, it’s best not to ask… But another asspect was feeding dead sheep that were past the age of interest to eat by humans to first other sheep and then later cattle. Basically everything but the hide was ground up and powedered and added to ruminant feed and this included the brain and bones which included the spine. This also included some carcuses of sheep with “scapie”. Britain got so good at this “strange brew” science we became a net exporter of both sheep and cattle, and politicians were getting concerned at the Food Mountains and Milk, Wine and similar lakes caused by over production gratis of EU policy called the Common Agrecultural Policy (CAP) which the UK was a major contributor to but received little in return for. In fact it was looked on by some as “de Gaulle’s Revenge” and they hated it. Which is one reason “Made Maggie” Thatcher declared war on it.

Which brings us to “Mad Cow Disease” or Bovine spongiform encephalopathy (BSE). 30 years ago this year under Selwyn Gummer[1] was a compleat and unmitigated disaster from beining to… well today I guess as it’s still ongoing and may do for the next twenty to eighty years. The UK still claim BSE was an “animal feed contamination” though other evidence suggests it’s actually the use of organo-phosphates for tick etc control in “sheep-dip” and the like, that are effectively varient “nerve-agents”. As we know now OP’s are killing bees, though the chemical industry is fighting tooth and nail to stop that becoming recognised (the reason for ignoring the OP issue is probably because the Ministry ordered it’s use…).

Speaking of cows, there were the funeral pyres and pits for “Foot and Mouth” probably released from a UK Germwarefare lab and spread rapidly by having live animals transported hundreds if not thousands of miles to slaughter to please the meat production industry that found huge abattoirs with just one ministary vet in residence much cheaper to run than local small abattoirs with a £25 / carcus inspection fee. This came about because the Ministry decided to save money and it’s Euro-fobic viewpoint[2] to implement EU legislation in a way extrodinarily prejudicial to UK small abattoirs, where as the EU counterparts implemented the rules in a small abattoir friendly or neutral way.

The thing about foot and mouth is that there is a vacine, and there was at the time just as there is with Bovine TB. But as major meat producers are mainly exporters and not home market their business would have been hit for six months to a year. So the UK under Toney Blair did the worst thing possible, they went for slaughter and compensation. Well it went wrong, those doing the slaughtering were on big money… So unsurprisingly parts of infected cattle started turning up on farms where there had been no infection… Many small farmers with rare breed hurds got wiped out financially as did the rare breeds…

As a side result the UK whigh was a net exporter of beef in tonnage became a net importer of beef in tonnage, from abattoirs in the far East of Europe. Because of Ministery cut backs food import inspection of EU food stuffs became near non existent. The result amongst others UK horses were taken to Ireland, transported across Europe turned into meat that is fit for human consumption but quite a bit cheaper than beef, that the got used in EU processed food production and then got re-imported into Britain as “Beef Burgers” and “Beef Pies” and other processed foods with beef mince in, but no mention of “neddy”. Now whilst I’m not averse to “Neddy-burgers” (horse meat is healthier to eat than old dairy beef) it’s the fact that it had been shall we say “mislabled” for so long and to such profit that is of concern. Basically the Ministry “cut backs” had so imperiled UK food safety that people in Europe were vastly profiting by, and were never going to be prosecuted.

As you probably know I could go on and on with GM, bees bovine TB and much else but I’ll stop there.

[1] https://www.express.co.uk/news/uk/577667/Cordelia-Gummer-Mad-Cow-disease-BSE-scandal-25-years

[2] The reason the Ministry is Euro-fobic is that it in part it was due to “Mad Maggie” Thatchers attack on the Common Agrecultural Policy the French so love and need due to the great number of “pocket hankerchief farmers” whose farms are little bigger than a couple of large gardens (due to French inheritance laws). Which caused all sorts of tricks to be pulled by the EU admin making all sorts of money available to UK farmers that count against Maggie’s rebate. The UK ministry, had to find ways of stopping farmers claiming the money whilst not getting penalised in one way or another. Because the Ministry is fairly incompetent it’s actions have resulted in huge fines by the EU rightly so. Whilst CAP was and still is wrong, the way Maggie webt about dealing with it was wrong, and has cost the UK Treasury big over the years, which might account for some of the faux figures used to argue for Brexit.

Clive Robinson • February 8, 2020 5:55 AM

@ SpaceLifeForm, MarkH,

Firstly a couple of things that might be of interest, courtesy of someone I know who does YouTube and passed me the links.

First there were stories leaking out about these new 1000+ bed Chinese hospitals being like prisons…

Well now there is video footage that appears to confirm it,

https://m.youtube.com/watch?v=byczPcp62ps

https://m.youtube.com/watch?v=gyV-1tLY2RI

The modular design and rapidness with which they have been produced, suggests very strongly that China has got designs for both prisons and hospitals on a common basic design “on file, ready to go”[1] from previous builds. And that some of the units were partially or fully constructed some time ago and kept in storage awaiting use. Which makes you wonder what other Super-Powers or nations have tucked away for such eventualities…

Secondly it appears that whilst I’m giving up on graphing the nCoV data, there is a Canadian Medical teaching site that is doing Monday to Friday analysises,

https://m.youtube.com/user/MEDCRAMvideos/videos

But speaking of epademics and pandemics.

But in more general, it appears China and more broadly Asia are having a tough time on the food animal epidemic/pandemic front. With not just African Swine Feaver but a major resurgence of H5N1 avian bird flu. Which almost certainly means there are going to be food shortages world wide in the comming months, so sling some meat in the freezer or “can-it” whilst it’s still at moderate prices.

But also North America is suffering from the outbreak of this years seasonal flu, which is taking it’s toll. With ~180K hospitalisations and ~10K deaths so far, and expected to get three to five times worse as the season progresses.

Oh and as you mentioned the cruise ships, apparently the British couple on the Diamond Princess cruise ship are still putting out their stuff on social media. With twenty passangers now confirmed via test kit of having nCoV having been taken off ship in Japan. But remember as I’ve said before Crusie ships have a much larger “at risk group” than normal society[2] due to second honeymoons and retirment holidays etc.

It’s all kind of depressing realy when you take a moment to look up from the science and maths to see the human asspect of these diseases.

[1] There are stories going around that these “prison hospitals” were already built and were to be used as part of “medical experiments” or “Organ harvesting” of the Uighur Muslims. Possibly to support the in excess of $1billon/year organ export trade China is involved in,

https://www.nbcnews.com/news/world/china-forcefully-harvests-organs-detainees-tribunal-concludes-n1018646

[2] Remember that both China and Japan have aging populations a trend that is now apparent in communities in North America and Western Europe. In China’s case it’s also unbalanced towards men. This was due to the “One Child” policy, and a cultural prefrence for male heirs (giving rise to illigal abortions of female foetuses).

Clive Robinson • February 8, 2020 4:55 PM

@ MarkH, SpaceLifeForm,

I don’t know that we can learn anything useful from the outdoor broadcast spraying of disinfectants. I might be wrong, but it seems to me that there’s no situation in which such spraying would help in any way to contain an epidemic.

It might not be “bat do dos” that they are after.

There are three serious viral problems China has at the moment,

1, 2019-nCoV.
2, African Swine Feaver.
3, H5N1 avian flu.

The last one on the list might be the reason.

Whilst H5N1 has not yet realy crossed over to humans in a serious way, we know it has the potential to do so. But some think the time it is most likely to mutate is in someone who’s immune system is compromised…

Therefore the Chinese authorities may think that way as well, and any place nCoV is, immune systems are going to be compromised. Thus doing a bit of preemptive work on bird poop and roosting birds on buildings.

Clive Robinson • February 11, 2020 1:49 PM

@ Curious,

Crypto AG (That iirc Swiss company that is believed to have sold US backdoored crypto stuff to the world).

Crypto AG[0] was headquatered in Zug Switzerland, you can read part of their history in various articles.

One of which relates the fact that even before the NSA existed there was a relationship through William F. Friedman[1] of the “Riverbank publications”[2]. Friedman cultivated “a special relationship” with Crypto AG founder Boris Haglin, which resulted in Crypto AG being just about the only commercial crypto equipment supplier in the world.

It’s known that Crypto AG had three levels of equipment that they sold. The first tier was to third world dictators and the like who it was assumed did not have any ability to undetstand even the Ceaser Cipher let alone the security of a crypto machine. Thus this equipment was less secure than the known to be backdoored US armed forces field cipher machines[3]. The second tier was for untrusted alies or those countries that knew something a little more about cipher mqchines. They were initially comparable to US Field cipher machines and later German enigmas, again tricks were implemented such that they would be compatible at some level with the low end WWII German Enigmas and US field Cipher systems still in use during the Korean Penisular war in 1950. The third tier were for US alies that the US gave the apperance of trusting (but spyed on anyway) the defects in these machines were not cryptographic as such, but more Physical, you can read about this in Peter Wrights “Spy Catcher” though he does not say who made the equipment[4]. But it was not just sound it was what we now call Pasive TEMPEST / EmSec attacks on telegraphy lines[5]. Crypto AG could supply the fully crypto secure algorithm electromechanics to customers, but leave off some or all of the filtering or reclocking circuits that stopped “side channel” based key leakage to the telegraph lines and other still classified tecniques not to disimilar to the “infinity device”[5].

But Crypto AG got caught out, and one of their sales people Hans Buehler got nabbed as a spy by the Itanians, who interogated him for nine months. But as Crypto AG’s unknown owners had not told senior managment or others in Crypto AG poor Hans knew nothing. Crypto AG paid the $1million bail and got Hans back to Switzerland, where they then sacked him and had him federaly prosecuted as well as persuing civil action against him for the $1million. Effectively the typical US IC community thinking to shut inconvenient people up. However it “blew back” and the press it created brought Crypto AG out of the shadows along with some of it’s lies.

But this did not stop the apparent aliance of Crypto AG with the NSA, GCHQ and the BND… And guess what Crypto AG were caught out again with “economic spying” issues in the EU that used Crypto AG encrypting fax machines.

Each time Crypto AG get caught out they came out with some story about that was all in the past but their machines were backdoor free etc these days… But then they’ve sung that song so many times before and it was shown never to be true…

You also realy need to note that not even Crypto AG’s senior managment has ever known who actually owns the company… This is because ownership is held through “barer bonds” which have no sale or exchange records. So much beloved by Criminals and others who do not want their activities revealed like spys and intelligence agencies like the CIA (remember the Olly North and Fawn Hall show? That showed lots of US dirty hands dealing).

So yes Crypto AG have been dirty one way or another more or less since the begining when Boris Haglin did his deal with William F. Friedman, that he would be able to prosper unopposed in return for backdooring all their equipment for the NSA… Part of this agrement was that the US would “kill off any competition” to Crypto AG. As Crypto AG have been repeatedly been found to be “dirty”, under the old “A leopard never changes it’s spots” saying I have long assumed and indicated as above that they are still dirty and won’t change. Thus have nothing to do with them or anyone daft enough to use their equipment.

But the real point people need to understand is, it realy is over for Crypto AG and has been since the likes of the NIST AES competition and the NSA’s decision to “salt the ground” of software encryption via competition implementation code that had time based covert side channels in it that leaked KeyMat. The likes of the US and Five Eyes SigInt agencies had learnt the lesson of DES and changed tack. But some realised with the AES competition the NSA was into “Standards, Protocol and Implementation” back dooring. Eventually the Dual Elliptic Curve Digital Random Bit Generator (D-EC-DRBG) fiasco opened just about everybodies eyes to what the NSA etc were upto (confirming what I had been warning about for years).

So since 2010-15 the days you needed Crypto AG equipment were long gone (like the –leased Office Photocopier racket). You can build as good for a lot lot less money using off the shelf PC equipment, Open Source Software and a little knowledge of how to set up scanners, printers, and other I/O devices to get “files” onto disk etc. You can then encrypt those files etc using script files and FOSS. So basically for a decade or more people have had no reason other than “legacy” to use Crypto AG’s services and if thinking rationaly would have phased the legacy stuff out in a couple of years. Which might explain what happened in 2018.

But untill today the not so little pecadillos of Crypto AG had been “an in trade joke”, but has now changed. Because German TV station ZDF and the WashPo have “blown the gaff” as it were and have revealed Crypto AG was, in actuallity, entirely controlled and later owned by the CIA and the BND from the end of WWII untill around a year or two ago. Via Project THESAURUS and more recently Project RUBICON.

So by by Crypto AG… But the story does not die with them…

Which is where we get into the even stranger stories about the German SigInt agency effectively owning German electronics company Siemens and their telephone and other comms chip sets, and the similar tie up between the Dutch SigInt agency and Philips Electronics in Eindhoven (and indirectly getting a part of a premier European soccer team PSV Eindhoven that they’ve been known to exploite one way or another). But you can look those stories up for yourself.

[0] https://en.wikipedia.org/wiki/Crypto_AG

[1] https://en.wikipedia.org/wiki/William_Friedman

[2] https://en.wikipedia.org/wiki/Riverbank_Publications

[3] The backdoors were simple enough, the machines had strong keys and weak keys and a range in between. The US used a central key issuing authority, thus the US forces were only ever issued the strong keys as “Schedualed KeyMat”. Crypto AG also had KeyMat generating examples and systems and these are known to have been biased towards generating weak keys. The reason for the strong and weak key design was originally to protect against the case of field ciphers being captured and thus reused or used as the base design for enemy crypto equipment. Part of this is down to the German Enigma and British Typex essentially being the same basic design. Whilst it is known that the Typex was modified and used at Bletchly to decode Enigma messages, it’s more or less always been claimed that the Typex remained unbroken by the Axis Forces during WWII.

[4] This kind of worked like the acient Chinese “nightingale traps” where floor boards etc were designed to groan or squeak in a recognisable way so that you could tell where an intruder was without being able to see them. In Peter Wrights book he tells of ” Operation ENGULF” which was the bugging of the “crypto cell” of Egyptian Embassy through the “infinity device”[6] they had put on the phone line leading into the “crypto cell” phone. This enabled them to hear the crypto machines in operation, and due to defects in the mechanics from wear and slop and where they moving parts were mounted on the subframe it was possible to determin by sound which “wheels” were stepping and by how much etc and importantly the likes of the turnover points… Thus much of the hard cryptanalysis work was significantly obviated. The same attack method worked against later equipment that used mechanical relays to do “one time tape” encryption thus striping of link based super encipherment[5].

[5] Whilst technically TEMPEST or Passive EmSec attacks, such issues were very difficult to deal with and accounts in some cases for the apparent odd placment of sound absorbing materials in some electromechanical cipher machines. Also because the relay pull in and release times were impossible to control sufficiently well that artifacts did not show up on the telegraph wires thus alowing super encipherment to be stripped, another set of relays or in more secure equipment two aditional sets of relays were setup like a “shift register” to “reclock” the data lines thus removing the OTP encryption relay artifacts from the line.

[6] The “Infinity Device” –not infinity bug which is a whole different animal– uses the basic laws of physics to do the seamingly impossible. Which is jump switch and other “open” contacts like those in relays and mechanical to electrical transducers where you test meter shows “Open Circuit” of ten megohms or more. If you think about it an open switch contact is in essentially “two metal plates seperated by an air dielectric”, which is the same description of a two plate capacitor. Thus an open switch is a capacitor, and as most students of physics know that whilst the DC resistance (R) of such a capacitor is effectively very very high as the test meter attests to, the AC impedence (Z) however can be a lot lot lower and is defined by

Z = 1 / (2pi f c)

Where “c” is the capacitance of the open contacts and “f” is the AC signal frequency. So a phone “hook switch” can in effect be jumped by an RF carrier as low as 200kHz. Now what many people do not realise is that you can have two AC signals travel down a wire pair in opposit directions without interfering with each other. Thus you can seperate them via a three port device called a “circulator” or other similar device like a two to four wire hybrid. So if you break the telephone transmission line and insert a circulator, you can send an AC signal down to a phone, where it will “jump” the hook switch and complete the circuit through the microphone, that then modulates the AC signal that returns back down the line to the circulator where it comes out of the RX port and into a demodulator circuit to recover the audio in the room. Or to jump a single set of relay contacts to see the timing of the relay contacts behind it which performs the XOR function “imperfectly” thus alow you to get the timing information to strip off the One Time Tape super encryption “addative”.