Z.Lozinski September 18, 2020 9:42 AM

What’s astonishing is that the failure persisted for around 10 years. That means in all that time no-one was checking the final broadcast signal, or that the only checks were for audio quality, not content. A simple display of the frequency spectrum of the broadcast digits or groups would be sufficient to show the problem.

Clive Robinson September 18, 2020 10:18 AM

@ ALL,

You might wonder what Matt means by,

“numbers stations are part of time-honored espionage tradecraft for communicating with covert agents. But their capture may have illustrated how subtle errors bcan cause these [OTP] systems to fail badly in practice, even when the cryptography itself is sound.“

I mentioned it the other day over on one of the squid pages.

As a slightly over generalised rule of thumb “Crypto only secures the message contents, not the traffic”.

So the fact a message was sent at what time of day, day of the week/month/year is often called “meta data” (data about data). With “broadcast systems” such as SW/HF Numbers stations the meta data is known by anybody who has a receiver tuned[1] to the station and is in range of the transmitter.

As Matt notes to make the meta-data of little use to anybody listening things are kept as near identical as can be with the metadata. So traffic times number of messages sent even the message length sent etc etc is maintained without change for not just weeks or months but in some cases decades. Thus the only things changing are,

1, Message Indicators.
2, Message Groups.

Whilst these appear “random” the Indicators are often unique and the groups of fixed size, with an “alphabet” that has uniform usage properties and flat statistics. Thus all message metadata should look alike.

But in the case of the “nein nines” messages the alphabet instead of having ten symbols (0..9) it had only nine (0-8). Which is a major difference in metadata.

But does this effect the crypto security, the answer is “probably not”, “it’s all down to the statiatics”.

The smallest size alphabet you can use is two (0..1) and the largest what ever size alphabet you find convenient[3].

For historical reasons to do with charging “per word” in “cables” back at the begining of the 20th Century what is now the “International Telegraph Union”(ITU an agency of the UN) set the “word size” at “five letters” to stop people using “codes” to reduce the amount they paid. Which is why “Five Letter Code Groups” were the most common size untill very recently, and still standard in Millitary and Diplomatic codes abd ciphers.

From a crypto security aspect as long as the alphabet usage statistics remain flat there is no difference in securiry between an OTP using a ten symbol alphabet and a nine symbol alphabet the “All messages of the same size or less are equiprobable” proof of security remains the same.

But from a metadata or “traffic analysis” point of view, in a world where all numbers stations appart from one use a ten symbol alphabet, the one that does not atands out like a lighthouse on a clear night at midnight. So acts like a massive finger pointing at the Russian Illegals with very little metadata analysis and correlation.

[1] There is a danger in tuning into stations such as Number Stations. Again as a general rule of thumb most receivers these days are still “hetrodyne” receivers and use common Intermediate Frequencies (IF). Which means that if you can pick up the radios Local Oscillator (LO) radiation it’s frequency tells you what frequency the receiver is tuned to and when it was being used[2]. This has been used in the past by MI5 to hunt down Russian “illegals” using a light aircraft to cover ground rapidly. Likewise during WWII where “spy sets” put out a lot of LO power back up the antenna they could be heard more than ten miles away by the German Army Signals Agency. Who used Radio Direction Finding Trucks to “HF DF” SOE officers in occupied Europe to torture/kill them (the same still hapens these days and for those that remember the leaked TAO Catalogue “Find, Fix and Finish” means exactly the same).

[2] This still works with transistorised equipment as can be seen with,

The FBI would in no way need ti be “eyes on” to verify that the Russian illegals/NOCs were receiving the Numbers station.

[3] The crypto alphabet can be made of smaller alphabet groupings like dictionary words are made of latin alphabet letters. Also and importantly the four or five number “groups” also form an alphabet of their own. For various technical reasons when making One Time Pads using the number groups to make the alphabet is actually not just sensible but desirable as it can stop certain issues that arise between theory and practice. As long as the statistics of the alphabet usage are flat the same crypto security assurances of “All messages of the same length or shorter are equiprobable” apply. Oh another important thing is that the “plaintext alphabet needs a ‘null’ in it at the zero position so that alphabet size translation remains unambiguous.

P.S. There may be more than my usuall number of typos due to a small accident whilst doing the dishes after lunch. I had a “ring pull” can of soup for lunch and after the dishes I washed out the can to put in the recycling. Without realising it the sharper than a razor edge on the can cut through the green plastic scrubber and right across the pad of my index finger which now has a bandage on it. For some reason the bandage does not work with the mobile phone touch screen…

Curious September 18, 2020 10:20 AM

I remember searching the internet for ‘charlie one allen’ one time long time ago (after seeing a movie where this phrase was mentioned), and to my surprise, the search result yielded maybe a single result I think it was (which I thought was weird). It was a link to a text file with some seemingly endless long list of word like words (nonsensical) separated with a line shift, some series of letters were repeated. Probably some numbers in there as well, I don’t remember. Could this have been akin to a one time pad? I guess it could have been somebody’s joke, because the text file seemed really weird.

Clive Robinson September 18, 2020 10:39 AM

@ Z.Lozinski,

What’s astonishing is that the failure persisted for around 10 years.

Not realy.

Those doing “stay behind” and NOC / illegals activities were almost always not selected for “technical” abilities.

Let’s put it this way a “baby clothes sales person” is a considerably better fit than any kind of scientist, engineer or technician.

Those on the radio technical side in Russia would have not in anyway been technical in the mathmatical or crypto sense. They would have been teenagers in the millitary trained in the way most armies do by rote or “sitting next to Nellie”. They certainly would not have “got into post” if there was even a hint of insubordination, and noticing something like that would have been well above their pay grade.

The people who’s job it would have been to pick such things up would have been the equivalent of the Security Services Radio Service, and in Russia it would have been seen as bot just a safe posting but a cushy on at that. Which ment the children and relatives of those in high office would have got the jobs, not those of merit.

If you want an idea of just how badly things had gone wrong in the Russian agencies have a look at Ben Macintyre’s book,

“The Spy and The Traitor”

ISBN 978-0-241-18665-7

Viking Press (part of Penguin, Random House group).

Clive Robinson September 18, 2020 10:53 AM

@ Curious,

I remember searching the internet for ‘charlie one allen’ one time long time ago (after seeing a movie where this phrase was mentioned)

In the movie “The Wild Geese” from the 1980’s or earlier there is a scene in which there is a reference to a “charlie one allen” on the radio.

The script writers kind of assumed people would realise it was a joke refrence to the “Central Intelligence Agency”.

I Don’t know if it appeared in any other movies. But for SciFi cartoon fans who have seen the first Episode of Futurama the “Cyclops” later “love interest of Fry” called Leela, was a police officer and was given the call sign of “Officer 1BDI” in a similar hunourous vein.

MikeA September 18, 2020 12:19 PM

@Clive I am curious about your phrase “still heterodyne”. Two of the units shown in the linked video are said to be super-regenerative. The other is not specified.
I would expect the artifacts of a super regenerative receiver to be more pronounced than the local oscillator, possibly even allowing the “fingerprinting” of an individual receiver by quench artifacts. I was also surprised to see this in use in the 1990s models.

I am at best a curious bystander, but would love to read about pros and cons between these and superhets (famous for TV detector vans).

jcb September 18, 2020 2:25 PM

@Clive Robinson

Let’s put it this way a “baby clothes sales person” is a considerably better fit than any kind of scientist, engineer or technician.

Once the baby is born and has its milk, there’s really nothing more “fitting” about a woman versus a man or whatever other personal attributes to such a position.

I wouldn’t be so dismissive about it, either. Cotton gins and weaving looms were programmable by punched cards, just like Charles Babbage’s calculating engine, long before IBM’s Hollerith tabulating machines came along.

It was Ada Lovelace, a woman, who programmed that calculating engine, after all. If there’s any connection between work occupation and family name, she may well have been selling baby clothes.

How many baby socks with heels and toes can you program this machine to knit in one hour, or how much fuel or electricity does it need?

Clive Robinson September 18, 2020 8:29 PM

@ jcb,

I rather think you’ve missed the point.

The types of people picked for stay behind roles were very deliberatly picked not to have any kind of scientific, engineering, technician or technical trade.

In fact apart from “shop keeper” type trades which were seen more as middle class businessman they were after people with “front” that is people who “could sell saunas in tropical jungles” and the like.

Also petty criminals like con artists and pick pockets who see people as objects of no great importance in the way of getting “a score”.

In the case of UK stay behind forces set up after WWII incase of Russian invasion they were set up into small “cells” with hidden underground bunkers in woodlands etc. After a cell was set up the only contact was through each cells leader. Unbeknown to the leader they were actually “deadmen walking” because the No2’s were all issued with sealed orders, the first line item of which was to kill and dispose of the leader and take over the team. This is not the kind of thing most people with any kind of scientific or technical background is likely to be comfortable with. They might be unworied about killing an enemy but someone they knew and worked with? Wrong type of personality type…

Think about Aldrich Ames, he very deliberatly decided to be a multi-millionaire for the lifestyle he did not merit in the slightest. He was doing this by selling his countries secrets to the Russian’s (for about 30millionUSD in todays values). But before he started he determined that his plan to be rich rather than in prison rested on getting rid of American “assets / sources” in the Russian Intelligence services as they were the ones most likeky to report back his little money making scheme thus send him to prison. So the first thing he did was not just get hold of their names he also did detective type work to piece together the identities of sources run by other Western nations. And only then having found out every one of them he could he gave them to the Russians as a “gift” knowing full well they would all get rounded up and killed painfully. Probably a dozens or so deaths are directky attributable, how many more is unknown, all so he could have a better material life. None of which troubled his conscience then or now at nearly eighty, if he ever had one. They were just impediments to his plan including one who was apparently a good friend.

It’s that sort of easy shrug of the shoulders throw people under the bus type “easy trade” mentality that was looked for in members of stay behind teams. The sort of people that make the very top tier of intelligent sociopaths. Who could rationalise any murder or worse crime as a mission objective and if captured would not give any physiological stress signs etc about them.

That was part of the reason for the cell team structure and sealed orders, because once the team leader was dead the rest of the team had no knowledge of anything other than their team. So they had no knowledge to trade with, that is they had nothing but their own team to “sell out”, and if they did another cell team could take over…

David September 18, 2020 8:36 PM

TV detector vans were more theatre in urban areas as most houses would be radiating one or more of a very small number of LO frequencies.
Reality is that they would stop outside the houses without a license and look for the flickering light in the living room

At HF LO detection would work better as there are few sources, less well now due to all the smps rubbish

Danny September 19, 2020 3:19 AM


Quote: “The smallest size alphabet you can use is two (0..1) …”

Actually everything is just 0 and 1. You, me, the entire Universe.

Clive Robinson September 19, 2020 6:49 AM

@ Danny,

Actually everything is just 0 and 1. You, me, the entire Universe.

To quote Seth Lloyd from his Wired “Life the Universe and Everything” article,

“… everything in the universe is made of bits. Not chunks of stuff, but chunks of information — ones and zeros… Atoms and electrons are bits. Atomic collisions are “ops.” Machine language is the laws of physics. The universe is a quantum computer.”

He also wrote a book about that,

More recently he has been looking into quantum effects in biology. Where the likes of photosynthesis defies our non quantum understanding of phisics and thus chemistry. Quantum effects in biology is something that the polymath Roger Penrose thought might explain why the human mind is above and beyond classical computing and physics. Which if true puts a nail in the coffin of Hard AI research that is not realy any near it’s goal than it was over six decades ago.

Clive Robinson September 19, 2020 8:09 AM

@ MikeA,

I am curious about your phrase “still heterodyne”.

Most radios use the principle of “heterodyning” one frequency with another, usually to produce a lower frequency or baseband signal where filtering is significantly easier as is frequency detection that can be used via AFC loops to make up for instability in the LO.

However the original radios used for LF and MF reception were TRF types, in essence an antenna fed a high Q tuned circuit that then fed a “crystal detector” that produced a very small rectified signal that was then either fed into a very sensitive “crystal earpiece” or high gain baseband amplifier. Whilst such early receivers were used to detect Amplitude Modulation(AM) they can also be used to “slope detect” Frequency Modulated(FM) signals and are still used as the FM IF detector in very cheap three or four transistor radios. You can by “carrier re-injection” from a Beat Frequency Oscillator(BFO) receive DSBSC, VSBRC and SSB signals the most common Double Side Band Suppressed Carrier receiver is actually at just above audio frequencies and is used for receiving Stereo FM stations, Vestigial Side Band Reduced Carrier receivers were used in by far the majority of TV receivers prior to Digital Video Broadcasting. Single Side Band requires about 6dB less –a quater of the– power than AM or FM signal to be receivable at a given distance. However new digital modes now work well below the noise floor in the traditional audio bandwidth. They can use 30dB less –one thousandth of the– power or better to go the same distance a SSB voice signals[1].

TRF or “crystal receivers” remained in use up untill the 1980’s for things like “bug detectors” and “Surveillance Receivers” in both SigInt and ElInt activities. They also were used in certain types of “Spectrum Analysers” which borrowed the term “video amplifier” from RADAR receivers that in turn was used for the amplifier in Surveillance Receivers that in turn was missleadingly used to describe the receivers as “crystal video detectors”.

But there is now a newish (I first played with the idea in the late 1980’s[2]) receiver type now known as “Software Designed Radio” in essence the antenna connects to a broadband RF amplifier the output of which goes into an Analogue to Digital Converter (ADC) the output of which being digital is then proceced using digital techniques one subset of which is Digital Signal Processing (DSP). Such radio systems do not of necesity need a Local Oscillator(LO) thus there is not one to radiate. However some still do use “down converters” where the use of an ADC at those frequencies is prohibitive. A downconverter is a hetrodyne system often using a double or tripple balanced mixer and very high level local oscillator to get very high dynamic range. However due to the nature of SDR the LO even though it does radiate tiny amounts of signal does not of necesity have to have a permanantly fixed relationship with the frequency of the signal being received.

I hope that answers your question?

[1] Such digital signals are for “text not audio” at quite low effective bit rates. However if you look at some audio codecs they to can produce very low bit rates. Somebody I know is looking at using that along with voice synthesis and crypto as an experiment to make very low power very long distance HF secure radios with voice input output as that is more usable to people in the field at night than backlit keyboards and LCDs etc.

[2] Back then ADC’s connected to computer busses were either barely usable for telephone audio or up in the “way beyond prohibitively expensive” price range. However there was Static RAM around that had low nS response time. Also ECL logic speed performance over TTL had been significantly erroded by HCT and ALS. Thus it was then feasible to design and build a “Digital IF” running at low MHz speeds at a small fraction of those ADC’s. In essence you “single bit oversampled” and used the RAM chip as a “state machine” that implemented the LO, Mixer and ADC function that output an IQ output you could use on the bus of then quite cheap TMS DSP chips. Whilst I got my bit of the digital IF-ADC working fine, those developing the DSP code were not up to the task, so by the time they got their bit working I had switched to another way to do the actual function we needed which was a very accurate measure of FM deviation and high linearity audio using just three LSI and one MSI function TTL chips as a “Digital Pulse Count FM Demodulator”. The moral “Give a hinky thinking engineer sufficient time and problems get not mountain but molehill sized solutions”.

Clive Robinson September 19, 2020 11:55 AM

@ David,

At HF LO detection would work better as there are few sources

There is quite a bit of history behind TV detector vans in the UK.

But as a rule they did not detect the Local Oscilator frequency which was at Band I VHF (later UHF), because the antennas required would be impractical on the Hillman or later Commer vans.

Back in the early days it was not just TV’s but Radio’s that had to be licensed and those were the days of the Hillman vans run bt the the General Post Office (GPO[1] which became BT) they used magnetic loop coil antennas liked a much bigger brother of those coils around ferite or iron powder rods you find in long wave and medium wave AM receivers. Those could pick up a radios LO or IF amp output and could detect the flyback oscillator circuits used to generate the magnetic deflection fields around the Cathode Ray Tube (CRT) later versions could also pick up the the circuit that was used to generate the very high voltage used on the CRT that was modulated by the video signal in the old VHF 405 line black and white TV days. Back then nobody gave a stuff about generating Radio Frequency Interference(RFI) in what we now call consumer electronics, as generaly it was not a problem. Whereas screaning a radio or TV to stop it would have more than doubled the price of a Radio or TV that already cost the better part of a years income even for the middle classes.

The Radio licence was dropped before the use of UHF and later 625 PAL colour television but the TV licence still remains today even in a vastly more convoluted form.

The later Commer vans still run by the GPO were nolonger required to do Radio Licence detection and the equipment was upgraded. Whilst it still did scanning coil and high voltage video signal pick up, they now also did IF output pickup. 405 line TV’s had IF frequencies in a number of places but the 13.5 Mhz (later ISM band due to interference issues) was common. With the third harmonic frequently radiating better at the bottom of the VHF band at around 40MHz due to various factors the UHF TV IF frequency was selected to work at the 405 line third harmonic as it reduced costs for dual mode TV’s. It’s third harmonic fell in the Band II FM broadcast band and as I found out in the late 1960’s[2].

Thus the Commer detector vans used the IF output to “find” and the magnetic loop antennas to “fix” to send an officious little man to “finish”.

On several occasions I got to press my nose up against the side window on the Commer van to see the control desk. Some of the operators usually the young ones were decidedely unfriendly, but the older ones spotting a “keen interest” and learning you had “a bit of knowledge” opened up and were quite encoraging. Some I guess realised I would go and tell other kids about “the adventure” and that it would encorage their parents to pay the licence.

Oddly as I found out one of their duties was to “report new build”. Back then houses, flats and all sorts of other homes were being built as fast as daisies could grow planning permission was a local not national Goverbment issue thus the GPO often did not get told about entire new roads or even housing estates untill long after they were occupied and then not always. Then as now central Government departments realy did not talk to each other and databases were still mainly kept on “record cards” in little draws, much like you used to see in libraries a decade or so back.

Because then as now people still think TV detection was a myth, it was not. Back then due to the lack of RFI screening, RFI got worse and worse even though with transistors the radiated signals were tiny tiny fractions of the old valve/tube receivers and TV’s the problem had to be dealt with and eventually we got ElectroMagnetic Compatability (EMC) legislation.

But now for the “security aspect” that makes me smile. The meyhods used to track radios and TV’s were “Official Secrets” thus they could not be talked about in court. So the very very few cases that went to court actually had “half truths” used instead. Such as “as we approached the property we could hear/see” or “when the resident opened the door we could hear/see” but more often or not people that did answer the door talked their way into court by making excuses such as “I told my husband to pay that weeks ago” or some such.

For those living in the UK there is no law that says you have to answer the door, nor is their aby law that says you have to talk to people at the door or answer their questions, that applies to the police as well. The reverse however is true, they are required by law to prove they are not trespasers or criminals in stolen uniforms or with fake or stolen ID’s are required to answer truthfully. If they don’t not only are they committing trespass they are also commiting one or more of many crimes and you have the legal right to perform a citizens arrest…

By and large TV detection came to an end with EMC legislation taking effect. However technology has moved on and it is now due to still supposadly classified ways to detect TV’s again. As researchers at the UK’s,Cambridge University Computer Labs demonstrated there are now ways to pull even LCD display signals out of the mush in a form of van-Eck freeking and they demonstrated this at over a 20metre distance IIRC at a show where RFI would have been high due to the density of computer equipment. Basically they used a wide band receiver and a big chunk of DSP algorithms.

But to detect modern TV’s is not exactly difficult due to what they stick out in the 2.5GHz ISM and 5GHz bands. Many advertise their presence by WiFi that can be picked up well over 300meters away and exactly in the same way that Google scaned just about every street in the UK to build it’s WiFi to GPS location database vehicle based and hand held devices can do the same. What people forget is that the MAC code contains two parts a manufactutes ID is usually the first half and the serial number the second half. Thus simply hunting for WiFi MAC addresses they have a very very good idea if you have a TV on the premises or not. Due to known vulnerabilities in the software of many if not all flat screen TV’s they can “hack the status and settings” which will show if you are watching what you are watching, what you have watched and even what you might watch later. Similar applies to many settop satellite, cable and DVR units etc. The fact that such vulnerabilities are probably “classified” would not stop them being put in detecting equipment and a story made up to keep secret what is actually going on.

But… EMC issues have come back to haunt us. Most computers, flat screen displays and associated equipment actually fails the EMC emmison requirments by quite a long long wa. However the tests are written in a way that alows the rules to be bent by the likee of simple Spread Spectrum Modulation or what is called in other areas “whitening”. The “chip code sequences” are usually very short and either known or easily guessable. Thus a simple spread spectrum receiver can see the emissions not just at full strength but when synced in other signals disapear into the receiver noise floor. Thus the picture scanning frequencies etc become as clear as day to the reciever and thus van-Eck freeking at considerable distance becomes not trivial but easily within range of low cost off the shelf consumer grade electronics and systems such as SDR receivers and specialised software running on a high end PCs.

But there is another funny in the EMC game. As part of EMC testing something called a LISN (Line ISolating Network) is used to ensure what is being measured is radiated from the equipment not from the powersupply or other signal cables and leads etc attached to it.

In the reverse of the diesel engine emmition test scandle, most modern electronics has such high efficiency power supplies that they are effectively transparent to signals generated by opperation. Thus the tests in TV’s can easily be rigged.

In a large flat pannel screen the bulk of the usage current is the sum of the individual luminance signals which in high quality video has a very large harmonic content. However if the manufacturer displays a single colour lower intensity static screen then the actual harmonic content is based around the “transition edges” if they use the ideas behind the UK Cambridge Labs “Soft Font” EmSec reducing technology they can blur/soften the edges to produce much much lower spectral content thus EMC failing emmissions…

The upshot of which is the unit passes EMC testing on the static test screen but chucks out lots and lots of RFI from the rapidly changing current in the power supply from the luminece signals.

Knowing this you can as I have done find that sufficient information goes down the cable into the house wiring and out to the cables that supply the house with power. Thus a receiver tuned to certain frequencies will pick up the line and frame scanning signals which even a 1USD microcontroller can be programed to flash a light on and off when they detect them… Thus get an indication when they walk near the house power inlet cables that are often not more than a foot or two away from the front door area…

Anyway I hope that gives you the background on the history of TV Detector vans etc.

[1] The GPO was actually a government agency under a Minister of State called The Postmaster General. As such all it’s employees were subject not just by the Defence Of the Realm Act(DORA) but both the first and second Official Secrets Acts(OSA). At various places like Dollis Hill, Malvern and several more it carried out what was Top Secret Research including that which we now call TEMPEST or EmSec, and they were very well aware as were MI5’s technical branch which dealt with equipment used by “Agents of Foreign Powers” what in the early 1970’s became known as Van-Eck attacks later freaking to remotely reconstitute images from CRT screens.

[2] It happened shortly after I got my first transistor radio you could clearly pick up the TV audio as it used an FM subcarrier. That came up above 90MHz and not far from the 100Mhz Police Repeter. I found out because I liked the Gerry and Silvia Anderson puppet TV program “Thunderbirds”. It was transmitted on Saturday mornings on ITV, but due to various reasons I was often not allowed to watch it. Stuck in my bedroom on saturday and desolately tuning around on my FM radio in my room to see if I could find something to listen to, I was surprised to here the audio of Thunderbirds. I did not know then what the actual cause was but my father who had done interesting things in the Royal Signals during WWII certainly knew and when he caught me listening in secretly one Saturday told me what it was. That realy peaked my interest and it was about then my interests in lockpicking subsided for my interest in electronics. This was helped in two ways firstly because my dad encoraged me and secondly lots and lots of valve (tube) radios, tape recorders and other electronic equipment was turning up at “Jumble sales” as people replaced large and heavy unreliable valve equipment for light weight very reliable and above all portable transistorised equipment. Thus I started my own small business before being a teenager. Basically I would buy at jumbles find out if it worked or not and then if not tried to fix it, by looking for valves that did not light up, loose wires that had broken off and componets that had “let out the magic smoke” and had that burnt or blown up look. Mostly I was successfull and my dad who was a Charterd Accountant but at heart a techie taught me to solder and use wire cutters and not kill myself with 240-600 volt screen and anode voltages. By the time I was a teen I was fixing other peoples radios and selling on the old ones when transistor radios and black and white TV’s started turning up at jumbles… So I progressed also tape recorders came along as well and my bedroom looked liked “Doc Brown’s garage”. Not long after that Pirate Radio came almost to the bottom of the garden and my future was cast…

Cassandra September 20, 2020 11:15 AM

@Clive Robinson

While I suspect strongly that it doesn’t apply, I hope you have nothing ‘secured’ by the fingerprint of your injured finger.
I have a scar from a similar ring-pull can that is several decades old – the injury probably should have been stitched – but the point is that it irredeemably altered the map of the skin in that area.

One of the reasons I don’t like biometrics is that it is too easy to lose the token/thing that you have, either by accident or by design (e.g. Yakuza). As I get older, the problem of securing stuff in ways that are resistant to loss by failing memory or loss of unique identifier/token gets more relevant every day.


Clive Robinson September 20, 2020 4:35 PM

@ Cassandra,

As I get older, the problem of securing stuff in ways that are resistant to loss by failing memory or loss of unique identifier/token gets more relevant every day.

It is a “very expensive problem” to look after those who live to exceed retirement. Especially as many parts of the Western life style positively encorages dementia in old age.

As @JonKnowsNothing can confirm various Western Politicians are positively salivating at the idea that “COVID Kills Pensioners” especially those with assets they and their friends can buy up at “fire sale prices” and add to their largess friends “rent seeking portfolios”.

Have a look at the UK news about the latest stunt the UK Chancellor has just announced with regards the disadvantaged and the all ready poorly paid public sector workers…

With regards the pad of my finger, the darn thing keeps opening up. I know if I go to hospital they will not stich it up and they will put a “bo-bo bandage / elastoplast” on it that will not keep the cut closed. So yes I’m very probably going to get yet another scar (hopefully it wont last as long as some I’ve got including one persistant one I got when wearing the green).

But that’s something else with being over 21 for the “cough cough” time, you just don’t heal as fast and vivid scars on old skin just don’t do it for me when I look in the mirror, or I suspect a lot of others if they got a gander of them. So thankfully most of my scars are in areas where keeping them clothed does not attract much attention except on the beach. Don’t know if you’ve noticed but scars tend not to sun tan as well as other bits…

To answer your implied question, no I don’t do bio-metrics. Not for the reasons you mentioned but because the only one I never reliably hacked was retina scans…

The rest I learnt real quickly how to get around easier than picking a lock including DNA testing… Lets put it this way, long long before I was a teen “couch cough” decades ago I found that the red wax around Edam cheese has just the right softening characteristics to make a realy good 3D mould of a finger print (just roll it in the palms of your hands untill soft). Press a finger in gently, then stick the wax ball with the fingerprint impression in it in the fridge/freezer to “fix the ridges”. When fixed apply a fine mist of WD40 as mould release and then carefully paint in with rubber solution glue you get a realy good “fake skin with perfect finger print”, that you could stick to the surface of those stretchy rubber gloves that were just becoming available in modelling shops back then.

When I was a decade and a bit older, I worked as an electronics engineer for a company that was amoung the first to develop fingerprint readers. I made the mistake of telling one of the managers you could easily fake finger prints and he stated that it was impossible[0]… which irked me so did a brief literature search and to my surprise found nothing[1]. So I demonstrated it to some of the other engineers and low and behold the very expensive finger print lock was defeated very very easily, and shortly there after I got “made redundant” rather than be alowed to demonstrate how to fix the problem[2].

However play with bio-metrics long enough and you realise two things,

1, Arthur C Clark’s observation about distinquished scientists applies equalky as well to those involved with security systems.

2, No matter what you do you always end up in a “Red Queen’s Race”.

Both of which should tell anyone who can still think objectively that security can never be 100% secure.

Or if you are of that mind set “There are always black swans coming over the horizon”.

[0] What I did not realise was that manager was actually telling me “not to kill the golden goose” which he planed to profit by greatly as he was a founder… Needless to say for some reason “others must have guessed or known”[1] and the company did not meet market expectations, with the usual fate that entailed in the UK back then…

[1] For various reasons I thought I had been the first to discover this when pre-teen and nobody told me otherwise. However when I did my “Literature Search” turns out it was on the wrong literature and with to much depth and not enough breadth. So some years after that I discovered it was in other “literature” specifically “The Adventure of the Norwood Builder” and low and behold the fictional[3] consulting detective Sherlock Holmes describes in sufficient detail how to do the same thing. But the mold described was made with “melted sealing wax” which would have been in very common usage then. However as I and no doubt others have found out, hot sealing wax can scold delicate skin and you’ld certainly know if you had pressed your finger or thumb in it. But the detail given was sufficient to say that either Arthur Conan Doyle had discovered it by accident or had been told about it by someone who had. Probably many had as “pressing a thumb” in sealing wax was I understand quite common for those that did not have engraved personal signet rings or seals.

[2] Yes there are ways to fix various faults with fingerprint scanners but some are public knowledge part because they have been defeated by people who can think a little more hinky…

[3] I have actually found in practice if you “actually want to find”[4] literature about security. Expensive journals and scientific papers are not the best place to start “fiction” be it crime or science and even fantasy has many many times got there before. For instance read the James Bond book “From Russia with Love” somebody either knew or was told a lot about mechanical cipher systems. Which for the time it was written is quite surprising.

[4] For obvious reasons many wish to limit their literature searches and “breadth” style searches tend not to get done. In fact I’ve found some people limit their literature searches to those done by others in similar papers and from their citations build a tree of citations for their paper and add some often outlier papers… Not sure if it qualifies as “log rolling” but…

SpaceLifeForm September 21, 2020 3:34 AM

Matt Blaze put it together as a blog post as he said he would.


Interestingly, he tweeted about a quibble.

Regarding the actual source of the broadcast numbers.

“originated at Lourdes and was then sent to the Bauta transmitter”


Clive Robinson September 21, 2020 8:40 AM

@ SpaceLifeForm,

originated at Lourdes

Is “apparently” now a University Campus, the previous SigInt buildings having been demolished…

Cuba reportadly made between 90million and 200million USD per year equivalent “rent” on the Lourdes site from 1962-2001.

The dates are not exactly surprising when you consider the Cuban Missile Crisis and the fall of the iron curtain and “supposed end” of the Cold War.

The simple fact is whilst Russia is perhaps the richest nation natural resourse wise, it’s lack of trade to turn this into liquid fiscal wealth ment that come the turn of the century it was effectively bankrupt.

There were stories from Russian news sources a decade and a half later that Russia was going to build the site up again, However the stories were hastily removed.

One of the big problems with “Numbers Stations” is deciding if they are “for real” that is to communicate with spys in foreign countries. I know for a fact that atleast a couple were for “frequency holding” because I built them[1] and sold kit to several others so they could do the same.

But there are other reasons to run Numbers Stations that are inteligence based but not SpyComms. One is “Twenty Committee” (XX in Roman numerals or a “double cross”) type work. All transmitters have a “Coverage Foorprint” if you move the transmitter antenna configuration (see “curtain arrays”) then people will notice and they will make inferences about the reasons for you doing so. Pick your moment with other international events and you can pass the “two independent sources minimum” rule “sniff test” analysts use to try and sanity check what they see, in the world of “Smoke and Mirrors” the modern day version of “The Great Game”.

[1] Let’s say you want to have your own radio station, for various reasons doing this via some processes is long and fraught. Thus people tend to take short cuts and just “grab a frequency” in one of the many Broadcast Bands in the MF to HF spectrum. The thing is people only realy listen at the weekends as they are working the rest of the week. Even if you are not paying anyone producing 24×7 programing has costs[2] which you would not want to incure when the ROI would be zero or worse. But you also know if you do not put out a signal 24×7 as frequency spectrum is a vary scarce resource as sure as milk sours in the sun, someone will come along and grab “your” frequency if you don’t 24×7 hold on to it. You can make a morse code “numbers generator” with an 8bit micro very very easily just as you could four decades ago and these days at very low “pocket change” cost. Today that would mean you would use something like an AVR chip pre built on a little PCB for around 5USD delivered you just need to spend half a day writing the code to do it. Back in the early 1980’s it was more like 300USD but that was still comparitively cheap. So yes I made several units to do just that back, so people had a slightly better chance to hang onto their HF Broadcast band frequencies.

[2] I actually built a voice synth by storing waveforms in ROMs and using a quite expensive at the time 8bit Digital to Analogue Converter as an “education credit project”. Within a year quite cheap in comparison voice synth chips were available so numbers were easy peasy. But technology moves and back around a decade and a half ago the “Festival Voice Synth” software became readily available at a quality that was sufficient for broadcast so I designed the first of a series of “Stations in a Box”. In essence it was antennas, feeder cable to get 1.2kW ERP from a 300W FM transmitter, computer “jukebox” + voice synth and either an ethernet or RS232 serial data input. Basically the computers hard drive stored thousands of MP3 music files and similar encoded audio files that got uploaded in the background. You loaded the “programing” via simple text files with the “DJ” done via the voice synth. Thus you could have a remote radio station up a mountain in Spain or Cyprus that overlooked “tourist spots” that you could fully run from the UK or other part of the world across the Internet[3].

[3] Oddly perhaps the biggest customers were “Governments” and “aid agencies” using them to provide local radio and informatiin services in areas where running any kind of infrustructure that needed more than a solar cell or battery was not there.

SpaceLifeForm September 21, 2020 4:49 PM

@ Clive

‘ But there are other reasons to run Numbers Stations that are inteligence based but not SpyComms. One is “Twenty Committee” (XX in Roman numerals or a “double cross”) type work. ‘

That was my first thought. Lourdes vs Bauta.

Some more double-thought.

Maybe, Russia was comm-ing to US via Cuba via double step, double encryption. To catch XX.

And, maybe the same problem is inside US IC.

Maybe Strzok was fed misinformation.

Maybe Strzok was just confused.

Maybe Strzok is accurate.

SpaceLifeForm September 21, 2020 5:33 PM


To escape detection, Montes never removed any documents from work, electronically or in hard copy. Instead, she kept the details in her head and went home and typed them up on her laptop. Then, she transferred the information onto encrypted disks. After receiving instructions from the Cubans in code via short-wave radio, she’d meet with her handler and turn over the disks.

SpaceLifeForm September 21, 2020 6:02 PM

Note that a spy physically handing over floppys or thumbdrives to a handler is old hat these days. Can be observed.

Now, they just have a van drive up with a WIFI close to the spy sitting under the cover of free WIFI at a coffee shop.

Spy connects to the drive-by WIFI. Transmits. Done. Connects back to the coffee shop WIFI.

Clive Robinson September 21, 2020 6:28 PM

@ SpaceLifeForm,

Now, they just have a van drive up with a WIFI close to the spy sitting under the cover of free WIFI at a coffee shop.

Ever hear of the “Moscow street Rock that talked” from about a decade and a half ago?

Sometimes trying to upgrade field craft with technology is a very bad idea.

Because although we organics can only see a limited part of the EM spectrum our tools can see way way more. Thus using an RF transnitter like this, is like walking along with a flashing red rear bike light on your head, and people tend to notice such oddities.

The use of electronics or magnetics or metals in “dead drops” was never a wise idea because we have instruments that can spot them all with just a quick sweep of a hand held box that is not exactly difficult to make (think Walmart “pipe and cable” detectors in the home improvment isle as a starting point).

lurker September 21, 2020 6:37 PM

During the Vietnam war I often heard on HF AM (not SSB) on two or three frequencies between 9 – 15Mhz some sort of “numbers game”. It usually went like this:

Sky King, Sky King, this is Tango Lima Charlie[1], do not answer, do not answer.
[then followed a four letter group]

Then followed silence. This would happen sometimes several times an hour, sometimes hours between each call.

[1] TLC = Three Letter Code which varied with each call(er), they were different TLCs obviously from the different voices, without any other signal analysis.

jcb September 21, 2020 8:10 PM


Sky King, Sky King, this is Tango Lima Charlie[1], do not answer, do not answer

S.O.P. warning to male foot soldiers of female agents in the area.

Clive Robinson September 21, 2020 9:20 PM

@ ALL,

Since the topic of “fieldcraft” has been brought up, I guess a little observation on it is due.

What is called “Old School” fieldcraft was tried and tested for hundreds of years and what worked and what did not work was winowed out.

The idea behind fieldcraft is in the case of “dead drops” to create a “disconect” between a Case Officer under Diplomatic cover and an agent who will end up against a wall one morning if the Case Oficer does not do their fieldcraft job right.

Most Case Officers are not just “known” to the host country they are observed continuously not just by the host countries security forces outside the Diplomatic Mission but inside as well by any person the host country has managed to get inside the mission or by any diplomatic personnel the host nations security services have turned.

Thus a case officer has to live and breath their cover 24×7 during their posting. So if your cover is “Trade attache” then you had better live and breath the facts and figures involved meet the people expected. In short “walk the walk and talk the talk” as well as doing your under cover duties like running agents. Which in many people causes “aberent behaviour” that also marks them out such as excess drinking or not drinking at all mood swings and all sorts of other “tells”.

So to get information from an agent as a case officer you have to assume that every move you make is watched, and if you “slip your tail” that will get logged as well.

Back just over a hundred years ago most things technical were still mainly mechanical and chemical and required a human to operate them and humans are due to their size hard to hide. This ment that there was a degree of “parity” between the case officer and the security officer. In that like the theater the actors and audience had to be in the same place at the same time or the performance was missed.

Thus dead drops were about sending messages across time to give the disconnect between the case officer and the agent.

The agent who hopefully is unknown thus unwatched by the host nation security services would place the information in an agreed point. For someone unwatched this is fairly trivial and only needs to apear to be “normal behaviour” to ordinary people thus not attract attention. In effect “The grey man doing grey things” in the more fanciful language some use, more pragmatically unremarked and instantly forgotten if seen.

Then the risky part for the agent, “setting the tell”. In essense doing something innocuous to all but the case officer which flags up that there is information to be retrieved. The problem is “clearing the tell” so the agent knows the message has been recieved. Because there is a high probability the case officer is under observation and they have to check for the agents tell frequently their behaviour patterns must cross the place where the tell is thus the security services will also know where a tell might be although they do not know what or where it is. The case officer clearing the tell is the give away of the what and where, thus patient observation once known to the security officers gives them the agent and thus some thumbs to put screws upon.

But back a hundred years ago that ment trying to get a security officer in place to observe 24×7 for maybe weeks, which is not only very resource intensive the resources need to be the type that can just observe without gettin bored or seen. Which is difficult when the resources are human.

However today with modern technology such as CCTV and low light pin hole cameras this problem goes away for the security officer. They get video tapes they can fast forward through to see the tell being “cleared” and go backwards with a “binary chop” to quickly find the agent setting the tell. Then once they have a face run it through image recognition databases etc untill they know who it is then the agent is dead in the water in as little as a couple of hours…

The solution to this attack by the security officers is to use two entirely different tells in an interlocked protocol of some form. Overly simplistically the agent sets their tell, when the case officer sees it they set their tell as a response. The agent clears their tell as an acknowledgment and when the case officer sees the agents tell is clear they clear their tell to close the prorocol. This way even if the security officer sees the case officer setting and clearing their tell it does not give them the agent or their tell unless the tell is obvious in some way thus gets recognised.

Thus a case officer knowing that their tells may be observed hides the real tell in amongst many other actions that a security officer may think are tells.

In reality for reliability the tells need to follow the PACE idea of multiple contingencies

1, (P)rimary.
2, (A)ltetnate.
3, (C)ontingency.
4, (E)mergency.

But also it is wise to have multiple tells in each contingency such that correlation potential by the observing Security officers is greatly reduced.

Similar protocols apply to the actual “dead letter box drops” as well.

Yes it’s complex but as an agent your life very much depends on it as does not leaving fingerprints or DNA on the information drops…

And it’s that bit where technology is so seductive to Case Officers hence the “Fake Rock”. If the information transfer is “virtual” then the agent does not leave their fingerprints or DNA at the dead drop. If the virtual transfer is done by RF link then there is no need to take any observable physical action that might attract attention such as physically hiding an object. But also is the seductive idea of using cryptography to render the information uninteligable to anyone other than the intended recipient.

Needless to say is that untill recently,

1, Use of RF stands out a lot.
2, Use of Crypto likewise.
3, Observers are easy to hide.

It’s that third issue that burnt the agent with the “fake rock” and it need not have done. Because for all their strengths the Case Officers who came up with the idea did not understand the technology sufficiently well at the time.

The same by the way is true of the Russian’s picked up who were trying to get information related to the Olympics Drug Testing and the Chemical weapons poisoning,

Although they understood the technology from an attackers point of view, they failed to think about it in reverse and what the implications were.

That is the “third issue” of “Observers are easy to hide”.

You can buy SDR dongles and small computers like the Raspberry Pi and with FOSS make the equivalent of network monitoring equipment that detects, logs, and optionaly alarms when unusual events happen in the “RF Landscape” or more directly in the case of the Russian’s the WiFi networks. Such RF monitoring systems once put properly in place are near impossible to detect. They are also inexpensive and work for next to nothing 24×7 and whilst slightly dumb do not get bored or sleep on duty.

If you know this then you can assume such things are in place and modify your behaviours appropriately.

The Russian’s rested on their laurels after catching the fake rock a decade and a half back. Thus they did not learn the lessons from it. So they relived history and likewise got burned a couple of years ago…

Which is all to predictable when people are,

1, Ignorant of domain History.
2, Don’t learn from History.
3, Fail to think forward from the leasons.

In warfare there is a warning that “The victorious do not learn from their victories but the defeated frequently do”. Hence the observation about “Generals fighting the same war” with the same battle plan but this time loosing.

Thus there is a way as a case officer to get virtual dead drops to work. The traditional dead drop purpose was to give seperation in time, as well as a way to “make” the security services manpower observable a hundred years or more ago. With technology especially RF technology you have to learn how to give not just “seperation in time” but “seperation in distance” as well to make observation zones.

Thus you need to create a virtual “killing zone” or “observation zone” in which you put your observation technology in first and effectively ambush the security officers and “catch them in the act” as they try to setup their technology to catch you.

Unfortunately with ubiquitous facial recognition coming to every streat, bus stop, train station and road junction near you the advantage is moving back towards the security officers as they will have their sensors in place before yours, and “keep it all” builds their virtual time machine.

There will be ways to defeate even ubiquitous surveillance but it becomes increasingly difficult to do so.

SM September 22, 2020 3:40 PM

@Clive I couldn’t help to think about your post about radiation of TVs and smile when I saw this:


@All: thanks for your posts

Clive Robinson September 22, 2020 6:45 PM

@ SM,

I couldn’t help to think about your post about radiation of TVs and smile when I saw this:

Which inturn made me think “can I buy it off of him”, I could put it to good use 0:)

Whilst I have no ill will to the users of Broadband, I’m hoping there is some special place in hell reserved for the designers of it and it’s myriad of delivery systems and their huge and harmfull Radio Frequency Interference(RFI) issues.

But simply as the story indirectly indicates the Broadband service equipment is not “Standards Compliant” thus is not licenced for use. It never was nor can it ever be in many of the delivery systems.

It was a “political job” that unfortunately went badly wrong and a Senior Employee at the UK’s OfCom quite deliberately ran a “cover-up” to please the politico’s and I assume some industry lobbyists that came their way. This is a “we are not going to take action letter” sent out by them,

You will note from it he explains why he is not going to do anything about considerable and harmful RFI from VDSL Broadband equipment.

However what they fail to mention in the letter is their primary obligation under law to stop the sale or distribution of equipment “on the common market” that is not certified for use or incorrectly certified for use.

When he wrote that letter he was knowingly sitting on a report that informed him in no uncertain terms that the Broadband equipment failed the basic EU Directives gravely thus the equipment should not be on the market (amongst other things it significantly interfeared with the Maritime Distress Frequency at Coastguard / Royal National Life Boat stations / Other land based emergancy services thus lives were being put in peril).

I know from personal experiance the person concerned is more than happy to lie in court as well as tamper with evidence and witnesses. So I guess a cover-up and suppression of evidence is par for the course with them and others within OfCom.

Stanley Decker September 25, 2020 11:25 PM

There’s an interesting human side to this story. As Matt’s blog post noted, Andrey Bezrukov and Elena Vavilova were posing as a Canadian couple under the aliases Donald Heathfield and Tracey Lee Ann Foley.

While they were in living in Canada they had two sons, Timothy (now 30 years old) and Alexander (now 26.) Both assumed they were Canadian based on their birthplace and, until their parents were arrested, the fact they believed they were born to Canadian citizens.

The Canadian government thought differently and deported them to Russia. They fought back through the courts, arguing that until their passports were revoked they had no idea they weren’t Canadian. Last December (2019) the Supreme Court of Canada agreed with them and restored their citizenship. In my opinion, a happy outcome for them.

Ivan Durakov October 15, 2020 6:43 AM

Blaze’s article, while interesting, confuses two HF stations and mashes them into one. I haven’t read the little weasel Strzzzk’s book, so he may be confused too, or deliberately misdirecting the peasantry following demshevik deep state tradition.

There are two transmitting stations in Cuba, both currently active, one operated by the Russians (previously at operated from Lourdes, not sure where now), which primarily sent OTP messages via voice and radioteletype and now via a proprietary PSK mode; and the Cuban station at Bauta which used morse, now using voice callup and a digital file transfer mode invented by radio amateurs. The Russian agents can also receive traffic directly from Russia but the signal path is much less reliable than Cuba. No literature prior to now has suggested that the Cuban station was ever used to pass traffic to Russians, so the operations have been at least assumed to be segregated. One notable example of a known user of the Cuban station was Ana Montes.

The Cuban DGI Red Avispa Network went further; they had their own additional station (“The Bored Man”) to announce what was probably a dead drop location to go visit (very short message) and then their own WW2-style network of morse code transmitters on the US side in Florida. The were presumably subject to the same, well-developed HFDF and traffic analysis countermeasures used during WW2, and all disappeared when the ring was busted.

WhiskersInMenlo October 15, 2020 6:56 AM

If I recall there was a number of reproduction transcriptions of these numbers transmissions in various net news feeds. This made transcription less time sensitive and provided redundant/ECC ….
One time pads do tolerate modest errors where more current encryption tools can make messaging harder,
Web servers with dynamic content can serve up messages for our boy when web crawling would see normal content.
The old paths are not gone or forgotten. 10/4 good buddy.

Rijmenants October 15, 2020 8:52 AM

These finding by Matt Blaze are quite a buzz, but I’m afraid Matt drew the wrong conclusions on the bias regarding the number 9 in the messages. This is probably because a cryptologist’s narrow view regarding the operational use of numbers messages encrypted with OTP. I just contacted Matt about this, but here’s the short version:

Three methods to encrypt such message with OTP:

1)message is encrypted with one-time letter pads and ciphertext is letters-only. This gives a good spreading of all ciphertext letters.

2) the message is converted into digits and then encrypted with a one-time figures pad. Also here, even distribution of the numbers.

2) Less known but extensiveley used by many organisations, the message is encrypted with a one-time letter pad and is therefore perfectly secure. Next, the message is converted with a conversion table from letter into figures for transmission purposes.

This is done by a table where ciphertext bigram pair letters (col/row) is converted into a three-figure number. As there are more digit combinations as bigram combinations, there’s always a (normal) bias for certain numbers. There are various tables, but an ideal “spread” gives a drop of all numbers, the closer to 9, ranging from 256 x 1’s to only 104 x 9s. If not nicely spread, you can even create a table that doesn’t have one particular digit. Many tables and other methods are possible. What you see is not always what you get.

It’s important to enderstand that the mmessage is encrypted securily with a one-time letter pad en then converted (not encrypted!) in order to be prepared for transmission, which does not affect its unbreakable ciphertext!

This system was/is used for operational reasons, eg burst equipment, type of transmission, operatioan requirements, training and skill level agent.


1) Even significant bias in ciphertext numbers messages does not prove any weakness or problem with the encryption, and could in best case point to a type of transmission or procedure. The message remains safe, as it was encrypted with a one-time letter pad.

2) FBI has many other trick of the trade to read unbreakable messages, but it all comes down to flawed procedures, operational errors by the agent, or surreptitious entry of the agents’s house or secret location to retrieve the keys, or retrieve it from his computer.

More about such operational flaws in my paper Cuban Agent Communications which is also publish by Chris Simmons (investigator Montes Case and many others) on his Cuba Confidential site.

There’s always more than meets the eye when talking numbers, and cryptologists don’t always know the reasons why they see a bias which can actually be perfectly secure and not related to the ciphertext. He might be drawing the wrong conclusion due to lack of information. The cryptologist might start analyzing such bias but fails to find a ciphertext solution, because he doesn’t realise he’s not examining the ciphertext but an unrelated coversion for transmission purposes.

Clive Robinson October 15, 2020 10:22 AM

@ Rijmenants,

These finding by Matt Blaze are quite a buzz, but I’m afraid Matt drew the wrong conclusions on the bias regarding the number 9 in the messages.

Have you read my comment above,

It explains why the “nein nines” issue is important and it has nothing to do with the crypto security of the actual message.

Thus I suspect your comment of,

He might be drawing the wrong conclusion due to lack of information.

Might have been traveling in the wrong direction, and it is you drawing the wrong conclusion.

As for using a Numbers OTP followed by a “statistics shaping grid” or “Straddling checkerboard”[1]. The normal usage of such a checkerboard is given as “fractianation and compression”. However it can make the flat statistics of an OTP output look like the statistics of another type of cipher. Thus mislead a cryptanalyst into wasting considerabke time and other resources, which is a desirable benifit.

More importantly it alowed OTP traffic to hide amongst other traffic such as “Poem Codes” thus avoid it standing out for extra attention from hostile forces (one of the issues SOE had during WWII as they transitioned to OTPs from Poem Codes).

The point is when it comes to running agents via radio links which is what numbers stations are all about, normally most of the traffic is dummy / padding. To have real messages stand out from the dummy traffic is a big big no no, as it alows simple correlation attacks against the agents and their actions, without needing to know the contents of the messages. The English Research Fellow in Mathematics and later Dean of Sidney Sussex College, Cambridge Gordon Welchman[2], appears to have been the one to first realise that the traffic patterns of encrypted communications were actually rather more important than the message contents and he called it “Traffic Analysis”. He went on to become the originator of many of the ideas that gave us the modern Internet.



Rijmenants October 15, 2020 12:51 PM

@Clive Robinson,

Thanks for your comments, but I think you ‘re also missing my point. A statistical bias can indeed by caused by dummy traffic, indicators and such, but it can simply be a genuin encrypted correctly with OTP letters, and then prepared for transmission by converting it into three digit numbers, a system often used and documented.

The statistical bias does not tell anything about the cipher used, nor about any flaws of the random generator used, a conclusion some draw.

And yes, particular messages may get flagged in metadata. But even that is irrelevant in the case of the 9-less messages, or any other case for that matter, as that metadata itselve does not link the message to the agent.

Matt wrote “I remember concluding that the most likely, if still rather improbable, explanation was that the 9-less messages were dummy fill traffic and that the random number generator used to create the messages had a bug or developed a defect that prevented 9s from being included.”

Indeed rather improbable, and Strzok wrote that the FBI exploited a serious error on the part of the sender: the FBI was able to tell when messages were and weren’t being sent during the weekly timeslot when the suspect couple was observed in the room where they copied traffic.

This however does not point provable linking a particular format of messages to that couple, but only to the couple being possibly able to receive these messages correlates to the broadcasts, and in all the court documents and declassified reports I read about various cases, there’s never evidence of messages, identified by OPSEC or traffic analysis, that directly brought them to court.

You wrote “normally most of the traffic is dummy”. Well, that’s not completely true, and only counts for numbers stations. Most epsionage traffic was/is kept as short or unobtrusive as possible to reduce risk of interception, traffic analysis or tracing source or destination.

Numbers stations are nevertheless pretty good, as long as the agent is not under surveillance. No matter how red hot blinking a message stands out, it will not lead the FEDs to the receiver. Metadata analysis of unreadable messages will not lead to a specific person. You can identify a particular message in metadata, okay, but you have 300.000.000 candidats. Good luck.

It’s always an extensive surveillance, started by other leads, that provide hard evidence, even decrypted OTP messages when surreptitious search provided the FEDs with the OTP keys, broadcast schedules, remenance on computers etc.

A message that is broadcast, despite standing out in format or by other properties, is never used to bring them to court. It’s always an error in part of the agent that produces evidence, be it keys or decrypts that put them in jail.

In fact, both Matt and Strzok are simply speculating about the 9-less messages, traffic analysis, and messages that might appear odd and stand out, but this has nothing to do with how the FBI builds his case or how it would help their case. The FEDs will collect hard evidence in place during the surveillance. All radio broadcasts are recorded and archived and they will either search for the copied version at the suspect or link a key they find to an archived message they can decrypt with that key, or have bugged the suspect’s place and recorded him receiving the message. Only then, they might link any message to the suspect, be it seemingly truly random or has particular properties.

Every single case I examined was build around tips and other flags that lead to surveillance of the suspect. Traffic analysis of a particular message that stands out will never lead to the suspect. Other collected evidence could link the suspect to any message, red hot blinking or not.

The question is not whether numbers stations and OTP are secure, they are 100% secure, but you always need humans that commit acts op espionage, and receive and process those messages, and frankly, most of them don’t graps the importance of strickly following the required procedures and tradecraft.

Exactly their human errors, not the messages, identify the suspect and provide hard evidence. Speculating about traffic analysis is pointless. Before that comes into play, the suspect already has the noose around his neck.

Without that noose around their neck, you don’t know what to do with a message that stands out, and it’s evidence without a crime suspect.

Ofcourse, the FEDs usually won’t explain exactly how they were able to trace the suspect, but it always involves humans, their weaknesses and their errors, or turncoats.

Traffic analysis and metadata are extremely powerfull to find out what somebody’s doing, but you first have to be able to link that information to a specific person, and that’s not possible without any lead (unless the suspect received it f.i. directly on his computer, which would be idiot, and not related to numbers broadcasts). In contrast, in military this is far easier, as traffic analysis, ELINT and OpELINT are very potent as tool, because you – of course – already know the enemy you intercept, and it will reveal his intend, even when unreadable.

Oh well, we could speculate ages about it, but that one odd message won’t make or ruine the day, it’s the many previous other little details that get you in jail. Most secure method to handle spy messages: don’t!

Rijmenants October 15, 2020 1:06 PM

@Clive Robbinson;

Regarding “to have real messages stand out from the dummy traffic is a big big no no”.

Well, all numbers station messages stand out, and it’s even documented in court papers that all those messages are by default recorded and archived, waiting for an already identified spy’s evidence to get link to a message ;-] Question of brute search.

Clive Robinson October 16, 2020 7:17 AM

@ Rijmenants,

This however does not point provable linking a particular format of messages to that couple, but only to the couple being possibly able to receive these messages correlates to the broadcasts, and in all the court documents and declassified reports I read about various cases, there’s never evidence of messages, identified by OPSEC or traffic analysis, that directly brought them to court.

This I also dealt with above. See my note 1 in,

And subsequent questions and answers.

For some reason I can not realy fathom, detecting which radio station you are tuned into is still treated as “Officially Secret” in the UK thus it does not get mentioned in Court Proceedings. A guess would be that it is still a method in use that is easy to stop these days with just a little technical knowledge and an SDR system. Also if challenged by a technical expert in court, it would get torn appart and held upto being effectively garbage (there is a major “burden of proof” issue, the difference between knowing a receiver is in use and proving that receiver was the one tuned into a given station is large, so whilst fine for anti-agent tracking and identification, it won’t alone be suitable even for non primary circumstantial evidence).

With regards,

You wrote “normally most of the traffic is dummy”. Well, that’s not completely true, and only counts for numbers stations.

It’s numbers stations we are talking about, and for those it is mostly true. The capacity of a numbers station is designed for “high activity” in times when it is of the utmost importance. Which means in normal times it is nearly idle. This is to stop “traffic analysis”, so the rate and length of messages, time they are sent and all other message meta-data needs to be kept the same.

Numbers stations are nevertheless pretty good, as long as the agent is not under surveillance.

Actually not true, agents have bern found by “Find, Fix, Finish” methods. In the cold war in the UK they had a light aircraft flying around to do a “find” on receiver emmissions that indicated the transmitter was being received. This then got handed over to car/van detectors to “Fix” and MI5/Special Branch would do the “Finish” activity, what ever it was that had been deemed appropriate.

We know that the CIA and FBI have not just aircraft but drones as well that do these sorts of activity all the time. The reason is because of the ADS-B Beacons they are required by law to have turned on. Thus enthusiasts “tracked them down” got the aircraft numbers looked them up in registration databases and tracked back through the holding companies on a “follow the money hunt”. Which must have realy annoyed the US Government Agencies concerned, that their cover had been blown by a bunch of “armchair amature analysts”.

The question is not whether numbers stations and OTP are secure, they are 100% secure

No they are not even close to being “100% secure”.

All an OTP gives is a promise of “all messages of that length are equiprobable” if and only if “the OTP is used correctly”.

So the only security the proof offers is “message contents being equally as likely” if usage is correct. Look up project VENNONA Matt mentions it and there is info on it on Wikipedia.

The OTP gives no security at all against several attacks –such as bit flipping etc– and can not in any way give meta-data security as that is down to the traffic transmission system not the message contents.

Question of brute search.

The size of a brute force search is directly related to the message length. If the message is of even moderate size and has no structure, then a brut force search attack would be a waste of time.

However in this day and age people want convenience, that is they word process a message, then drop the resulting file onto an encryption application. The application is frequently not realy an OTP but a “stream cipher”. One of the problems with stream ciphers is “bit flipping” and other “communications noise” effects, thus to improve reliabillity error checking encapsulates the file, which is a very good indicator that you have the right plaintext. But file formats can contain a great deal of static metadata, Microsoft had file headers 4k in size at one point. Such static metadata can also be called “Known Plaintext” which in a stream cipher would give you a nice long length of “key text” which can then be analysed to give either a position in the stream output or the actual stream seed/key or part there of. Thus significantly reducing the Brut Force Search Space. Thus with the error correction means the real plaintext can be not just found but identified with a very very high probability.

There are many application developers who can and do make such mistakes or similar ones. So yes messages can be identified but such things although public knowledge are very unlikely to make it into Court records, for obvious reasons.

The thing is I don’t realy see any problems with the article Matt Blaze put on his blog. Whilst he does initially discusse the crypto aspects, he makes it plain that it’s not the crypto message security that is at issue but the Traffic Analysis that correlated with the activities of two people under surveillance already, for reasons not gone into.

I’ve given an amplification of not just the traffic analysis methods, I’ve also indicated that the two people could have been tracked down just by the use of a radio receiver. It’s all quite factual information and can be verified if you want to do some practical experiments. There is even refrence material in Peter Wright’s book. Where he names Tony Sale as his assistant. I happened to have met and chatted to Tony on a number of occasions due to his connection to Bletchly and the Signals Regiment I used to be in on the technical side as a specialist, which I’ve mentioned before on this blog.

Rijmenants October 16, 2020 2:27 PM


thanks for the reply, and altough we clearly disagree, there’s still much we don’t know. But there are some facts.

“This I also dealt with above. See my note 1 in,” regarding tuning into numbers stations

I know for a fact that you need to be very very close to capture a radio’s local oscilator, and the better quality build the harder it gets. I also had my hands on special receivers, built for agents that do not spay these unwanted signals (but also are used in court).

in theory, you could detect local oscilator’s tuning from close distance, but as said, the chance is far more likely that a FED bug hears you listening to the radio, or you get filmed with your ear peice, than they use a drone or whatever.

Numbers stations, “No they are not even close to being “100% secure”.

I meant in the cryptographical sense, they are 100% secure, but as I also mentioned, it’s they huy behing the receivers who always screws up.

“OTP gives no security at all against several attacks –such as bit flipping etc–

That’s a completely wrong statement, OTP is proven unbreakable and resists all possible current and any future attack.

Bit flipping has nothing to do with OTP encryption. You also refer to stream ciphers, which also have nothing to do with OTP, as OTP is by definition always performed with true random, which has nothing to do with bit flipping. Cryptographically secure random and true random are a world of difference, and any CSRNG is not suitable for OTP, although very popular snake oil. Thus, irrelevant.

I believe you misunderstood my brute search. I specially did not use the words brute force search or attack, because I did not refer to searching all possible solutions to solve the otp (wuseless) but was talking about the radio broadcasts that are all recorded and their messages digitized by intel orgs

These message are used as evidence in court (documented). They know the procedures and formats of f.i. CuIS messages and when they linked obtained keys (warrent or surreptitious search) to a person, they apply the keys to all digitised known ciphertext messages with the proper methods. It’s literaly searching the right message and get nothing or instant plaintext. No cryptographic brute force search involved, which is without key and will produce all possible solutions and thus useless. They find a match between key and message, and the recvered plain text is presented in court.

That’s a common method of producing evidence: surveillance & search, collect evidence and match to broadcasts. That is usable evidence. They don’t care about the radio.

If you talk about encrypting or decrypting an OTP message on a computer, then we’re no longer talking about OPT, but about how to screw up OTP. Moreover, to do so, the key is somehow on the computer or entered. Then, metadata file headers and such are irrrelevant, as no single PC or laptop is suitable for encryption purposes, despite crypto vendors claiming otherwise.

Only dedicated devices, specially designed for such purposes are safe. We don’t regard normal computers as usable. Normal computers are designed totally insecure, their OSI layers are a security nightmare, build-in processes designed for ease-of-use and compatibility, horrible memory and data storagage management. A wide open door. Asked Ana Montes.

The problem is always that people try to take shortcuts or work-arounds to ease the job, make it “more practical” or cheap. Absolute secure encryption is always expensive in effort or cost. If we talk about computers, it goes wrong, unless you a clearn one (good luck) with no wifi, ethernet, external OI’s, stored in a very secure safe.

I’ve seen many “professional” agents screw up like a moron, incredible. They all get caught. And never had to use all those esotheric techniques, and mostly never any cryptanalysis to catch them.

Nevertheless, intersting conversation Clive, hard to have a good discussion at a comments page, would be great to discuss all this in person. You know where to find me ;-]

Clive Robinson October 16, 2020 4:10 PM

@ Rijmenants,

That’s a completely wrong statement, OTP is proven unbreakable and resists all possible current and any future attack.

You obviously do not know what a bit flipping attack is, otherwise you would know what the vulnerability is.

Think on it as a man in the middle attack.

You’ve taken you plaintext and XORed the key text/stream to it and send it. I receive it flip chosen bits and forward it on to who you intended the message for. They get errors in decoding as the bit flips go through the decode XOR process kiving flipped bits in the recovered plaintext.

If I know you are using a message of “standard format” then I have a degree of “known plaintext” that I can change, thus changing what the recipient sees after decode to something I want or just plain garbage.

This can cause various things to happen, not least of which is the message gets retransmitted under the same key vut the sender makes a small error and changes the number of characters sent. I can see the difference in the second ciphertext by just simple comparison, and their are variois things rhat can be done.

Whilst you might say “that’s unkikely” it did indeed happen during WWII and provided Bletchly with the needed information to break the “fish traffic”. There are other tricks in a similar vein that can be exploited.

If you talk about encrypting or decrypting an OTP message on a computer, then we’re no longer talking about OPT

Rubbish, you can use a computer to do OTP in exactly the same way as the UK BID Rockex teletype “super encryptor” did. But instead of using punch paper tapes you use a memory key or CDROM or many other storage technologies to store the OTP KeyMat.

As for,

You also refer to stream ciphers, which also have nothing to do with OTP, as OTP is by definition always performed with true random, which has nothing to do with bit flipping.

I’ve no real idea what you mean by that complete sentence. So to break it down,

The difference between an OTP and a Stream Cipher is not in the mix function (XOR/ADD) but in how the KeyMat is generated, nothing else.

A bit flipping attack as I’ve mentioned above is independent of the KeyMat.

By the way, the KeyMat in a practical OTP is not “true random” for various good and proper reasons I’m not going to go into now as I’ve mentioned them before on this blog.

As for,

Cryptographically secure random and true random are a world of difference, and any CSRNG is not suitable for OTP

The use of a CS-DRBG as a form of OTP has been debated for something like a quater of a cebtury by professional cryptographic designers. Such systems whilst still technically “stream ciphers” are markedly different to the stream ciphers of the last century. We could spend months discussing the finer points but at the end of the day, if you use say AES in CTR mode the security guarantees of AES can be brought across into the system under certain constraints.

And as I’ve already mentioned this is incorrect,

That’s a completely wrong statement, OTP is proven unbreakable and resists all possible current and any future attack.

The guarantee is not “unbreakable” but “equiprobable” if you do not know the difference you need to do a lot more than a little studying.

Which brings us onto,

Only dedicated devices, specially designed for such purposes are safe. We don’t regard normal computers as usable. Normal computers are designed totally insecure, their OSI layers are a security nightmare, build-in processes designed for ease-of-use and compatibility, horrible memory and data storagage management. A wide open door.

I’ve no idea who the “we” is in your statment but the rest of what you say is again not true. I’ve posted much on active and passive EmSec attacks including “Fault injection” attacks I independently discovered and developed back in the 1980’s.

As it happens all systems are “insecure” at some level, for instance there are no secure resistors, capacitors, inductors, or transistors. Nor for that matter by far the majority of other electronic components or electromechanical components.

Thus the fundemental observation of secure system design is,

“All secure systems are made of insecure components.”

Which gives rise to the second observation,

“A system is made secure by design, working with the laws of physics and mathmatics”.

From which other observations can be made such as,

“Segregation by function reduces complexity”.

Eventually the design comes down to the control of energy and bandwidth, and again I’ve been through this on this blog before.

So there is absolutly no reason why an insecure PC/laptop can not be used as part of a secure system, and guess what I’ve previously discussed such designs on this blog before.

Now I do not know if it is a lack of knowledge or a communications issue but either way as I’ve said some of the things you are saying do not make any sense.

Rijmenants October 16, 2020 7:06 PM


I know my stuff, but I believe you’re not reading well/understanding what I wrote. First, you talk about bit flipping and the man in the middle attack, assuming that the message is sent digitally and your are abled to intercept and retransmit to the agent (or paper or stego tinkered with). Already bad. If you can flip bits, then you’re already doing it wrong. And there are ways to detect that, like a plantext checksum of the message OTP encrypted in a random position. Retransmission also has its rules to be followed.

Secondly, if you send that message digitally, the agent always has to proccess it digitally in some form, if only to receive it and be able to read it. Operational errors. Evidence! It’s done, it happend, even with state of the art satellite receiver spy gear, and they get caught. The more tech in the equation, the more trouble.

Again, OTP IS perfectly secure, unless you reinvent math. The question is, how do you apply it in operational conditions.

“Rubbish, you can use a computer to do OTP in exactly the same way as the UK BID Rockex teletype”

See, that’s exactly the problem in our conversation, we’re talking past each other. Technically and mathematically, yes, a PC can OTP encrypt your message just as well as a Rockex. But from security point of view, that is a big no for the pc. But even the Rockex might not be that great as 1940s gear, as TEMPEST and EmSec still was distant music. Noreen would have been better.

“The difference between an OTP and a Stream Cipher is not in the mix function (XOR/ADD) but in how the KeyMat is generated, nothing else.”

Seriously? What are you talking about? The difference between OTP and a stream cipher? There is NO difference, they are two completely different things, you can’t compare them. OTP is a method of encryption, and a stream cipher generates (bad) keys, and I’m sure you know that, or did you misspell that sentence?

And about AES in CTR mode… under certain constraints. Well, whatever constraints, it’s deterministic. Talking constraints, AES (btw developed in my country) was selected by NSA, and happily used and exported by Harris. No problem, public knowledge… but I honestly don’t know if we should be proud of our COSIC boys, they are good, but don’t underestimate NSA. We also use Harris. Gives a slight Crypto AG shiver, but in a mathematical sense, not the old school hardware tinkering, as you can check AES output.

And btw, in 100 years, breaking AES will be piece of cake. Breaking an archived Rockex encrypted message will then still be impossible. Think about it, it’s the way you approach the security problem. In cryptography, we tend to believe we can create secure algorithms, but that’s only a small – and very weak – part of COMSEC.

“Now I do not know if it is a lack of knowledge or a communications issue but either way as I’ve said some of the things you are saying do not make any sense.”

It’s not my native language, but you also wrote pretty odd things. 38 years in signals surely qualifies me as a certified idiot. So let’s keep it nice and call it a quit. I offered to continue the discussion on other channels. If I learned one thing, the www is not the place to have a succesfull conversation. Let’s not spam Bruce’s post any more. All the best.

SpaceLifeForm October 17, 2020 12:19 AM

@ Rijmenants, Clive

Timeout please.

So, does an Error Correcting One Time Pad work?

If one says they have a proprietary PSK mode, how do they protect it in court?

Ok, my popcorn is done.


Clive Robinson October 17, 2020 12:56 AM

@ SpaceLifeForm,

So, does an Error Correcting One Time Pad work?

No it breaks the “equiprobable” proof.

However take a OTP ciphertext output and wrap that in an “Error Correcting protocol” and that works fine.

As with “carts and horses” the order you do things in crypto does matter.

But sometimes unless you have experience in the domain you miss things…

For instance “hand carts are pushed not pulled” simple mathmatics tells you it would be easier to pull, control theory likewise tells you to pull is stable to push potentially unstable.

So why do we push?

The answer is “security” when you push your eyes not only see the way to go, but also see the load stays on the handcart[1]. Even the Romans knew about “fell off the back of a lorry guv'”.

One of the troubles software writers have with crypto is they know enough to be dangerous, but not enough to be secure.

[1] It’s part of the reason the Roman “wheel base” distance of carts still remains common in modern vehicles, it gives just enough stability to retain control when pushing without being unmanagable.

SpaceLifeForm October 17, 2020 6:05 PM

@ Clive

I knew that. It was rhetorical. I was just back-trolling.

Looks like my bait fell off the hook because Rijmenants did not bite.

Clive Robinson October 18, 2020 4:12 AM

@ SpaceLifeForm,

Looks like my bait fell off the hook because Rijmenants did not bite.

Or I nibbled it off first (imagine a smiley here as the blog software swallows them whole).

You know I still do not get why Rijmenants[1] said Matt Blaze was wrong…

I’ve read Matt’s blog post three times and can not see anything to object to in it. Likrwise I suspect our host @Bruce has read it and not seen anything to object to in it either.

Rijmenants did say that he had contacted Matt, I wonder if he has got an answer, it might have caused a change in tack, or knocked the wind out of his sails.

[1] Rijmenants is as far as I know a “family name” not a “given name”. So I’m unsure what pronoun to use. As Rijmenants’ web site is blocked by my mobile service providers “content filter” which as usuall does not say why… I turned to DuckDuck which gave up the following,

Please check out Dirk Rijmenants’ great SWL web site, which includes a schematic of his antenna, which is the same as mine (albeit, it would seem, much more nicely executed.)

So I’m assuming they are the same person (thus male).

Oh and DuckDuck also gave,

All of which suggests a “Shortwave Listener” with an article writers interest in the history of WWII crypto and Coldwar propaganda and Number Stations.

Dirk Rijmenants October 18, 2020 10:09 AM


Here’s one to make you happy, I’ll bite one last time.

“As Rijmenants’ web site is blocked by my mobile service providers”

Hahaha, seems your provider sucks, as the millions of visitors on my website prove. Here’s the link to one of my traced on the web, Cipher Machines & Cryptology but note that’s just a spinn-off hobby. You could also click my name here above, now with given name… woooow ;-]

Btw, Matt didn’t anwser that e-mail yet, and I don’t demand or expect him to do, but that’s okay.

“All of which suggests a “Shortwave Listener” with an article writers interest in the history of WWII crypto and Coldwar propaganda and Number Stations.”

Ooooh, we have a detective here!

Hilarious :-] Nope, you’re wrong, it’s pretty much that sentence the other way around, but the quotation marks are quite funny. But in a way, I’m some sort of a listener, but not as you think. And no, I won’t tell my real life job, not your business. And interest in “Coldwar propaganda”, if it was only that, I’d have a great life. I had, and still have, my share of that, without the propaganda part.

Is that some sort of hobby, amateur attemps to profile someone? I offered you to contact me, but you couldn’t??? Afraid? But, you’re the security expert, aren’t you? I’m neverhteless very very easy to find or contact… if you change to a decent provider. And maybe a short course of Google searching? Even DuckDuck finds me easily.

I must say, over time, I have enjoyed many of your comments, some pretty good and interesting, but somehow… naaah, not that great fan any more, since your above post.

Nevertheless, I enjoyed discussion with you, but I remember calling it a quit, but you seem to like fishing. Well, I don’t, I’m in the nice guy team, and don’t go googling for the Clive Robinsons, not even now, although I could. I care less, as I have a life. Last I heard, Bruce’s site is not a gossip paper. You naughty boy! You really damaged my little residue of fait in the www, not don’t worry, I’l survives.

PS: already told you, english is not my native language, only for work, might not be perfect, but I’m sure you got my point.

@SpaceLifeForm, go easy on the popcorn! I know, I know, it’s soooo tasty, but bad for the BMI, haha ;-]

What a day 🙂

Goodbey and farewell!

rrd October 18, 2020 10:57 AM

@ Dirk Rijmenants

Well, I see your bona fides on the Internet, but this is a clubhouse (not a public debate forum), not that that was ever Bruce’s intention (AFAIU).

Well, I don’t, I’m in the nice guy team, and don’t go googling for the Clive Robinsons, not even now, although I could. I care less, as I have a life.

Yes, well that won’t get you far around here. The fact that they don’t have a life is what makes them despise those of us that do.

Those that only care for their own little mammalian pack are never one of the nice guys. It shows in their every statement, their every attitude, and their every behavior.

Until someone with clout around here decides to stand up and assert a moral opinion — as the great Elie Wiesel demands of us — this place will continue its descent away from coherence into a bunch of cool kids who make in-jokes and chase off intruders into their territory, that they have clearly marked with their hot piss.

Good luck in your work, Mr. Rijmenants. I suggest you look for community elsewhere.

Dirk Rijmenants October 18, 2020 11:44 AM

@rrd, thanks for expressing your concerns.

As I wrote, I early on told the man it’s not the place here to continue that discussion, and offered to continue somewhere else, but after his poor “profiling” attempt to find – in vain – something to slander…

All the best.

MarkH October 18, 2020 11:48 AM

Just some general observations …

Matt’s story is good fun.

His “connecting the dots” between the bizarre 9-free messages and Strzok’s account of how spies were run down is hardly conclusive, but entirely plausible, and in my estimation quite likely the way things actually occurred.

The presence of the 9-free messages was almost certainly a defect. That it persisted for so many years was a rotten security failure … but as loyal readers of this blog are aware, such failures are as common as dirt.

My impression is that intelligence organizations are — in the public imagination — near the pinnacle of competence and conscientiousness. In truth, they’re not immune to the confusion, disorder, laziness and inattention and corruption which might appear in any organization.

Unless there was some office or person specifically tasked with monitoring the quality of dummy transmissions … then probably, nobody did such monitoring.

Clive Robinson October 18, 2020 2:49 PM

@ Dirk Rijmenants,

Hahaha, seems your provider sucks, as the millions of visitors on my website prove.

First off the service provider is one of the largest mobile service providers in the world, and probably has considerably more customers than as you say your “millions of visitors”[1].

Secondly the part I use is UK based… You might or might not know that the UK Government especialy the current encumbrants via the Home Office Minister Ms Patel have a pathological interest in controling the Internet, and they never have had an interest in following privacy legislation even that which it is required to do by treaty with the EU.

Thus anything the current encumbrants might even remotely consider to be one of the “Four Horsemen” is immediately blocked… And in return well, lets just say there is billions of unpayed tax at stake… As they say “one hand washes the other”.

And yes the other link you have given is also blocked, so I guess you should wonder which one of the Four Horsmen you are riding or stabeling? I’ve no horse in the race, or bets upon one, so it’s of no interest to me, but you perhaps should follow up why you are being gaged by a UK mobile broadband provider. As I said originally you did not give a “given name” thus I did not know which pronoun was appropriate, some people can get touchy if you guess wrong and using “their” all the time sounds tedious at best. Nothing more. So your,

Ooooh, we have a detective here!

Is at best an assumption on your part. As for,

“profiling” attempt to find – in vain – something to slander…

Err no, all I did was look at public information that originates from you is that not so? But it would be interesting to see how you justify “something to slander”.

Oh and,

but the quotation marks are quite funny.

They are used to show a quotation or phrase that has meaning above the plain usage of the words. Correct me if I am wrong but “Shortwave Listener” has a meaning beyond some one who has a shortwave radio as does “Ham Radio”, but neither are considered funny as far as I’m aware.

But some things you ought to be aware of when you say,

I’m in the nice guy team, and don’t go googling for the Clive Robinsons.

Some people do that around here because they find it amusing, others because they have other motives, some contrary to the law, and others creepy by any measure of the word. You would not be the first to do rather more than Google me and you would almost certainly not be the last to try. Some are very much not “the nice guy team” you think you might be on, and they even claim to be “Holier than thou”, carefull what company you keep even in passing, as others who have seen and understood rather more than you might just judge you by it.

But another cautionary note, if you do disagre with an acknowledged expert in the field, “get your ducks in a row” because you will be asked questions and clear answers not innuendo would be expected.

I’ve communicated with Matt Blaze in the past and found him to be quite friendly and informative and willing to chat. He has some interesting hobbies as well as what he does professionally. So don’t be surprised if he does reply.

[1] Oh I forgot to mention it was just the first page from DuckDuck. But it also pulled up the analytics for your site and lets say there is a little extra egg in somebody’s puding as anyone can see.

Clive Robinson October 18, 2020 4:31 PM

@ MarkH,

In truth, they’re not immune to the confusion, disorder, laziness and inattention and corruption which might appear in any organization.

Along with many other sins of the flesh etc. A veritable microcosm of the worst of mankind is what we learn from information that gets out.

Wgilst true for some I suspect it is only for a few, but the “only one rotton apple in the barrel” certainly has meaning.

Hence the avoidance of oversight and over classification of information etc.

But as you note,

Unless there was some office or person specifically tasked with monitoring the quality of dummy transmissions … then probably, nobody did such monitoring.

There are very much such groups often called “Signals Security” Dept/Directorate etc. Most SigInt establishments have them.

If done properly it’s a thankless task, with little or no home life as you are always being sent from one place to another, and working long hours without being able to relax or even talk to people.

However if you don’t do the job properly then there is plenty of opportunity to “goof off in foreign places”. It’s known that in Russia such jobs were for the children of the influential or high in the state hierarchy. The reason being in part it was assumed that they would be less likely to defect etc.

With a rare exception or two such people were not the right people for such jobs. Thus the job was seen more as a perk than a serious and important job. Also there was the aspect of “not finding fault with others, less fault be found with you” as happens in such hierarchies where paternalistic interest can be a significant deterrent for others.

It’s one of the reasons why VENONA went on for so long, not checking security correctly and taking short cuts to meet unrealistic deadlines or make money one the side was endemic in the soviet forces during and long after WWII.

But this sort of issue was by no means a Soviet one alone, behind every spy / traitor story there is a “institutional culture” issue at play and little or no incentive to change it.

But it’s not just the IC where this happens, when you analyze it you quickly realise that it’s the same thing with the Banking Crisis…

Dikr RIjmenants October 19, 2020 2:16 PM

@admin… and @Clive Robinson,

I again hoped this nonsense would be finished, but could some admin or anyone please explain to Mr Clive Robinson to stop “investigating” me in a very amateurish way, to slander me with so obviously wrong assumptions, and here’s why:

  1. I told many times to end this discussion, as this is not the place to do so, but he keeps going on with his discredit attempts. I offered to continue the discussion somewhere else, but apparently he’s afraid to do so, for whatever reason.
  2. Mr Robinson found statistics of my website? Well, dear friend, because my pages are hosted as user site on Any statistics or analytics you pull from such hosts are therefore general statistics from the host, which do not represent its users’ stats, analytics or risks of a particular user (some of them are indeed bad ones, like any other provider has some). What a joke! You don’t have to be a genius to know that, so I presume Mr Robinson doesn’t know much about “analysing websites”. Now that’s “a little extra egg in Clive’s own pudding, as anyone can see” (dixit Mr Robinson).
  3. Still, Mr Robinson keeps nagging about my “questionable” website. I and that (side-kick) website and its links are referenced more than enough on the Internet, also by many universities who use my work, and – “sorry mate” – also in books of people like Craig Bauer, who happens to be the chief editor of Cryptologia, for which I also wrote and published (not related to my actual work, that’s nobody’s business). So I suggest, if he likes googling and website analytics, to learn how to do that.
  4. As said, the website is only a side kick. Over the years, despite quite a challenging job, I’ve spent considerable free time to provide information for educational purposes and research, in cooperation with many friends, well-known in the crypto world (Mr Robinson is unable to find) and I made it available for free, as I believe knowledge is there to share. I therefore don’t have to justify myself, and certainly not to people like Mr Robinson. Still, I decided to write this reaction.
  5. I never needed, nor planned to explain my website or references, let alone defend it (visitors enough, and no adds), nor did I planned to post this final answer, as I told him several times to stop. Alas, given Mr Robinson’s talent to continue slandering while not being able to even find any serious trace of me (because his UK world leading provider doesn’t let him), I cannot but help the poor man to see the light.

One tip for the admins here, as @rrd’s quote put it brilliantly, “Until someone with clout around here decides to stand up and assert a moral opinion — as the great Elie Wiesel demands of us — this place will continue its descent away from coherence into a bunch of cool kids who make in-jokes and chase off intruders into their territory” (@rrd, I bet he’ll claim that your “fake” name looks suspiciously similar to my initials, what a coincidence, haha).

Mr Robinson can rest assured, I’m leaving this site, its comments and “his territory” forever, with pleasure, to continue my fascinating real life. I admit, although a final farewell, I did enjoy writing this one.

rrd October 19, 2020 3:02 PM

@ Dirk

Well, the last two initials of my handle are “robot double”, the first represents my first name. I shortened it to the initials because I’d rather not dox myself any more than I already have.

Note that things can deteriorate around here over the course of the day as people, perhaps, get “into their cups”, as a fictional character is referred to being in William Gibson’s newest, “Agency”, by a different character of upper class English heritage. (Gibson uses it to describe someone that gets drunk and then acts sloppily with regards to security, but there are different kinds of sloppy in this world of easily-accessible alcohol.)

Regardless, no one should worry around here about our being the same. I always supply the same email with my every post, and my IP address is not being disguised, so my location on Earth is clearly not Europe. In other words, Bruce can easily determine where my posts originate from, should he use that information to determine the likelihood of a post being spam or not.

I met a kid on the playground playing with my kids one day a couple of years ago. Talking about Minecraft, the maybe 8 year-old explained that he was an online “griefer” and how he enjoys being negative in the online Minecraft game universe. That’s not ever been my intention in any endeavor I’ve ever undertaken, but the universe saw fit to make sure I understand how some other people choose to work. Some are negative from childhood (probably from their parents not teaching them how to be kind and positive in the world); some adults get nasty as the day goes on. Some start the day that way.

I’d apologize for them, but it’s certainly not my fault!

Peace be with you all.

Clive Robinson October 19, 2020 6:04 PM


… stop “investigating” me in a very amateurish way, to slander me with so obviously wrong assumptions

I am not “investigating” you and certainly not slandering you.

If you bother to go back and read your own comments you will find you invited me to communicate with you on another channel,

Clive, hard to have a good discussion at a comments page, would be great to discuss all this in person. You know where to find me ;-]

The only information you provided was your family name and a website address.

As I’ve made clear I tried the website address and it got blocked by a UK mobile broadband provider (I also made clear I had no idea why, but made a guess based on other information, none of which in any way cast you in a bad light).

I then did a quick search on the website address nothing more. As I said to find your given name as the use of the incorect pronoun offends (I was also hopeing it might throw up another potential communications channel).

However all the links that came up in the first page of results were either blocked by the mobile broadband provider or the three I mentioned.

As to slander, sorry you real do not have a clue what you are talking about, you realy realy do not. Everything I said –and please note it was not even addressed to you at all– was provably based on that publicaly published information by others, nothing else.

If you think a list of works that you may have written or that you maybe a “Short Wave” listener is in any way slanderous then it is they not I you should take it up with, as a judge will tell you.

As I assume you are an EU citizen you have the option “to ask” for what some call the “right to be forgotton”. However if you do they usually remove everything.

Now I’m not the one who keeps making emotive assertions, that is you and @rrd as anyone reading this thread can plainly see.

As for,

I’ve spent considerable free time to provide information for educational purposes and research, in cooperation with many friends, well-known in the crypto world (Mr Robinson is unable to find)

Good for you, if you care to search this blog and one or two others you will find I’ve been making technical information and innovation available freely for a very long time.

But when you talk of “assumptions” you neglect to consider your own. In your hast to claim “investigation” and “slander” you try to make out despite being told othereise that I’ve made some indepth search on you… Yet you claim that I was “unable to find” any of your works… Two things, firstly one of the sites I gave gives links to some of your works, but secondly and more importantly as I indicated I never bothered following them or making other searches.

Sorry if my lack of interest hurts your ego but ask yourself why I would bother, before making assumptions as to what I did or actually did not do, especially when you had been told, it kind of makes you look a little daft.

But further you made some claim about Matt Blaze’s article that you claimed,

I’m afraid Matt drew the wrong conclusions on the bias regarding the number 9 in the messages. This is probably because a cryptologist’s narrow view regarding the operational use of numbers messages encrypted with OTP.

As I’ve said I can not see what it is you are claiming, I asked you to amplify your comment which you realy have not done. I even suggested you “get your ducks in a row” before going on.

Something you have not done even when making your extrodinary assumptions to claim to be an injured party.

Which will no doubt leave many people wondering if you actually have a valid complaint against a world renowned cryptographic expert. Because you’ve certainly been unable to explain it as others have indicated.

Oh with regards,

I cannot but help the poor man to see the light.

I’m not sure you have a light to shine, you’ve certainly failed to be in any way illuminating as to your complaint.

But a word of warning I suggest you take a long carefull look at @rrd’s comments on other pages on this blog. For some reason rrd is very strong on false assumptions and preconceptions, and has behaved in an extreamly creepy and very worrying fashion. Apparently he wants to show people the light of his expressed religious convictions, and wishes to convert people to some belief system, and well, just read it for yourself, you might want to consider the implications of his behaviours.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.