Slashdot Mirror
Crack A "Numbers" Station
boss soul writes: "On Friday, NPR did an excellent story
on those infamous 'Numbers Stations' that broadcast on shortwave radio. Since the 1950s,
these stations have been broadcasting nothing but an unidentified human voice reading a string of
numbers. Though most people believe that these broadcasts are used by intelligence agencies to
communicate with their agents abroad, there has never been any way to confirm this ... until now!
The makers of "The Conet Project" (a four-CD set of numbers-station recordings) have thrown down the proverbial gauntlet and announced a
series of "cryptographic
challenges" -- the object of which is to crack an actual numbers station
broadcast. Dust off your Crypto caps, everyone -- I want to see a slashdotter win this one! "
The previous run of this story is ref'd, but the discussion did center around use of codes on insecure channels during WWII. A good book, for the interested party, is Between Silk and Cyanide, by Leo Marks (ISBN 0684864223).
I'd have to echo the pessimistic sentiments of others in this discussion, though, and state that there's probably not a lot of hope in 'cracking' these transmissions, given that we have no knowledge of their origin or purpose.
The Attitude Adjuster, I hate me, you can too.
These are the digits of PI computed with Srinivasa Ramanujan's famous series, written backwards and concatenated for successive terms in the series!
There is no code.
I'm just wondering how many spy agencies around the world have ~50 years of contiguous recordings stacked up for each station.
--
Sheesh, evil *and* a jerk. -- Jade
How about using the numbers from these stations as a one-time pad for encrypting unrelated material? Hell, they're out there, why not use them? :)
I can see it now. Half a dozen GRU (or KGB, I suppose) in an underground bunker in the midwest, huddled over a transmitter, still sending intelligence information, blind to the fact that the Soviet Union has fallen and the Cold War is theoretically over. Just watch, when someone decodes this stuff, it's going to turn out to be "FROM NEVADA 314 STOP TO MOSCOW STOP CURRENT AMERICAN PROPOGANDA IS THAT MOTHERLAND HAS COLLAPSED STOP PLEASE SEND MORE VODKA STOP" or some such.
Nothing against Russians, mind, i'm proud to sort of be one, but this would make such a great spy novel.
===
-J
Karma: T-rexcellent.
Given the fact that, although the encoding is random, there is a 1 to 1 relationship between the encoded character and a number, I think it may be possible to crack a one-time pad based on the frequency of numbers in the encoded message.
How, I'm not exactly sure, but it does seem like you can at least get started on these.
nope, just screwing :)
An interesting and good post.
As for agents knowing the transmission is for them, I would also think that any given agent would only be able to decode messages that were intended for him/her -- otherwise one traitor compromises every single bit of communications.
I wouldn't be surprised if each agent's message was encoded using a different cryptographic technique -- between all the varieties out there, there are a large number of permutations that would make it virtually impossible for one turncoat's information to even help in decoding other messages ("My messages were 3DES512 on top of an eliptic curve, using every forth number mentioned during even seconds").
It's an interesting challenge, but man would it be difficult. For my money, the best hope of solving it is with a leak from inside.
-b
If I wanted a sig I would have filled in that stupid box.
Actually, no. The story is now archived and always displayed with the highest ranked comments first.
You owe it to yourself to listen to it: www.npr.org, drop down "Choose a program" and select "All Things Considered" and then "Latest Show" - which this still is, given that ATC is only on on weekdays.
I just listened to it again (one of the *crappiest* RealAudio streams I've come across lately, BTW, but then it was 20 (!) hops out...) and it's pretty cool.
Pretty eerie stuff..
The best one is the "Buzzer" - been up for over twenty years on the same frequency, apparently, and only run one number series *once* in that time - as far as anyone knows...
Creepy..
t_t_b
--
I'm on PJ's "enemies" list! Are you?
... not as hard as crackin RC-64, but hard nevertheless. Think about it -- why are those transmitted through human voice? If the recipient always had powerful and up to date computing equipment, it'd be much better to have it transmitted manually. Then the bandwidth of such stuff is very bad. Sooo ... to begin with we might have to think of the uses of the stuff.
Then ... even though they're emitting constantly, they might not actually be transmitting info all the time. So much of the stuff will be complete garbage ...
73758 40855 40850 (encoded plaintext)
64270 19371 16214 (one time pad)
37928 59126 56064 (encrypted message)
The encoded plaintext is added to the one time pad with modulo 10 arithmetic, a single digit at a time. The result is the encrypted message, ready for transmission. The recipient of the message reverses the process by subtracting the one time pad from the received message, again with modulo 10 arithmetic, a single digit at a time.
37928 59126 56064 (encrypted message)
64270 19371 16214 (one time pad)
73758 40855 40850 (encoded plaintext)
Assuming the one time pad was properly generated from a true random number source, there are no statistical anomalies in the encrypted message that could aid a cryptanalyst.
Mea navis aericumbens anguillis abundat
Has anybody checked that the 4-cd set isn't just audio? wouldn't that been a good joke to pull on the crypto community ;)
I posted earlier about how this must be a bunch of lost Soviet spies, but I came up with soehting that makes even more sense.
See, I was in the library today, doing some research on the ISS. I found an article in April 2000 Popular Mechanics, and after skimming it, I turned out of curiosity to the magazine's cover story: The KGB plot to bring america to it's knees. Apparently KGB (and/or GRU; no-one is quite sure) agents were involved in an elaborate scheme to take advantage of the Canadian and Mexican borders and plant explosives in military bases, dams, power stations, etc, up to and including the power source for New York city. The idea was that massive power outages, especially in NYC, would cause Americans to overthrow their government.
So, this is clearly part of that op. The russians set up a bunch agents to read random numbers over america's radio stations, causing the populace to revolt against the FCC. Only they got the frequencies wrong. Or something.
See, it all makes sense!
I think I need to go lie down...
===
-J
Karma: T-rexcellent.
OTP encryption has been cracked before but ONLY when the same key was used more than once.
Also you have to encrypt using their PGP key, not yours, so you aren't 'proving your identity'
Unless you use the encrypt/digital sign function.
Common sense is a set of prejudices built up over a lifetime
Some still do "live" transmissions, the Bored Man and Babbler stations come to mind.
Visit http://www.spynumbers.com for more information about spy numbers stations.
I have a CDROM out, with about ten hours of recordings, and lots of information, all organized as a web site, so it's cross platform.
I think it is. If this is indeed an intelligence agency sending messages to agents in the field, how on Earth would be able to know what does the message mean. Maybe 05765 means a specific embassy, a place where you have to take a photography, a street, the name of a government official. There are 100,000 posible references to places or people we don't know. This is the same technique used by the mob (as shown in movies, that is) to communicate to people in jail and by many people using numbers-only pagers; it's extremely effective because it's related to concrete actions (911=call Mom!) we don't know anything about. If this is the case, there's no way we're going to solve this.
"All the things one has forgotten scream for help in dreams". Elias Canetti
As a little birthday gift to myself, I picked up a fairly high-end handheld digital shortwave radio like a week ago. Its an amazing little device, when you think about it.. In your hands you hold a box capable of opening a window into the communications of every technologically advanced culture on the planet, runs on three AA batteries, and will run forever if you take care of it. Not a bad deal for $219.00
That being said, here's a little something about numbers stations: Alot of them have already been linked directly to intelligence agencies, so, thats not a rumor anymore. Its a fact. Our on CIA, and Israel's Mossad are among a growing list of agencies known to be running numbers stations, as the broadcast source has been proven to be on land owned by these agencies.
On a totally different not, my own father ran crypto for the Navy (even had clearance at the Pentagon for a short time!) for a few years during the mid-late 1950's. During his stint in the Navy, he was stationed in Adak, Alaska where he and and a bunch of other guys jobs' were to monitor Russian shortwave radio traffic..mostly stuff in the Bering Strait, and from stations in and around the Kamchatka. To this day he can copy morse code by hand fast as fuck.
Whatever that means.
Bowie J. Poag
Bowie J. Poag
The whole encryption scheme which numbers stations use is uncrackable. Known as a "One time pad" the scheme can only be used once, otherwise, both parties risk the message being intercepted by a thrid hostile party. It's a super simple encryption method. I write out the alphabet several times and then randomanly write down numbers [0..9][0..9][0..9] next to the letters and make 1 copy of this sheet and give it to my agents. Then when I need to communicate with them I encode my message using these numbers.
when they ban enctryption only criminals wi$21*J *#JF$%!@#$':
The U.S. Air Force Strategic Air Command had something similar with their "Sky King" broadcasts on the high frequency bands. They sent out coded messages at regular intervals using SSB (single sideband) voice. This was one of the systems for sending EAMs (emergency action messages) to SAC's nuclear armed bombers. When listening, you never knew if the message was "testing" or "nuke Moscow".
Mea navis aericumbens anguillis abundat
There are 5 different messages to crack :
1.E3 (The Lincolnshire Poacher)
2.E5 (CIA Counting Station)
3.E22 (New Station!)
4.E10 (Phonetic Alphabet Station)
5.G2 (The Swedish Rhapsody)
And (look at the last line) " The Prize for the first person to email us a deciphered text along with the method employed in the crack will be an ancient Gold Roman coin. The Judges decision is final. "
Also you have to encrypt using their PGP key, not yours, so you aren't 'proving your identity', just (hopefully) making sure nobody besides them can read your email. However that doesn't mean the NSA/Men In Black won't say hello if you crack it.
When confronting KGB, agent must throw >18 2D20 to save vs. unusual persuasion. Use freq. 376.125 for throw.
When captured by KGB, agent must throw >22% to save vs. truth serum. Use freq 377.375 for percentile digits.
Chance encounters with gelatinous cube, cube appears >19 2D20. If east of Iron Curtain, use freq. 272.5 for throw. If west of IC, use 377.75.
I bet the Real Steve Woston could do it.
no sig
Notice:"The price of tea in china has changed, Windows will now restart so this change can take effect."
___
One possible theory not mentioned here is that the OTP is actually a book: like a well-known piece of literature that is easy to get. Then the cypher will be the page number, line(or paragraph) number, and a word number smashed together. To decode you need to know which book and which print (to keep pages in sync) or possibly go with print-independent numbers: chapter/paragraph/word combination. This possibility was mentioned in one of the Russian cold-war era spy movies.
They read them SLOW enough that a computer SHOULD be able to process them with good accuracy. The voices are very clear, also. Whatever it is, its important stuff.
During WW2 when the atomic bomb was being built, Truman wasn't told about it until he needed to know. Remember Rosevelt was president first and then Truman.
:)
Point being, they wouldn't necessarily tell you.
Shawn
Bottom line: for any message, not only must you consider the context and content, you must also consider the intended receiver and the medium.
Aside: (Interestingly, I made this same argument the thesis for a class on German Existentialism, where I attempted to explain Heidegger's views on art. It was entitled "Dasein and Kunst".)
--
why transmit the numbers using speech? It seems like it would be a hell of a lot easier to modulate them (like a modem) into a tone. That way you don't have to have a person (or voice-recognition software) who can fuck up on the other end. Unless it's going out to a bunch of spooks listening to their shortwave radios in the boonies with a pad and paper, in which case (1) it's human-crackable or (2) there are a bunch of decoders or one-time pads floating around just waiting to be discovered.
From http://www.nsa.gov/docs/venona/monographs/monograp h-4.html:
The KGB communications between Mexico City and Moscow during 1943-46 are a particularly rich historical trove, showing the elaborate plans to free from prison a man using the covername GNOME, who had murdered Trotsky in Mexico City in 1940.
Hmn... GNOME... Mexico... Do I see a pattern?
Many of these messages concern the GNOME affair and indicate that the KGB had two plans to
facilitate his release: a combat operation, to spring him by force, or an effort to use influence.
So, that's why it's spreading so fast. It's a KGB conspiracy!
GNOME's mother's presence in Mexico is complicating the case
That must refer to miguel (mother, father, what's the difference?)
The Fishers were clearly important KGB officers, operating under instructions from Beria. Their goal was to take over the GNOME affair, to support operations in the U.S., maybe even for atomic bomb espionage. 1
That definately sounds like helixcode
I smell a conspiracy!
It's 13375p33k!
Writhe your naked ass to the mindless groove.
http://www.jackiereaper.com
MSK
These codes are not ment for someone with a code book. If you are a spy and possably undersurvalance from whatever organization your spying on. You do not want a big black book of numbers and letters sitting somewhere that someone could find if they searched you or your home. More than likley these numbers correspond in some slightly obfuscated form to an everyday object. Maybe to the Polish edition of war and peace. maybe to the moscow times. I seriously doubt that these numbers correspond to an actual code book though. -Rich N
Doing something impossible twice is pretty impressive, 'specially if the second time they do it it's even worse than the first. :) So this crypto stuff - quite possible. :)
-------
CAIMLAS
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
The problem with eliminating "disinformation" stations is this: how would you know which ones are broadcasting truely random information and which are not? You propose statistical tests on the series of numbers. We would assume that these disinformation stations would be using cryptographically secure random number generators. If so, "cracking" these would be just as hard as cracking the real algorithm. In fact, any cryptographically secure random number generator can be converted trivially to stream cipher.
about your .sig, donkey kong was supposed to be called monkey kong, but due to a bad phone line, it accidently became donkey kong.
Mikael Jacobson
Greylisting is to SMTP as NAT is to IPv4
That has got to be one of the worst jobs ever, reading a very long string of numbers... I can only assume they recorded 'em though,
"One Five Seven...no Two...sorry. Eight"
OK, so who's thinking "COMSTOCK"? ;-)
...it's just a language with really long words. Probably the damn Eskimos.
-
I didn't see a requirement to digitally sign the email, and if worried about being anonymous, why sign it? Use a hotmail (or other) email account to claim the booty.
I'll wager the NSA doesn't need you to sign your emails anyway, I'm sure they know who you are or can find out...
It would seem that there must somehow be a way to implement distribute.net into solving this (if there is any solution). Why work against each other if we can all work together and nail this?
I'm not a crytpo-expert, but my guess is that you would need to use a wide variety of formulaes to even ever discern that there is a pattern, let alone what the patterns signify. But the formulae could be well-tested on a mass-scale via distributed.net and then once a group of likely candidates is discovered, attack them on a massive scale and see if anything hits.
But like I say, I'm not an expert whatsoever. This just sounds like a way to approach it. But, unlike RC5 and DSS, this doesn't have a known answer hiding somewhere with any manner of known mathamatical processes of resolution, so brute-force would be out of the question, no? Unless there is a way to massively process *methods* and *formulaes* to see if they're even appropriate to ever do brute-force decryption along side.
---
icq:2057699
seumas.com
2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.
No!
That's a codebook, not a one-time pad. If you'll notice, the frequencies of different digit pairs (using your example) will likely be different. That's no good. A one-time pad is a long string of true random numbers. They would most often be combined with the message with a simple XOR algorithm, although something else might be more appropriate when using pencil and paper. The point of a "one-time" pad is that the same numbers are never used more than once, hence the name one-time. It's not changed once a day or week, it's destroyed immediatelly after use!
The guys over at the NSA are reading this thread right now and laughing their rears off...
===
-J
Karma: T-rexcellent.
How many of us get to work on cracking government codes, legally, without needing to worry about hurting someone else? I hope that the crypto algorythm that is used to crack the brodcasts is open sourced so that all of us could try it out on our own!!
Mike
I didn't use the preview button, so get over it!!!!
Mike
It's likely that the numbers read aloud were meant to apply to a one-time pad carried by agents in the field. There are obviously some issues, though. For example, if agents are composing communiques, how do they synchronize such that the stream is meaningful? Do they just use a sliding window when decoding, to find which part of the OTP stream gives English? Did they have neat toys to make xor-like operations less tedious? (I think that James Bamford's The Puzzle Palace mentioned some kind of square biscuit-thing used by a Soviet-controlled British agent) Of course, it's not a problem that can be solved without some insider helping.
If it's something aimed at field operatives then it has to be simple enough for a human to decode without needing a computer or a key book or something (presumably, I'd think you'd want the code to be simple enough that you could do it in your head if you were broadcasting it that way, you wouldn't want them to write it down or lose some piece of evidence should they get captured)
If it is a code, it should be crackable, unless it was OTP but why broadcast it that way?
Another possibility is that it isn't a code. Perhaps it's a decoy. Perhaps it's just extra noise on certain radio frequencies (it would be stupid noise becase it draws attention) or maybe even something more mundane.
There were ciphers in the 1950s (probably quite crackable now) and they may have used a OTP in the past.
However there's no reason they haven't changed things and now use a computerised cipher -- after all, with encrypted data, we'd never notice a switch between two good ciphers (without cracking it, anyway).
I somehow doubt the exact same set-up has been running 50 years.
http://myweb.clark.net/pub/mjr/
LAST MODIFIED: 26-May-2000 16:21
Forget smell, how about knee deep in the conspiracies
-=chiphead
-=-=-=-
This is my sig. There are many like it, but this one is mine.
The task of being _able_ to search the entire world's printed matter (in each particular edition) for the past thousand years or so is in itself a massive undertaking. To be able to use such a database in a meaningful way would also be very very difficult.
But if we pull it off, I suppose we've just done a great deal of good for the Library of Congress, have we not? ;)
---
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
The idea that "the CIA/NSA/DoD/etc. have abandoned using one-time pad encrypted ciphertext spoken aloud" is foolish. Those entities must also function in wartime conditions or when they are under attack. Digital communication is very, very fragile.
To illustrate the concept: The American military has cruise missles and GPS but they also still put knives on the end of sticks to poke at their enemy.
You are incorrect. You also don't have any experience with coded material.
The phrase "one time pad" means an encoding method which is used once. That is ALL it means. Traditionally, and in many environments still, it refers to a printed pad of paper.
It does not necessarily mean a string of numbers, the use of bit-wise logical operators, or any other charateristic which you list.
There most certainly are instances in which codes are changed on a frequent basis, used or not. The idea that a one-time pad is always destroyed after use is ridiculous. Destruction of code materials in a field environment is only done under extreme circumstances. When something is destroyed, there is no way of verifying it's presence, is there? How do you verify the integrity of an operation is the code materials are destroyed?
There are far more methods of encoding a message than an algorithm into which a key is fed for encryption of a data stream. Stop thinking like a programmer in an air-conditioned room with Internet access and start thinking like a soldier.
Imagine you're on a hill in a jungle somewhere being shot at. You've been in combat for three weeks and stuck on the hill for two days. You're trying to get some air support. The people shooting at you might already be monitoring your frequencies and their leadership speak flawless English because they were schooled in the U.S. The fighter pilot is, essentially, sitting in a space so small he can hardly move his arms. The cockpit is completely crammed with equipment and he's already turned off most of it because he can't think with the various alarms going off. The only way he can use any kind of paper is if it's strapped to one of his thighs because a map and notes are strapped the other. How do you securely talk with him over a radio? Hint: He's not going to ask you who won the World Series.
Second scenario: You're part of an American crew at a listening post somewhere within the U.S. You're shift is two days. During that period you receive a number of messages. Do you destroy your code materials after you've read the messages? If so, how can your relief crew verify the integrity of the operation? If you were the oncoming crew, would YOU assume responsibility for an operation whose integrity cannot be verified?
All one has to do is realize that the pads numbers can not be purely random.
Look at The Hotbits RNG, Genuine random numbers, generated by radioactive decay. Government agencies' budjets are in billions of pounds/dollars. I think they could stretch to something like this. Or they could be using a dice. They could gave a guy throw a dice and read out the number that comes up. Or they micht have a big bucket of numbered balls they shake about and then they take a ball out of at random. If you can project that, you chould have no trouble telling me next week's lottery numbers.
When you factor in the observation that if a random data set contains less numbers than it has possible combinations it will not show a pattern, if is fair to assume the data is random, or at least the Real pads are random.
Just my thoughts.
Michael Tandy
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
I think the site got slashdotted... I reconstructed most of the book from the google cache... it's available here for those who are having problems accessing the server
they could, but we're talking about government organizations here..._ ______________
________________________________________
All circuits busy.
So I have no formal training at any crypto what-so-ever but I thought I'd test my suspicions that this is a OTP (which would make it impossible to break) and while its not conclusive, or even credible by any means, the distribution of each of the five digits in each set (assuming the spaces aren't for added confusion) overall suggests that randomness plays a part, but not necessarily big enough part to prove it was a OTP (or at least a random OTP) used to encode the message. (Feel free to tread all over my ill-informed logic if need be)
Standard deviations for the frequency of each digit in the set are: 4.47, 4.42, 1.82, 3.94, and 4.27 for the first station's numbers.
Maybe some crypto expert could tell me if for a set of 200 numbers these variations are acceptable 'noise' in a random number generator?
I'm not too up on my statistics to know if the sample size is too small to give a good indication. The frequency of each of the numbers 0-9 in the fifth digit of each set gave a max value of 26 and a minimum value of 12 which is kinda weird for a random set. Each number should be appearing around 20 times I would assume.
Is this really a OTP? Am I missing something?
Hey, I found a online book here (Secret Signals) with loads of information, dechiffered messages and so on.
Her??? How do you know the agent isn't a male?!
Over at shmoo.com, we've been running our own number station contest for over a month now. We're not using a OTP, so it is very solvable. The hard part is we have streaming audio feeds, so you actually need to do a bit of transscription. ;)
Anyhoo, if you're interested, tune in to a number station you actually have a chance at cracking. BTW: the prize is currently 2 DVD's.
I'm down with that, as it were
I very much doubt it. The pad has to be transmitted securely; i.e. nobody except the sender and the recipient knows what the key is. If an attacker knows it, they can read any messages encrypted with it. So broadcasting the key over shortwave would be a terrible idea.
Salon had an article last year about the number stations.
--
Unselfish actions pay back better
I wonder if anyone has tried using triangulation to pinpoint the exact geographical source of these transmissions ? Of course it doesn't buy you much, but it would be pretty interesting to find out exactly where they are coming from - especially if it turns out to be one of those locations which doesn't appear on any maps (such as Echelon) and the government claim is nothing to do with them...
Echelon II? If the general public already knows about Echelon I, "they" are probably already on Echelon IV or V. :)
- Conspiracy theorists of the world unite!
Thanks to google cache!!!! You can view it at: http://realmofdarkness.org/otp/
some guys probably just got together and recorded this insane wino from the alley behind my house. All fucking day he goes on with this shit
"one, four, twenty, bhgrrarg" (he usually seizures for a minute or two)"fifteen, three..."
Sometimes he does it in french. i think he was in the war
"quatre, dix, vingt..."
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
"It is seldom that liberty of any kind is lost all at once." -David Hume
My guess is....
Each agent has his/her own lead code
To make things hard many lead codes may be issued at once... Then wait for padding... then first code.. padding etc etc...
I am agent 31337... I wait for 31337...
Now the leader padding is random so after 31337 is 69.. thats my next code... I wait for 69 to be uttered again...
In the mean time he also triggers 5150s code... his trigger is 42
69
Now my padding is 4 digits
42
His padding is 8 digits...
between my code and his code is random numbers selected by dice throws...
The code would be known base codes...
I have a diffrent basecode rule than dose 5150
Once we have our codes I cypher mine he cyphers his and the brodcaster is sending off other codes.. he triggers my code again... only now I've got my message for the day so I know this is a false tigger and ignore it...
Then I read my message....
My heart drops into my stummac...
It's an invalid message... the second trigger was for me... now I'm screwed....
I don't actually exist.
>I don't know about other people's ideas, but I'd rather not have that kind of blood on my hands, you can count me out of this project.
While I agree with most of your premis...
If I could crack this code then it's a good bet the person is allready dead.
I guess I might be compelled to issue condolences to the famaly...
I agree... that prise isn't going anyplace....
I don't actually exist.
Of course that could be the goal. If you really want to mess with the other guys, you could use a scheme like this to do it. The process would be pretty simple:
All it takes is a bit of effort: one cryptographic algorithm, a creative guy or two to write bogus messages, and a bunch of people you can hire pretty cheap to read off your lists of numbers. If you're lucky, you can tie up several capable cryptographers trying to decode it, which is probably a net win. If you're really lucky, they'll succeed, buy it hook, line, and sinker, and you can start using it to give them disinformation. Sounds like a reasonable thing to try.
There's no point in questioning authority if you aren't going to listen to the answers.
I've been hearing numbers stations for the past 25 years. Many, many people, including myself, have tried to make sense of them. My best guess is that they're for use with a one-time pad, and may not be crackable.
--- Speaking only for myself,
He is talking about the creation of the data which then gets encrypted via the one time pad method. OTP encryption can work with any data stream, it is highly flexible. It is by far most likely that additional encryption / coding is being used.
Additionally, by using numerically coded phrases (such as 17 = "first post") for the "plain text" message (before encryption) you dramatically decrease the length of the message and therefore make it much more cryptographically secure.
in your .sig what grateful dead song is that from? im a jam fan, but was never really into the dead. please dont moderate me down ;) thanks
I'm pretty sure that our spies in Bin Laden's organization didn't carry around big high-performance laptops with "CIA" emblazoned on the side. Yet, how did we communicate with them securely?
If only there was some sort of low-tech, highly secure system that would allow you to communicate to remote locations.....
if you could crack something like this, I wouldn't doubt the NSA would give you a visit - not to "dispose" of you, but to hire you. wouldn't that make a lot more sense?
Credit goes to our top codebreaker, Ralphie.
The general theory is that a so called "dictionary" is used to convert words or phrases to code numbers. Unlisted words or names are spelled out. These codes are then "modulated" if you will by a series of random numbers - the One Time Pad. It could be as simple an operation as adding each dictionary output number to the corresponding number in the OTP (ignoring carry). I briefly touch on this. The reverse process is used by the recipient.
It's quite likely that the bulk of the transmissions observed are dummy traffic. This serves several purposes - first, it makes traffic analysis more difficult. Otherwise, when something important was going on, the "other side" would notice a sharp increase in transmissions. Interesting, this effect IS noticed with the MOSSAD stations from Israel. The so-called 'Message String' transmissions appear whenever there are increased tensions in the Middle East. Second, it can give the appearance to the other side that you have many more agents than you really do.
"Between Silk and Cyanide" by Leo Marks is a must read. He worked for British Intelligence during WWII, and ran the department that communicated with British agents in Nazi occupied Europe via radio. At that time, they did not use OTPs, but instead used a convoluted method involving poems as the encryption/decryption key. But Marks does touch upon OTPs near the end, it seems the British finally moved towards them. The present Lincolnshire Poacher and Cherry Ripe stations can probably trace their origin back to Mark's operations.
Any transmissions encrypted using a OTP are not breakable. Period. (Yes, you could try to bribe someone for the message, but that really isn't breaking it) It's the most secure encryption system possible. Yes, it's cumbersome, having to deal with shuffling around the pads, but if handled properly, 100% secure. No other encryption system can claim that.
I just had a thought... there may be a benifit to send something REALLY important usin ga nonsense message code, but crypt it really lax-like. Most people wouldnt bother to decrypt it because it's so easy- the people that would would say "bleh, it's just nonesense"....
----
Oh my god, Bear is driving! How can this be?
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
It's easy building a real rng. I once built one out of a geiger counter, a smoke detector and a sun station. A client needed a truly random rng and I taped the radioactive element to the geiger counter, plugged it into the serial port of the sun and measured the times between two events.
Other sources of randomness could be the sun or the discharge of capacitor.
cheers
(Elegance is not an option)
I just want the blueprints for the DSP chips they're using.. to hell with the rest.
ROFLMAO
Carousel is a lie!
1) Get yourself elected president 2) Call the directors of the CIA and NSA into your office and ask them
Yes, the "numbers stations" are almost certainly using one-time pads, but there are levels of obscurity they may use that go beyond that:
1) There is no reason all the numbers broadcast 24/7 must have any meaning, so a "key" could contain instructions that tell a recipient to listen for the string "24 41 00 65" after 12:32 p.m. and that the numbers between that string and "24 41 00 56" are the message.
2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.
3) The date/time key can be kept separate from the decode key; that is, which strings to listen to, and when to listen for them, can be kept as a "key book" in an embassy safe, while the number/phrase "code book" can be in the possession of a staff member who does not live or work on the premises. If someone gets hold of the key book it does them no good without the code book, and vice versa.
This is good old-fahioned human stuff. To "decode" a message, you have to both suborn the embassy staff and find the code book. And if the person who has the code book doesn't report in, that code won't be used again, so capturing a code book does not allow you to decode future messages. Key books, too, can be changed if there is any suspicion that one has fallen into wrong hands.
Bill Gates might be able to crack this kind of code - not with computers, but by bribing both embassy staff members and the outside people to whom the actual messages are being sent, assuming the above message-passing method is the one being used, which may not be the case.
Humans are always the weak link. Even with "unbreakable" codes or ciphers, if the person who writes the original message is an enemy agent all the transmission security in the world won't keep it away from the enemy (or commercial competitor).
In light of all this, if I wanted to "prove" I could crack a "number station" code, I'd bribe someone at the transmitting end to send a message with content I already knew, at a predetermined time that I also knew.
This is not a particularly original thought, BTW. It's been used in at least a few spy novels as a way for a turncoat agent to gain a new master's trust.
- Robin
I just finished "The Puzzle Palace" and "The Code Book" and I would disagree with you. There was a detailed story about a tech at GCHQ who was selling data to the East Germans. They gave him a briefcase with several years of one-time-pads, and the schedule for one of their Numbers Stations. The briefcase had a false bottom and also contained secret writing material with fake letters that he could send to a maildrop in Germany for return communication.
Key distribution is not so much of a problem if you only intend to communicate once a week or so, and you wouldn't even have to use all those keys--just have an identifier that says "No messages for you today!"
BTW: Sent from one of those QNX bootdisks! Fast teeheehee.
-- Remember: Wherever you go, there you are!
There's a lot of talk about whether it's possible to crak the numbers, and I'm sure there is a lot more effort going into trying to.
I suggest we forget about cracking it and instead beat them at their own game.
We should all start sending emails containing fixed length blocks of randomly generated ascii code. The number stations are probably run by the same people who (we are told) monitor the ether, all this random garbage will look like encrypted information and waste many MIPS.
With so many nations and agencies broadcasting number stations, some of them have to be solely for disinformation purposes.
If these are actual encryptions are using one-time pads as keys, then a brute-force attack (ala distributed.net) would be worthless, unless they're actually using the 'one-time' pads more than once.
What seems more approachable is taking a look at these streams of numbers, looking for the patterns inherient in random number generators. If the method of generating random numbers can be found (which really shouldn't be that hard if the 'disinformation code' is being generated by two guys in a hut and an old PC), then specific stations can be singled out as disinformation stations, sending out 'predictable' random numbers.
Chances are that most of these stations are just that, disinformation beacons.
On the other hand, if they're not, then there must be some header information to identify whether a given broadcast is intended for you (a specific spy) or another agent. This sort of info would likely be the first step of a decryption process, because it would be unlikely that they would force every agent to use up part of a one-time pad at every broadcast just to determine if the broadcast was for them. More likely, there would be some algorithm performed on the header, so an agent can get a reasonably certain idea if the broadcast is meant for them.
My first guess would be something combinitorial, like multiplying the 'agent IDs' of each agent the message applies to, so the agents have only to take the header numbers and see if it's divisable by their number. If so, grab a pen and dig out your one-time pad.
I wonder how many of these sorts of things are already on the net. It makes me want to start a page (that people should mirror, for obfuscation's sake) with random numbers that change every day. Heck, LavaRand is probably doing that right now. Sure they say it's coming from lava lamps, but it could just as easily be messages to spies all over the world, and with 50,000 hits every day, who could trace each one down to find a mobile spy?
Kevin Fox
Kevin Fox
Yes, it is a one time pad. Captured spies and double agents have revealed this time and time again. Spies carry code books (read: one time pads) for this express purpose. Unbreakable encryption (read: one time pad) is a hassle, but absolutely essential, when you're dealing with issues as important as these.
Algorithmic encryption can be broken. And, once it's broken, you can go back and decrypt all of the captured messages. Years of intelligence data can be "played back". Nasty. One-time-pads don't suffer from this (as long as, like you pointed out, they are not recycled).
actually, if the benefit/difficulty ratio is high, then it would be very easy to solve and we would be rewarded greatly by the solution
----(o)----
Having five minutes notice would indeed be good. I can just imagine calling all my friends and telling them to "change the TV to QueenSPAN" ;)
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Thanks, as always for any help on this. If someone has a copy they'd be willing to part with, you can email me at rss@idiom.com. Again, thanks.
In this day and age, with computers, data can be encrypted more securely and sent faster than any old methods like these used by number stations. It's obsolete, I don't see why they would still be using it. My guess it's just some sort of training exercise for agents, perhaps in the event that they lose whatever encrypted communication device they use? It reminds me of some movie with John Travolta (can't remember the name) where he decoded some morse code transmissions, later to find out they were some part of a training exercise. Also, why hasn't (or have they already) anyone tried triangulating the signal for one station and physicall locating it? Just knock on the door and ask them what they're doing.
yeah, but it's worth it! when will the record industry realize that we will have our singles! trying to force us to buy entire CDs to hear our favorite songs will just lead to more numbers stations.
ein zwei drei vier funf sechs zieben acht...
interpol and fbi and scotland yard.....
hmm, think this has anything to do with it?
:)
Yeah, the "hiding in plain sight" approach. Problem is, at least for the foreseeable future, the majority of human-to-human traffic is nonencrypted. This means that it's worthwhile to run an Echelon, which in turn means that your message might not be safe. (Were I the NSA, I'd flag things that were just plain odd as well as things with keywords.)
Actually, I think the pattern will be true in the future as well. It doesn't make sense to have one universal level of crypto, because there are some things (data that's only valid for a few minutes) where octuple-DES-Blowfish-RSA-YoMama with 1 G keys is just plain overkill. It also makes sense to have a large background of easier-to-crack messages, because that can keep the opponent busy working on the tractable problems. In fact, there's likely to be an Echelon targeted at those weakly encrypted transmissions, scavenging whatever useful data it can.
In short, hiding in plain sight only works if there aren't observers everywhere, and that's not the kind of world we're heading towards.
Sometimes the people sending the messages screw up and make mistakes, such as distributing a pad more than once or using a defective random number generator. The NSA cracked a large number of KGB/GRU messages (see VENONA) when the Soviets ran low on one time pads and issued duplicate one time pads. The rumor is that the person responsible for this disaster was shot.
Mea navis aericumbens anguillis abundat
Station X, yes they did have a little more to go on and a little more insight into the inner workings of the algorithm, but until the latter stages of the war they didn't have anything remotely like a computer, however pen and pencil and a few mental gymnastics started to break through. Given enough messages, the occurance of errors, lazy people using repeats etc. it would be possible to break into this code. However, I would not like to guess how many messages would be required. But with the very nature of a widespread network with many people requiring access into it, it fundamentally weakens the security of the overall algorithm (people are always the weakest link).
Of course, what's not been said is that these are just credit-card numbers captured from various websites.
God Bless those Pagans!
If the OTP is apparently unbreakable, then they can use the MSDN library CD shipping with every copy of Visual Studio to act as a cipher as everyone will have a copy!
Wow, I didn't think anybody on slashdot would know so little about the history of computers.
Didn't you know that computers have been around since the early 40's? The first being Colossus. It's main purpose was to decypher German cryptography.
So, tell me why they wouldn't use computers for these sequences when 10 years previously computers had proven themselves usefull for cryptographical purposes?
Assuming this isn't just a giant hoax,
This has been going on for 30 years, and it is clearly intended to be received by field agents who do not have access to heavy equipment. This is enough to know it's going to be a one time pad.
Consider: the people running this know that their opponents have computer, have cryptographer, and have lots of time. Not knowing the algorithm will slow them down for a while, but remember that this has to be an algorithm that can be done by hand. It can't be DES. It has to be something the average spy could do in the basement. Solitaire shows that it is possible to create a secure algorithm without a computer, but it has limits (more text makes it easier to break, encrypting with the same key twice makes it trivial to break). I doubt the government came up with anything fundamentally better 30 years ago. With any of the systems, key management would probably be way to painful to be useful.
But a one time pad is easy. Just write the nunbers on a dozen sheets of tissue paper, and it's pretty easy to hide. You won't go through the OTP very quickly either. You don't need to have every transmission have actual information. As a bonus, a one time pad is easy. All you have to do is modular arithmetic.
So you aren't going to be able to break it. The governments made all the stupid mistakes in WWII, and they're quite competent by now.
Good luck everybody. Cecil Adams has a column on this citing ex-CIA guys, and OTPs are unbreakable. Go read the column and be enlightened!
At which point, you just tune into the same random radio noise, and you have their randomnicity. There are some ways to get untappable random data sources, this is not one of them. See the recent story regarding using photons as OTPs.
PenguiNet: the (shareware) Windows SSH client
Ok, first off, I don't pretend to be an expert, but I do know some things. Isn't it theoretically possible to just use random radio noise for the OTP ciphers? Maybe it would be better to tune into a bunch of similar frequencies, and then pipe 'em all through one channel, seeing as the constructive and destructive interference would chage according to wavelength and amplitude.
Think --> Think Different --> Think OSS
Fi dollah love you long time
D'oh! IANACE either, but I was looking forward to showing off my limited knowledge of this topic by pointing that out first. You beat me to it.
I agree, it seems very likely that these stations are using one-time-pad encryption, particularly since the messages are so short, and (presumably) intended to be decoded by hand. I thought that was pretty common knowledge. It makes me wonder why they'd even bother... Although a thought just occurred to me: with a little imagination, I'm sure you could "decode" these broadcasts and find messages about alien abductions, government conspiracies, terrorist plots, or anything else. It's just like the "Bible Code"... a modern-day Rorsarch test.
MSK
This Fas.org page on the Warrenton Training Center has an interesting suggestion, one which I've never seen before or even considered when I've briefly read about such shortwave stations in the past:
;) Either way, it's an interesting theory...
The numbers *aren't* the message anymore.
In other words, the CIA/NSA/DoD/etc. have abandoned using one-time pad encrypted ciphertext spoken aloud (although less sophisticated operations, like Cuban numbers stations, likely still do), but use the vocal numbers as beacon to tune reception of the actual enciphered data: "white noise" that occurs over an otherwise clean transmission, that's probably a digitally-added signal that carries the actual message.
Can anyone with a shortwave receiver who actually has listened to US (not foreign, as I doubt they bother to do this, although the Taiwanese subterfuge mentioned in the NPR broadcast is amusing) numbers station transmissions verify that the "noise" could constitute another encrypted signal?
And they say the NSA has stopped innovating now that everything's gone fiber optic
:wq
wow, a first post that doesn't say first post and has a +4 score!
Be patient. I'm sure the right paren is still comi) Oh! There it is.
The bus came by and I got on
That's when it all began
There was cowboy Neal
At the wheel
Of a bus to never-ever land
I'd rather be lucky than good.
Hey,
If you want my opinion, even with the entire of distributed.net's computing power, cracking this message would be impossible. Distributed.net is looking for a known message with a known algorithm at low - 64-bit - encryption. They are, at the current rate, looking at roughly 2,000 days total at the current rate. If the encryption is simply algorithmic, the keyspace of about 5 algorithms would have to be exhausted, asuming it's a publically-availiable algorithm. That would be over 10,000 days, assuming the encryption is only 64-bit. If I was doing top-secret spy communications, I would use at least 256-bit key, maybe more. That would involve literally millions of keys. Then, of course, there's the book cryptography method. That would be near-unbreakable, even if we had quickly downloadable copies of every book in existance. Or maybe it's a vernam-cipher (one-time pad) system. I doubt an entire country's inteligence budget would flinch at the cost of a hardware RNG.
So, let's recap:
1) We barely have the facility to crack a 64-bit message.
2) This message could have any strength of encryption.
3) This message could use any of a wide range of algorithms.
4) This message could use an algorithm we don't know of.
5) We have no way of knowing if we have managed to crack a message as we don't know the content.
6) There could be multiple layers of encryption using varying, unknown algorithms.
7) They may well use one-time pads.
8) Said one-time pads cound be totaly random.
In conclusion, cracking number-station messages could and probably would be emmensely close to impossible using today's technology, assuming the security is good, which it would almost certainly be.
You're welcome to try, but I don't think it's possible.
Michael
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
I've got a few RM files up on my box (it's a DSL, don't get any funny ideas).
I would give credit to where I got these from but, I've forgotton. Probably when Slashdot first ran the story.
Anyway...
Papa November
Papa November 2
Papa December
Beginning A Transmission
I could of SWORE I had some MP3 files, but I can't find them for the life of me. RIAA/Black Helicopter conspiracy? Did find a WAV, though.
French Young Lady
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
The reason for this is that if you suddenly go on the air and start broadcasting, you tip the other side that something going on. I suppose you could go off and on at "random", but that doesn't conceal as much information as just broadcasting all the time. For example, the other side could perform specific provocative acts to see if the channel would go on in response. Then, they'd know whether the given channel is to address the particular provocation.
It may be that there is some other external source, such as a quick message on another frequency, something planted in a news report, etc., that tells the receiver when to start listening and for how long.
The 4-cd set may have exactly no content whatsoever. It could well be just random numbers, or even more maddening a very complicated encrypted message that resolves down to a nonsense message.
-Jordan Henderson
So why does eveyr corrospondance need to be PGP encrypted? If they were a normal organization like d.net or whatever they wouldn't care. The only reason they would need to pgp encrypt the results is if they didn't want people to know they had cracked the messages? Does this seem fishy to anyone else?
This would be a wonderful way for forgien governments to crack some of these codes...enlist US knowledge to unknowing crack their own codes. Personally (although I probably wouldn't be much help) I am not working on this until I have more evidence on who these people are.
If you liked this thought maybe you would find my blog nice too:
IMHO, this is the first clue that we have. Cyphers are great for electronic or mechanical delivery, but don't work so well with the spoken word. The output isn't designed that way. Codes, on the other hand, are optimised to be spoken or written, and are often not much more than simple substitution.
Let's assume, then, that these numbers are some kind of basic word or phrase substitution. How many numbers there are in the transmission will give you a much clearer indication of what kind of code is being used. This is the second clue. Lots of numbers = a simple meaning for each. Few numbers = a complex meaning for each.
This brings me to the third clue. The more numbers the simpler the difference between each of the transmissions. If you've only one or two numbers, you can have some very complex operations going on but if you're using lots, then you can't. The message HAS to be decypherable in a practical length of time, BY HAND, BY A HUMAN. Humans are not designed to be memory gurus.
Now for the final clue. The messages have been sent since the 1950's. This was at the height of Cold War paranoia. At that time, I doubt anybody in an intelligence agency would have trusted short wave radio -that- much. Too unreliable, especially over the distances that would be implicitly involved.
But the military weren't the only ones gripped in psychotic paranoia, gun-fever and a cult-like power craze. Most of America was (and is) gripped in exactly the same delusion.
Now, short-wave radio to communicate between gun cults is entirely believable. Far more so than to believe the CIA or whoever would care for such primitive tools.
IMHO, it's more likely a splinter faction of the NRA than the CIA. More believable still is that it is groups of survivalists, trying to avoid Government mind-control rays with tin-foil helmets and earthed pick-ups (with the obligatory dog in the back).
The most extreme possibility I can think of, which remains plausable, is that some survivalists have convinced themselves that World War 3 happened in the 1950's, and that all evidence to the contrary is an enemy plot to lure them out from their shelters. (Sufficiently isolated areas, and leaders every bit as charismatic as David Koresh -might- be able to pull that kind of stunt off. Those Dr Who fans in the audience might also like to re-read "Enemy of the World".)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This page has pictures of what they claim are the one time pads taken from captured foreign agents. They were hidden in hollowed out bars of soap and talcum powder containers.
http://www.btinternet.com/~simon .mason/page30.html
-kms1
is that the numbers are really random - they are simply channelsquatting. The HF spectrum is an expensive resource because it's quite narrow and it propagates to such long distances. If you want to ensure you have your channel when you really need it just keep it busy. It's not that different than cybersquatting except that it's harder to argue with a foreign government and a few kilowatts of RF power.
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
involves a scanner buff who moved to a rural district whose police dept scrambled transmissions. Not to be left out he bought, at great expense, a voice de-scrambler and got it all installed and the first intercept he taped and played it back thru the device and was finally able to clearly hear, "Chief, did you say you wanted mustard on that pastromi sandwich?"
Seriously, numbers stations sound like a great way to get messages to foreign operatives 'behind enemy lines', all you need is a common shortwave set, your one time pad and lots of patience - no phone lines to trace or tap, no microfilm to hide or lose, no contacts to verify, you get and decode the signals in private, the source is verified and can't be easily 'spoofed', etc.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
You covered this last September.
Oh, I don't know. I'm sure its possible. All you have to do is to find the right sources. I don't know anything about code breaking, but if you find one of those original "agents", then it should be a snap.
If this is indeed a one-time pad as most of the people who have studied these codes think, we might as well save our breath to cool our porridge.
:-(
Perhaps traffic analysis might be a more fruitful approach. Of course, as Schneider pointed out on the show, we know who's sending, but we don't know who's listening
You have a very good point. Not to get off topic, but this reminds me of that Microsoft Windows 2000 beta 3 Vs. Linux PPC hack-off about a year ago, I think. It was a contest to see which server fared the best against hacker attacks. Anyway, Linux PPC fared a lot better but that doesn't mean it's invincible. I'm sure there are hackers out there who just don't wan tto show their true abilities.
No, really I do. It's called a Cryptograpple, on page 38 of the daily news.
T h e U n d e r g r o u n d W a r e h o u s e
Detachment 3 Media
Exposed, Exploited, Exploded
Maz
-- Giving up before even starting, suspecting it to be OTP.
Is it at all possible that the broadcasts ARE one-time pads for field agents, and not necessarily messages in their own right? Given that the source and destination are not known, it could be a way to provide the pads for a completely different method of communication. It'd be fairly secure, as long as there's no way for someone to link the station to say, a stream of messages posted to misc.test, wouldn't it?
Wasting your time since 1997.
---
icq:2057699
seumas.com
One thing that a lot of people are forgetting is One Time Pads need to be generated. Reading some of the links and references on the pages, it points out the pad is only as secure as the means used to generate it.
I have heard of computers being used to generate one time pads, but as I recall random numbers generated by computers are not totally random. In fact, that is part of the theories behind some of the fractal generators.
I have heard of atmospheric background noise being used, but I have heard there is even patterns to that as well.
The NPR broadcast about this pointed out that
the codes are almost certainly one-time codebook
encoded. Since one time codebooks are mathematically unbreakable without having the
correct code book, trying to decode these broadcasts seems like a monumental waste of
effort.
www.sjbaker.org
Someone needs to have an insight as to a useful crypanalytic attack, to use all that hardware.
"Since the 1950's" means no computers involved.
It's a one time pad, folks. You've been trolled.
I would guess that these numbers form a really long one-time-pad. The agents using them pick a starting point and then XOR (or add mod 10) their message with the stream of digits. Then they only have to transmit their starting point in a complicated cipher. The agents only have to listen to the radio to get the sequence from their selected starting point, and home base either records the whole thing or has the script.
There might be an interesting pattern in the numbers if the random number generator is only pseudo-random, but I would guess they'd use a physical process instead of a mathematical one, given that the indend to send out digits for years on end.
You are confusing "security through secrecy"
with "security through obscurity".
One works, one doesn't.
-fb Everything not expressly forbidden is now mandatory.
Elmer Fudd. Someone should start
http://members.elmer-fudd-recites-pi.com
and retire in a month.
You don't know if it is a "one time pad" cipher. There is a very good chance that it is NOT in fact a one time pad cipher. One time pads are incredibly difficult to distribute. You have to get them to the recieving party for them to be any good. If these one time pads are somehow intercepted in transmission then they are no good. This is the reason that public-key cryptography was invented, to overcome what is known as the "key distrobution problem". Distributing new one time pads for each message sent is not efficient if you have an agent in the field whose identity you are trying to conceal is incredibly hard. Key based algorithms are MUCH easier implement in these kinds of situations (the only place I have heard that one-time pads are still used is the phone between the offices of the president of the US and Russia). It is necessary to use a pad only once (thus meaning you need many pads for many messages) because if a one time pad is used twice then both messages that use that pad can be broken. note: I am using letters like the reading station does not binary as you would use in the computer based equivalent.
Ah! I found the REALLY cool recording. The CIA also sends information via number stations. Just, in this country, they're a little more open about it.
The CIA Recording
And, yes Anonymous Coward, it is an MP3.
Now who's that knocking on my door?
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
I would laugh my ass off it was just some really borred people reading random numbers. Hell if I had a short wave radio thats what I'd do.
linux=punk rock
If you print out the 4 CD set it and lay all the sheets next to each other as a grid. A birds eye view of it will reveal a huge picture. In theory anyway. I ran out of paper before I had finished the first CD. ;)
This is hilarious.
I was fortunate enough to run across a numbers broadcast once while playing with my shortwave radio. It is an odd feeling to listen and think about how long this has gone on without anyone knowing if its even for real.
The time I listened in, it was english numbers but the reader had a spanish accent.
Why not triangulate one of these stations, go there, and ask the guy what the hell he thinks he's doing?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I have heard birdcalls in the background at times when I listen to the BBC morning news on 5975 khz.
somebody else must have noticed these? Tell me I'm not halucinating.
I always wonder what kind of information one might be able to transmit in birdcalls.
The alternative to limited government is unlimited government.
Maybe it's some clever sort of scheme to transmit messages from the future into the past, allowing people today to send messages into the 1950's.
Here's how it would work:
1) We take advantage of the 'observer' effect
2) A laser beam is split into two using a piece of glass, and displayed on a screen so that an interference pattern can be seen depending on whether the photons passing through were observed.
3) We use a machine to record and store information about each photon that went through the machine. This part is stored away and not looked at for now.
4) The message is received as Morse code on the screen, . are interference (not observed), and - are no interference pattern (observed).
5) Now the tricky part, sending the messages, after they have been received. This can't be done by the receiver himself since he could send himself a different message back than the one he received, so this must be done by a reliable third party who can't be allowed to know that the original message was received.
So we split up the task into two. The 'sender' who encodes the message and some person to look at the data stored in step #3. Based on the numbers transmitted the data that has been stored is taken a look at or discarded. Which completes the transmission of the message
Note: Of course I don't know if this is what these number stations are about, or if I've invented something new. In case of the later this procedure is patent pending, and will be distributed under an open source license, that will allow free use, in turn for broadcasting to me next week's stock prices and loterry numbers on e week in advance.
(C) Fred 2000
Oh. Right. That'll teach me to post before caffeine.
I love Google!
-- @rjamestaylor on Ello
"Thanks for cracking the code! Your prize is a bullet in the head from a black helicopter in your back yard."
Well, IANACEBIHTGC. (I am not a crypto expert but I've had two graduate classes. In cryptographic protocols and advanced cryptanalysis.
These strings of numbers are very likely to be from a one time pad which given certain assumptions are fundamentally unbreakable. The assumptions are: you never lose the pad (codebook), you never reuse the pad, the pad is truly cryptographically random. The proof of this is fundamental information theory.
If they are not one time pads, then it is possible, but a brute force attack like distributed net only works when you know the algorithm or the general family of them anyway. Also, it helps alot if you know something of the plaintext that you're after. If say, the number stations are transmitting encrypted random data such as the encryption keys for other other communications, then how the hell would you know that you'd found something when you decrypted it.
There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.
a8dmldk38f7ekal3973jdm43kaeqq
could be either:
my hovercraft is full of eels
or:
Hello, I love Natalie Portman
or a million other phrases that fit within the length limitation.
I notice they don't describe the prize, and require: All email concerning this challenge must be PGP encrypted.
I wonder just how wise it would be to try to claim victory:
"Hey Bob, bring a pizza back on the way to base."
There's little question that it's some kind of government transmission, but 1) even if it's decrypted, will the resulting message mean anything to the finder, and 2) how long will it take before the sender changes their crypto method? Not as if the findings, if any, won't be all over the Internet within 10 minutes of that first lucky break...
It's an Area 51... as soon as anyone gets close, it's almost certain to be changed, shut down, or better yet, have meaningless clones spewing random data set-up to really throw the crackers off. I'm sure Distributed.net can find something better to do with it's time...
Though, having 5 minutes advance notice on a US Secret Agent lighting the Queen mother's drawers on fire would be pretty cool... ;)
Notice: Your mouse has been moved. Windows will now restart so this change can take effect.
Personally, I can't wait until the NSA has its own IPO - what, with all the demand for privacy-invading software and hardware, employers spying on employee e-mail and phone calls. I'd daresay it might even fund Echelon II ("This time, it's really, really personal").
"Interpol and Deutschebank, FBI and Scotland Yard" is from the title track of Computerworld, not from "Numbers". Same album so I can understand the confusion.
As for numbers stations, well ... one of the many problems with trying to decode these buggers is that there are so many what-ifs to think about that one can feel paralyzed trying to come at it from every possible angle. One of the points raised by the NPR story is that the stations don't broadcast just the numbers, but also all manner of squeaks, buzzes, and electronic jingles.
Stations like these have been in existence for the past twenty years at least. Signals get tracked and rogue transmitters get busted -- yet on almost any night you can still take a whirl across the shortwave dial and hear those familiar monotonous spliced recordings droning away. The first person to decode one of these broadcasts will be a hero to cryptographers the world over, I'm sure.
I honestly don't see how someone could hope to succeed at this. Let's say you get distributed.net to jump on the bandwagon. Great. Now what exactly are you going to do? You have arbitrary strings of numbers. This could be a fragment of a single text, parts of multiple texts, multiple complete texts, and so on. Sure, you could scan for patterns first and try to identify delimiters, but were I sending data through this, I wouldn't do you the favor of using a fixed separation string. I'd base it on conditions at the time of broadcast, or on some computation on the ciphertext, or some other thing that's not trivially detectable. In short, you don't know which decryption method to try. It's been pointed out that it's probably a one-time pad anyway.
Even if you can find an algorithm, how big are the keys? How will you know when you've got the plaintext? Something transmitted by the NSA is likely to be in highly obfuscated English at best. Like the handmade strong crypto challenge, the true plaintext might be very strange. How will you recognize that this is the correct decryption and not just a coincidental decryption into random gibberish?
Finally, while I agree that some numbers stations probably are espionage related, I'll bet they keep the noise very high. Many of them are probably reading right off the random number generator of the nearest computer. Did the challenge supervisors pick ones that are actual signal?
This is not to say it's impossible, but the benefit/difficulty ratio seems so high that anybody wizardly enough to succeed should probably be working on developing better algorithms for us instead.
I don't know about other people's ideas, but I'd rather not have that kind of blood on my hands, you can count me out of this project.
So what is going on here. This is the first time I've ever heard of this and I must say that it is totally amazing. But what are things like from a 17yo geek's point of view? Well here are just a few things to ponder: 1. First of all because they broadcast (mostly) 24/7, they obviously have a computer with samples for each number/etc (1.wav, 2.wav....) so why does one person have to sit there recording it? Can't a computer be taught to listen and compare the samples to get the numbers for us? The samples never change (for a given station) so why not? 2. Not only are the codes probably one time only, but how do we know what language they are meant for? Just because a station's voice is in French doesn't mean the data is in English, Pig-Latin, or a totally invented language that is not natively spoken anywhere. It could even be a language that is now dead and was never recorded. If an old computer of sort is doing this stuff automatically, what's to say that any of it is still readable? 3. Has anyone compared the numbers being listed from different stations at the same time (say midnight GMT), or at the same time local (like 5pm from wherever the station is broadcasting) to see if they are the same? Maybe you must do something with the different sequences from multiple stations (such as XORing). 4. Do the numbers go to a certain range? Do they stop at 8? 32? 109324? Maybe if the base isn't 10 then converting it would cause it to make much more sense. 5. Who says the numbers represent words/letters? What if the represent syllables? What if it depends on the hour you tune in? Maybe the letters/words/syllables are reversed! Or alternating? 6. What is the prize? Simple! You'll be world famous for being the geek who cracked what might possibly be the world's most pointless code (see below). Maybe it's a subliminal message. 7. What could it possibly say? Good question! What if it's just variations of "Drink Coca-Cola all the time" or even something as out-dated as "Cure the flu with a Marlboro or two!" There are just points to ponder. Have fun!
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
You see, this is what comes of listening to NPR while reading slashdot. I get all confused. From the guy's remarks about confusing the heck out of the chinese, I clearly made the wrong inference. Terribly sorry about that.
===
-J
Karma: T-rexcellent.
Conet is asking GBP 27.50 for some stuff they recorded off shortwave? What a deal. For them. Like the RIAA says, though, there are lot of marketing costs. Wait a minute. Slashdot is doing the marketing for free!
At least we can find out who sponsors the stations - we just wait to see who sues Conet for copyright infringement.
Of course they are intelligence broadcasts. That has been known for a long time. What has not been known until this day is that it is not crypto. They are just playing Bingo
Knowing the US government's penchant for doing things in the most expensive way possible, it is not inconcievable that other nations could be using numbers stations as a very cheap way to tie up resources at US intelligence agencies. Think about it - supercomputers are spendy, crypto experts are spendy, coming up with a random bunch of numbers and broadcasting them over shortwave is incredibly cheap. So, I can immagine that for every dollar Cuba spends on numbers broadcasts, the US spends 1000 or even 10,000 times that to track and (try to?) decode the transmitions. Sure, you and I think, "Why bother trying to decode these if they are one-use keys?" But remember, this is the US 'intelligence' community that have no accountability for their budgets.
These are breasts; this is source code.
Why do you have a problem with those two things belonging to one person?
You fool! You see global conspiracy everywhere!
James Earl Jones is particularly good (and I think the post was supposed to be a joke on this) because he is dyslexic and legendary for having a hard time reading. Which is funny because he does tons of voiceovers. Aside from his baritone, he keeps getting hired largely because he is a very hard worker, despite his learning disabillity.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
I've been thrilled by the mystery of numbers stations since I was a young'un. I think it's the simplicty that makes them so fascinating. So many conspiracy theories and supernatural phemonena (crop circles, alien abductions, JFK, etc.) are complex and full of half-truths and hoaxes.
/. a few months ago, but I think they're great. It takes a lot of time to study this kind of stuff, with no likely returns from the work.
:) But at least I'm posting at 1 instead of 2...
Numbers stations are so simple, elegant, yet mysterious. (Therefore mysterious?) You can have any theory that you want (and they're all probably far more interesting than the truth), and there's little evidence on way or the other.
I only discovered The Conet Project through
Like I said, useless post.
-Waldo