Slashdot Mirror
Crack A "Numbers" Station
boss soul writes: "On Friday, NPR did an excellent story
on those infamous 'Numbers Stations' that broadcast on shortwave radio. Since the 1950s,
these stations have been broadcasting nothing but an unidentified human voice reading a string of
numbers. Though most people believe that these broadcasts are used by intelligence agencies to
communicate with their agents abroad, there has never been any way to confirm this ... until now!
The makers of "The Conet Project" (a four-CD set of numbers-station recordings) have thrown down the proverbial gauntlet and announced a
series of "cryptographic
challenges" -- the object of which is to crack an actual numbers station
broadcast. Dust off your Crypto caps, everyone -- I want to see a slashdotter win this one! "
Has anybody checked that the 4-cd set isn't just audio? wouldn't that been a good joke to pull on the crypto community ;)
Some still do "live" transmissions, the Bored Man and Babbler stations come to mind.
Visit http://www.spynumbers.com for more information about spy numbers stations.
I have a CDROM out, with about ten hours of recordings, and lots of information, all organized as a web site, so it's cross platform.
As a little birthday gift to myself, I picked up a fairly high-end handheld digital shortwave radio like a week ago. Its an amazing little device, when you think about it.. In your hands you hold a box capable of opening a window into the communications of every technologically advanced culture on the planet, runs on three AA batteries, and will run forever if you take care of it. Not a bad deal for $219.00
That being said, here's a little something about numbers stations: Alot of them have already been linked directly to intelligence agencies, so, thats not a rumor anymore. Its a fact. Our on CIA, and Israel's Mossad are among a growing list of agencies known to be running numbers stations, as the broadcast source has been proven to be on land owned by these agencies.
On a totally different not, my own father ran crypto for the Navy (even had clearance at the Pentagon for a short time!) for a few years during the mid-late 1950's. During his stint in the Navy, he was stationed in Adak, Alaska where he and and a bunch of other guys jobs' were to monitor Russian shortwave radio traffic..mostly stuff in the Bering Strait, and from stations in and around the Kamchatka. To this day he can copy morse code by hand fast as fuck.
Whatever that means.
Bowie J. Poag
Bowie J. Poag
The U.S. Air Force Strategic Air Command had something similar with their "Sky King" broadcasts on the high frequency bands. They sent out coded messages at regular intervals using SSB (single sideband) voice. This was one of the systems for sending EAMs (emergency action messages) to SAC's nuclear armed bombers. When listening, you never knew if the message was "testing" or "nuke Moscow".
Mea navis aericumbens anguillis abundat
There are 5 different messages to crack :
1.E3 (The Lincolnshire Poacher)
2.E5 (CIA Counting Station)
3.E22 (New Station!)
4.E10 (Phonetic Alphabet Station)
5.G2 (The Swedish Rhapsody)
And (look at the last line) " The Prize for the first person to email us a deciphered text along with the method employed in the crack will be an ancient Gold Roman coin. The Judges decision is final. "
Also you have to encrypt using their PGP key, not yours, so you aren't 'proving your identity', just (hopefully) making sure nobody besides them can read your email. However that doesn't mean the NSA/Men In Black won't say hello if you crack it.
That has got to be one of the worst jobs ever, reading a very long string of numbers... I can only assume they recorded 'em though,
"One Five Seven...no Two...sorry. Eight"
It would seem that there must somehow be a way to implement distribute.net into solving this (if there is any solution). Why work against each other if we can all work together and nail this?
I'm not a crytpo-expert, but my guess is that you would need to use a wide variety of formulaes to even ever discern that there is a pattern, let alone what the patterns signify. But the formulae could be well-tested on a mass-scale via distributed.net and then once a group of likely candidates is discovered, attack them on a massive scale and see if anything hits.
But like I say, I'm not an expert whatsoever. This just sounds like a way to approach it. But, unlike RC5 and DSS, this doesn't have a known answer hiding somewhere with any manner of known mathamatical processes of resolution, so brute-force would be out of the question, no? Unless there is a way to massively process *methods* and *formulaes* to see if they're even appropriate to ever do brute-force decryption along side.
---
icq:2057699
seumas.com
2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.
No!
That's a codebook, not a one-time pad. If you'll notice, the frequencies of different digit pairs (using your example) will likely be different. That's no good. A one-time pad is a long string of true random numbers. They would most often be combined with the message with a simple XOR algorithm, although something else might be more appropriate when using pencil and paper. The point of a "one-time" pad is that the same numbers are never used more than once, hence the name one-time. It's not changed once a day or week, it's destroyed immediatelly after use!
Of course that could be the goal. If you really want to mess with the other guys, you could use a scheme like this to do it. The process would be pretty simple:
All it takes is a bit of effort: one cryptographic algorithm, a creative guy or two to write bogus messages, and a bunch of people you can hire pretty cheap to read off your lists of numbers. If you're lucky, you can tie up several capable cryptographers trying to decode it, which is probably a net win. If you're really lucky, they'll succeed, buy it hook, line, and sinker, and you can start using it to give them disinformation. Sounds like a reasonable thing to try.
There's no point in questioning authority if you aren't going to listen to the answers.
Credit goes to our top codebreaker, Ralphie.
Yes, the "numbers stations" are almost certainly using one-time pads, but there are levels of obscurity they may use that go beyond that:
1) There is no reason all the numbers broadcast 24/7 must have any meaning, so a "key" could contain instructions that tell a recipient to listen for the string "24 41 00 65" after 12:32 p.m. and that the numbers between that string and "24 41 00 56" are the message.
2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.
3) The date/time key can be kept separate from the decode key; that is, which strings to listen to, and when to listen for them, can be kept as a "key book" in an embassy safe, while the number/phrase "code book" can be in the possession of a staff member who does not live or work on the premises. If someone gets hold of the key book it does them no good without the code book, and vice versa.
This is good old-fahioned human stuff. To "decode" a message, you have to both suborn the embassy staff and find the code book. And if the person who has the code book doesn't report in, that code won't be used again, so capturing a code book does not allow you to decode future messages. Key books, too, can be changed if there is any suspicion that one has fallen into wrong hands.
Bill Gates might be able to crack this kind of code - not with computers, but by bribing both embassy staff members and the outside people to whom the actual messages are being sent, assuming the above message-passing method is the one being used, which may not be the case.
Humans are always the weak link. Even with "unbreakable" codes or ciphers, if the person who writes the original message is an enemy agent all the transmission security in the world won't keep it away from the enemy (or commercial competitor).
In light of all this, if I wanted to "prove" I could crack a "number station" code, I'd bribe someone at the transmitting end to send a message with content I already knew, at a predetermined time that I also knew.
This is not a particularly original thought, BTW. It's been used in at least a few spy novels as a way for a turncoat agent to gain a new master's trust.
- Robin
With so many nations and agencies broadcasting number stations, some of them have to be solely for disinformation purposes.
If these are actual encryptions are using one-time pads as keys, then a brute-force attack (ala distributed.net) would be worthless, unless they're actually using the 'one-time' pads more than once.
What seems more approachable is taking a look at these streams of numbers, looking for the patterns inherient in random number generators. If the method of generating random numbers can be found (which really shouldn't be that hard if the 'disinformation code' is being generated by two guys in a hut and an old PC), then specific stations can be singled out as disinformation stations, sending out 'predictable' random numbers.
Chances are that most of these stations are just that, disinformation beacons.
On the other hand, if they're not, then there must be some header information to identify whether a given broadcast is intended for you (a specific spy) or another agent. This sort of info would likely be the first step of a decryption process, because it would be unlikely that they would force every agent to use up part of a one-time pad at every broadcast just to determine if the broadcast was for them. More likely, there would be some algorithm performed on the header, so an agent can get a reasonably certain idea if the broadcast is meant for them.
My first guess would be something combinitorial, like multiplying the 'agent IDs' of each agent the message applies to, so the agents have only to take the header numbers and see if it's divisable by their number. If so, grab a pen and dig out your one-time pad.
I wonder how many of these sorts of things are already on the net. It makes me want to start a page (that people should mirror, for obfuscation's sake) with random numbers that change every day. Heck, LavaRand is probably doing that right now. Sure they say it's coming from lava lamps, but it could just as easily be messages to spies all over the world, and with 50,000 hits every day, who could trace each one down to find a mobile spy?
Kevin Fox
Kevin Fox
D'oh! IANACE either, but I was looking forward to showing off my limited knowledge of this topic by pointing that out first. You beat me to it.
I agree, it seems very likely that these stations are using one-time-pad encryption, particularly since the messages are so short, and (presumably) intended to be decoded by hand. I thought that was pretty common knowledge. It makes me wonder why they'd even bother... Although a thought just occurred to me: with a little imagination, I'm sure you could "decode" these broadcasts and find messages about alien abductions, government conspiracies, terrorist plots, or anything else. It's just like the "Bible Code"... a modern-day Rorsarch test.
MSK
IMHO, this is the first clue that we have. Cyphers are great for electronic or mechanical delivery, but don't work so well with the spoken word. The output isn't designed that way. Codes, on the other hand, are optimised to be spoken or written, and are often not much more than simple substitution.
Let's assume, then, that these numbers are some kind of basic word or phrase substitution. How many numbers there are in the transmission will give you a much clearer indication of what kind of code is being used. This is the second clue. Lots of numbers = a simple meaning for each. Few numbers = a complex meaning for each.
This brings me to the third clue. The more numbers the simpler the difference between each of the transmissions. If you've only one or two numbers, you can have some very complex operations going on but if you're using lots, then you can't. The message HAS to be decypherable in a practical length of time, BY HAND, BY A HUMAN. Humans are not designed to be memory gurus.
Now for the final clue. The messages have been sent since the 1950's. This was at the height of Cold War paranoia. At that time, I doubt anybody in an intelligence agency would have trusted short wave radio -that- much. Too unreliable, especially over the distances that would be implicitly involved.
But the military weren't the only ones gripped in psychotic paranoia, gun-fever and a cult-like power craze. Most of America was (and is) gripped in exactly the same delusion.
Now, short-wave radio to communicate between gun cults is entirely believable. Far more so than to believe the CIA or whoever would care for such primitive tools.
IMHO, it's more likely a splinter faction of the NRA than the CIA. More believable still is that it is groups of survivalists, trying to avoid Government mind-control rays with tin-foil helmets and earthed pick-ups (with the obligatory dog in the back).
The most extreme possibility I can think of, which remains plausable, is that some survivalists have convinced themselves that World War 3 happened in the 1950's, and that all evidence to the contrary is an enemy plot to lure them out from their shelters. (Sufficiently isolated areas, and leaders every bit as charismatic as David Koresh -might- be able to pull that kind of stunt off. Those Dr Who fans in the audience might also like to re-read "Enemy of the World".)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This page has pictures of what they claim are the one time pads taken from captured foreign agents. They were hidden in hollowed out bars of soap and talcum powder containers.
http://www.btinternet.com/~simon .mason/page30.html
-kms1
is that the numbers are really random - they are simply channelsquatting. The HF spectrum is an expensive resource because it's quite narrow and it propagates to such long distances. If you want to ensure you have your channel when you really need it just keep it busy. It's not that different than cybersquatting except that it's harder to argue with a foreign government and a few kilowatts of RF power.
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Someone needs to have an insight as to a useful crypanalytic attack, to use all that hardware.
Why not triangulate one of these stations, go there, and ask the guy what the hell he thinks he's doing?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
here.
-- @rjamestaylor on Ello
"Thanks for cracking the code! Your prize is a bullet in the head from a black helicopter in your back yard."
Well, IANACEBIHTGC. (I am not a crypto expert but I've had two graduate classes. In cryptographic protocols and advanced cryptanalysis.
These strings of numbers are very likely to be from a one time pad which given certain assumptions are fundamentally unbreakable. The assumptions are: you never lose the pad (codebook), you never reuse the pad, the pad is truly cryptographically random. The proof of this is fundamental information theory.
If they are not one time pads, then it is possible, but a brute force attack like distributed net only works when you know the algorithm or the general family of them anyway. Also, it helps alot if you know something of the plaintext that you're after. If say, the number stations are transmitting encrypted random data such as the encryption keys for other other communications, then how the hell would you know that you'd found something when you decrypted it.
There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.
a8dmldk38f7ekal3973jdm43kaeqq
could be either:
my hovercraft is full of eels
or:
Hello, I love Natalie Portman
or a million other phrases that fit within the length limitation.
I notice they don't describe the prize, and require: All email concerning this challenge must be PGP encrypted.
I wonder just how wise it would be to try to claim victory:
Personally, I can't wait until the NSA has its own IPO - what, with all the demand for privacy-invading software and hardware, employers spying on employee e-mail and phone calls. I'd daresay it might even fund Echelon II ("This time, it's really, really personal").
I honestly don't see how someone could hope to succeed at this. Let's say you get distributed.net to jump on the bandwagon. Great. Now what exactly are you going to do? You have arbitrary strings of numbers. This could be a fragment of a single text, parts of multiple texts, multiple complete texts, and so on. Sure, you could scan for patterns first and try to identify delimiters, but were I sending data through this, I wouldn't do you the favor of using a fixed separation string. I'd base it on conditions at the time of broadcast, or on some computation on the ciphertext, or some other thing that's not trivially detectable. In short, you don't know which decryption method to try. It's been pointed out that it's probably a one-time pad anyway.
Even if you can find an algorithm, how big are the keys? How will you know when you've got the plaintext? Something transmitted by the NSA is likely to be in highly obfuscated English at best. Like the handmade strong crypto challenge, the true plaintext might be very strange. How will you recognize that this is the correct decryption and not just a coincidental decryption into random gibberish?
Finally, while I agree that some numbers stations probably are espionage related, I'll bet they keep the noise very high. Many of them are probably reading right off the random number generator of the nearest computer. Did the challenge supervisors pick ones that are actual signal?
This is not to say it's impossible, but the benefit/difficulty ratio seems so high that anybody wizardly enough to succeed should probably be working on developing better algorithms for us instead.
Of course they are intelligence broadcasts. That has been known for a long time. What has not been known until this day is that it is not crypto. They are just playing Bingo
0 1 2 3 4 5 6 .
S N E G O P A
7 B C D F H I J
8 K L M Q R T U
9 V W X Y Z /
The letters on the first line (S N E G O P A) are encoding to the single digits 0 through 6. The letters on the second, third and fourth lines are encoded to double digit numbers. For example:
F = 73
I = 75
R = 84
S = 0
T = 85
P = 5
O = 4
S = 0
T = 85
In code groups:
73758 40855 4085X
(X indicates null padding to fill last group)
Mea navis aericumbens anguillis abundat
You fool! You see global conspiracy everywhere!