Crack A "Numbers" Station

boss soul writes: "On Friday, NPR did an excellent story on those infamous 'Numbers Stations' that broadcast on shortwave radio. Since the 1950s, these stations have been broadcasting nothing but an unidentified human voice reading a string of numbers. Though most people believe that these broadcasts are used by intelligence agencies to communicate with their agents abroad, there has never been any way to confirm this ... until now! The makers of "The Conet Project" (a four-CD set of numbers-station recordings) have thrown down the proverbial gauntlet and announced a series of "cryptographic challenges" -- the object of which is to crack an actual numbers station broadcast. Dust off your Crypto caps, everyone -- I want to see a slashdotter win this one! "

Re:Worst job.

[ChrisSmolinski]

As you can probably guess, most stations use a synthesized voice. In the past, some stations (pre computer days) used either spliced tapes, or an interesting contraption that was a rotating drum with several tracks, one for each number or word spoken. It turned, and the correct track was read to play a digit (the phone company used this as well to handle messages when a number changed).

Some still do "live" transmissions, the Bored Man and Babbler stations come to mind.

Visit http://www.spynumbers.com for more information about spy numbers stations.

I have a CDROM out, with about ten hours of recordings, and lots of information, all organized as a web site, so it's cross platform.

Numbers Stations..

[Bowie+J.+Poag]

As a little birthday gift to myself, I picked up a fairly high-end handheld digital shortwave radio like a week ago. Its an amazing little device, when you think about it.. In your hands you hold a box capable of opening a window into the communications of every technologically advanced culture on the planet, runs on three AA batteries, and will run forever if you take care of it. Not a bad deal for $219.00 :)

That being said, here's a little something about numbers stations: Alot of them have already been linked directly to intelligence agencies, so, thats not a rumor anymore. Its a fact. Our on CIA, and Israel's Mossad are among a growing list of agencies known to be running numbers stations, as the broadcast source has been proven to be on land owned by these agencies.

On a totally different not, my own father ran crypto for the Navy (even had clearance at the Pentagon for a short time!) for a few years during the mid-late 1950's. During his stint in the Navy, he was stationed in Adak, Alaska where he and and a bunch of other guys jobs' were to monitor Russian shortwave radio traffic..mostly stuff in the Bering Strait, and from stations in and around the Kamchatka. To this day he can copy morse code by hand fast as fuck. :) A few weeks ago, I played some of the "numbers" station recordings for him, and he says he has never heard them before. I told them theyre linked with foreign intelligence agencies and his response was "Not surprising. Theyre all over the dial." :)

Whatever that means. :)



Bowie J. Poag

Worst job.

[Penrif]

That has got to be one of the worst jobs ever, reading a very long string of numbers... I can only assume they recorded 'em though,

"One Five Seven...no Two...sorry. Eight"

The Message, Deciphered!

[CleverNickName]

"o...r...p...h...a...n.....a...n...n...i...e.....s ...a...y...s.....'A...l...w...a...y.. .s. ....d...r...i...n...k.....y...o...u...r......O...V ...A...L...T...I...N...E'"

Credit goes to our top codebreaker, Ralphie.

One-Time Pads With Added Obscurity

[Roblimo]

Yes, the "numbers stations" are almost certainly using one-time pads, but there are levels of obscurity they may use that go beyond that:

1) There is no reason all the numbers broadcast 24/7 must have any meaning, so a "key" could contain instructions that tell a recipient to listen for the string "24 41 00 65" after 12:32 p.m. and that the numbers between that string and "24 41 00 56" are the message.

2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.

3) The date/time key can be kept separate from the decode key; that is, which strings to listen to, and when to listen for them, can be kept as a "key book" in an embassy safe, while the number/phrase "code book" can be in the possession of a staff member who does not live or work on the premises. If someone gets hold of the key book it does them no good without the code book, and vice versa.

This is good old-fahioned human stuff. To "decode" a message, you have to both suborn the embassy staff and find the code book. And if the person who has the code book doesn't report in, that code won't be used again, so capturing a code book does not allow you to decode future messages. Key books, too, can be changed if there is any suspicion that one has fallen into wrong hands.

Bill Gates might be able to crack this kind of code - not with computers, but by bribing both embassy staff members and the outside people to whom the actual messages are being sent, assuming the above message-passing method is the one being used, which may not be the case.

Humans are always the weak link. Even with "unbreakable" codes or ciphers, if the person who writes the original message is an enemy agent all the transmission security in the world won't keep it away from the enemy (or commercial competitor).

In light of all this, if I wanted to "prove" I could crack a "number station" code, I'd bribe someone at the transmitting end to send a message with content I already knew, at a predetermined time that I also knew.

This is not a particularly original thought, BTW. It's been used in at least a few spy novels as a way for a turncoat agent to gain a new master's trust.

- Robin

Proof... or disproof?

[KFury]

With so many nations and agencies broadcasting number stations, some of them have to be solely for disinformation purposes.

If these are actual encryptions are using one-time pads as keys, then a brute-force attack (ala distributed.net) would be worthless, unless they're actually using the 'one-time' pads more than once.

What seems more approachable is taking a look at these streams of numbers, looking for the patterns inherient in random number generators. If the method of generating random numbers can be found (which really shouldn't be that hard if the 'disinformation code' is being generated by two guys in a hut and an old PC), then specific stations can be singled out as disinformation stations, sending out 'predictable' random numbers.

Chances are that most of these stations are just that, disinformation beacons.

On the other hand, if they're not, then there must be some header information to identify whether a given broadcast is intended for you (a specific spy) or another agent. This sort of info would likely be the first step of a decryption process, because it would be unlikely that they would force every agent to use up part of a one-time pad at every broadcast just to determine if the broadcast was for them. More likely, there would be some algorithm performed on the header, so an agent can get a reasonably certain idea if the broadcast is meant for them.

My first guess would be something combinitorial, like multiplying the 'agent IDs' of each agent the message applies to, so the agents have only to take the header numbers and see if it's divisable by their number. If so, grab a pen and dig out your one-time pad.

I wonder how many of these sorts of things are already on the net. It makes me want to start a page (that people should mirror, for obfuscation's sake) with random numbers that change every day. Heck, LavaRand is probably doing that right now. Sure they say it's coming from lava lamps, but it could just as easily be messages to spies all over the world, and with 50,000 hits every day, who could trace each one down to find a mobile spy?

Kevin Fox

Very Likely This is IMPOSSIBLE

[The+Infamous+TommyD]

Well, IANACEBIHTGC. (I am not a crypto expert but I've had two graduate classes. In cryptographic protocols and advanced cryptanalysis.
These strings of numbers are very likely to be from a one time pad which given certain assumptions are fundamentally unbreakable. The assumptions are: you never lose the pad (codebook), you never reuse the pad, the pad is truly cryptographically random. The proof of this is fundamental information theory.

If they are not one time pads, then it is possible, but a brute force attack like distributed net only works when you know the algorithm or the general family of them anyway. Also, it helps alot if you know something of the plaintext that you're after. If say, the number stations are transmitting encrypted random data such as the encryption keys for other other communications, then how the hell would you know that you'd found something when you decrypted it.

There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.

Hmm ... what prize? A visit from Men In Black?

[Seth+Finkelstein]

Humor ... I think ...
I notice they don't describe the prize, and require: All email concerning this challenge must be PGP encrypted.

I wonder just how wise it would be to try to claim victory:

"Thank you for telling us you broke this supersecret code. And thanks for proving your identity with PGP. Please remain where you are, our representatives will arrive shortly with your reward ..."

Unwinnable challenge?

[Alik]

I honestly don't see how someone could hope to succeed at this. Let's say you get distributed.net to jump on the bandwagon. Great. Now what exactly are you going to do? You have arbitrary strings of numbers. This could be a fragment of a single text, parts of multiple texts, multiple complete texts, and so on. Sure, you could scan for patterns first and try to identify delimiters, but were I sending data through this, I wouldn't do you the favor of using a fixed separation string. I'd base it on conditions at the time of broadcast, or on some computation on the ciphertext, or some other thing that's not trivially detectable. In short, you don't know which decryption method to try. It's been pointed out that it's probably a one-time pad anyway.

Even if you can find an algorithm, how big are the keys? How will you know when you've got the plaintext? Something transmitted by the NSA is likely to be in highly obfuscated English at best. Like the handmade strong crypto challenge, the true plaintext might be very strange. How will you recognize that this is the correct decryption and not just a coincidental decryption into random gibberish?

Finally, while I agree that some numbers stations probably are espionage related, I'll bet they keep the noise very high. Many of them are probably reading right off the random number generator of the nearest computer. Did the challenge supervisors pick ones that are actual signal?

This is not to say it's impossible, but the benefit/difficulty ratio seems so high that anybody wizardly enough to succeed should probably be working on developing better algorithms for us instead.

Waste of time. Answer clear. Bingo!

[cosmicaug]

Of course they are intelligence broadcasts. That has been known for a long time. What has not been known until this day is that it is not crypto. They are just playing Bingo

You got it all wrong.

These are not broadcasts used by intelligence agencies, they're from ordinary people trying to beat the world record of "reciting the digits of Pi on radio".

You fool! You see global conspiracy everywhere!